EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFSD-WAN Centralized & Localized Data Policy
SD-WAN Centralized & Localized Data Policy
Centralized Data Policy Overview:
Data Policy affects the data traffic and works on data plane of any Viptela Overlay network. There are two types of data policy:
- Centralized Data policy
- Localized Data policy
These Centralized data policy works on data plane based on IP header field in data packet on network whereas localized data policy controls traffic flow from in and out of router interface and its queues on vEdge router.
Centralized data policy is applied to packet that originates from specific sender, source Address and it controls which destination with in VPN the traffic can reach. Data policy is applied to data traffic based on 6 tuple in P packet header (IP header, Source IP, Source Port, Destination IP, Destination Port, DSCP, and Protocol)
Centralized Data policy is provisioned on vEdge router and is never pushed on vEdge router. Only the effects or decision of data policy is pushed on vEdge router. Data Policy results that is received from vSmart is applied only in inbound direction.
Effect of Centralized data policy Results Example:
- Which set of source are allowed to send data traffic to outside destination from local site.
- Which set of source are allowed to send data traffic to specific set of outside destination from local site.
- Which set of source with source port are allowed to send data traffic to any outside destination from local site.
VPN Membership Policy
It is a second type of Centralized data policy method, where it controls weather vEdge router will participate in particular VPN or not.
A VPN membership policy can be centralized as it affects only on packet header and has no impact on choice of interface that vEdge router uses to transmit the traffic. It is due to this policy, a vEdge router is not allowed to receive any prefix from particular VPN and vSmart will never forward those prefixes to that router.
Deep Packet Inspection:
As Centralized policy uses 6 tuple, it is also used to examine the application information in payload of data packet. Due to this deep inspection of any packet payload, it helps in controlling how data packet from specified source or set of source are forwarded to Viptela network. This will also help in controlling to send specific application traffic over specific tunnel based on jitter, delay, latency.
Localized Data Policy:
Localized data policy controls traffic flow from in and out of router interface and its queues on vEdge router. These policies are provisioned on vEdge router and affects how specific interface on vEdge router will handle traffic that means receiving and sending.
It is also said to be ACLs through which COS is applied which further classify the traffic and based on classification traffic is prioritize for different classes and Queues.
Some example of Localized Data policy:
Explicit & Implicit Access list: Any access-list configured by Localized data policy are said as Explicit ACL and these ACL can be applied in any VPN on the router.
A another type of ACL called implicit ACL also referred as Services, applied on router tunnel interface, and on Router tunnel interface following services are enabled by default like DHCP , DNS, ICMP etc and can be disabled.
QOS Actions: From Localized Data policy, QOS can be applied which allow you to classify data traffic based on priory and then send to different interface Queue and also control the rate through which these traffic are transmitted.
Mirror Data Packets : Access-list are used to classify the data traffic , and as soon as data traffic is classified , these data traffic copy is send to another interface for data packet mirroring and Cisco Viptela supports 1:1 mirroring which means a copy of every packet is sent to alternate destination.
LEAVE A COMMENT
Please login here to comment.