Custom Control Definition
Custom Control Policy Definition define the matching conditions and Actions for Route and TLOC type filters
Diagram
Classes
control_policy (sdwan.centralized_policies.definitions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| custom_control_topology | List | [custom_control_topology] | No |
custom_control_topology (sdwan.centralized_policies.definitions.control_policy)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9\-_]{1,127}$ | Yes | |
| description | String | Yes | ||
| default_action_type | Choice | accept, reject | Yes | |
| sequences | List | [sequences] | Yes |
sequences (sdwan.centralized_policies.definitions.control_policy.custom_control_topology)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| base_action | Choice | accept, reject | Yes | |
| id | Integer | min: 1, max: 65534 | Yes | |
| name | String | Yes | ||
| ip_type | Choice | ipv4, ipv6, all | No | ipv4 |
| type | Choice | tloc, route | Yes | |
| match_criterias | Class | [match_criterias] | No | |
| actions | Class | [actions] | No |
match_criterias (sdwan.centralized_policies.definitions.control_policy.custom_control_topology.sequences)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| carrier | Choice | default, carrier1, carrier2, carrier3, carrier4, carrier5, carrier6, carrier7, carrier8 | No | |
| color_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| domain_id | Integer | min: 1, max: 4294967295 | No | |
| group_id | Integer | min: 0, max: 4294967295 | No | |
| omp_tag | Integer | min: 0, max: 4294967295 | No | |
| originator | IP | No | ||
| preference | Integer | min: 0, max: 4294967295 | No | |
| site_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| site_id | Integer | min: 0, max: 4294967295 | No | |
| region_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| region_id | Integer | min: 0, max: 63 | No | |
| tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| tloc | Class | [tloc] | No | |
| community_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| expanded_community_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| origin | Choice | aggregrate, bgp, bgp-external, bgp-internal, connected, eigrp, ospf, ospf-inter-area, ospf-intra-area, ospf-external1, ospf-external2, rip, static, eigrp-summary, eigrp-internal, eigrp-external, lisp, nat-dia, natpool, isis, isis-level1, isis-level2 | No | |
| path_type | Choice | hierarchical-path, direct-path, transport-gateway-path | No | |
| vpn_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| vpn | Integer | min: 0, max: 65536 | No | |
| ipv4_prefix_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No |
actions (sdwan.centralized_policies.definitions.control_policy.custom_control_topology.sequences)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| omp_tag | Integer | min: 0, max: 4294967295 | No | |
| preference | Integer | min: 0, max: 4294967295 | No | |
| affinity | Integer | min: 0, max: 63 | No | |
| community | Any | String[Regex: ^[0-9]{1,5}(:)[0-9]{1,5}$] or Choice[internet, local-AS, no-export, no-advertise] | No | |
| community_additive | Boolean | true, false | No | |
| tloc | Class | [tloc] | No | |
| tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| tloc_action | Choice | strict, primary, backup, ecmp | No | |
| service | Class | [service] | No | |
| export_to_vpn_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No |
tloc (sdwan.centralized_policies.definitions.control_policy.custom_control_topology.sequences.match_criterias)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| color | Choice | default, mpls, metro-ethernet, biz-internet, public-internet, lte, 3g, red, green, blue, gold, silver, bronze, custom1, custom2, custom3, private1, private2, private3, private4, private5, private6 | Yes | |
| encap | Choice | ipsec, gre | Yes |
tloc (sdwan.centralized_policies.definitions.control_policy.custom_control_topology.sequences.actions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| color | Choice | default, mpls, metro-ethernet, biz-internet, public-internet, lte, 3g, red, green, blue, gold, silver, bronze, custom1, custom2, custom3, private1, private2, private3, private4, private5, private6 | Yes | |
| encap | Choice | ipsec, gre | Yes |
service (sdwan.centralized_policies.definitions.control_policy.custom_control_topology.sequences.actions)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | IDP, IDS, FW, netsvc1, netsvc2, netsvc3, netsvc4, netsvc5, appqoe | Yes | |
| vpn | Integer | min: 0, max: 65530 | Yes | |
| tloc | Class | [tloc] | No | |
| tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No |
Examples
sdwan:
centralized_policies:
definitions:
control_policy:
custom_control_topology:
- name: CCT_DEFINITION_TEST1
description: CCT_DEFINITION_TEST1
default_action_type: accept
sequences:
- id: 1
base_action: accept
name: rule1
ip_type: ipv4
type: route
match_criterias:
color_list: COLOR-INTERNET-CCT-TEST
community_list: COMMUNITY-REGION-CCT-TEST
omp_tag: 65
expanded_community_list: EXP-COMMUNITY-CCT-TEST
preference: 45
originator: 10.10.20.30
site_list: TEXAS-CCT-TEST
path_type: direct-path
vpn_list: VPN-LIST-CCT-TEST1
ipv4_prefix_list: PREFIX-LIST-CCT-TEST
tloc:
ip: 10.10.33.67
color: custom1
encap: ipsec
actions:
community: 100:1000
community_additive: true
preference: 48
omp_tag: 88
tloc:
ip: 1.2.5.9
color: custom2
encap: ipsec
export_to_vpn_list: VPN-LIST-CCT-TEST2
- base_action: reject
id: 2
name: rule2
ip_type: ipv4
type: tloc
match_criterias:
carrier: carrier1
color_list: COLOR-INTERNET-CCT-TEST2
domain_id: 567
group_id: 678
omp_tag: 77
originator: 12.13.14.15
preference: 88
site_list: TEXAS-CCT-TEST
tloc:
ip: 10.10.33.67
color: custom1
encap: ipsec
actions:
omp_tag: 89
preference: 49