Traffic Data - Custom Definition

Custom sequences enable fine-grained control and customization over how traffic is handled within the SD-WAN network.

For example, a custom sequence in a data policy might include rules to identify specific applications, source/destination IP addresses and/or ports, or other attributes of network traffic. Based on these rules, the data policy can determine how to treat the identified traffic: prioritizing it, applying Quality of Service (QoS) actions, steering it through a specific path or service chain, among some other action types.

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `both`	Yes
type	String	equals: `custom`	Yes
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	Yes
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: Uplink_Selection_for_DIA
            description: Prefer Particular Uplink for Direct Internet Access
            default_action_type: reject
            sequences:
              - base_action: accept
                id: 5
                name: rule5
                ip_type: ipv4
                type: custom
                match_criterias:
                  application_list: APP-LIST-TD-TEST2
                  dns_application_list: APP-LIST-TD-TEST2
                  dns: request
                  dscp: 54
                  packet_length: 1150
                  plp: high
                  protocols:
                    - 89
                    - 90
                    - 91
                  source_data_prefix_list: PREFIX-LIST-TD-TEST2
                  source_data_prefix: 10.2.1.0/24
                  source_ports:
                    - 676
                    - 53
                  source_port_ranges:
                    - from: 1001
                      to: 2000
                    - from: 3001
                      to: 4000
                  destination_data_prefix_list: PREFIX-LIST-TD-TEST1
                  destination_data_prefix: 10.1.1.0/24
                  destination_ports:
                    - 676
                    - 53
                  destination_port_ranges:
                    - from: 1001
                      to: 2000
                    - from: 3001
                      to: 4000
                  tcp: 'syn'
                  traffic_to: access
                actions:
                  nat_vpn: 
                    vpn_id: 0
                    nat_vpn_fallback: false
                  redirect_dns:
                    type: ipAddress
                    ip_address: 8.2.2.2
                  appqoe_optimization:
                    tcp: true
                    dre: true
                    service_node_group: SNG-APPQOE21
                  dscp: 42
                  forwarding_class: video_live
                  local_tloc_list: 
                    restrict: true
                    colors:
                      - custom1
                      - custom2
                    encaps:
                      - ipsec

Diagram​

Classes​

data_policy (sdwan.centralized_policies.definitions)​

traffic_data (sdwan.centralized_policies.definitions.data_policy)​

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)​

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)​

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)​

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)​

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)​

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)​

Examples​