Policy
Centralized policy can be built by either feature policy or cli policy.The focus for this example is feature policy. Centralized policy comprises of control policies , data policies and references to policy objects which is applied to all the sites.Only one centralized policy can be activated at any given instant.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”centralized_policies (sdwan)
Section titled “centralized_policies (sdwan)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| feature_policies | List | [feature_policies] | No |
feature_policies (sdwan.centralized_policies)
Section titled “feature_policies (sdwan.centralized_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9\-_]{1,127}$ | Yes | |
| description | String | Yes | ||
| hub_and_spoke_topology | List | [hub_and_spoke_topology] | No | |
| mesh_topology | List | [mesh_topology] | No | |
| custom_control_topology | List | [custom_control_topology] | No | |
| vpn_membership | List | [vpn_membership] | No | |
| application_aware_routing | List | [application_aware_routing] | No | |
| traffic_data | List | [traffic_data] | No | |
| cflowd | List | [cflowd] | No |
hub_and_spoke_topology (sdwan.centralized_policies.feature_policies)
Section titled “hub_and_spoke_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
mesh_topology (sdwan.centralized_policies.feature_policies)
Section titled “mesh_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
custom_control_topology (sdwan.centralized_policies.feature_policies)
Section titled “custom_control_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region | Class | [site_region] | Yes |
vpn_membership (sdwan.centralized_policies.feature_policies)
Section titled “vpn_membership (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
application_aware_routing (sdwan.centralized_policies.feature_policies)
Section titled “application_aware_routing (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region_vpn | Class | [site_region_vpn] | No |
traffic_data (sdwan.centralized_policies.feature_policies)
Section titled “traffic_data (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region_vpn | List | [site_region_vpn] | No |
cflowd (sdwan.centralized_policies.feature_policies)
Section titled “cflowd (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
site_region (sdwan.centralized_policies.feature_policies.custom_control_topology)
Section titled “site_region (sdwan.centralized_policies.feature_policies.custom_control_topology)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| site_lists_in | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| site_lists_out | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_lists_in | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_lists_out | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_in | Integer | min: 0, max: 63 | No | |
| region_out | Integer | min: 0, max: 63 | No |
site_region_vpn (sdwan.centralized_policies.feature_policies.application_aware_routing)
Section titled “site_region_vpn (sdwan.centralized_policies.feature_policies.application_aware_routing)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| region | Integer | min: 0, max: 63 | No | |
| vpn_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
site_region_vpn (sdwan.centralized_policies.feature_policies.traffic_data)
Section titled “site_region_vpn (sdwan.centralized_policies.feature_policies.traffic_data)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| direction | Choice | service, tunnel, all | Yes | |
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| region | Integer | min: 0, max: 63 | No | |
| vpn_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
Examples
Section titled “Examples”Example-1 : In the following example , the name of centralized policy has been configured as CP-Hub-and-Spoke-01 and is stitched together using following policies :
1.control policies.
TOPOLOGY-DC-OUT-01 which is applied to sites defined in site list CENTRAL-DC in the out direction TOPOLOGY-BR-T1-01 which is applied to sites defined in site list BR-T1 in the out direction TOPOLOGY-BR-T2-01 which is applied to sites defined in site list BR-T2 in the out direction
2.traffic data policies
DP-VPN10-01 which is applied to sites defined in site list CENTRAL-DC and BR-ALL for VPN list defined in VPN-PROD. DP-VPN11-01 which is applied to sites defined in site list CENTRAL-DC and BR-ALL for VPN list defined in VPN-Guest.
3.application aware routing
AAR-Policy-01 is applied to sites defined in site list CENTRAL-DC and BR-ALL for VPN list defined in VPN-PROD.
4.cflowd policy
CFLOW_DEFINITION_v01 is applied to sites defined in site list DC-BR-ALL
sdwan: centralized_policies: feature_policies: - name: CP-Hub-and-Spoke-01 description: Hub and Spoke | AAR | DP for QoS | cFlow custom_control_topology: - policy_definition: TOPOLOGY-DC-OUT-01 site_region: site_lists_out: - CENTRAL-DC - policy_definition: TOPOLOGY-BR-T1-01 site_region: site_lists_out: - BR-T1 - policy_definition: TOPOLOGY-BR-T2-01 site_region: site_lists_out: - BR-T2 traffic_data: - policy_definition: DP-VPN10-01 site_region_vpn: - direction: service site_lists: - CENTRAL-DC - BR-ALL vpn_lists: - VPN-PROD - policy_definition: DP-VPN11-01 site_region_vpn: - direction: service site_lists: - CENTRAL-DC - BR-ALL vpn_lists: - VPN-Guest application_aware_routing: - policy_definition: AAR-Policy-01 site_region_vpn: site_lists: - CENTRAL-DC - BR-ALL vpn_lists: - VPN-PROD cflowd: - policy_definition: CFLOW_DEFINITION_v01 site_lists: - DC-BR-ALLPolicy combines one or more Centralized policy definitions to create a Policy. These policies can then be activated to be applied to the SD-WAN deployment.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”centralized_policies (sdwan)
Section titled “centralized_policies (sdwan)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| feature_policies | List | [feature_policies] | No |
feature_policies (sdwan.centralized_policies)
Section titled “feature_policies (sdwan.centralized_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[A-Za-z0-9\-_]{1,127}$ | Yes | |
| description | String | Yes | ||
| hub_and_spoke_topology | List | [hub_and_spoke_topology] | No | |
| mesh_topology | List | [mesh_topology] | No | |
| custom_control_topology | List | [custom_control_topology] | No | |
| vpn_membership | List | [vpn_membership] | No | |
| application_aware_routing | List | [application_aware_routing] | No | |
| traffic_data | List | [traffic_data] | No | |
| cflowd | List | [cflowd] | No |
hub_and_spoke_topology (sdwan.centralized_policies.feature_policies)
Section titled “hub_and_spoke_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
mesh_topology (sdwan.centralized_policies.feature_policies)
Section titled “mesh_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
custom_control_topology (sdwan.centralized_policies.feature_policies)
Section titled “custom_control_topology (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region | Class | [site_region] | Yes |
vpn_membership (sdwan.centralized_policies.feature_policies)
Section titled “vpn_membership (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes |
application_aware_routing (sdwan.centralized_policies.feature_policies)
Section titled “application_aware_routing (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region_vpn | Class | [site_region_vpn] | No |
traffic_data (sdwan.centralized_policies.feature_policies)
Section titled “traffic_data (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_region_vpn | List | [site_region_vpn] | No |
cflowd (sdwan.centralized_policies.feature_policies)
Section titled “cflowd (sdwan.centralized_policies.feature_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_definition | String | Yes | ||
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
site_region (sdwan.centralized_policies.feature_policies.custom_control_topology)
Section titled “site_region (sdwan.centralized_policies.feature_policies.custom_control_topology)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| site_lists_in | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| site_lists_out | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_lists_in | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_lists_out | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_in | Integer | min: 0, max: 63 | No | |
| region_out | Integer | min: 0, max: 63 | No |
site_region_vpn (sdwan.centralized_policies.feature_policies.application_aware_routing)
Section titled “site_region_vpn (sdwan.centralized_policies.feature_policies.application_aware_routing)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| region | Integer | min: 0, max: 63 | No | |
| vpn_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
site_region_vpn (sdwan.centralized_policies.feature_policies.traffic_data)
Section titled “site_region_vpn (sdwan.centralized_policies.feature_policies.traffic_data)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| direction | Choice | service, tunnel, all | Yes | |
| site_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | No | |
| region_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
| region | Integer | min: 0, max: 63 | No | |
| vpn_lists | List | String[Regex: ^[A-Za-z0-9\-_]{1,32}$] | Yes |
Examples
Section titled “Examples”sdwan: centralized_policies: feature_policies: - name: Super_policy_test2 description: Super_policy_test2 hub_and_spoke_topology: - policy_definition: HST_DEFINITION_TEST1 mesh_topology: - policy_definition: MT_DEFINITION_TEST1 vpn_membership: - policy_definition: VPN_DEFINITION_TEST1 custom_control_topology: - policy_definition: CCT_DEFINITION_TEST1 site_region: site_lists_in: - CHICAGO-CCT-TEST site_lists_out: - DENVER-CCT-TEST - ATLANTA-CCT-TEST traffic_data: - policy_definition: TD_DEFINITION_TEST1 site_region_vpn: - direction: service site_lists: - GOA-TD-TEST vpn_lists: - VPN-LIST-TD-TEST1 - direction: all site_lists: - CHENNAI-TD-TEST vpn_lists: - VPN-LIST-TD-TEST2 cflowd: - policy_definition: CFLOW_DEFINITION_TEST2 site_lists: - MY-CFLOW-TEST application_aware_routing: - policy_definition: Test_application_aware_routing_number2 site_region_vpn: site_lists: - CHENNAI-TD-TEST vpn_lists: - VPN-LIST-TD-TEST1