Skip to content

Traffic Data - Custom Definition

Custom sequences enable fine-grained control and customization over how traffic is handled within the SD-WAN network.

For example, a custom sequence in a data policy might include rules to identify specific applications, source/destination IP addresses and/or ports, or other attributes of network traffic. Based on these rules, the data policy can determine how to treat the identified traffic: prioritizing it, applying Quality of Service (QoS) actions, steering it through a specific path or service chain, among some other action types.

Diagram

data_policy (sdwan.centralized_policies.definitions)

Section titled “data_policy (sdwan.centralized_policies.definitions)”
NameTypeConstraintMandatoryDefault Value
traffic_dataList[traffic_data]No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Section titled “traffic_data (sdwan.centralized_policies.definitions.data_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[A-Za-z0-9\-_]{1,127}$Yes
descriptionStringYes
default_action_typeChoiceaccept, dropYes
sequencesList[sequences]No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Section titled “sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)”
NameTypeConstraintMandatoryDefault Value
base_actionChoiceaccept, dropYes
idIntegermin: 1, max: 65534Yes
nameStringYes
ip_typeChoiceipv4, ipv6, allNoipv4
typeChoicecustom, service_chaining, qos, application_firewall, traffic_engineeringNocustom
match_criteriasClass[match_criterias]No
actionsClass[actions]No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Section titled “match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”
NameTypeConstraintMandatoryDefault Value
application_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
dns_application_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
dnsChoicerequest, responseNo
dscpIntegermin: 0, max: 63No
packet_lengthIntegermin: 0, max: 65535No
plpChoicelow, highNo
protocolsListInteger[min: 0, max: 255]No
source_data_prefix_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
source_data_prefixStringNo
source_portsListInteger[min: 0, max: 65535]No
source_port_rangesList[source_port_ranges]No
destination_data_prefix_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
destination_data_prefixStringNo
destination_portsListInteger[min: 0, max: 65535]No
destination_port_rangesList[destination_port_ranges]No
tcpChoicesynNo
traffic_toChoiceaccess, core, serviceNo
destination_regionChoiceprimary-region, secondary-region, other-regionNo

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Section titled “actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”
NameTypeConstraintMandatoryDefault Value
counter_nameStringRegex: ^[A-Za-z0-9\-_]{1,20}$No
logBooleantrue, falseNo
cflowdBooleantrue, falseNo
sigClass[sig]No
redirect_dnsClass[redirect_dns]No
loss_correctionClass[loss_correction]No
nat_poolIntegermin: 1, max: 31No
nat_vpnClass[nat_vpn]No
appqoe_optimizationClass[appqoe_optimization]No
dscpIntegermin: 0, max: 63No
forwarding_classStringmin: 1, max: 32No
local_tloc_listClass[local_tloc_list]No
next_hopClass[next_hop]No
preferred_color_groupStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
policer_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
serviceClass[service]No
tlocClass[tloc]No
tloc_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
vpnIntegermin: 0, max: 65530No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Section titled “source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”
NameTypeConstraintMandatoryDefault Value
fromIntegermin: 0, max: 65535Yes
toIntegermin: 0, max: 65535Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Section titled “destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”
NameTypeConstraintMandatoryDefault Value
fromIntegermin: 0, max: 65535Yes
toIntegermin: 0, max: 65535Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseYes
fallback_to_routingBooleantrue, falseNo

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
typeChoicehost, umbrella, ipAddressYes
ip_addressIPNo

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
typeChoicefecAdaptive, fecAlways, packetDuplicationYes
loss_threshold_percentageIntegermin: 1, max: 5No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
vpn_idIntegermin: 0, max: 65530No
nat_vpn_fallbackBooleantrue, falseNo

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
tcpBooleantrue, falseNo
dreBooleantrue, falseNo
service_node_groupStringNo

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
colorsListChoice[default, mpls, metro-ethernet, biz-internet, public-internet, lte, 3g, red, green, blue, gold, silver, bronze, custom1, custom2, custom3, private1, private2, private3, private4, private5, private6]Yes
encapsListChoice[ipsec, gre]No
restrictBooleantrue, falseNo

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
ip_addressIPYes
when_next_hop_is_not_availableChoiceroute_table_entryNo

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
typeChoiceappqoe, FW, IDP, IDS, netsvc1, netsvc2, netsvc3, netsvc4, netsvc5Yes
vpnIntegermin: 0, max: 65530No
tlocClass[tloc]No
tloc_listStringRegex: ^[A-Za-z0-9\-_]{1,32}$No
localBooleantrue, falseNo
restrictBooleantrue, falseNo

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Section titled “tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”
NameTypeConstraintMandatoryDefault Value
ipIPYes
colorChoicedefault, mpls, metro-ethernet, biz-internet, public-internet, lte, 3g, red, green, blue, gold, silver, bronze, custom1, custom2, custom3, private1, private2, private3, private4, private5, private6Yes
encapChoiceipsec, greYes

Example-1: This example demonstrates how to configure Traffic Data policy, which matching traffic based on Application Group (VOICE-APPS and BUSINESS-APPS, etc) and applying Quality of Service (QoS) action (defining forwarding class and DSCP value), and for the low priority applications steering traffic to specific transport with restrict option enabled. Each sequence has also counter configured.

sdwan:
centralized_policies:
definitions:
- name: DP-VPN10-01
description: DP-VPN10-01
default_action_type: accept
sequences:
- base_action: accept
id: 1
name: TRAFFIC-QOS
ip_type: ipv4
type: custom
match_criterias:
application_list: VOICE-APPS
actions:
counter_name: DP-VOICE-APPS
forwarding_class: CLASS-REALTIME
dscp: 46
- base_action: accept
id: 2
name: TRAFFIC-QOS
ip_type: ipv4
type: custom
match_criterias:
application_list: BUSINESS-APPS
actions:
counter_name: DP-BUSINESS
forwarding_class: CLASS-BUSINESS
dscp: 26
- base_action: accept
id: 3
name: TRAFFIC-QOS
ip_type: ipv4
type: custom
match_criterias:
application_list: BULK-APPS
actions:
counter_name: DP-BULK
forwarding_class: CLASS-BULK
dscp: 10
- base_action: accept
id: 4
name: LOW-Priority-TLOC
ip_type: ipv4
type: custom
match_criterias:
application_list: LOW-PRIORITY-APPS
actions:
counter_name: DP-LOW-PRIORITY
forwarding_class: CLASS-LOW-PRIORITY
dscp: 8
local_tloc_list:
colors:
- "biz-internet"
encaps:
- ipsec
restrict: true

Example-2: This example demonstrates how to configure Traffic Data policy for Direct internet access usecase (Guest VPN). It is matching on data prefix list to drop traffic to spesific destinations and in another sequence steering traffic to the VPN 0 with nat_vpn action.

- name: DP-VPN-02
description: DP-VPN-GUEST
default_action_type: accept
sequences:
- base_action: drop
id: 1
name: BOGON DROP
ip_type: ipv4
type: custom
match_criterias:
destination_data_prefix_list: DPL-BOGON-ADDR
actions:
counter_name: DPL-BOGON-ADDR-DROP
- base_action: accept
id: 10
name: DIA
ip_type: ipv4
type: custom
match_criterias:
source_data_prefix: 0.0.0.0/0
actions:
counter_name: DPL-DIA
nat_vpn:
vpn_id: 0