Traffic Data - Custom Definition
Custom sequences enable fine-grained control and customization over how traffic is handled within the SD-WAN network.
For example, a custom sequence in a data policy might include rules to identify specific applications, source/destination IP addresses and/or ports, or other attributes of network traffic. Based on these rules, the data policy can determine how to treat the identified traffic: prioritizing it, applying Quality of Service (QoS) actions, steering it through a specific path or service chain, among some other action types.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”data_policy (sdwan.centralized_policies.definitions)
Section titled “data_policy (sdwan.centralized_policies.definitions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
traffic_data | List | [traffic_data] | No |
traffic_data (sdwan.centralized_policies.definitions.data_policy)
Section titled “traffic_data (sdwan.centralized_policies.definitions.data_policy)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[A-Za-z0-9\-_]{1,127}$ | Yes | |
description | String | Yes | ||
default_action_type | Choice | accept , drop | Yes | |
sequences | List | [sequences] | No |
sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)
Section titled “sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
base_action | Choice | accept , drop | Yes | |
id | Integer | min: 1 , max: 65534 | Yes | |
name | String | Yes | ||
ip_type | Choice | ipv4 , ipv6 , all | No | ipv4 |
type | Choice | custom , service_chaining , qos , application_firewall , traffic_engineering | No | custom |
match_criterias | Class | [match_criterias] | No | |
actions | Class | [actions] | No |
match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)
Section titled “match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
application_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
dns_application_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
dns | Choice | request , response | No | |
dscp | Integer | min: 0 , max: 63 | No | |
packet_length | Integer | min: 0 , max: 65535 | No | |
plp | Choice | low , high | No | |
protocols | List | Integer[min: 0 , max: 255 ] | No | |
source_data_prefix_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
source_data_prefix | String | No | ||
source_ports | List | Integer[min: 0 , max: 65535 ] | No | |
source_port_ranges | List | [source_port_ranges] | No | |
destination_data_prefix_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
destination_data_prefix | String | No | ||
destination_ports | List | Integer[min: 0 , max: 65535 ] | No | |
destination_port_ranges | List | [destination_port_ranges] | No | |
tcp | Choice | syn | No | |
traffic_to | Choice | access , core , service | No | |
destination_region | Choice | primary-region , secondary-region , other-region | No |
actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)
Section titled “actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
counter_name | String | Regex: ^[A-Za-z0-9\-_]{1,20}$ | No | |
log | Boolean | true , false | No | |
cflowd | Boolean | true , false | No | |
sig | Class | [sig] | No | |
redirect_dns | Class | [redirect_dns] | No | |
loss_correction | Class | [loss_correction] | No | |
nat_pool | Integer | min: 1 , max: 31 | No | |
nat_vpn | Class | [nat_vpn] | No | |
appqoe_optimization | Class | [appqoe_optimization] | No | |
dscp | Integer | min: 0 , max: 63 | No | |
forwarding_class | String | min: 1 , max: 32 | No | |
local_tloc_list | Class | [local_tloc_list] | No | |
next_hop | Class | [next_hop] | No | |
preferred_color_group | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
policer_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
service | Class | [service] | No | |
tloc | Class | [tloc] | No | |
tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
vpn | Integer | min: 0 , max: 65530 | No |
source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)
Section titled “source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)
Section titled “destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
enabled | Boolean | true , false | Yes | |
fallback_to_routing | Boolean | true , false | No |
redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | host , umbrella , ipAddress | Yes | |
ip_address | IP | No |
loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | fecAdaptive , fecAlways , packetDuplication | Yes | |
loss_threshold_percentage | Integer | min: 1 , max: 5 | No |
nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
vpn_id | Integer | min: 0 , max: 65530 | No | |
nat_vpn_fallback | Boolean | true , false | No |
appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
tcp | Boolean | true , false | No | |
dre | Boolean | true , false | No | |
service_node_group | String | No |
local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
colors | List | Choice[default , mpls , metro-ethernet , biz-internet , public-internet , lte , 3g , red , green , blue , gold , silver , bronze , custom1 , custom2 , custom3 , private1 , private2 , private3 , private4 , private5 , private6 ] | Yes | |
encaps | List | Choice[ipsec , gre ] | No | |
restrict | Boolean | true , false | No |
next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ip_address | IP | Yes | ||
when_next_hop_is_not_available | Choice | route_table_entry | No |
service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | appqoe , FW , IDP , IDS , netsvc1 , netsvc2 , netsvc3 , netsvc4 , netsvc5 | Yes | |
vpn | Integer | min: 0 , max: 65530 | No | |
tloc | Class | [tloc] | No | |
tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
local | Boolean | true , false | No | |
restrict | Boolean | true , false | No |
tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ip | IP | Yes | ||
color | Choice | default , mpls , metro-ethernet , biz-internet , public-internet , lte , 3g , red , green , blue , gold , silver , bronze , custom1 , custom2 , custom3 , private1 , private2 , private3 , private4 , private5 , private6 | Yes | |
encap | Choice | ipsec , gre | Yes |
Examples
Section titled “Examples”Example-1: This example demonstrates how to configure Traffic Data policy, which matching traffic based on Application Group (VOICE-APPS and BUSINESS-APPS, etc) and applying Quality of Service (QoS) action (defining forwarding class and DSCP value), and for the low priority applications steering traffic to specific transport with restrict option enabled. Each sequence has also counter configured.
sdwan: centralized_policies: definitions: - name: DP-VPN10-01 description: DP-VPN10-01 default_action_type: accept sequences: - base_action: accept id: 1 name: TRAFFIC-QOS ip_type: ipv4 type: custom match_criterias: application_list: VOICE-APPS actions: counter_name: DP-VOICE-APPS forwarding_class: CLASS-REALTIME dscp: 46 - base_action: accept id: 2 name: TRAFFIC-QOS ip_type: ipv4 type: custom match_criterias: application_list: BUSINESS-APPS actions: counter_name: DP-BUSINESS forwarding_class: CLASS-BUSINESS dscp: 26 - base_action: accept id: 3 name: TRAFFIC-QOS ip_type: ipv4 type: custom match_criterias: application_list: BULK-APPS actions: counter_name: DP-BULK forwarding_class: CLASS-BULK dscp: 10 - base_action: accept id: 4 name: LOW-Priority-TLOC ip_type: ipv4 type: custom match_criterias: application_list: LOW-PRIORITY-APPS actions: counter_name: DP-LOW-PRIORITY forwarding_class: CLASS-LOW-PRIORITY dscp: 8 local_tloc_list: colors: - "biz-internet" encaps: - ipsec restrict: true
Example-2: This example demonstrates how to configure Traffic Data policy for Direct internet access usecase (Guest VPN). It is matching on data prefix list to drop traffic to spesific destinations and in another sequence steering traffic to the VPN 0 with nat_vpn action.
- name: DP-VPN-02 description: DP-VPN-GUEST default_action_type: accept sequences: - base_action: drop id: 1 name: BOGON DROP ip_type: ipv4 type: custom match_criterias: destination_data_prefix_list: DPL-BOGON-ADDR actions: counter_name: DPL-BOGON-ADDR-DROP - base_action: accept id: 10 name: DIA ip_type: ipv4 type: custom match_criterias: source_data_prefix: 0.0.0.0/0 actions: counter_name: DPL-DIA nat_vpn: vpn_id: 0