Traffic Data - Custom Definition

Custom sequences enable fine-grained control and customization over how traffic is handled within the SD-WAN network.

For example, a custom sequence in a data policy might include rules to identify specific applications, source/destination IP addresses and/or ports, or other attributes of network traffic. Based on these rules, the data policy can determine how to treat the identified traffic: prioritizing it, applying Quality of Service (QoS) actions, steering it through a specific path or service chain, among some other action types.

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	No
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

Example-1: This example demonstrates how to configure Traffic Data policy, which matching traffic based on Application Group (VOICE-APPS and BUSINESS-APPS, etc) and applying Quality of Service (QoS) action (defining forwarding class and DSCP value), and for the low priority applications steering traffic to specific transport with restrict option enabled. Each sequence has also counter configured.

sdwan:
  centralized_policies:
    definitions:
          - name: DP-VPN10-01
            description: DP-VPN10-01
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 1
                name: TRAFFIC-QOS
                ip_type: ipv4
                type: custom
                match_criterias:
                  application_list: VOICE-APPS
                actions:
                  counter_name: DP-VOICE-APPS
                  forwarding_class: CLASS-REALTIME
                  dscp: 46
              - base_action: accept
                id: 2
                name: TRAFFIC-QOS
                ip_type: ipv4
                type: custom
                match_criterias:
                  application_list: BUSINESS-APPS
                actions:
                  counter_name: DP-BUSINESS
                  forwarding_class: CLASS-BUSINESS
                  dscp: 26
              - base_action: accept
                id: 3
                name: TRAFFIC-QOS
                ip_type: ipv4
                type: custom
                match_criterias:
                  application_list: BULK-APPS
                actions:
                  counter_name: DP-BULK
                  forwarding_class: CLASS-BULK
                  dscp: 10
              - base_action: accept
                id: 4
                name: LOW-Priority-TLOC
                ip_type: ipv4
                type: custom
                match_criterias:
                  application_list: LOW-PRIORITY-APPS
                actions:
                  counter_name: DP-LOW-PRIORITY
                  forwarding_class: CLASS-LOW-PRIORITY
                  dscp: 8
                  local_tloc_list:
                    colors:
                      - "biz-internet"
                    encaps:
                      - ipsec
                    restrict: true

Example-2: This example demonstrates how to configure Traffic Data policy for Direct internet access usecase (Guest VPN). It is matching on data prefix list to drop traffic to spesific destinations and in another sequence steering traffic to the VPN 0 with nat_vpn action.

          - name: DP-VPN-02
            description: DP-VPN-GUEST
            default_action_type: accept
            sequences:
              - base_action: drop
                id: 1
                name: BOGON DROP
                ip_type: ipv4
                type: custom
                match_criterias:
                  destination_data_prefix_list: DPL-BOGON-ADDR
                actions:
                  counter_name: DPL-BOGON-ADDR-DROP
              - base_action: accept
                id: 10
                name: DIA
                ip_type: ipv4
                type: custom
                match_criterias:
                  source_data_prefix: 0.0.0.0/0
                actions:
                  counter_name: DPL-DIA
                  nat_vpn:
                    vpn_id: 0