Traffic Data - Service Chaining Definition

Version:

Service Chaining Definition define the matching conditions and Actions to configure Service Chaining. Example usage is traffic between branch sides is force via FW that is connected to hub or regional firewall. It requires that service chaining is defined in respective VPN template for device that connect to external entity (firewall or IDS).

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	No
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

Example-1: A simple data policy that matches all traffic from VPN 20 and forces it via FW service insertion.

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: NAC-DATA-POLICY-BRANCH-VPN20-v1
            description: Data policy for branch VPN 20
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 11
                name: Default
                ip_type: ipv4
                type: service_chaining
                actions:
                  counter_name: ServiceInsertion
                  service:
                    type: FW
                    vpn: 20

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	No
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

Example-1: A simple data policy that matches all traffic from VPN 20 and forces it via FW service insertion.

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: NAC-DATA-POLICY-BRANCH-VPN20-v1
            description: Data policy for branch VPN 20
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 11
                name: Default
                ip_type: ipv4
                type: service_chaining
                actions:
                  counter_name: ServiceInsertion
                  service:
                    type: FW
                    vpn: 20

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	No
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

Example-1: A simple data policy that matches all traffic from VPN 20 and forces it via FW service insertion.

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: NAC-DATA-POLICY-BRANCH-VPN20-v1
            description: Data policy for branch VPN 20
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 11
                name: Default
                ip_type: ipv4
                type: service_chaining
                actions:
                  counter_name: ServiceInsertion
                  service:
                    type: FW
                    vpn: 20

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	Yes
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

Example-1: A simple data policy that matches all traffic from VPN 20 and forces it via FW service insertion.

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: NAC-DATA-POLICY-BRANCH-VPN20-v1
            description: Data policy for branch VPN 20
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 11
                name: Default
                ip_type: ipv4
                type: service_chaining
                actions:
                  counter_name: ServiceInsertion
                  service:
                    type: FW
                    vpn: 20

Service Chaining Definition define the matching conditions and Actions to configure Service Chaining

Diagram

Classes

data_policy (sdwan.centralized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
traffic_data	List	`[traffic_data]`	No

traffic_data (sdwan.centralized_policies.definitions.data_policy)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9\-_]{1,127}$`	Yes
description	String		Yes
default_action_type	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)

Name	Type	Constraint	Mandatory	Default Value
base_action	Choice	`accept`, `drop`	Yes
id	Integer	min: `1`, max: `65534`	Yes
name	String		Yes
ip_type	Choice	`ipv4`, `ipv6`, `all`	No	`ipv4`
type	Choice	`custom`, `service_chaining`, `qos`, `application_firewall`, `traffic_engineering`	No	`custom`
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns_application_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
dns	Choice	`request`, `response`	No
dscp	Integer	min: `0`, max: `63`	No
packet_length	Integer	min: `0`, max: `65535`	No
plp	Choice	`low`, `high`	No
protocols	List	Integer[min: `0`, max: `255`]	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
source_data_prefix	String		No
source_ports	List	Integer[min: `0`, max: `65535`]	No
source_port_ranges	List	`[source_port_ranges]`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
destination_data_prefix	String		No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
destination_port_ranges	List	`[destination_port_ranges]`	No
tcp	Choice	`syn`	No
traffic_to	Choice	`access`, `core`, `service`	No
destination_region	Choice	`primary-region`, `secondary-region`, `other-region`	No

actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)

Name	Type	Constraint	Mandatory
counter_name	String	Regex: `^[A-Za-z0-9\-_]{1,20}$`	No
log	Boolean	`true`, `false`	No
cflowd	Boolean	`true`, `false`	No
sig	Class	`[sig]`	No
redirect_dns	Class	`[redirect_dns]`	No
loss_correction	Class	`[loss_correction]`	No
nat_pool	Integer	min: `1`, max: `31`	No
nat_vpn	Class	`[nat_vpn]`	No
appqoe_optimization	Class	`[appqoe_optimization]`	No
dscp	Integer	min: `0`, max: `63`	No
forwarding_class	String	min: `1`, max: `32`	No
local_tloc_list	Class	`[local_tloc_list]`	No
next_hop	Class	`[next_hop]`	No
preferred_color_group	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
policer_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
service	Class	`[service]`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
vpn	Integer	min: `0`, max: `65530`	No

source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	Yes
fallback_to_routing	Boolean	`true`, `false`	No

redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`host`, `umbrella`, `ipAddress`	Yes
ip_address	IP		No

loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`fecAdaptive`, `fecAlways`, `packetDuplication`	Yes
loss_threshold_percentage	Integer	min: `1`, max: `5`	No

nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
vpn_id	Integer	min: `0`, max: `65530`	No
nat_vpn_fallback	Boolean	`true`, `false`	No

appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
tcp	Boolean	`true`, `false`	No
dre	Boolean	`true`, `false`	No
service_node_group	String		No

local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
colors	List	Choice[`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`]	Yes
encaps	List	Choice[`ipsec`, `gre`]	Yes
restrict	Boolean	`true`, `false`	No

next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
when_next_hop_is_not_available	Choice	`route_table_entry`	No

service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
type	Choice	`appqoe`, `FW`, `IDP`, `IDS`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `netsvc5`	Yes
vpn	Integer	min: `0`, max: `65530`	No
tloc	Class	`[tloc]`	No
tloc_list	String	Regex: `^[A-Za-z0-9\-_]{1,32}$`	No
local	Boolean	`true`, `false`	No
restrict	Boolean	`true`, `false`	No

tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)

Name	Type	Constraint	Mandatory
ip	IP		Yes
color	Choice	`default`, `mpls`, `metro-ethernet`, `biz-internet`, `public-internet`, `lte`, `3g`, `red`, `green`, `blue`, `gold`, `silver`, `bronze`, `custom1`, `custom2`, `custom3`, `private1`, `private2`, `private3`, `private4`, `private5`, `private6`	Yes
encap	Choice	`ipsec`, `gre`	Yes

Examples

sdwan:
  centralized_policies:
    definitions:
      data_policy:
        traffic_data:
          - name: Test_control_number1
            description: Test_control_number1
            default_action_type: accept
            sequences:
              - base_action: accept
                id: 2
                name: rule2
                ip_type: ipv4
                type: service_chaining
                match_criterias:
                  application_list: APP-LIST-TD-TEST2
                  dscp: 54
                  packet_length: 1150
                  plp: high
                  protocols:
                    - 89
                    - 90
                    - 91
                  source_data_prefix_list: PREFIX-LIST-TD-TEST2
                  source_data_prefix: 10.2.1.0/24
                  source_ports:
                    - 676
                    - 53
                  source_port_ranges:
                    - from: 1001
                      to: 2000
                    - from: 3001
                      to: 4000
                  destination_data_prefix_list: PREFIX-LIST-TD-TEST1
                  destination_data_prefix: 10.1.1.0/24
                  destination_ports:
                    - 676
                    - 53
                  destination_port_ranges:
                    - from: 1001
                      to: 2000
                    - from: 3001
                      to: 4000
                  tcp: 'syn'
                actions:
                  log: true
                  counter_name: LOGGER-TD-TEST2
                  service:
                    type: FW
                    vpn: 62
                    tloc:
                      ip: 10.59.160.1
                      color: custom1
                      encap: ipsec