Traffic Data - Service Chaining Definition
Service Chaining Definition define the matching conditions and Actions to configure Service Chaining. Example usage is traffic between branch sides is force via FW that is connected to hub or regional firewall. It requires that service chaining is defined in respective VPN template for device that connect to external entity (firewall or IDS).
Diagram
Section titled “Diagram”Classes
Section titled “Classes”data_policy (sdwan.centralized_policies.definitions)
Section titled “data_policy (sdwan.centralized_policies.definitions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
traffic_data | List | [traffic_data] | No |
traffic_data (sdwan.centralized_policies.definitions.data_policy)
Section titled “traffic_data (sdwan.centralized_policies.definitions.data_policy)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[A-Za-z0-9\-_]{1,127}$ | Yes | |
description | String | Yes | ||
default_action_type | Choice | accept , drop | Yes | |
sequences | List | [sequences] | No |
sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)
Section titled “sequences (sdwan.centralized_policies.definitions.data_policy.traffic_data)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
base_action | Choice | accept , drop | Yes | |
id | Integer | min: 1 , max: 65534 | Yes | |
name | String | Yes | ||
ip_type | Choice | ipv4 , ipv6 , all | No | ipv4 |
type | Choice | custom , service_chaining , qos , application_firewall , traffic_engineering | No | custom |
match_criterias | Class | [match_criterias] | No | |
actions | Class | [actions] | No |
match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)
Section titled “match_criterias (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
application_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
dns_application_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
dns | Choice | request , response | No | |
dscp | Integer | min: 0 , max: 63 | No | |
packet_length | Integer | min: 0 , max: 65535 | No | |
plp | Choice | low , high | No | |
protocols | List | Integer[min: 0 , max: 255 ] | No | |
source_data_prefix_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
source_data_prefix | String | No | ||
source_ports | List | Integer[min: 0 , max: 65535 ] | No | |
source_port_ranges | List | [source_port_ranges] | No | |
destination_data_prefix_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
destination_data_prefix | String | No | ||
destination_ports | List | Integer[min: 0 , max: 65535 ] | No | |
destination_port_ranges | List | [destination_port_ranges] | No | |
tcp | Choice | syn | No | |
traffic_to | Choice | access , core , service | No | |
destination_region | Choice | primary-region , secondary-region , other-region | No |
actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)
Section titled “actions (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
counter_name | String | Regex: ^[A-Za-z0-9\-_]{1,20}$ | No | |
log | Boolean | true , false | No | |
cflowd | Boolean | true , false | No | |
sig | Class | [sig] | No | |
redirect_dns | Class | [redirect_dns] | No | |
loss_correction | Class | [loss_correction] | No | |
nat_pool | Integer | min: 1 , max: 31 | No | |
nat_vpn | Class | [nat_vpn] | No | |
appqoe_optimization | Class | [appqoe_optimization] | No | |
dscp | Integer | min: 0 , max: 63 | No | |
forwarding_class | String | min: 1 , max: 32 | No | |
local_tloc_list | Class | [local_tloc_list] | No | |
next_hop | Class | [next_hop] | No | |
preferred_color_group | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
policer_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
service | Class | [service] | No | |
tloc | Class | [tloc] | No | |
tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
vpn | Integer | min: 0 , max: 65530 | No |
source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)
Section titled “source_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)
Section titled “destination_port_ranges (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “sig (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
enabled | Boolean | true , false | Yes | |
fallback_to_routing | Boolean | true , false | No |
redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “redirect_dns (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | host , umbrella , ipAddress | Yes | |
ip_address | IP | No |
loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “loss_correction (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | fecAdaptive , fecAlways , packetDuplication | Yes | |
loss_threshold_percentage | Integer | min: 1 , max: 5 | No |
nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “nat_vpn (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
vpn_id | Integer | min: 0 , max: 65530 | No | |
nat_vpn_fallback | Boolean | true , false | No |
appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “appqoe_optimization (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
tcp | Boolean | true , false | No | |
dre | Boolean | true , false | No | |
service_node_group | String | No |
local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “local_tloc_list (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
colors | List | Choice[default , mpls , metro-ethernet , biz-internet , public-internet , lte , 3g , red , green , blue , gold , silver , bronze , custom1 , custom2 , custom3 , private1 , private2 , private3 , private4 , private5 , private6 ] | Yes | |
encaps | List | Choice[ipsec , gre ] | No | |
restrict | Boolean | true , false | No |
next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “next_hop (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ip_address | IP | Yes | ||
when_next_hop_is_not_available | Choice | route_table_entry | No |
service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “service (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | appqoe , FW , IDP , IDS , netsvc1 , netsvc2 , netsvc3 , netsvc4 , netsvc5 | Yes | |
vpn | Integer | min: 0 , max: 65530 | No | |
tloc | Class | [tloc] | No | |
tloc_list | String | Regex: ^[A-Za-z0-9\-_]{1,32}$ | No | |
local | Boolean | true , false | No | |
restrict | Boolean | true , false | No |
tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)
Section titled “tloc (sdwan.centralized_policies.definitions.data_policy.traffic_data.sequences.actions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ip | IP | Yes | ||
color | Choice | default , mpls , metro-ethernet , biz-internet , public-internet , lte , 3g , red , green , blue , gold , silver , bronze , custom1 , custom2 , custom3 , private1 , private2 , private3 , private4 , private5 , private6 | Yes | |
encap | Choice | ipsec , gre | Yes |
Examples
Section titled “Examples”Example-1: A simple data policy that matches all traffic from VPN 20 and forces it via FW service insertion.
sdwan: centralized_policies: definitions: data_policy: traffic_data: - name: NAC-DATA-POLICY-BRANCH-VPN20-v1 description: Data policy for branch VPN 20 default_action_type: accept sequences: - base_action: accept id: 11 name: Default ip_type: ipv4 type: service_chaining actions: counter_name: ServiceInsertion service: type: FW vpn: 20