Configure a centralized data policy for the SD-WAN Application Intelligence Engine (SAIE) flow using CLI commands.
This task enables you to configure a centralized data policy for the SD-WAN Application Intelligence Engine (SAIE) flow to control application traffic behavior across overlay network sites.
The SAIE flow provides application intelligence and traffic control capabilities in SD-WAN deployments. Use this configuration when you need to implement centralized policies for application traffic management across multiple sites.
In Cisco vManage Release 20.7.x and earlier releases, the SAIE flow is called the deep packet inspection (DPI) flow.
Follow these steps to configure a centralized data policy for the SD-WAN Application Intelligence Engine (SAIE) flow:
Procedure
| 1. | Create a list of overlay network sites to which the data policy is to be applied using the apply-policy command: Example:
The list can contain as many site IDs as necessary. Include one site-ID command for each site ID. For contiguous site IDs, you can specify a range of numbers separated with a dash (–). Create additional site lists, as needed. |
|
| 2. | Create lists of applications and application families that are to be subject to the data policy: Example:
Each list can contain one or more application names, or one or more application families. A single list cannot contain both applications and application families. |
|
| 3. | Create lists of IP prefixes and VPNs, as needed: Example:
|
|
| 4. | Create lists of TLOCs, as needed: Example:
|
|
| 5. | Define policing parameters, as needed: Example:
|
|
| 6. | Create a data policy instance and associate it with a list of VPNs: Example:
|
|
| 7. | Create a series of match–pair sequences: Example:
The match–action pairs are evaluated in order, by sequence number, starting with the lowest numbered pair and ending when the route matches the conditions in one of the pairs. Or if no match occurs, the default action is taken (either rejecting the route or accepting it as is). |
|
| 8. | Define match parameters based on applications: Example:
|
|
| 9. | Define additional match parameters for data packets: Example:
|
|
| 10. | Define actions to take when a match occurs: Example:
|
|
| 11. | For packets that are accepted, define the actions to take: Example:
|
|
| 12. | Apply the data policy to one or more sites: Example:
|
What to do next
Use the following show commands for visibility in to traffic classification:
-
show app DPI flows
-
show support DPI flows active detail
-
show app DPI application
-
show support DPI flows expired detail
-
show support DPI statistics