Cisco Catalyst SD-WAN Policies Configuration Guide, Releases 26.x and Later

PDF

Cisco Catalyst SD-WAN Policies Configuration Guide, Releases 26.x and Later

Overview of centralized policies

Want to summarize with AI?

Log in

Provides an overview of centralized policies in the network overlay.


Centralized policies refer to policies that are provisioned on Cisco SD-WAN Controllers, which are the centralized controllers in the Cisco Catalyst SD-WAN overlay network.


Types of centralized policies

Centralized policies are network management mechanisms that

  • control traffic routing and data flow throughout the overlay network from a central location

  • operate on different planes to affect either routing decisions or data traffic flow, and

  • are provisioned on the Cisco Catalyst SD-WAN Controller controller and applied network-wide.

Centralized control policy

Centralized control policy applies to the network-wide routing of traffic by affecting the information that is stored in the Cisco Catalyst SD-WAN Controller's route table and that is advertised to the Cisco IOS XE Catalyst SD-WAN devices. The effects of centralized control policy are seen in how Cisco IOS XE Catalyst SD-WAN devices direct the overlay network's data traffic to its destination.

Note
The centralized control policy configuration itself remains on the Cisco Catalyst SD-WAN Controller and is never pushed to local devices.

Centralized data policy

Centralized data policy applies to the flow of data traffic throughout the VPNs in the overlay network. These policies can permit and restrict access based either on a 6-tuple match (source and destination IP addresses and ports, DSCP fields, and protocol) or on VPN membership. These policies are pushed to the selected Cisco IOS XE Catalyst SD-WAN devices.

Centralized data policy based on packet header fields

Policy decisions affecting data traffic can be based on the packet header fields, specifically, on the source and destination IP prefixes, the source and destination IP ports, the protocol, and the DSCP.

This type of policy is often used to modify traffic flow in the network. These are some examples of the types of control that can be effected with a centralized data policy:

  • Which set of sources are allowed to send traffic to any destination outside the local site. For example, local sources that are rejected by such a data policy can communicate only with hosts on the local network.

  • Which set of sources are allowed to send traffic to a specific set of destinations outside the local site. For example, local sources that match this type of data policy can send voice traffic over one path and data traffic over another.

  • Which source addresses and source ports are allowed to send traffic to any destination outside the local site or to a specific port at a specific destination.