Localized policies

2.2.d Localized policies overview (not on blueprint)

General information on “SDW Localized policies overview”:

• Defined on vManage => NETCONF transaction to the vEdge
• Policies can be created using the wizard or by entering a CLI text-style configuration
• vManage wizard and the CLI text-style configuration have feature parity
• vEdge must be in “vManage mode” (configuration done via vManage) to be able to accept localized policies
• Unlike centralized policies, direct configuration changes will be applied to the vEdges which will be persistent even after a reboot of the device
• Configuration process (high level overview):
  1. Create groups of interest (eg. BGP AS Path, BGP Community, QoS Class Map, Policer, …)
  2. Configure QoS (optional - mandatory if no other policies are configured)
  3. Configure ACLs (optional - mandatory if no other policies are configured)
  4. Configure Route Policies (optional - mandatory if no other policies are configured)
  5. Apply policy to device configuration template and update the device policy
  6. Modify the interface feature template of the device to apply the localized policy
• Policies can be modified after they’ve been created

2.2.d Localized QoS policy

// Graphic missing - Coming soon //

General information on “SDW Localized QoS policy”:

• When configuring localized policies (QoS/ACLs/…), everything must be seen from the vEdge interface perspective, therefor the following is valid for Service VPNs:
  • Outbound direction: Traffic going TO the local subnets (= away from the router).
  • Inbound direction: Traffic coming FROM the local subnets (= into the router).
• Per-egress interface queueing:
  • 8 queues available (queue 0 to queue 7)
  • Queue 0 is always LLQ
  • vEdge control traffic always goes into Queue 0
• QoS configuration proccess:
  1. QoS queueing/scheduling:
     1. Create Class-Maps
     2. Configuring QoS scheduler for each Forwarding Class (class-map)
     3. Configuring QoS maps (groups of QoS schedulers)
     4. Apply QoS queueing/scheduling to egress interface (normally VPN0)
  2. Classification/marking:
     1. Create ACL to match traffic/assign to class-map/set DSCP
     2. Apply classification/marking ACL to ingress interface (normally service-side VPN)
• Configuration via vManage GUI:
  1. Create localized policy
  2. Apply localized policy to a device template under the “Additional Templates” –> “Policy” section
  3. Two options to apply a QoS policy:
     1. Apply QoS map to an interface under the feature template
     2. …AND/OR…
     3. Apply ACL to an interface under the feature template
• By default, the inner QoS values of the traffic within the IPSEC tunnel are copied to the outer packet header
• Traffic policers are configured under Localized Policy -> Lists and applied under the interface template whereas Traffic shapers are directly configured under the interface template
• Important: When using VLAN sub-interfaces the policy must be applied directly at them and NOT under the physical interface within VPN0!