5.

8 Cisco SD-WAN Policies

Summary 

Cisco SD-WAN policies comprise two components: routing policies and data policies. Policies
can be either centralized or local. The three building blocks that you use to create a vSmart
policy are lists, policy definitions, and policy application. All vSmart policies are configured on
Cisco vSmart controller, but where the policy is executed depends on the type of policy. Policies
are processed in sequential order and when a match occurs.
Control policies examine the vRoute and TLOC attributes carried in OMP updates. Data policies
act on an entire VPN and are not interface-specific. The default behavior of Cisco SD-WAN OMP
architecture is to advertise any configured VPN to any node where it is configured. A VPN
membership policy serves to restrict the distribution of VPN information from vSmart to those
that are explicitly approved.
You can classify packets by associating each packet with a forwarding class. For each
forwarding class, you can specify which output queue it uses and the bandwidth, delay buffer
size, and packet loss priority of the output queue. All control traffic is prioritized over other traffic
and is placed in the low-latency queue, Queue 0.
Mapping forwarding classes to output queues is the first step in configuring QoS forwarding.
Bandwidth, buffer level, and a RED drop profile can be associated with each queue. Data is
classified based on match conditions and is placed in the mapped queues for the identified
class. Rewrite rules allow you to change the DSCP values of data packets before they are
transmitted across the outbound WAN interfaces of the WAN Edge routers.
DIA provides a way to allow branches to have direct internet access instead of backhauling
internet traffic through a regional data center.