Chapter 7
Centralized Control Policies
Learning Objectives
- Memahami cara control policies mempengaruhi OMP routing
- Mengkonfigurasi route filtering dan manipulation
- Memahami topology control untuk hub-spoke dan mesh
- Mengimplementasikan service chaining
Route Filtering
Control policies dapat memfilter routes yang didistribusikan oleh vSmart.
Match Criteria:
- OMP Route: Filter berdasarkan prefix, TLOC, site-id
- TLOC Route: Filter berdasarkan color, encapsulation
- Service Route: Filter berdasarkan VPN, service type
Actions:
| Action | Description |
|---|---|
accept |
Allow route to be advertised |
reject |
Block route advertisement |
set |
Modify route attributes (preference, TLOC) |
Topology Control
Hub-and-Spoke Topology:
Force traffic through hub sites with control policies.
Policy Logic
match:
site-list: branch-sites
action:
set tloc-list: hub-tlocs
# Spoke routes only reachable via hubRestrict Full Mesh:
By default SD-WAN creates full mesh. Use control policy untuk membatasi konektivitas.
Use Case
Restrict connectivity antar branch sites sehingga semua traffic harus melalui DC untuk security inspection.
Service Chaining
Service chaining mengarahkan traffic melalui network services (firewall, IPS, etc) sebelum mencapai destination.
Service Types:
- FW: Firewall service
- IDS: Intrusion Detection System
- IDP: Intrusion Detection and Prevention
- netsvc: Generic network service
Service Chaining Flow:
- Traffic matches policy at ingress edge
- Policy redirects to service node
- Service inspects/modifies traffic
- Traffic continues to destination