Cisco SD-WAN policy is a framework that enables centralized and localized management of both control plane and data plane traffic within a Software-Defined Wide Area Network (SD-WAN). This framework allows network administrators to define and enforce policies that influence routing behaviors, traffic flow, quality of service (QoS), and security measures across the network. Below image will give the overview of how the SDWAN policies are categorized.
Below image highlights the centralized nature of Cisco SD-WAN's control plane, with the vSmart controller being the focal point for routing, policies, and control-plane communication between edge devices. This approach improves scalability, simplifies policy enforcement, and ensures consistent network-wide behavior.
In Cisco SD-WAN, inbound and outbound policies are used to control traffic and routing behavior at different points within the network. These policies define how traffic entering or exiting a router or device is handled.
Inbound policies control how a router processes routing or traffic information that it receives from its neighbors (e.g., other routers or the vSmart controller).
Application:
Applied to incoming OMP routes, control plane data, or traffic entering a router interface.
Filters or modifies the routes or data that the device imports into its local routing table.
Use Cases:
Route Filtering: Allow or deny specific routes being advertised by the vSmart controller.
Route Manipulation: Adjust metrics, path preferences, or TLOC properties for specific routes before they are processed.
Traffic Handling: Control or classify traffic based on application or destination as it arrives at a router interface.
Example:
A router receives multiple routes to a destination. An inbound policy may prioritize certain routes based on latency or security, ensuring only the best paths are accepted
Outbound policies control how a router sends routing or traffic information to its neighbors (e.g., other routers or the vSmart controller).
Application:
Applied to outgoing OMP routes, control plane data, or traffic leaving a router interface.
Determines which routes or data the device advertises to its peers.
Use Cases:
Route Advertisement: Control which routes are advertised to vSmart or other devices, limiting unnecessary route sharing.
Route Modification: Apply specific attributes (e.g., preference, TLOC rewrite) to routes before advertising them.
Traffic Handling: Set up QoS policies or prioritize critical application traffic before it exits the router interface.
Example:
- A router may advertise only local subnets or apply a policy that manipulates TLOC properties for better performance when sending updates to vSmart.
Key Differences
| Feature | Inbound Policies | Outbound Policies |
| Scope | Incoming traffic or routes to a device | Outgoing traffic or routes from a device |
| Purpose | Controls what is received | Controls what is advertised or sent |
| Examples | Route filtering, route manipulation | Route advertisement control, QoS enforcement |
Outbound policy example:
Inbound policy example:
The centralized nature of Cisco SD-WAN, with the vSmart controller at its core, simplifies policy management and enforcement, leading to improved scalability and consistent network performance. As organizations continue to rely on SD-WAN for their networking needs, a solid grasp of these policies will be crucial for maintaining robust and efficient network operations.