Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
377
Views
0
Helpful
3
Replies

SD-WAN service chaining how are packets redirected to service device?

njccnp
Level 1
Level 1

‎06-08-2025 12:52 PM

Suppose Site 4 has a service device (firewall, etc.) to share, and it advertises it as netsvc1 for service insertion. The edge router at this site receives a packet marked for this service. How does this edge device direct the packet to the service device? Presumably it cannot change the destination IP field, because then the packet will not continue to its intended destination. If it uses MPLS-like labels, then other routers in the path between the WAN edge router and the service device would have to also support said labels. If it uses the MAC address, then the service device would have to be directly connected to the WAN edge router. 

Labels:
0 Helpful
3 Replies 3

Kanan Huseynli
VIP
VIP

‎06-13-2025 12:57 PM

Hi,

indeed, service device (i.e firewall) should be at the same L2 domain with router who inserts that firewall as service.

There should be option with GRE also, but it is not supported on IOS XE.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/service-chaining.html

There is new approach named as "service insertion" which has more features and native support for several things:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/m-service-Insertion-in-cisco-catalyst-sd-wan-manager-20-13-and-later.html

Tunnel connected services are natively supported, now.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

ekhabaro
Cisco Employee
Cisco Employee

‎06-27-2025 04:52 AM

You can also configure data policy "from-tunnel" and set next-hop in it I believe, it was not supported in some very old versions before, but should work now. 

0 Helpful

wajidhassan
Level 4
Level 4

‎07-14-2025 08:13 AM

Packets are redirected using service insertion via data policy or localized forwarding, but the service device must be in the same L2 segment as the WAN edge. You can also use from-tunnel data policies with next-hop to steer traffic without touching the destination IP.

0 Helpful
Customers Also Viewed These Support Documents