Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

Service Insertion/Chaining as Control vs Data policy

Go to solution
Steytler
Level 1
Level 1

‎03-12-2022 08:02 AM

I'm scratching my head looking at different service insertion policies trying to figure out why some examples state the policy is a control and others say its a data policy.

 

Is it that I can do both and its merely a choice of how I want the exact same outcome implemented?

 

What are the benefits of using 1 over the other?

 

  • Control policies are used to enable:

    1. Service chaining

    2. Traffic engineering

    3. Extranet VPNs

    4. Service and path affinity

    5. Arbitrary VPN topologies

       

      HOWEVER - this is right from vManage.   

       

      Screenshot 2022-03-12 105559.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee

‎03-12-2022 05:57 PM

Hi Steytler - 

 

Yes, Your understanding is correct.   It is a combination of both control and data-policy. 

It depends up on the (network) requirements.

 

To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller.

 

You use a control policy if the match criteria are based on a destination prefix or any of its attributes.

 

You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow.

 

If a service chain has more than one service that is connected to the same node, that is, both services are behind the same device, you use a combination of control policy and data policy to create the desired service chain.

 

You can provision the policy directly using the CLI, or it can be pushed from Cisco vManage.

 

HTH.

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee

‎03-12-2022 05:57 PM

Hi Steytler - 

 

Yes, Your understanding is correct.   It is a combination of both control and data-policy. 

It depends up on the (network) requirements.

 

To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller.

 

You use a control policy if the match criteria are based on a destination prefix or any of its attributes.

 

You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow.

 

If a service chain has more than one service that is connected to the same node, that is, both services are behind the same device, you use a combination of control policy and data policy to create the desired service chain.

 

You can provision the policy directly using the CLI, or it can be pushed from Cisco vManage.

 

HTH.

 

0 Helpful
Customers Also Viewed These Support Documents