03-12-2022 08:02 AM
I'm scratching my head looking at different service insertion policies trying to figure out why some examples state the policy is a control and others say its a data policy.
Is it that I can do both and its merely a choice of how I want the exact same outcome implemented?
What are the benefits of using 1 over the other?
Control policies are used to enable:
Service chaining
Traffic engineering
Extranet VPNs
Service and path affinity
Arbitrary VPN topologies
HOWEVER - this is right from vManage.
Solved! Go to Solution.
03-12-2022 05:57 PM
Hi Steytler -
Yes, Your understanding is correct. It is a combination of both control and data-policy.
It depends up on the (network) requirements.
To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller.
You use a control policy if the match criteria are based on a destination prefix or any of its attributes.
You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow.
If a service chain has more than one service that is connected to the same node, that is, both services are behind the same device, you use a combination of control policy and data policy to create the desired service chain.
You can provision the policy directly using the CLI, or it can be pushed from Cisco vManage.
HTH.
03-12-2022 05:57 PM
Hi Steytler -
Yes, Your understanding is correct. It is a combination of both control and data-policy.
It depends up on the (network) requirements.
To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller.
You use a control policy if the match criteria are based on a destination prefix or any of its attributes.
You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow.
If a service chain has more than one service that is connected to the same node, that is, both services are behind the same device, you use a combination of control policy and data policy to create the desired service chain.
You can provision the policy directly using the CLI, or it can be pushed from Cisco vManage.
HTH.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide