04-01-2024 11:27 PM
Hello experts,
I have a question in SD-WAN about what happens if you define an interface template with TLOC preference in this way:
encapsulation ipsec preference 200 weight 1
And parelly you also define a Central Policy with a TLOC statement where you configure some TLOC Preference over some kind of traffic. For example TLOC route from HUB1 will get preference 250.
So basically I'm wondering what takes preference in this case, the local template or the central policy and why.
I can Imagine that in this case HUB1 will get 250 and the rest of TLOC routes 200...
04-02-2024 12:29 AM
check the how the SD-WAN Policy works :
Cisco SD-WAN policies can be classified as either centralized or localized policies. Centralized policies affect the flow of both centralized control plane traffic and data plane traffic that is forwarded across the SD-WAN overlay fabric. While localized policies control local routing and data plane traffic forwarding at the perimeter of the Cisco SD-WAN overlay network.
04-02-2024 12:54 AM
This OMP have same TLOC?
MHM
04-02-2024 02:10 AM
Checking it seems I was misunderstanding the concepts.
as I understand it, the command "encapsulation ipsec preference" within the TLOC interface determines how you are presenting this TLOC to the network with an especific TLOC preference. This is how the rest of sdwan edges will see this TLOC.
It could be alter afterwards due to a Central Policy where you determine the TLOC preference outbound or inbound.
04-02-2024 04:44 AM
your understanding is correct. "encapsulation ipsec preference" is overwritten by the Centralized control-policy, where you "match tloc" and setting the "preference".
04-02-2024 07:49 AM
Hi,
depends on centralized control policy direction as well.
Suppose you have branches and hub. Branch A device has TLOC preference 200 in template configuration > all others see those TLOCs with 200 preference
If you have centralized control policy in IN direction from branch A which changes TLOC preference to be 250 > then others get preference 250
If you have centralized control policy in OUT direction to specific site (let it be branch B) which changes TLOC preference to be 250 > then branch B gets preference 250, others get preference 200
Picture is from Ciscolive page (Advanced Policy Tshoot BRKENT-3797)
05-31-2024 06:18 PM
very well explained Kanan... Now I finally get it... that's a very helpful picture... many thanks
04-05-2024 08:04 PM
Upon further review, it appears I misunderstood the concepts.
From my understanding, the command "encapsulation ipsec preference" within the TLOC interface dictates how you present this TLOC to the network with a specific TLOC preference. This is how the other SD-WAN edges will perceive this TLOC.
It could be modified later through a Central Policy where you specify the TLOC preference outbound or inbound.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide