Cisco SD-WAN Localized Control Policy BGP

Cisco SD-WAN offers a centralized policy (network-wide scope) and a localized policy (single-device scope). There are two localized policy types:

The localized data policy affects the data plane. You can influence the flow and data going in and out of an interface (queues).

The localized control plane affects the control plane. Therefore, you can manipulate routing decisions. In this lesson, I’ll explain how to configure a localized control policy so you can influence the BGP local preference.

In a nutshell, this is what we have to configure:

Cisco Sd Wan Bgp Route Policy Overview

In a nutshell, here’s what we have to do:

  • We create a prefix list that matches the traffic we want to influence.
  • We create a localized policy that includes a route policy.
  • We create a route policy where we configure two items:
    • Match condition: the prefix list.
    • Action: we set a local preference value.
  • We add the localized policy to a device template and push it to the vEdge router.
  • We add the route policy to the BGP feature template and push it to the vEdge router.

Let’s get started!

Configuration





This is the topology we’ll use:

Cisco Sd Wan Vedge1 Sw1 Bgp Topology

This is the exact same topology that I used in the Cisco SD-WAN BGP configuration lesson. We are going to create a localized control policy to change the local preference for a prefix we receive from SW1. I use Cisco SD-WAN version 19.3.0.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

vEdge1

system
 host-name               vEdge1
 system-ip               172.16.1.1
 site-id                 2
 sp-organization-name    nwl-lab-sdwan
 organization-name       nwl-lab-sdwan
 vbond 10.1.0.2
!
omp
 no shutdown
 graceful-restart
 advertise connected
 advertise static
!
vpn 0
 interface ge0/0
  ip address 10.65.91.1/24
  tunnel-interface
   encapsulation ipsec
   color biz-internet
   allow-service all
  !
  no shutdown
 !
 interface ge0/1
  ip address 10.65.92.1/24
  tunnel-interface
   encapsulation ipsec
   color public-internet
   allow-service all
  !
  no shutdown
 !
 ip route 10.1.0.0/24 10.65.91.100
!
vpn 10
 router
  bgp 1
   neighbor 10.2.1.101
    no shutdown
    remote-as 1
 !
 interface ge0/3
  ip address 10.2.1.1/24
  no shutdown
 !
 omp
  advertise connected
 !
!
vpn 512
 interface eth0
  shutdown

SW1

hostname SW1
!
ip cef
!
interface Loopback0
 ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0
 no switchport
 ip address 10.2.1.101 255.255.255.0
!
router bgp 1
 bgp log-neighbor-changes
 network 11.11.11.11 mask 255.255.255.255
 neighbor 10.2.1.1 remote-as 1
!
end

SW2

hostname SW2
!
ip cef
!
interface Loopback0
 ip address 22.22.22.22 255.255.255.255
!
interface GigabitEthernet0/1
 no switchport
 ip address 10.2.2.102 255.255.255.0
!
router ospf 1
 network 10.2.2.0 0.0.0.255 area 1
 network 22.22.22.22 0.0.0.0 area 1
!
end

Localized Control Policy

Let’s start with the policy. Go to Configuration > Policies > Localized Policy and click on Add Policy.

Prefix List

First, we’ll create a new prefix list:

Cisco Sd Wan Localized Policy Prefix List

This prefix list matches the loopback0 interface of SW1. Click on Add, and it will show up in the overview:

Cisco Sd Wan Localized Policy Prefix List Overview

Route Policy

Click Next until you reach the Route Policy overview. Click on Add Route Policy and then Create New:

Cisco Sd Wan Localized Policy Route Policy

The route policy screen looks similar to the access control list. Enter a name and description, then click on + Sequence Type and + Sequence Rule:

Cisco Sd Wan Localized Policy Route Policy Name

Click on Match, select Address, and select the prefix list we created:

Cisco Sd Wan Localized Policy Route Policy Sequence Rule

Now click on Actions, Local Preference, set a value (it doesn’t matter what you pick in this example), and click on Save Match And Actions:

Cisco Sd Wan Localized Policy Route Policy Sequence Action

Make sure the overview looks OK to you, then click on Save Route Policy:

Cisco Sd Wan Localized Policy Route Policy Overview

We now have a route policy we can use. Click on Next:

Cisco Sd Wan Localized Policy Route Policy Overview Main

In the final screen, give the localized policy a name and click on Save Policy:

Cisco Sd Wan Localized Policy Route Final Screen

Our localized policy is now ready:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
578 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Forum Replies

  1. Hi,
    when i try to add a new localized policy for modifying BGP local preference i add the Prefix 11.11.11.11/32 under the “group of interest”. However in my lab i can see that under the “group of interest” “Policer” the Policer-List “POLICER-TEST” from the previous lesson is present. And i cannot remove it here. it gives me an error message that it is in use. Strange, because i try to add a new localized policy. This is then pushed to Vedge1 along with the BGP route policy when applying it to the device template…
    Same seems to be in Renes lab (In the video). B

    ... Continue reading in our forum

  2. Hello Oliver

    In the first screenshot you shared, you can see that the policy POLICER-TEST has a Reference Count of 2. This means that it is referenced by another entity and cannot be deleted. When a policy is then referenced by, say, an ACL, or is applied to a template, the policer is being referenced, and it thus cannot be deleted. Take a look to see where it has been referenced, remove that reference, and then it will let you delete the policy.

    I hope this has been helpful!

    Laz

  3. Hello
    I had the same situation above.
    Policer settings created in Group of Interest are automatically applied to Route Policy.
    I understand that if the Reference Count of the Policer List is 0, it can be deleted, but if I want to add another policy that does not require policing, how do I disable the policer?

    Kazuhiro

Ask a question or join the discussion by visiting our Community Forum