Cisco SD-WAN Localized Control Policy BGP

Cisco SD-WAN offers a centralized policy (network-wide scope) and a localized policy (single-device scope). There are two localized policy types:

• Localized data policy
• Localized control policy

The localized data policy affects the data plane. You can influence the flow and data going in and out of an interface (queues).

The localized control plane affects the control plane. Therefore, you can manipulate routing decisions. In this lesson, I’ll explain how to configure a localized control policy so you can influence the BGP local preference.

In a nutshell, this is what we have to configure:

In a nutshell, here’s what we have to do:

• We create a prefix list that matches the traffic we want to influence.
• We create a localized policy that includes a route policy.
• We create a route policy where we configure two items:
  • Match condition: the prefix list.
  • Action: we set a local preference value.
• We add the localized policy to a device template and push it to the vEdge router.
• We add the route policy to the BGP feature template and push it to the vEdge router.

Let’s get started!

Configuration

This is the topology we’ll use:

This is the exact same topology that I used in the Cisco SD-WAN BGP configuration lesson. We are going to create a localized control policy to change the local preference for a prefix we receive from SW1. I use Cisco SD-WAN version 19.3.0.

system
 host-name               vEdge1
 system-ip               172.16.1.1
 site-id                 2
 sp-organization-name    nwl-lab-sdwan
 organization-name       nwl-lab-sdwan
 vbond 10.1.0.2
!
omp
 no shutdown
 graceful-restart
 advertise connected
 advertise static
!
vpn 0
 interface ge0/0
  ip address 10.65.91.1/24
  tunnel-interface
   encapsulation ipsec
   color biz-internet
   allow-service all
  !
  no shutdown
 !
 interface ge0/1
  ip address 10.65.92.1/24
  tunnel-interface
   encapsulation ipsec
   color public-internet
   allow-service all
  !
  no shutdown
 !
 ip route 10.1.0.0/24 10.65.91.100
!
vpn 10
 router
  bgp 1
   neighbor 10.2.1.101
    no shutdown
    remote-as 1
 !
 interface ge0/3
  ip address 10.2.1.1/24
  no shutdown
 !
 omp
  advertise connected
 !
!
vpn 512
 interface eth0
  shutdown

hostname SW1
!
ip cef
!
interface Loopback0
 ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0
 no switchport
 ip address 10.2.1.101 255.255.255.0
!
router bgp 1
 bgp log-neighbor-changes
 network 11.11.11.11 mask 255.255.255.255
 neighbor 10.2.1.1 remote-as 1
!
end

hostname SW2
!
ip cef
!
interface Loopback0
 ip address 22.22.22.22 255.255.255.255
!
interface GigabitEthernet0/1
 no switchport
 ip address 10.2.2.102 255.255.255.0
!
router ospf 1
 network 10.2.2.0 0.0.0.255 area 1
 network 22.22.22.22 0.0.0.0 area 1
!
end

Localized Control Policy

Let’s start with the policy. Go to Configuration > Policies > Localized Policy and click on Add Policy.

Prefix List

First, we’ll create a new prefix list:

This prefix list matches the loopback0 interface of SW1. Click on Add, and it will show up in the overview:

Route Policy

Click Next until you reach the Route Policy overview. Click on Add Route Policy and then Create New:

The route policy screen looks similar to the access control list. Enter a name and description, then click on + Sequence Type and + Sequence Rule:

Click on Match, select Address, and select the prefix list we created:

Now click on Actions, Local Preference, set a value (it doesn’t matter what you pick in this example), and click on Save Match And Actions:

Make sure the overview looks OK to you, then click on Save Route Policy:

We now have a route policy we can use. Click on Next:

In the final screen, give the localized policy a name and click on Save Policy:

Our localized policy is now ready: