Lesson Contents
Cisco SD-WAN offers a centralized policy (network-wide scope) and a localized policy (single-device scope). There are two localized policy types:
- Localized data policy
- Localized control policy
The localized data policy affects the data plane. You can influence the flow and data going in and out of an interface (queues).
The localized control plane affects the control plane. Therefore, you can manipulate routing decisions. In this lesson, I’ll explain how to configure a localized control policy so you can influence the BGP local preference.
In a nutshell, this is what we have to configure:
In a nutshell, here’s what we have to do:
- We create a prefix list that matches the traffic we want to influence.
- We create a localized policy that includes a route policy.
- We create a route policy where we configure two items:
- Match condition: the prefix list.
- Action: we set a local preference value.
- We add the localized policy to a device template and push it to the vEdge router.
- We add the route policy to the BGP feature template and push it to the vEdge router.
Let’s get started!
Configuration
This is the topology we’ll use:
This is the exact same topology that I used in the Cisco SD-WAN BGP configuration lesson. We are going to create a localized control policy to change the local preference for a prefix we receive from SW1. I use Cisco SD-WAN version 19.3.0.
Configurations
Want to take a look for yourself? Here you will find the startup configuration of each device.
vEdge1
system
host-name vEdge1
system-ip 172.16.1.1
site-id 2
sp-organization-name nwl-lab-sdwan
organization-name nwl-lab-sdwan
vbond 10.1.0.2
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
vpn 0
interface ge0/0
ip address 10.65.91.1/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
!
no shutdown
!
interface ge0/1
ip address 10.65.92.1/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
!
no shutdown
!
ip route 10.1.0.0/24 10.65.91.100
!
vpn 10
router
bgp 1
neighbor 10.2.1.101
no shutdown
remote-as 1
!
interface ge0/3
ip address 10.2.1.1/24
no shutdown
!
omp
advertise connected
!
!
vpn 512
interface eth0
shutdown
SW1
hostname SW1
!
ip cef
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0
no switchport
ip address 10.2.1.101 255.255.255.0
!
router bgp 1
bgp log-neighbor-changes
network 11.11.11.11 mask 255.255.255.255
neighbor 10.2.1.1 remote-as 1
!
end
SW2
hostname SW2
!
ip cef
!
interface Loopback0
ip address 22.22.22.22 255.255.255.255
!
interface GigabitEthernet0/1
no switchport
ip address 10.2.2.102 255.255.255.0
!
router ospf 1
network 10.2.2.0 0.0.0.255 area 1
network 22.22.22.22 0.0.0.0 area 1
!
end
Localized Control Policy
Let’s start with the policy. Go to Configuration > Policies > Localized Policy and click on Add Policy.
Prefix List
First, we’ll create a new prefix list:
This prefix list matches the loopback0 interface of SW1. Click on Add, and it will show up in the overview:
Route Policy
Click Next until you reach the Route Policy overview. Click on Add Route Policy and then Create New:
The route policy screen looks similar to the access control list. Enter a name and description, then click on + Sequence Type and + Sequence Rule:
Click on Match, select Address, and select the prefix list we created:
Now click on Actions, Local Preference, set a value (it doesn’t matter what you pick in this example), and click on Save Match And Actions:
Make sure the overview looks OK to you, then click on Save Route Policy:
We now have a route policy we can use. Click on Next:
In the final screen, give the localized policy a name and click on Save Policy:
Our localized policy is now ready:
Hi,
... Continue reading in our forumwhen i try to add a new localized policy for modifying BGP local preference i add the Prefix 11.11.11.11/32 under the “group of interest”. However in my lab i can see that under the “group of interest” “Policer” the Policer-List “POLICER-TEST” from the previous lesson is present. And i cannot remove it here. it gives me an error message that it is in use. Strange, because i try to add a new localized policy. This is then pushed to Vedge1 along with the BGP route policy when applying it to the device template…
Same seems to be in Renes lab (In the video). B
Hello Oliver
In the first screenshot you shared, you can see that the policy POLICER-TEST has a Reference Count of 2. This means that it is referenced by another entity and cannot be deleted. When a policy is then referenced by, say, an ACL, or is applied to a template, the policer is being referenced, and it thus cannot be deleted. Take a look to see where it has been referenced, remove that reference, and then it will let you delete the policy.
I hope this has been helpful!
Laz
Hello
I had the same situation above.
Policer settings created in Group of Interest are automatically applied to Route Policy.
I understand that if the Reference Count of the Policer List is 0, it can be deleted, but if I want to add another policy that does not require policing, how do I disable the policer?
Kazuhiro