Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
2
Helpful
6
Replies

TLOC Preference in Template vs Central Policy

SD-Human
Level 1
Level 1

‎04-01-2024 11:27 PM

Hello experts, 

I have a question in SD-WAN about what happens if you define an interface template with TLOC preference in this way:

encapsulation ipsec preference 200 weight 1

And parelly you also define a Central Policy with a TLOC statement where you configure some TLOC Preference over some kind of traffic. For example TLOC route from HUB1 will get preference 250.

So basically I'm wondering what takes preference in this case, the local template or the central policy and why.

I can Imagine that in this case HUB1 will get 250 and the rest of TLOC routes 200...

 

 

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎04-02-2024 12:29 AM

check the how the SD-WAN Policy works :

Cisco SD-WAN policies can be classified as either centralized or localized policies. Centralized policies affect the flow of both centralized control plane traffic and data plane traffic that is forwarded across the SD-WAN overlay fabric. While localized policies control local routing and data plane traffic forwarding at the perimeter of the Cisco SD-WAN overlay network.

https://learningnetwork.cisco.com/s/article/cisco-sd-wan-policy#:~:text=Centralized%20policies%20affect%20the%20flow,Cisco%20SD%2DWAN%20overlay%20network.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎04-02-2024 12:54 AM

This OMP have same TLOC?

MHM

0 Helpful

SD-Human
Level 1
Level 1

‎04-02-2024 02:10 AM

Checking it seems I was misunderstanding the concepts.

as I understand it, the command "encapsulation ipsec preference" within the TLOC interface determines how you are presenting this TLOC to the network with an especific TLOC preference. This is how the rest of sdwan edges will see this TLOC.

It could be alter afterwards due to a Central Policy where you determine the TLOC preference outbound or inbound.

 

0 Helpful

Siva_193
Level 1
Level 1

‎04-02-2024 04:44 AM

your understanding is correct. "encapsulation ipsec preference" is overwritten by the Centralized control-policy, where you "match tloc" and setting the "preference".

0 Helpful

Kanan Huseynli
VIP
VIP

‎04-02-2024 07:49 AM

Hi,

depends on centralized control policy direction as well.

Suppose you have branches and hub. Branch A device has TLOC preference 200 in template configuration > all others see those TLOCs with 200 preference

If you have centralized control policy in IN direction from branch A which changes TLOC preference to be 250 > then others get preference 250

If you have centralized control policy in OUT direction to specific site (let it be branch B) which changes TLOC preference to be 250 > then branch B gets preference 250, others get preference 200

KananHuseynli_0-1712069065776.png

Picture is from Ciscolive page (Advanced Policy Tshoot BRKENT-3797)

 

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

ww4686101
Level 1
Level 1

‎04-05-2024 08:04 PM

Upon further review, it appears I misunderstood the concepts.

From my understanding, the command "encapsulation ipsec preference" within the TLOC interface dictates how you present this TLOC to the network with a specific TLOC preference. This is how the other SD-WAN edges will perceive this TLOC.

It could be modified later through a Central Policy where you specify the TLOC preference outbound or inbound.

0 Helpful
Customers Also Viewed These Support Documents