apply-policy
apply-policy—Have a policy take effect by applying it to sites within the overlay network (on vSmart controllers only).
Command Hierarchy
For Application-Aware Routing Policy
apply-policy site-list list-name app-route-policy policy-name
For Centralized Control Policy
apply-policy site-list list-name control-policy policy-name (in | out)
For Centralized Data Policy
apply-policy site-list list-name data-policy policy-name (all | from-service | from-tunnel) cflowd-template template-name apply-policy site-list list-name vpn-membership policy-name
Options
- Cflowd Template
- cflowd-template template-name
For a centralized data policy that applies to cflowd flow collection, associate a flow collection template with the data policy.
- Policy Name
- app-route-policy policy-name
control-policy policy-name (in| out)
data-policy policy-name (all | from-service | from-tunnel)
vpn-membership policy-name
Name of the policy to apply to the specified sites. policy-name must match that which you specified in the control-policy, data-policy, or vpn-membership configuration command.
For centralized control policy, specify the direction in which to apply the policy. The in option applies the policy to packets before they are placed in the vSmart controller's RIB, so the specified actions affect the OMP routes stored in the RIB. The out option applies the policy to packets after they are exported from the RIB.
For centralized data policy, specify the direction in which to apply the policy. The all option (which is the default) applies to all data traffic passing through the vEdge router: the policy evaluates all data traffic going from the local site (that is, from the service side of the router) into the tunnel interface, and it evaluates all traffic entering to the local site through the tunnel interface. To apply the data policy only to policy exiting from the local site, use the from-service option. To apply the policy only to incoming traffic, use the from-tunnel option. You can apply different data policies in each of the two traffic directions. - Site List
- site-list list-name
List of sites to which to apply the policy. list-name must match a list name that you configured in the policy lists site-list portion of the configuration.
For the same type of policy, when you apply policies with apply-policy commands, the site IDs across all the site lists must be unique. That is, the site lists must not contain overlapping site IDs. An example of overlapping site IDs are those in the two site lists site-list 1 site-id 1-100 and site-list 2 site-id 70-130. Here, sites 70 through 100 are in both lists. If you were to apply these two site lists to two different control-policy policies, for example, the attempt to commit the configuration on the vSmart controller would fail. You can, however, apply one of these sites lists to a control-policy policy and the other to a data-policy policy. The restriction regarding overlapping site IDs applies to the following types of policies:
• Application-aware routing policy (app-route-policy)
• Centralized control policy (control-policy)
• Centralized data policy (data-policy)
• Centralized data policy used for cflowd flow monitoring (a data-policy that includes a cflowd action and an apply-policy that includes a cflowd-template command)
Operational Commands
show running-config apply-policy
Example
Apply a centralized control policy to the sites defined in the list west:
apply-policy site-list west control-policy change-tloc out
On a vSmart controller, configure site lists to use for control and data policies that contain overlapping site identifiers, and apply the policies to these site lists:
policy lists # site lists for control-policy site-list us-control-list site-id 1-200 site-list emea-control-site-list site-id 201-300 site-list apac-control-site-list site-id 301-400 # site lists for data-policy site-list platinum-site-list site-id 50-70 site-list titanium-site-list site-id 70-130 site-list rhodium-site-list site-id 131-301 control-policy us-control-policy ... control-policy emea-control-policy ... control-policy apac-control-policy ... data-policy platinum-data-policy ... data-policy titanium-data-policy ... data-policy rhodium-data-policy ... apply-policy # Apply control policies. Among the control policies, there is no overlap of site IDs. site-list us-control-site-list control-policy us-control-policy in # policy is applied to sites 1-200 # sites overlap with data-policy platinum-data-policy site-list emea-control-site-list control-policy emea-control-policy in # policy is applied to sites 201-300 # sites overlap with data-policy rhodium-data-policy site-list apac-control-site-list control-policy apac-control-site-list in # policy is applied to sites 301-400 # sites overlap with data-policy rhodium-data-policy # Apply data policies. Among the data policies, there is no overlay of site IDs. site-list platinum-site-list data-policy platinum-data-policy all # policy is applied to sites 50-70 # sites overlap with control-policy us-control-policy site-list titanium-site-list data-policy titanium-data-policy all # policy is applied to sites 70-130 # sites overlap with control-policy us-control-policy site-list rhodium-site-list data-policy rhodium-data-policy all # policy is applied to sites 131-301 # sites overlap with control-policy us-control-policy, # emea-control-policy, and apac-control-policy
Release Information
Command introduced in Viptela Software Release 14.1.
app-route-policy option added in Release 14.2.
cflowd-template option added in Release 14.3.
all, from-service, and from-tunnel options for centralized data policy added in Release 15.2.
In Release 15.4, added restrictions so that you cannot apply the same type of policy (for example, data-policy or control-policy) to site lists that contain overlapping site IDs.
In Release 16.3, add support for overlapping sites in different site lists.
Additional Information
See the Policy Overview and Policy CLI Reference articles for your software release.
action
cflowd-template
control-policy
data-policy
lists
match
policy
show policy from-vsmart