Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configuring Localized Control Policy

  1. Last updated
  2. Save as PDF

Localized control policy, which you configure on vEdge routers, lets you affect routing policy on the network at the local site where the vEdge router is located. This type of control policy is called route policy.

This article provides procedures for configuring localized control policy.

Configuration Components

A route policy consists of a series of numbered (ordered) sequences of match-action pair that are evaluated in order, from lowest sequence number to highest sequence number. When a packet matches one of the match conditions, the associated action is taken and policy evaluation on that packets stops. Keep this in mind as you design your policies to ensure that the desired actions are taken on the items subject to policy.

If a packet matches no parameters in any of the sequences in the policy configured, it is, by default, rejected and discarded.

The following figure illustrates the configuration components for localized control policy.

                             s00108.png

To create a localized control policy, you include the following components in the configuration on a vEdge router: AVIVA IS HERE

Component

Description

 vManage Configuration

CLI Configuration Command

Lists

Groupings of related items that you reference in the match and action portions of the control policy configuration.

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists

policy lists

Localized control policy instance

Container for localized control policy.

Configuration ► Policies ► Localized Policy ► Add Policy

policy control-policy
Network topology Conditions that define the network topology

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists

Numbered sequences of match–action pairs

Sequences that establish the order in which policy components are applied.

Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Topology and VPN Membership ► Add Topology ► Custom Control ► Sequence Type

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Add Topology ► Custom Control ► Sequence Type

policy control-policy sequence

Match parameters

Conditions that the routes and TLOCs must match to be considered for a control policy.

Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Topology and VPN Membership ► Add Topology ► Custom Control ► Sequence Type ► Sequence Rule

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Add Topology ► Custom Control ► Sequence Type ► Sequence Rule

policy control-policy sequence match route—Match OMP route properties, including things such as the originating protocol and IP prefixes.

policy control-policy sequence match tloc—Match transport location parameters, including things such as the domain ID and TLOC IP address.

Actions

Whether to accept or reject matching routes and TLOCs, and how to process matching items.

Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Topology and VPN Membership ► Add Topology ► Custom Control ► Sequence Type ► Sequence Rule

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Add Topology ► Custom Control ► Sequence Type ► Sequence Rule

policy control-policy sequence action

Default action

Action to take if a route or TLOC matches none of the match parameters in any of the sequences. By default, nonmatching routes and TLOCs are rejected.

Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Topology and VPN Membership ► Add Topology ► Custom Control ► Sequence Type ► Default Action

or

Configuration ► Policies ► Custom Options ► Localized Policy ► Add Topology ► Custom Control ► Sequence Type ► Default Action

policy control-policy default-action

Application of centralized control policy

For a control policy to take effect, you apply it to one or more sites in the overlay network.

Configuration ► Policies ► Localized Policy ► Add Policy ► Apply Policies to Sites and VPNs

apply-policy site-list control-policy

General vManage Configuration Procedure

To configure localized policies, use the vManage policy configuration wizard. The wizard is a UI policy builder that consists of five screens to configure and modify the following localized policy components:

  • Groups of interest, also called lists
  • Forwarding classes to use for QoS
  • Access control lists (ACLs)
  • Route policies
  • Policy settings

You configure some or all these components depending on the specific policy you are creating. To skip a component, click the Next button at the bottom of the screen. To return to a component, click the Back button at the bottom of the screen.

Step 1: Start the Policy Configuration Wizard

To start the policy configuration wizard:

  1. In vManage NMS, select the Configure ► Policies screen.
  2. Select the Localized Policy tab.
  3. Click Add Policy.

The policy configuration wizard opens, and the Create Groups of Interest screen is displayed.

Step 2: Configure Groups of Interest

In Create Groups of Interest, create lists of groups to use in localized policy:

G00461.png

  1. Create new lists, as described in the following table:
List Type Procedure
AS Path
  1. In the left bar, click AS Path.
  2. Click New AS Path List.
  3. Enter a name for the list.
  4. Enter the AS path, separating AS numbers with a comma.
  5. Click Add.
Community
  1. In the left bar, click Community.
  2. Click New Community List.
  3. Enter a name for the list.
  4. Enter the BGP community in the format aa:nn or as the string internet, local-as, no-advertise, or no-export, separating multiple items with a comma. For aa enter a 2-byte AS number, and for nn enter a 2-byte network number.
  5. Click Add.
Extended Community
  1. In the left bar, click Extended Community.
  2. Click New Extended Community List.
  3. Enter a name for the list.
  4. Enter the BGP extended community as rt (aa:nn | ip-address)​, for a route target community, or soo (aa:nn | ip-address), for a route origin community, separating multiple items with a comma. For aa enter a 2-byte AS number, and for nn enter a 2-byte network number.
  5. Click Add.
Mirror
  1. In the left bar, click TLOC.
  2. Click New TLOC List. The TLOC List popup displays.
  3. Enter a name for the list.
  4. In the TLOC IP field, enter the system IP address for the TLOC.
  5. In the Color field, select the TLOC's color.
  6. In the Encap field, select the encapsulation type.
  7. In the Preference field, optionally select a preference to associate with the TLOC.
  8. Click Add TLOC to add another TLOC to the list.
  9. Click Save.
Policer
  1. In the left bar, click VPN.
  2. Click New VPN List.
  3. Enter a name for the list.
  4. In the Add VPN field, enter one or more VPN IDs separated by commas.
  5. Click Add.
Prefix
  1. In the left bar, click Prefix.
  2. Click New Prefix List.
  3. Enter a name for the list.
  4. Enter the IP prefix in one of the following formats:
  • prefix/length—Exactly match a single prefix–length pair.
  • 0.0.0.0/0—Match any prefix–length pair.
  • 0.0.0.0/0 le length—Match any IP prefix whose length is less than or equal to length. For example, ip-prefix 0.0.0.0/0 le 16 matches all IP prefixes with lengths from /1 through /16.
  • 0.0.0.0/0 ge length—Match any IP prefix whose length is greater than or equal to length. For example, ip-prefix 0.0.0.0 ge 25 matches all IP prefixes with lengths from /25 through /32.
  • 0.0.0.0/0 ge length1 le length2, or 0.0.0.0 le length2 ge length1—Match any IP prefix whose length is greater than or equal to length1 and less than or equal to length2. For example, ip-prefix 0.0.0.0/0 ge 20 le 24 matches all /20, /21, /22, /23, and /24 prefixes. Also, ip-prefix 0.0.0.0/0 le 24 ge 20 matches the same prefixes. If length1 and length2​ are the same, a single IP prefix length is matched. For example, ip-prefix 0.0.0.0/0 ge 24 le 24 matches only /24 prefixes.
  1. Click Add.
  1. Click Next to move to Configure Forwarding Classes/QoS in the wizard.
  2. Click Next to move to Configure Access Control Lists in the wizard.
  3. Click Next to move to Configure Route Policies in the wizard. 

Step 3: Configure Route Policies

In Configure Route Policies, configure the routing policies:

G00467.png

To configure a route policy:

  1. In the Add Route Policy tab, select Create New.
  2. Enter a name and description for the route policy.
  3. In the left pane, click Add Sequence Type. A Route box is displayed in the left pane.
  4. Double-click the Route box, and type a name for the route policy.
  5. In the right pane, click Add Sequence Rule to create a single sequence in the policy. The Match tab is selected by default.
  6. Click a match condition.
  7. On the left, enter the values for the match condition.
  8. On the right enter the action or actions to take if the policy matches.
  9. Repeat Steps 6 through 8 to add match–action pairs to the route policy.
  10. To rearrange match–action pairs in the route policy, in the right pane drag them to the desired position.
  11. To remove a match–action pair from the route policy, click the X in the upper right of the condition.
  12. Click Save Match and Actions to save a sequence rule.
  13. To rearrange sequence rules in an route policy, in the left pane drag the rules to the desired position.
  14. To copy, delete, or rename an route policy sequence rule, in the left pane, click More Options next to the rule's name and select the desired option.
  15. If no packets match any of the route policy sequence rules, the default action is to drop the packets. To change the default action:
    1. Click Default Action in the left pane.
    2. Click the Pencil icon.
    3. Change the default action to Accept.
    4. Click Save Match and Actions.
  16. Click Next to move to Policy Overview in the wizard.
  17. Click Preview to view the full policy in CLI format.
  18. Click Save Policy.

Step 4: Apply a Route Policy in a Device Template

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. If you are creating a new device template:
    1. In the Device tab, click Create Template.
    2. From the Create Template drop-down, select From Feature Template.
    3. From the Device Model drop-down, select one of the vEdge devices.
    4. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
    5. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.
    6. Continue with Step 4.
  3. If you are editing an existing device template:
    1. In the Device tab, click the More Actions icon to the right of the desired template, and click the pencil icon.
    2. Click the Additional Templates tab. The screen scrolls to the Additional Templates section.
    3. From the Policy drop-down, select the name of a policy that you have configured.
  4. Click the Additional Templates tab located directly beneath the Description field. The screen scrolls to the Additional Templates section.
  5. From the Policy drop-down, select the name of the policy you configured in the above procedure.
  6. To apply a route policy to BGP:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select BGP.
    4. From the BGP drop-down, click Create Template or View Template.
    5. Select the Neighbor tab, click the plus sign (+), and click More.
    6. In Address Family, change the scope to Device Specific. Then, Click On to enable Address Family, Click On to enable Route Policy In, and specify the name of a route policy to apply to prefixes received from the neighbor, or click On to enable Route Policy Out, and specify the name of a route policy to apply to prefixes sent to the neighbor. This name is one that you configured with a policy route-policy command.
    7. Click Save to save the neighbor configuration, and then click Save to save the BGP configuration.
  7. To apply a route policy to routes coming from all OSPF neighbors:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select OSPF.
    4. Click Create Template or View Template.
    5. Select the Advanced tab.
    6. In Policy Name, specify the name of a route policy to apply to incoming routes. This name is one that you configured with a policy route-policycommand.
    7. Click Save.
  8. To apply a route policy before redistributing routes into OSPF:
    1. Scroll to the Service VPN section.
    2. In the Service VPN drop-down, type the service VPN number (a VPN number other than 0 or 512).
    3. From Additional VPN Templates, select OSPF.
    4. Click Create Template or View Template.
    5. Select the Redistribute tab, click the plus sign (+), and select the protocol from which to redistribute routes into OSPF.
    6. Specify the name of a route policy to apply to the routes being redistributed. This name is one that you configured with a policy route-policycommand.
    7. Click Save.
  9. Click Save (for a new template) or Update (for an existing template).

General CLI Configuration Procedure

To configure a route policy using the CLI:

  1. Create lists of prefixes, as needed:​
    vEdge(config)# policy
    vEdge(config-policy)# lists
    vEdge(config-lists)# prefix-list list-name
    vEdge(config-lists-list-name)# ip-prefix prefix/length
  2. Create lists of BGP AS paths, and community and extended community attributes, as needed:
    vEdge(config)# policy lists
    vEdge(config-lists)# as-path-list list-name
    vEdge(config-lists-list-name)# as-path path-list
    vEdge(config)# policy lists
    vEdge(config-lists)# community-list list-name
    vEdge(config-lists-list-name)# community [aa:nn | internet | local-as | no-advertise | no-export]
    vEdge(config-lists)# ext-community-list list-name
    vEdge(config-lists-list-name)# community [rt (aa:nn | ip-address) | soo (aa:nn | ip-address)]
  1. Create a route policy instance:
    vEdge(config)# policy route-policy policy-name
    vEdge(config-route-policy-policy-name)#
  2. Create a series of match–action pair sequences:
    vEdge(config-route-policy-policy-name)# sequence number
    vEdge(config-sequence-number)#
    The match–action pairs are evaluated in order, by sequence number, starting with the lowest numbered pair and ending when the route matches the conditions in one of the pairs. Or if no match occurs, the default action is taken (either rejecting the route or accepting it as is).
  3. Define match parameters for routes:
    vEdge(config-sequence-number)# match match-parameter
  4. Define actions to take when a match occurs:
    vEdge(config-sequence-number)# action reject
    vEdge(config-sequence-number)# action accept set parameter
  5. Create additional numbered sequences of match–action pairs within the router policy, as needed.
  6. If a route does not match any of the conditions in one of the sequences, it is rejected by default. To accept nonmatching routes, configure the default action for the policy:
    vEdge(config-policy-name)# default-action accept
  7. Apply the policy to a BGP address family, to all OSPF inbound routes, or when redistributing OSPF routes:
    vEdge(config)# vpn vpn-id router bgp local-as-number neighbor address
    vEdge(config-neighbor)# address-family ipv4-unicast
    vEdge(config-address-family-ipv4-unicast)# route-policy policy-name (in | out)

    vEdge(config)# vpn vpn-id router ospf
    vEdge(config-ospf)# route-policy policy-name in

    vEdge(config)# vpn vpn-id router ospf
    vEdge(config-ospf)# redistribute (bgp | connected | nat | omp | static) route-policy policy-name

Structural Components of Policy Configuration for Localized Control Policy

Following are the structural components required to configure localized control policy. Each one is explained in more detail in the sections below.

policy
  lists
    as-path-list list-name
      as-path path-list
    community-list list-name
      community [aa:nn | internet | local-as | no-advertise | no-export]
    ext-community-list list-name
      community [rt (aa:nn | ip-address) | soo (aa:nn | ip-address)]
    prefix-list list-name
      ip-prefix prefix/length
  route-policy policy-name
    sequence number
      match
        match-parameters
      action
        reject
        accept
          set parameters
    default-action
      (accept | reject)
 vpn vpn-id router bgp local-as-number neighbor address
   address-family ipv4-unicast
     route-policy policy-name (in | out)
 vpn vpn-id router ospf
   route-policy policy-name in
   redistribute (bgp | connected | nat | omp | static) route-policy policy-name

Lists

Route policy uses the following types of lists to group related items. You configure lists under the policy lists command hierarchy on vEdge routers.

List Type

Description

vManage Configuration/
CLI Configuration Command

AS paths

List of one or more BGP AS paths. You can write each AS as a single number or as a regular expression. To specify more than one AS in a single path, include the list in quotation marks (" "). To configure multiple AS paths in a single list, include multiple as-path options, specifying one AS path in each option.

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest ► AS Path

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists ► AS Path

as-path-list list-name
  as-path path-list

Communities

 List of one of more BGP communities. In community, you can specify:
aa:nn: Autonomous system number and network number. Each number is a 2-byte value with a range from 1 to 65535.
internet: Routes in this community are advertised to the Internet community. This community comprises all BGP-speaking networking devices.
local-as: Routes in this community are not advertised outside the local AS.
no-advertise: Attach the NO_ADVERTISE community to routes. Routes in this community are not advertised to other BGP peers.
no-export: Attach the NO_EXPORT community to routes. Routes in this community are not advertised outside the local AS or outside a BGP confederation boundary.
To configure multiple BGP communities in a single list, include multiple community options, specifying one community in each option.

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest ► Community

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists ► Community

community-list list-name
  community [aa:nn | internet | local-as | no-advertise | no-export]

Extended communities

 List of one or more BGP extended communities. In community, you can specify:
rt (aa:nn | ip-address)​: Route target community, which is one or more routers that can receive a set of routes carried by BGP. Specify this as the autonomous system number and network number, where each number is a 2-byte value with a range from 1 to 65535, or as an IP address.
soo (aa:nn | ip-address)​: Route origin community, which is one or more routers that can inject a set of routes into BGP. Specify this as the autonomous system number and network number, where each number is a 2-byte value with a range from 1 to 65535, or as an IP address.
To configure multiple extended BGP communities in a single list, include multiple community options, specifying one community in each option.

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest ► Extended Community

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists ► Extended Community

ext-community-list list-name
  community [rt (aa:nn | ip-address) | soo (aa:nn | ip-address)]

Prefixes

List of one or more IP prefixes. To configure multiple prefixes in a single list, include multiple ip-prefix options, specifying one prefix in each option.
Specify the IP prefixes as follows:
prefix/length—Exactly match a single prefix–length pair.
0.0.0.0/0—Match any prefix–length pair.
0.0.0.0/0 le length—Match any IP prefix whose length is less than or equal to length. For example, ip-prefix 0.0.0.0/0 le 16 matches all IP prefixes with lengths from /1 through /16.
0.0.0.0/0 ge length—Match any IP prefix whose length is greater than or equal to length. For example, ip-prefix 0.0.0.0 ge 25 matches all IP prefixes with lengths from /25 through /32.
0.0.0.0/0 ge length1 le length2, or 0.0.0.0 le length2 ge length1—Match any IP prefix whose length is greater than or equal to length1 and less than or equal to length2. For example, ip-prefix 0.0.0.0/0 ge 20 le 24 matches all /20, /21, /22, /23, and /24 prefixes. Also, ip-prefix 0.0.0.0/0 le 24 ge 20 matches the same prefixes. If length1 and length2​ are the same, a single IP prefix length is matched. For example, ip-prefix 0.0.0.0/0 ge 24 le 24 matches only /24 prefixes.

Configuration ► Policies ► Localized Policy ► Add Policy ► Create Groups of Interest ► Prefix

Configuration ► Policies ► Custom Options ► Localized Policy ► Lists ► Prefix

prefix-list list-name
  ip-prefix prefix/length

Sequences

A localized control policy contains sequences of match–action pairs. The sequences are numbered to set the order in which a route is analyzed by the match–action pairs in the policy.

In vManage NMS, you configure sequences from:

  • Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Route Policy ► Sequence Type

  • Configuration ► Policies ► Custom Options ► Localized Policy ► Route Policy ► Sequence Type

In the CLI, you configure sequences with the route-policy sequence command.

Each sequence in a localized control policy can contain one match condition and one action condition.

Match Parameters

In vManage NMS, you configure sequences from:

  • Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Route Policy ► Sequence Type ► Sequence Rule ► Match

  • Configuration ► Policies ► Custom Options ► Localized Policy ► Route Policy ► Sequence Type ► Sequence Rule ► Match

In the CLI, you configure sequences with the route-policy sequence match command.

For route policy routes, you can match these attributes:

Description

vManage Configuration/
CLI Configuration Command

Value or Range

IP prefix or prefixes from which the route was learned

Match Address

address list-name

Name of an IP prefix list

BGP AS paths

Match AS Path List

as-path list-name

Name of an AS path list

BGP communities

Match Community List

community list-name

Name of a BGP community list

BGP extended communities

Match Extended Community List

ext-community list-name

Name of a BGP extended community list
BGP local preference

Match BGP Local Preference

local-preference number

 0 through 4294967295

Route metric

Match Metric

metric number

0 through 4294967295

Next hop

Match Next Hop

next-hop list-name

Name of an IP prefix list
OMP tag for OSPF

Match OMP Tag

omp-tag number

0 through 4294967295

BGP origin code

Match Origin

origin origin

egp (default), igp, incomplete
OSPF tag value

Match OSPF Tag

ospf-tag number

 0 through 4294967295

Peer address

Match Peer

peer address

IP address

Action Parameters

For each match condition, you configure a corresponding action to take if the packet matches.

In vManage NMS, you configure match parameters from:

  • Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Route Policy ► Sequence Type ► Sequence Rule ► Action

  • Configuration ► Policies ► Custom Options ► Localized Policy ► Configure Route Policy ► Sequence Type ► Sequence Rule ► Action

In the CLI, you configure actions with the policy control-policy action command.

Each sequence in a localized control policy can contain one action condition.

When a route matches the conditions in the match portion of a route policy, the route can be accepted or rejected:

Description

vManage Configuration/
CLI Configuration Command

Value or Range

Accept the route. An accepted route is eligible to be modified by the additional parameters configured in the action portion of the policy configuration.

Click Accept

accept

Discard the packet.

Click Reject

reject

Then, for a route that is accepted, the following actions can be configured:

Description

vManage Configuration/
CLI Configuration Command

Value or Range

Set the AS number in which a BGP route aggregator is located and the IP address of the route aggregator.

Click Accept, then action Aggregator

set aggregator as-number ip-address

1 through 65535

Set an AS number or a series of AS numbers to exclude from the AS path or to prepend to the AS path.

Click Accept, then action AS Path

set as‑path (exclude | prepend) as‑number

1 through 65535

Set the BGP atomic aggregate attribute.

Click Accept, then action Atomic Aggregate

set atomic-aggregate

Set the BGP community value.

Click Accept, then action Community

set community value

[aa:nn | internet | local-as | no-advertise | no-export]

Set the BGP local preference.

Click Accept, then action Local Preference

set local-preference number

0 through 4294967295

Set the metric value.

Click Accept, then action Metric

set metric number

0 through 4294967295

Set the metric type.

Click Accept, then action Metric Type

set metric-type type

type1, type2

Set the next-hop address.

Click Accept, then action Next Hop

set next-hop ip-address

IP address
Set the OMP tag for OSPF to use.

Click Accept, then action OMP Tag

set omp-tag number

0 through 4294967295

Set the BGP origin code.

Click Accept, then action Origin

set origin origin

egp, igp (default), incomplete

Set the IP address from which the route was learned.

Click Accept, then action Originator

set originator ip-address

IP address

Set the OSPF tag value.

Click Accept, then action OSPF Tag

set ospf-tag number

0 through 4294967295

Set the BGP weight.

Click Accept, then action Weight

set weight number

0 through 4294967295

To display the OMP and OSPF tag values associated with a route, use the show ip routes detail command.

Default Action

If a route being evaluated does not match any of the match conditions in a localized control policy, a default action is applied to this route. By default, the route is rejected.

In vManage NMS, you modify the default action from Configuration ► Policies ► Localized Policy ► Add Policy ► Configure Route Policy ► Sequence Type ► Sequence Rule ► Default Action.

In the CLI, you modify the default action with the control policy default-action accept command.

Applying Route Policy for BGP

For a route policy to take effect for BGP, you must apply it to an address family. Currently, the Viptela software supports only the IPv4 address family.

To apply a BGP route policy in vManage NMS:

  1. In vManage NMS, select the Configure ► Templates screen.
  2. In the Device tab, click the Create Template drop-down and select From Feature Template.
  3. From the Device Model drop-down, select the type of device for which you are creating the template. vManage NMS displays all the feature templates for that device type. The required feature templates are indicated with an asterisk (*), and the remaining templates are optional. The factory-default template for each feature is selected by default.
  4. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.
  5. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.
  6. In the Basic Information bar, click the Service VPN tab.
  7. In the Service VPN field, select the VPN number.
  8. In Additional VPN Templates, select BGP.
  9. Select Create Template.
  10. In the Basic Configuration bar, click IPv4 Unicast Address Family.
  11. In the Address Family field, select ipv4-unicast.
  12. In the Redistribute tab, click New Redistribute.
  13. In the Route Policy field, enter the name of the route policy to apply to redistributed routes.
  14. Click Add.
  15. Click Save.

To apply a BGP route policy in the CLI:

vEdge(config)# vpn vpn-id router bgp local-as-number neighboraddress address-family ipv4-unicast route-policy policy-name (in | out)

Applying the policy in the inbound direction (in) affects routes being received by BGP. Applying the policy in the outbound direction (out) affects routes being advertised by BGP.

Applying Route Policy for OSPF

For a route policy to take effect for OSPF, you can apply it to all inbound traffic.

To apply an OSPF route policy in vManage NMS:

  1. In vManage NMS, select the Configure ► Templates screen.
  2. In the Device tab, click the Create Template drop-down and select From Feature Template.
  3. From the Device Model drop-down, select the type of device for which you are creating the template. vManage NMS displays all the feature templates for that device type. The required feature templates are indicated with an asterisk (*), and the remaining templates are optional. The factory-default template for each feature is selected by default.
  4. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.
  5. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.
  6. In the Basic Information bar, click the Service VPN tab.
  7. In the Service VPN field, select the VPN number.
  8. In Additional VPN Templates, select OSPF.
  9. Select Create Template.
  10. In the Basic Configuration bar, click Redistribute.
  11. Click New Redistribute.
  12. In the Route Policy field, enter the name of the route policy to apply to redistributed routes.
  13. Click Add.
  14. Click Save.

To apply an OSPF route policy in the CLI:

vEdge(config)# vpn vpn-id router ospf route-policy policy-name in

You can also apply the policy when redistributing routes into OSPF:

vEdge(config)# vpn vpn-id router ospf redistribute (bgp | connected | nat | omp | static) route-policy policy-name

Additional Information

Localized Control Policy

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. control policy 18.4