Policy Applications CLI Reference
CLI commands for configuring and monitoring policy applications.
Application-Aware Routing Command Hierarchy
Configure and apply the policy on vSmart controllers:
policy lists app-list list-name (app application-name | app-family application-family) data-prefix-list list-name ip-prefix prefix/length site-list list-name site-id site-id vpn-list list-name vpn vpn-id sla-class sla-class-name jitter milliseconds latency milliseconds loss percentage
policy app-route-policy policy-name vpn-list list-name default-action sla-class sla-class-name sequence number match app-id app-id-name destination-data-prefix-list list-name destination-ip prefix/length destination-port number dscp number plp (high | low) protocol number source-data-prefix-list list-name source-ip prefix/length source-port address action backup-sla-preferred-color color count log sla-class sla-class-name [preferred-color color] [strict] default-action sla-class sla-class-name
apply-policy site-list list-name app-route-policy policy-name
Configure the data plane tunnel performance monitoring parameters on the vEdge router:
bfd app-route multiplier number poll-interval milliseconds color color hello-interval milliseconds multiplier number pmtu-discovery
Cflowd Traffic Flow Monitoring Command Hierarchy
Configure on vSmart controllers only.
policy lists prefix-list list-name ip-prefix prefix/length site-list list-name site-id site-id vpn-list list-name vpn vpn-id cflowd-template template-name collector vpn vpn-id address ip-address port port-number transport transport-type flow-active-timeout seconds flow-inactive-timeout seconds flow-sampling-interval number template-refresh seconds
policy data-policy policy-name default-action action sequence number match destination-data-prefix-list list-name destination-ip prefix/length destination-port number dscp number protocol number source-data-prefix-list list-name source-ip prefix/length source-port address action count counter-name drop accept cflowd
apply-policy site-list list-name data-policy policy-name cflowd-template template-name
Local Internet Exit Command Hierarchy
Configure and apply a centralized data policy on the vSmart controller:
policy lists prefix-list list-name ip-prefix prefix/length site-list list-name site-id site-id vpn-list list-name vpn vpn-id cflowd-template template-name collector vpn vpn-id address ip-address port port-number flow-active-timeout seconds flow-inactive-timeout seconds template-refresh seconds
policy data-policy policy-name default-action action sequence number match destination-data-prefix-list list-name destination-ip prefix/length destination-port number dscp number protocol number source-data-prefix-list list-name source-ip prefix/length source-port address action count counter-name drop accept nat use-vpn 0
apply-policy site-list list-name data-policy policy-name
On a vEdge router, enable NAT functionality in the WAN VPN:
vpn vpn-id interface interface-name nat refresh (bi-directional | outbound) tcp-timeout minutes udp-timeout minutes
Operational Commands
clear app cflowd flow-all (on vEdge routers only)
clear app cflowd flows (on vEdge routers only)
clear app cflowd statistics (on vEdge routers only)
show app-route stats on vEdge routers only)
show app cflowd collector (on vEdge routers only)
show app cflowd flow-count (on vEdge routers only)
show app cflowd flows (on vEdge outers only)
show app cflowd statistics (on vEdge routers only)
show app cflowd template (on vEdge routers only)
show ip routes (on vEdge routers)
show policy from-vsmart (on vEdge routers only)
show running-config (on vSmart controllers only)
Additional Information
Application-Aware Routing
Traffic Flow Monitoring with Cflowd
Using a vEdge Router as a NAT Device