Link Search Menu Expand Document

Route Policies Template

笔记:If you have deployed an SD-WAN network by using Business Intent Overlays (BIO), Orchestrator uses BIOs to automatically create the necessary Route Policies.

If you are creating a conventional WAN optimization network, there might be occasions when you need to directly configure Route Policies. Then, the following applies.

仅使用路由策略模板来创建(并应用)将要为:

  • Sent pass-through (shaped or unshaped)

  • Dropped

  • Configured for a specific high-availability deployment

  • Routed based on application, ports, VLAN, DSCP, or ACL (Access Control List)

You might also want to create a Route Policy entry when multiple tunnels exist to the remotepeer, and you want the appliance to dynamically select the best path based on one of these criteria:

  • Load balancing

  • Lowest loss

  • 最低的延迟

  • A preferred interface

  • A specific tunnel

IMG

Why?

每个设备的默认路由行为是自动化所有IP流量,自动将流动引导到适当的隧道。Auto-optimizationstrategies reduce the need to create explicit route map entries for optimization. The three strategies provided areTCP-basedauto-opt,IP-basedauto-opt, andsubnet sharing. By default, all three are enabled on theSystemtemplate.

优先

  • 使用此模板,您可以从优先级创建规则1000 - 9999. When the template is applied to an appliance, Orchestrator will delete all rules having a priority in that range before applying its policies.

  • If you access an appliance directly, you can create rules with higher priority than Orchestrator rules (1 – 999) and rules with lower priority (10000 – 19999and25000 - 65534).

    笔记:优先级范围从20000to24999保留用于编排。

  • 什么时候adding a rule, the priority is incremented by ten from the previous rule. The priority can be changed, but this default behavior helps to ensure you can insert new rules without having to change subsequent priorities.

Match Criteria

  • These are universal across all policy maps—Route,QoS,Optimization,NAT(网络地址翻译)和安全.

  • 如果您期望在不同地图中使用相同的匹配标准,则可以创建一个ACL(Access Control List), which is a named, reusable set of rules. For efficiency, create them inConfiguration > Templates & Policies > ACLs > Access Lists, and apply them across appliances.

  • The available parameters areApplication,地址图(用于按国家进行排序,IP地址所有者或SaaS申请),Domain,Geo Location,Interface,Protocol,DSCP,IP/Subnet,Port, and交通行为.

  • To specify different criteria for inbound versus outbound traffic, select theSource:Destcheck box.

Source or Destination

  • An IP address can specify a subnet; for example, 10.10.10.0/24 (IPv4) or fe80::204:23ff:fed8:4ba2/64 (IPv6).

  • To allowany IP address, use 0.0.0.0/0 (IPv4) or ::/0 (IPv6).

  • 端口are available only for the protocolsTCP,UDP, andTCP/UDP.

  • To allowany port, use0.

Wildcard-based Prefix Matching

  • 什么时候using a range or a wildcard, the IPv4 address must be specified in the 4-octet format, separated by the dot notation. For example,A.B.C.D.

  • Range is specified using a dash. For example,128-129.

  • 通配符指定为星号(*).

  • Range and Wildcard can both be used in the same address, but an octet can only contain one or the other. For example,10.136-137.*.64-95.

  • A wildcard can only be used to define an entire octet. For example,10.13*。*。64-95is not supported. The correct way to specify this range is10.130-139.*.64-94.

  • The same rules apply to IPv6 addressing.

  • CIDR notation and (Range or Wildcard) are mutually exclusive in the same address. For example, use either192.168.0.0/24or192.168.0.1-127.

  • These prefix-matching rules only apply to the following policies: Router, QoS, Optimization, NAT, Security, and ACLs.

Set Actions Fields

The Route Policy template’s SET actions determine where to direct traffic and what the fallback is when a tunnel is down.

设备指导流量的地方

  • In theDestinationfield, you specify how to characterize the flow. The options are a specific overlay,自动优化,通过[成形],通过不形, ordropped.

  • 什么时候自动优化, a flow is directed to the appropriate tunnel. If you choose, you can specify that the appliance use metrics to dynamically select the best path based on one of these criteria:

    • Load balancing

    • Lowest loss

    • 最低的延迟

  • 在配置路由策略时个人appliance when multiple tunnels exist to the remotepeer, you can also select the path based on a preferred interface or a specific tunnel. For further information, see the设备管理器Operator’s Guide.

How Traffic Is Managed If a Tunnel Is Down

  • TheFallbackcan be通过[成形],通过不形, ordropped.

  • 在配置路由策略时个人设备,continueoption is available if a specific tunnel is named in theDestination柱子。该选项使设备能够在上一个条目中使用的隧道下降时读取单个路由策略中的后续条目。有关更多信息,请参阅设备管理器Operator’s Guide.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu