路由策略模板

笔记：If you have deployed an SD-WAN network by using Business Intent Overlays (BIO), Orchestrator uses BIOs to automatically create the necessary Route Policies.

If you are creating a conventional WAN optimization network, there might be occasions when you need to directly configure Route Policies. Then, the following applies.

Only use the Route Policy template to create (and apply) rules for flows that are to be:

发送通行证（形状或不形）
掉了
为特定的高可用性部署配置
路线d based on application, ports, VLAN, DSCP, or ACL (Access Control List)

You might also want to create a Route Policy entry when multiple tunnels exist to the remotepeer，您希望设备根据以下条件之一动态选择最佳路径：

Load balancing
最低损失
Lowest latency
A preferred interface
特定的隧道

为什么？

Each appliance’s default routing behavior is to auto-optimize all IP traffic, automatically directing flows to the appropriate tunnel.Auto-optimization策略减少了创建明确的路由图条目以进行优化的需求。提供的三种策略是基于TCP自动opt，基于IP自动opt，和subnet sharing. By default, all three are enabled on the系统template.

Priority

With this template, you can create rules with a priority from1000 – 9999. When the template is applied to an appliance, Orchestrator will delete all rules having a priority in that range before applying its policies.
如果您直接访问设备，则可以创建比编排规则更高的优先级规则（1 – 999）和优先级较低的规则（10000 - 19999和25000 - 65534).

笔记：The priority range from20000至24999is reserved for Orchestrator.
When adding a rule, the priority is incremented by ten from the previous rule. The priority can be changed, but this default behavior helps to ensure you can insert new rules without having to change subsequent priorities.

匹配标准

These are universal across all policy maps—路线,QoS,优化,NAT（网络地址翻译）和安全.
If you expect to use the same match criteria in different maps, you can create anACL（访问控制列表），这是一组可重复使用的规则集。为了效率，将它们创建配置> Templates & Policies > ACLs > Access Lists，并将它们跨电器应用。
可用参数是Application,Address Map(for sorting by country, IP address owner, or SaaS application),领域,地理位置,Interface,协议,DSCP,IP/Subnet,Port，和交通行为.
要指定入站和出站流量的不同标准，请选择资料来源：DEST复选框。

源或目的地

An IP address can specify a subnet; for example, 10.10.10.0/24 (IPv4) or fe80::204:23ff:fed8:4ba2/64 (IPv6).
To allow任何IP地址，利用0.0.0.0/0 (IPv4) or ::/0 (IPv6).
端口仅适用于协议tcp,udp，和tcp / udp.
To allow任何端口，利用0.

基于通配符的前缀匹配

当使用范围或通配符时，必须以4 octet格式指定IPv4地址，并由点表示法隔开。例如，A.B.C.D.
Range is specified using a dash. For example,128-129.
Wildcard is specified as an asterisk (*).
范围和通配符都可以在同一地址中使用，但是八位位置只能包含一个或另一个。例如，10.136-137。*。64-95.
通配符只能用来定义整个八位位。例如，10.13*.*.64-95不支持。指定此范围的正确方法是10.130-139。*。64-94.
相同的规则适用于IPv6地址。
CIDR notation and (Range or Wildcard) are mutually exclusive in the same address. For example, use either192.168.0.0/24或者192.168.0.1-127.
These prefix-matching rules only apply to the following policies: Router, QoS, Optimization, NAT, Security, and ACLs.

设置动作字段

路由策略模板的设定操作决定了指导流量的位置以及隧道驶向隧道时的后备是什么。

Where the Appliance Directs Traffic

在里面目的地字段，您指定如何表征流程。选项是特定的覆盖层，auto-optimized,pass-through(形状),通过不形，或者降低ped.
Whenauto-optimized，流向适当的隧道。如果选择，则可以指定设备使用指标根据以下条件之一动态选择最佳路径：
- Load balancing
- 最低损失
- Lowest latency
When configuring the Route Policy for anindividualappliance when multiple tunnels exist to the remotepeer，您还可以根据首选界面或特定隧道选择路径。有关更多信息，请参阅设备管理器Operator’s Guide.

How Traffic Is Managed If a Tunnel Is Down

The倒退can bepass-through(形状),通过不形，或者降低ped.
When configuring the Route Policy for anindividualappliance, the继续如果特定隧道在目的地column. That option enables the appliance to read subsequent entries in the individual Route Policy in the event that the tunnel used in a previous entry goes down. For further information, see the设备管理器Operator’s Guide.