Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

apply-policy

apply-policy—Have a policy take effect by applying it to sites within the overlay network (on vSmart controllers only).

Command Hierarchy

For Application-Aware Routing Policy

apply-policy
  site-list list-name 
    app-route-policy policy-name

For Centralized Control Policy

apply-policy
  site-list list-name 
    control-policy policy-name (in | out)

For Centralized Data Policy

apply-policy
  site-list list-name
    data-policy policy-name (all | from-service | from-tunnel)
    cflowd-template template-name  
apply-policy
  site-list list-name vpn-membership policy-name

Options

Cflowd Template
cflowd-template template-name
For a centralized data policy that applies to cflowd flow collection, associate a flow collection template with the data policy.
Policy Name
app-route-policy policy-name
control-policy policy-name (in| out)
data-policy policy-name (all | from-service | from-tunnel)
vpn-membership policy-name
Name of the policy to apply to the specified sites. policy-name must match that which you specified in the control-policy, data-policy, or vpn-membership configuration command.
For centralized control policy, specify the direction in which to apply the policy. The in option applies the policy to packets before they are placed in the vSmart controller's RIB, so the specified actions affect the OMP routes stored in the RIB. The out option applies the policy to packets after they are exported from the RIB.
For centralized data policy, specify the direction in which to apply the policy. The all option (which is the default) applies to all data traffic passing through the vEdge router: the policy evaluates all data traffic going from the local site (that is, from the service side of the router) into the tunnel interface, and it evaluates all traffic entering to the local site through the tunnel interface. To apply the data policy only to policy exiting from the local site, use the from-service option. To apply the policy only to incoming traffic, use the from-tunnel option. You can apply different data policies in each of the two traffic directions.
Site List
site-list list-name
List of sites to which to apply the policy. list-name must match a list name that you configured in the policy lists site-list portion of the configuration.
For the same type of policy, when you apply policies with apply-policy commands, the site IDs across all the site lists must be unique. That is, the site lists must not contain overlapping site IDs. An example of overlapping site IDs are those in the two site lists site-list 1 site-id 1-100 and site-list 2 site-id 70-130. Here, sites 70 through 100 are in both lists. If you were to apply these two site lists to two different control-policy policies, for example, the attempt to commit the configuration on the vSmart controller would fail. You can, however, apply one of these sites lists to a control-policy policy and the other to a data-policy policy. The restriction regarding overlapping site IDs applies to the following types of policies:
• Application-aware routing policy (app-route-policy)
• Centralized control policy (control-policy)
• Centralized data policy (data-policy)
• Centralized data policy used for cflowd flow monitoring (a data-policy that includes a cflowd action and an apply-policy that includes a cflowd-template command)

Operational Commands

show running-config apply-policy

Example

Apply a centralized control policy to the sites defined in the list west:

apply-policy
  site-list west control-policy change-tloc out

On a vSmart controller, configure site lists to use for control and data policies that contain overlapping site identifiers, and apply the policies to these site lists:

policy
  lists
    # site lists for control-policy
    site-list us-control-list
      site-id 1-200
    site-list emea-control-site-list
      site-id 201-300
    site-list apac-control-site-list
      site-id 301-400 
    # site lists for data-policy
    site-list platinum-site-list
      site-id 50-70
    site-list titanium-site-list
      site-id 70-130
    site-list rhodium-site-list
      site-id 131-301
  control-policy us-control-policy
    ...
  control-policy emea-control-policy
    ...
  control-policy apac-control-policy
    ...
  data-policy platinum-data-policy
    ...
  data-policy titanium-data-policy
    ...
  data-policy rhodium-data-policy
    ...
apply-policy
  # Apply control policies. Among the control policies, there is no overlap of site IDs.
  site-list us-control-site-list
    control-policy us-control-policy in        # policy is applied to sites 1-200
                                               # sites overlap with data-policy platinum-data-policy
  site-list emea-control-site-list
    control-policy emea-control-policy in      # policy is applied to sites 201-300
                                               # sites overlap with data-policy rhodium-data-policy
  site-list apac-control-site-list
    control-policy apac-control-site-list in   # policy is applied to sites 301-400
                                               # sites overlap with data-policy rhodium-data-policy
  
  # Apply data policies. Among the data policies, there is no overlay of site IDs.
  site-list platinum-site-list
    data-policy platinum-data-policy all       # policy is applied to sites 50-70
                                               # sites overlap with control-policy us-control-policy
  site-list titanium-site-list
    data-policy titanium-data-policy all       # policy is applied to sites 70-130
                                               # sites overlap with control-policy us-control-policy
  site-list rhodium-site-list
    data-policy rhodium-data-policy all        # policy is applied to sites 131-301
                                               # sites overlap with control-policy us-control-policy,
                                               # emea-control-policy, and apac-control-policy

Release Information

Command introduced in Viptela Software Release 14.1.​
app-route-policy option added in Release 14.2.
cflowd-template option added in Release 14.3.
all, from-service, and from-tunnel options for centralized data policy added in Release 15.2.
In Release 15.4, added restrictions so that you cannot apply the same type of policy (for example, data-policy or control-policy) to site lists that contain overlapping site IDs.
In Release 16.3, add support for overlapping sites in different site lists.

  • Was this article helpful?