This article describes a user case where specific type of traffic is forwarded to one of the WAN interface and another type of traffic to another WAN interface.

 

Please refer to the reference deployment architecture here

 

Policy Based Forwarding (PBF) is used to forward internet bound traffic from a SDWAN branch on to the underlay.

PBF can be used when DIA is enabled on the branch and the default route on the LAN-VR is pointing to Transport-VR.

 

Prerequisite :

All Headends should be deployed.

All Internet Traffic breaks out locally,

We should have two WAN interfaces namely WAN and MPLS , both have DIA configured meaning that Internet is accessible via both interfaces.

o    

 

o    Use case:

We will have

o    1. Shopping category URL traffic going over WAN network

o    2. Travel category URL traffic to use MPLS network

o    3. All configuration is done in Device Context. Similar configuration can be done using Config Templates as well.


 


 


 

As DIA is enabled in WAN and MPLS interface, Paired Tunnel Virtual Interfaces (Paired TVI) are formed. This is required for route redistribution between customer LAN-VR and respective Transport-VR

tvi-0/602 : Tunnel Interface for WAN-Transport-VR

tvi-0/604 :Tunnel Interface for MPLS-Transport-VR


 

Step 1 : Go to Administrator > Appliances > Select the Branch


 


 


 

Step 2 : Go to Configuration > Networking > Policy based Forwarding > Application Detection

Enable URL Category Cache


 


 


 


 

Step 2 : Create PBF policy

Go to Configuration > Networking > Policy based Forwarding

Click on + Button

And add a New PBF Policy


 


 

Then go to the Rules and Click on +Button


 

Configure two PBF rules:

o    Rule 1: Match URL1:Shopping - set the next hop to the paired TVI IP address of WAN transport VR.

Rule 2: Match URL2 :Travel- set the next hop to the paired TVI IP address of MPLS transport VR.

 

Create Rule1 for Travel URL category and Rule2 for Shopping URL category


 


 

Add the Source Zone (As PBF is enabled,the traffic should come from Lan Zone)


 


 


 

Select “travel” in URL category List


 

SNAGHTMLccfaca


 

In Enforce tab, define the action, “Next Hop IP address” which is tvi-0/604 ip address


 


 


 

Similarly create Rule 2 :


 


 

CGNAT configuration

As PBF is configured in Tenant Org, NAT pool should be configured under Parent Org

Configuration > CGNAT >Pools> Click on + Button


 


 


 

Select the Egress Network as MPLS  and Routing instance as MPLS-Transport-VR


 

SNAGHTMLd4817d


 

Select the Source Port


 


 


 

Rules> Click on + Button


 


 


 


 


 


 


 

Similarly, create it for WAN-Transport-VR


 


 


 


 


 

We tried to access amazon.com, which is categorized under Shopping – Traffic is forwarded to WAN transport VR


 


 

And when tried to access irctc.com, which is categorized under Travel – Traffic is forwarded to MPLS-transport VR


 


 


 

And we can check the HIT count for the PBF rule