This article describes a user case where specific type of traffic is forwarded to one of the WAN interface and another type of traffic to another WAN interface.

 

Please refer to the reference deployment architecture here

 

Policy Based Forwarding (PBF) is used to forward internet bound traffic from a SDWAN branch on to the underlay.

PBF can be used when DIA is enabled on the branch and the default route on the LAN-VR is pointing to Transport-VR.

Prerequisite :

All Headends should be deployed.

All Internet Traffic breaks out locally,

We should have two WAN interfaces namely WAN and MPLS , both have DIA configured meaning that Internet is accessible via both interfaces.


Use case:

We will have

1. Shopping category URL traffic going over WAN network

2. Travel category URL traffic to use MPLS network

3. All configuration is done in Device Context. Similar configuration can be done using Config Templates as well.



As DIA is enabled in WAN and MPLS interface, Paired Tunnel Virtual Interfaces (Paired TVI) are formed. This is required for route redistribution between customer LAN-VR and respective Transport-VR

tvi-0/602 : Tunnel Interface for WAN-Transport-VR

tvi-0/604 :Tunnel Interface for MPLS-Transport-VR

Step 1 : Go to Administrator > Appliances > Select the Branch



Step 2 : Go to Configuration > Networking > Policy based Forwarding > Application Detection

Enable URL Category Cache



Step 2 : Create PBF policy

Go to Configuration > Networking > Policy based Forwarding

Click on + Button

And add a New PBF Policy



Then go to the Rules and Click on +Button

Configure two PBF rules:

Rule 1: Match URL1:Shopping - set the next hop to the paired TVI IP address of WAN transport VR.

Rule 2: Match URL2 :Travel- set the next hop to the paired TVI IP address of MPLS transport VR.

 

Create Rule1 for Travel URL category and Rule2 for Shopping URL category



Add the Source Zone (As PBF is enabled,the traffic should come from Lan Zone)



Select “travel” in URL category List


SNAGHTMLccfaca


In Enforce tab, define the action, “Next Hop IP address” which is tvi-0/604 ip address



Similarly create Rule 2 :


CGNAT configuration

As PBF is configured in Tenant Org, NAT pool should be configured under Parent Org

Configuration > CGNAT >Pools> Click on + Button



Select the Egress Network as MPLS  and Routing instance as MPLS-Transport-VR


SNAGHTMLd4817d


Select the Source Port

 


Rules> Click on + Button




Similarly, create it for WAN-Transport-VR



We tried to access amazon.com, which is categorized under Shopping – Traffic is forwarded to WAN transport VR



And when tried to access irctc.com, which is categorized under Travel – Traffic is forwarded to MPLS-transport VR



And we can check the HIT count for the PBF rule