Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?
Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?
The vSmart controller is responsible for enforcing policies in an SD-WAN environment. It centralizes the control plane and distributes policies that dictate how traffic should be handled, including the redirection of branch-to-branch traffic towards network services like firewalls or IPS. The vSmart controller uses centralized control policies to insert network services into the traffic path, achieving service chaining in an automated manner.
B is correct, Service-chaining is a Control-policy, and control policies are enforced on the V-Smart Centralized Control (Topology) policy is the most powerful form of policies which can be used to implement arbitrary overlay VPN topologies such as hub-and-spoke and partially-mesh, traffic engineering like preferring one site over another for a specific destination, service chaining by inserting a network service such as a firewall into the path of specific data traffic in an automated manner, and much more. Centralize control policies are defined on the vManage, configured and enforced on the vSmart Controllers affecting the control plane of the Cisco SD-WAN overlay fabric, whereas centralized data policies are defined on the vManage, configured on the vSmart Controllers, distributed by OMP to and enforced on the WAN Edge routers affecting the data plane of the overlay network.
I think B. vSmart is correct. Service chaining is supported in both Control and Data Policies. Control policies can redirect traffic to a service by changing the next hop to the location of the service (e.g., a firewall or IDS/IPS). Data: The match criteria for data policies can include source and destination IP addresses, source and destination ports, DSCP values, and application information. Data policies can enforce actions such as NAT, QoS, mirroring, and service chaining by redirecting traffic to a service node.
Correct
The component that is responsible for enforcing a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS in Cisco SD-WAN is the WAN Edge.
The WAN Edge is the component that is responsible for terminating the tunnels, providing secure connectivity between branch locations and the data center, and enforcing business policies. It is a multi-function device that includes routing, security, and application optimization capabilities. When it comes to redirecting branch-to-branch traffic toward a network service such as a firewall or IPS, the WAN Edge is responsible for enforcing the policy. It does this by using the service chaining feature, which allows traffic to be redirected to a service device before being forwarded to its final destination. The WAN Edge intercepts the traffic, sends it to the specified network service, and then forwards it to its destination.