Configuring the Network Policy
The network policy is a combination of configuration settings that manage the behavior of the whole SD-WAN network. It includes network security, appliance templates, overlay management and application group policy.
This topic guides you through the basic steps to enable ExtremeCloud SD-WAN appliances to provide clients with network access.
Note: ExtremeCloud SD-WAN requires only one network policy for all network appliances.
There are multiple tabs as part of the network policy configuration process:
| • | Templates |
| • | Overlays |
| • | Security |
| • | Application Group Policy |
Create the Network Policy
| 1 | Start with the Policy Configuration step in the SD-WAN Onboard Wizard (subsequently, select Settings -> Policy Configuration from the left main menu). |
| 2 | Type the Policy name and description. |
Edit Settings
| 3 | Select Edit to edit general settings. |
| 4 | WAN Optimization is enabled by default. You may disable this parameter. |
| 5 | Type the Network Time Protocol (NTP) server IP address or fully qualified domain name (FQDN), or select the Auto option to use the default IP address. You can specify up to three NTP server IP address or URL, in IPv4 format. Note: Firmware version earlier than 24.5.0 rejects configuration with FQDN. |
| 6 | Under Default DNS Settings, Auto via DHCP as backup is enabled by default. Add up to 3 DNS servers by entering a server value under Servers, and selecting +. Click  next to a server to delete it. If all are used, the order of preference is the server entries first with the DNS server from DHCP as the backup. |
| 7 | To enable log export of NATted DTI connections by SD-WAN appliances, you must define one or more Syslog Servers in your network. |
After you have clicked Add Syslog Server, enter the server Name, type its IP Address (preferably in your private network), Protocol (TCP or UDP) and Port. When NAT entries are created, logs are sent to the Syslog Server in syslog format.
Click Add Server.
Warning: Log export is not available on VRRP backups (with unmounted tunnels).
| 8 | Fabric Support |
| • | Enable Fabric Support. With this feature, Extreme switches automatically establish Fabric Extend tunnels over the SD-WAN infrastructure. Zero touch deployment simplifies network setup. See the Configuring Fabric over SD-WAN for more information about fabric support settings in ExtremeCloud SD-WAN. For information on configuring switches for fabric deployment see the following Extreme Networks documentation:
|
| 9 | Overlay Routing |
| • | Overlay IP Network: subnet where ExtremeCloud SD-WAN selects the addresses of the appliance internal interfaces. |
| • | AS Number Range: the SD-WAN application uses this range of values to configure Site autonomous systems automatically. |
| • | AS Number Exclusion: values or range of values you want to exclude from the AS Number Range; reserved values. Authorized separators are ",|;" |
Simple values: N where 1<= N <= 65535
Value ranges: N-M where N<M and 1 <= N, M <= 65535
Multi-format example: 65002,65012-65024|65042;65122
| 10 | Routing Loop Prevention |
To prevent OSPF routing loops from a Hybrid Data Center to a Hybrid Site, define a BGP Community and an OSPF Tag.
| • | BGP Community: four bytes value split in half by '.' |
The first half of the value corresponds to 0001 - FFFE (FFFE is the default). 0000 and FFFF are forbidden.
The second half of the value corresponds to 0000 - FFFF (FF01 is the default).
| • | OSPF Tag: the authorized value range is [1 - 65535]. The default value is 6976. |
| 11 | Select Apply at the bottom of the window. |
The Policy Configuration window is refreshed with new data in the Application Group Policy panel.
Advanced Settings
Warning: Advanced Settings for the network policy are intended for advanced users and Extreme Networks support. Use caution before modifying an advanced setting.
To display advanced network policy settings, from the Policy Configuration, select Advanced Settings.
To add your own settings, select Add Setting and type the following data:
| • | Label: The name of the advanced setting |
| • | Value: The value of the advanced setting |
The following table lists some settings used by appliances that can be tuned for specific behaviors and their default values.
|
Advanced settings |
|
| LossThreshold | 5 |
| IpmTtpPort | 19999 |
| IpmClusteringPort | 19997 |
| InterfaceMTU | 1500 |
| SynchroThreshold | 10 |
| ITP port | 123 |
| CrcWithPorts | 0 |
| CrcWithIPid | 1 |
| CrcWithTcpSeq | 0 |
| CrcWithTcpWindow | 1 |
| PlugInBeforePorts | 0 |
| TopHostApplication | 10 |
| #rt_comp_level | compression type allowed for "Real Time" flows |
| rt_comp_level | 0 |
| #tr_comp_level | compression type allowed for "Transactionnal" flows |
| tr_comp_level | 2 |
| #bg_comp_level | compression type allowed for "background" flows |
| bg_comp_level | 2 |
| obps_sticky_choice | yes |
| obps_slave_return | yes |
| ip_fast_ports | 19999|20000|20001|20002|20003|20004|20005|20006 |
| ModeDPILess | no |
| saas_disc_top_apps_max | 200 |