Branch to Branch or Data Center to Branch traffic does not match Business Policy
Article ID: 388185
Updated On:
Products
Issue/Introduction
Branch to Branch traffic or Data Center to Branch traffic via Partner Gateway (PGW) may not always match the business policy as expected. This document outlines which business policy set on which Edge is applied, depending on the direction of the traffic.
Environment
VeloCloud SD-WAN
One of the following types of VCMP tunnels is enabled:
- Spoke to Hub
- Dynamic Branch to Branch
- Branch to Partner Gateway
Resolution
For Spoke to Hub or Dynamic Branch to Branch:
To match traffic between two Edges, the business policy must be set on the Edge initiating the traffic. The business policy set on the Edge receiving the traffic will not affect the traffic.
For example, let's assume that Node_A and Node_B are communicating with each other in the following diagram.
If Node_A initiates the traffic, the business policy must be set on Edge_1 as follows:
Source: Node_A
Destination: Node_B
On the other hand, if Node_B initiates the traffic, the business policy must be set on Edge_2 as follows:
Source: Node_B
Destination: Node_A
For Branch to PGW:
To match traffic between the Edge and PGW, the business policy must always be set on the Edge side.
For example, let's assume that Node_A and Node_B are communicating with each other in the following diagram.
If Node_A initiates the traffic, the business policy must be set on Edge as follows:
Source: Node_A
Destination: Node_B
Similarly, if Node_B initiates the traffic, the business policy still must be set on Edge as follows:
Source: Node_A
Destination: Node_B
Feedback
