A centralized policy is a container for multiple other sub policies (ie control policy,

application aware policy, data policy etc). This is sometimes also called a global policy.
Many centralized policies can be created that reference many different sub policies
however only one centralized policy can be active at a time. It is important to create a
centralized policy list so that site-ids, VPNs, Applications, etc can be referenced later on
in process.

Centralized Policy
Policies -> Centralized Policy Tab -> Add Policy
UI or CLI

Control Plane Data Plane

Control Policy VPN Membership Application Aware Routing Policy  Data Policy (Traffic Data) Cflowd
Policies -> Custom Options -> Topology Policies -> Custom Options -> Topology Policies -> Custom Options -> Traffic Policy  Policies -> Custom Options -> Traffic Policy Policies -> Custom Options -> Traffic Policy
Topology Tab VPN Membership Tab Application Aware Policy Tab Traffic Data Tab Cflowd Tab

Control policies are used to manipulate
the logical topology of the fabric as well
as filter or manipulate routing from the
perspective of the vSmart. You can use
the vManage workflow to build simple
topologies or a custom policy to
manipulate TLOCs and routing for more
advanced design requirements.  control what VPNs a WAN Edge is
When creating an custom control policy
you can either select a TLOC or a
Route sequence type or even a
combination of the two in the same
policy. TLOC sequence types allow you
to modify or filter TLOCs in order to
customize the topology or influence
traffic flow. Route sequence types allow
you to be very granular with best path
selection, filtering, preferencing,
tagging, leaking etc.  a route to the destination must be
Control Policies can be per VPN and
are applied either inbound or outbound
from the remote site from the
perspective of the vSmart.
VPN Membership policies are used to
permitted to be a part of. This allows an
administrator to have strict control over
VPN membership on a site to site
basis.  contain information about the flow and
VPN membership policies use VPN lists
to match on specific VPNs and have
either permit or reject actions.  applied per VPN and per site-list.   specify a flow collector list and collector
VPN Membership policies are applied to
a group of sites using a site-list
Application Aware Routing policies are
used to specify which transport colors a
particular app should be placed on
while also following a specific SLA.
Applications can be matched either via Data Policies are very powerful data Cflowd monitors traffic flowing through
DPI or 6-tuple. An SLA must be applied plane forwarding policies that allow an vEdge routers in the overlay network
to each sequence list but it is optional to operator to do a multitude of things and exports flow information to a
specify a primary and backup transport such as DSCP marking, QoS collector, where it can be processed by
color. It is also possible to load balance classification, traffic engineering, an IPFIX analyzer. For a traffic flow,
across multiple preferred or backup service insertion, NAT, Flow export, cflowd periodically sends template
colors.  PBR, AppQoE etc. reports to flow collector. These reports
A maximum of 4 different SLAs can be Data Plane policies trump all other data extracted from the IP headers of
used per centralized policy.  policies as it is the last policy logic the packets in the flow.
Application Aware Routing policies are evaluated in the forwarding plane. 
A Cflowd policy allows an operator to
Data Plane policies are applied per
It is important to note that for a transport options such as VPN, port, protocol,
VPN, per site-list and per direction (from
color to be considered eligible for AAR timeouts, sampling intervals etc. 
service or from tunnel).
A Cflowd policy is applied per site-list
learned on that color. In addition, the
same route must be learned on the
alternate transport color if it is a part of
the policy. 

A localized policy is a container for multiple other sub policies (ie. forwarding class/QoS,
Access Control Lists, Route Policies etc). Many localized policies can be created that
reference many different sub policies however only one localized policy can be applied to
a WAN edge template at a time. It is important to create a localized policy list so data
prefixes, class maps, policers, etc can be referenced later on in process.

Localized Policy
Policies -> Localized Policy Tab -> Add Policy
UI or CLI

Forwarding Class/QoS ACL/Routing

QoS Map Policy Rewrite

Access Control List Policy 
Policies -> Custom Options -> Policies -> Custom Options -> Route Policy
Policies -> Custom Options -> Access
Forwarding/QoS Forwarding/QoS  Policies -> Custom Options -> Route Policy
Control Lists
QoS Map Tab Policy Rewrite Tab

Configure a rewrite rule to overwrite the Access control list policies are used to
QoS Map Policies allow the operator to DSCP field of a packet's outer IP simply block certain traffic types based
build out the queueing structure for the on six tuple matching. In addition, an Route policies are used to manipulate
header, mark transit traffic with an
map applied to each interface for access control list policy can be used to local routing protocol route
802.1p CoS value, and apply a rewrite
egress QoS queuing. Queues 0 - 7 can match and set DSCP, forwarding class, advertisement/learning behavior.  For
rule on an interface. A rewrite rule is
be configured. Queue 0 is always a set a policer, set a next hop (PBR) and BGP, you apply the policy to an address
applied to packets being transmitted out
strict priority (LLQ) queue. Bandwidth log traffic.  family running on a specific BGP
the interface.
allocation, buffer allocation, and drop neighbor. For OSPF, you can apply the
type can be configured per queue.  Many access control list policies can be policy either to specific types of routes
Many rewrite rules can be configured
configured however only one can be being redistributed into OSPF or to all
however only one can be applied to a
Many QoS Maps can be configured applied to a single interface per inbound traffic.
single interface.
however only one map can be applied direction (ingress vs egress). There is a multitude of options that can
to a single interface.  Rewrite rules are referenced in the be set in a route policy such as BGP
interface template under the QoS/ACL Access control list policies are local pref, BGP med, OSPF tag,
QoS Maps are referenced in the section. referenced in the interface template community, OMP tag, origin, weight, as-
interface template  under the QoS/ACL section. path etc.
under the QoS/ACL section.