Duplicate packets based on SD-WAN rules
SD-WAN duplication rules can specify SD-WAN service rules to trigger packet duplication. This allows the duplication to occur based on an SD-WAN rule instead of the source, destination, and service parameters in the duplication rule.
Packets can be forced to duplicate to all members of the same SD-WAN zone. See Duplicate packets on other zone members for details.
For example, in Spoke 1 set
forceso that when a client sends a packet to the server, it is duplicated to all members of the same zone as long as its health check is alive. If a members health check is dead, then the member is removed from the SD-WAN duplication zone.
Packets can be duplicated to other members of the SD-WAN zone only when the condition of the link is not good enough.
on-demandso that, when the SLA of the member does not match (sla_map=0) the packet is duplicated, but when the SLA does match (sla_map!=0) the packet is not duplicated.
Packets can be duplicated to all members of the same SD-WAN zone when the traffic matches one or more regular SD-WAN service rules.
The following example shows the third type of packet duplication.
In this example, SD-WAN is configured with three members: vpn1, vpn2, and vpn3. Service rule 1 controls all traffic from 10.100.20.0/24 to 172.16.100.0/24 using member 1.
To send a duplicate of the traffic that matches service rule 1 using member 2, members 1 and 2 are added to the same SD-WAN zone, and a duplicate rule is configured with service-id set to 1.
To send a duplicate of the traffic that matches service rule 1 using member 2:
config system sdwan set status enable config zone edit "virtual-wan-link" next edit "zone2" next end config members edit 1 set interface "vpn1" next edit 2 set interface "vpn2" next edit 3 set interface "vpn3" set zone "zone2" next end config service edit 1 set dst "172.16.100.0" set src "10.100.20.0" set priority-members 1 next end config duplication edit 1 set service-id 1 set packet-duplication force next end end