Duplicate packets based on SD-WAN rules
SD-WAN duplication rules can specify SD-WAN service rules to trigger packet duplication. This allows the duplication to occur based on an SD-WAN rule instead of the source, destination, and service parameters in the duplication rule.
-
Packets can be forced to duplicate to all members of the same SD-WAN zone. See Duplicate packets on other zone members for details.
For example, in Spoke 1 set
packet-duplicationtoforceso that when a client sends a packet to the server, it is duplicated to all members of the same zone as long as its health check is alive. If a members health check is dead, then the member is removed from the SD-WAN duplication zone. -
Packets can be duplicated to other members of the SD-WAN zone only when the condition of the link is not good enough.
Set
packet-duplicationtoon-demandso that, when the SLA of the member does not match (sla_map=0) the packet is duplicated, but when the SLA does match (sla_map!=0) the packet is not duplicated. -
Packets can be duplicated to all members of the same SD-WAN zone when the traffic matches one or more regular SD-WAN service rules.
The following example shows the third type of packet duplication.
In this example, SD-WAN is configured with three members: vpn1, vpn2, and vpn3. Service rule 1 controls all traffic from 10.100.20.0/24 to 172.16.100.0/24 using member 1.