For certain traffic or depending upon the use-case, need may arise to not allow the session-creation on the sdwan box.

For instance if an application is shooting huge number of sessions in the short span of time which is resulting in memory/cpu issues or just breaching the session-limit impacting other critical traffic , we can use the bypass service option.

The qos-policy allows us an option to create rule to match such traffic and help prevent it being processed like other normal traffic.

NOTE -For traffic intended for by-pass service, it will not be subject to any IDS/IPS/steering/qos/firewall processing, etc it will simply follow routing. Also no session (brief/extensive) is recorded on the box, packets can be seen on the tcpdump only.

Below you will find the CLI config for a use-case wherein the user doesn't want the DNS session to get created:

The above configuration will by-pass session creation for any traffic going to public dns (8.8.8.8) and no sessions will be seen, though in tcpdump we can see the flow of packets.

Director GUI configuration will look as below:

<Similarly another rule can be created to by-pass return traffic from public dns (8.8.8.8)>