An SD-WAN Service can use private Underlay Connectivity Services such as MEF Carrier Ethernet Services or MEF IP Services including IP-VPN Services implemented over MPLS, as well as Underlay Connectivity Services that traverse the public Internet. The PUBLIC-PRIVATE Policy Criterion provides control over whether or not an Application Flow can traverse a public Internet Underlay Connectivity Service. It can have the value Private-Only or Either.

[R1] If the Policy Criterion PUBLIC-PRIVATE=Private-Only is applied to an Application Flow, then the Application Flow MUST be forwarded over Underlay Connectivity Services that do not traverse the public Internet.

[R2] If the Policy Criterion PUBLIC-PRIVATE=Either is applied to an Application Flow, then this Policy Criterion MUST NOT be considered in the forwarding decision for the Application Flow.