ASK THE EXPERT - PERFORMANCE ROUTING

Unanswered Question
Jun 27th, 2008
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how Performance Routing allows you to place each applications' traffic on the best available path with Cisco expert Aamer Akhter. Aamer is currently responsible for the deployment and technical marketing of Performance Routing, Wan-Optimization systems, Video systems, Routing Protocols, NBAR and NetFlow. He is CCIE certified (# 4543).


Remember to use the rating system to let Aamer know if you have received an adequate response.


Aamer might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 11, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Joseph W. Doherty Fri, 06/27/2008 - 15:38
User Badges:
  • Super Bronze, 10000 points or more

Is discussion limited to just PfR or PfR and OER?


Is a PfR MC with OER border routers a supported configuration?

aakhter Fri, 06/27/2008 - 17:42
User Badges:
  • Cisco Employee,

Hi Joseph,


OER has been renamed to PfR. So they are essentially the same thing around 12.4(11)T.


In 12.4(15)T and onwards we've added new features that are being worked under the Performance Routing banner as we work to expand the use cases of PfR beyond just exit routing.


All the configuration for PfR is currently under the OER title. This will be changing in the 12.5T timeframe.


The PfR/OER MC and BR can be co-hosted on the same router.

harinirina Mon, 06/30/2008 - 02:39
User Badges:

Hi Aamer,


When using "oer-map", do we need to configure "leran" first or can it be used alone?

aakhter Mon, 06/30/2008 - 06:50
User Badges:
  • Cisco Employee,

Hi Harinirina,


When using oer-maps (which allow granular control over traffic class selection and policy) it really depends on what information is required.


For example, if you've explicitly defined your traffic class via an ACL then you will not need the 'learn' functionality to find traffic classes for optimization.


However, if you want PfR to have access to information such as trhoughtput for a particular traffic class (which is usefull to have as PfR will check to see if the alternate path has enouch spare bandwidth) then 'learn' will be needed.


Learn will enable NetFlow on the border routers. Specifically ingress Traditional Netflow (in 12.4(15)T5) on the internal and external interfaces.

harinirina Mon, 06/30/2008 - 20:34
User Badges:

Hi Aamer,


That's what i want to do, i need some traffic to pass through ISP1 and others through ISP2 when there's no overload.



it doesn't work, traffic always pass through one link.



here is the config :


ip access-list extended AOer

permit ip host 10.17.104.2 any

permit icmp host 10.17.104.2 any

permit icmp any host 10.17.104.2

permit ip any host 10.17.104.2

!

oer-map MPAOer 10

match traffic-class access-list AOer

set periodic 180

set mode select-exit best

set holddown 300

set mode route control

set mode monitor fast

set resolve utilization priority 1 variance 2

set resolve range priority 2

set resolve delay priority 3 variance 2

set probe frequency 2

set link-group ISP2 fallback ISP1



oer master

policy-rules MPAOer




i tested "oer-map" alone (without link-group), it doesn't work.


Would you like to tell what's wrong?



aakhter Tue, 07/01/2008 - 08:23
User Badges:
  • Cisco Employee,

Hi Hariani,


Is there a particular reason why you're doing mode monitor fast (there isn't a probe destination configured)? Would it be possible to use 'mode monitor both'?


Also can you show the output of 'show oer master policy' as well as the full PfR configuration? (for example the learn configuration under oer master as well as traffic direction to ISP1)

harinirina Wed, 07/02/2008 - 07:06
User Badges:

Hi Aamer,


Ok, we'll use "mode monitor both".


It seemed route changes faster when using monitor fast. What's the drawback of "monitor fast"?


here attached the full configuration of MC/BR and the output of "sh oer master policy".


the "sh oer master border detail" is also in the "sh oer output" file.


i haven't used learn cause i wanted to see "oer-map" working first.





Attachment: 
aakhter Mon, 07/07/2008 - 18:53
User Badges:
  • Cisco Employee,

Hi harinirina,


sorry about the late reply


I was able to go thru the config. Couple of comments:


1) mode monitor fast needs a forced probe assignment. This is one of the limitations, but if we think about the fact that mode monitor fast is supposed to track an explicit traffic class and the end destination is known beforehand we need a reliable target.


-- I am looking into wheter fast-mode is able to dynamically learn from the traffic class (as in mode active or mode both), but I don't believe this to be the case.


2) Your ACL that defines the traffic class can not use 'any' as the destination. You will need to use an explicit destination.


If you are in need of open-endedness of this type you will want to use learn-lists to dynamically create traffic classes (possiblly on /32 boundaries) .



hth


harinirina Mon, 06/30/2008 - 02:40
User Badges:

Hi Aamer,


When using "oer-map", do we need to configure "learn" first or can it be used alone?

aakhter Fri, 07/11/2008 - 10:25
User Badges:
  • Cisco Employee,

H Harinirina,


oer-map can be used with learn:


1841-AA0211(config-oer-map)#match oer learn ?

delay Match oer delay learned prefixes

inside Match oer inside learned prefixes

list Match oer learn list prefixes

throughput Match oer thruput learned prefixes


or the traffic classes can be explicitly defined (eg via ACL or prefix-list):


1841-AA0211(config-oer-map)#match traffic-class ?

access-list Specify Traffic class(es) using access-list

application Specify the application to learn

prefix-list Specify Traffic class(es) using prefix-list

Tahir Ali Wed, 07/02/2008 - 20:54
User Badges:

hi all,


PFR is a relatively new thing for me, can anybody explain the basis and how it works, and platform related stuff?

aakhter Sun, 07/06/2008 - 19:07
User Badges:
  • Cisco Employee,

Tahirali,


Performacne Routing is a reworking of a little known IOS feature called OER (Optimized Edge Routing). The renaming represents an expansion of the functionality of OER (application routing) as well as renewed commitment on the development side.


There are some very good papers on PfR at:


Performance Routing Design Guide

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns483/c649/ccmigration_09186a008094e673.pdf


OER Config Guide

http://cisco.com/en/US/docs/ios/oer/configuration/guide/12_4t/oer_12_4t_book.html


PfR is able to make measurements (either actively using IPSLA or passively by observation of the traffic) and will alter the paths of dynamically created traffic classes (eg an SRC subnet and DST subnet ACL can describe a traffic class). The path altering is done either by BGP, static routing or policy-based routing (PBR).


PFR is supported on c1800-c7200, cat6500 and c7600.


hth.


aamer

sakthi_1982 Tue, 07/01/2008 - 00:10
User Badges:

Hi Aamer

I have ADSL modem and 2800 series router. How to connect modem to router to share internet in two different local area networks. Can you give me the configuration.

aakhter Sun, 07/06/2008 - 18:57
User Badges:
  • Cisco Employee,

Hi Sakthi,


please take a look at the sample configuration provided to Colin. I've provided the PfR portion of the configuration for loadsharing between two external interfaces. The ADSL configuration is out of scope (besides it could be done in number of different ways depending on your SP).


Regards,

aamer

Aamer--


Currently we have a 837 with one ADSL connection-- I will include the config.


Could you help us migrate to an 1841- we have two DSL connections now, and I would like to enable PfR so the 1841 will distribute traffic generically between the two.


Each connection is static with one IP so we will need the NAT pools to act accordingly- I am looking for a generic config on how to use one router to distribute the traffic equally.


Thank you-

Colin Weaver-Johnson



Attachment: 
aakhter Sun, 07/06/2008 - 18:55
User Badges:
  • Cisco Employee,

Hi Colin,


As you're doing PAT using the interface IP addresses and do not have a generic pool to advertise out both links we'll need to use the PfR-NAT feature described on this page:


http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/white_paper_C11-458124.html


A simple config would look like the following (the pfr master controller and border routers are the same routers). Note the creation of the 'virtual-template' interface as well as its referencing in the NAT statement. The NAT inside and outside statements on the interfaces remain the same.


As far as the PfR configuration. The following configuration will try bring the interfaces within 5 percent of each others utilization. The method of control will be by the insertion of /32 host routes into the routing table.


oer master

max-range-utilization percent 5

logging

!

border 10.1.1.3 key-chain oer-key

interface GigabitEthernet0/1 external

interface GigabitEthernet0/2 external

interface FastEthernet4/0 internal

!

learn

throughput

delay

periodic-interval 0

monitor-period 1

aggregation-type prefix-length 32

no max range receive

mode route control

mode select-exit best

resolve range priority 1

resolve utilization priority 2 variance 10

!

!

oer border

logging

local Loopback0

master 10.1.1.3 key-chain oer-key

!


interface GigabitEthernet0/1

description To LY-VXR-7:G0/3

bandwidth 1500

ip address 10.17.37.1 255.255.255.0

ip nat outside

ip virtual-reassembly

!

interface GigabitEthernet0/2

description To LY-VXR-6:G0/3

bandwidth 1500

ip address 20.2.3.2 255.255.255.0

ip nat outside

ip virtual-reassembly

!

interface Virtual-Template1

!

ip access-list standard match104Net

permit 10.17.104.0 0.0.0.255

!

ip nat inside source list match104Net interface Virtual-Template1 overload oer

!



hth

aamer

aakhter Mon, 07/07/2008 - 18:03
User Badges:
  • Cisco Employee,

Hi,


10.1.1.3 is just a local address that the border process and master process use to talk to each other. In this case it was actually a loopback.


The default routes will be on the border routers pointing out to the ISP's router. if you're getting an address via DHCP, the router can be configured to install the route automatically.


The virtual-template is just a mechanism to create indirection such that PfR can pickup the packet and make the decision about where to actually route the packet. As NAT queues packets to the virtual-template, PfR will grab the packets and direct them to best physical interface at that time.



hth

harinirina Sun, 07/06/2008 - 23:03
User Badges:

Aamer,



Could you open the file of my pfr configuration without problem?


i can re-send it if either there was a problem.


What should i add or change so that oer-map works?

ferdinand05 Mon, 07/07/2008 - 04:15
User Badges:

Hi Aamer,


I am currently beggining with the use of OER. The network I'm working on is connected to 2 ISPs. You can find the configuration I'm using at the bottom of this message (the "Add Attachments" system of Cisco's website does not sem to work).

I have a problem with the intruction "delay" in learning prefix.

When I try to learn "throughput", there is no problem, but when I'm using "delay", no prefix is learnt.

Could you please help me with my configuration so as to be able to learn prefixes using highest delay times.


Thanks in advance,

Ferdinand






oer master

logging

border 213.XXX.XXX.5 key-chain OER

interface vlan 300 external

exit

interface GigabitEthernet 4/4 internal

interface GigabitEthernet 3/3 internal

interface GigabitEthernet 3/1 internal

exit

border 213.XXX.XXX.6 key-chain OER

interface vlan 300 external

exit

interface GigabitEthernet 7/4 internal

interface GigabitEthernet 7/1 internal

interface GigabitEthernet 1/2 internal


learn

throughput // delay here does not work

aggregation-type bgp

monitor-period 5

periodic-interval 10

prefixes 100


mode monitor active


delay relative 50

loss relative 10

unreachable relative 50

mode select-exit good

holddown 300


mode route observe

end

aakhter Mon, 07/07/2008 - 17:55
User Badges:
  • Cisco Employee,

Hi Ferdinand,


When you do:


learn

delay


do you not see any prefixes at all or not any additional prefixes relating to delay?


Can you try with mode monitor both (rather than mod monitor active)

harinirina Mon, 07/07/2008 - 22:31
User Badges:

Hi Aamer,


Thanks for your reply.


our traffic will go to the internet,that's why we use any as destination.


Would you like to give more information or a sample of config concerning learn-lists ?


aakhter Fri, 07/11/2008 - 10:32
User Badges:
  • Cisco Employee,

Hi Harinirina,


Learn-lists allow the operator to describe the kind of traffic they are interested in when they do not know before hand what that traffic will be.


For example, you know that you'd like to treat DSCP==EF traffic differently, but don't know before hand the destination(s) for this set of traffic.


The following URL has information on the configuration goals of learn-lists:

http://www.cisco.com/en/US/partner/docs/ios/oer/configuration/guide/oer-prof_trfcls_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054333


And the command reference is here:

http://www.cisco.com/en/US/docs/ios/oer/command/reference/oer_02.html#wp1012198


Regards,

ferdinand05 Tue, 07/08/2008 - 00:36
User Badges:

Hi Aamer,


I do not know if I do well, but everytime I use "delay" after having used "throughput" (which means my MC as learned prefixes), I use "no oer master" in order to clear the prefixes learnt, and then enter again my config into the MC.


So I tried mode monitor both and the delay command and no prefixe at all is learnt.


I also tried to use delay after throughput, but after expiration time ("expire after time "), no prefix at all is learnt.

aakhter Fri, 07/11/2008 - 10:23
User Badges:
  • Cisco Employee,

Hi Ferdinand,


You should not have to do 'no oer master', although there is nothing wrong with that.


To clear traffic classes you can use the less invasive command "clear oer master traffic-class"


It appears that you're running into a defect if you have actual TCP traffic running between your internal and external interfaces (as reported by 'show ip cache flow') and no flows are being reported.


Please open a case with TAC so that this can be properly tracked.


aakhter Fri, 07/11/2008 - 10:15
User Badges:
  • Cisco Employee,

Hi Fatiha,


This forum is about PfR performance routing and analysis of radius log files is out of scope.


I believe tools such as csmars may allow for analysis of radius log files.


Regards

aakhter Fri, 07/11/2008 - 10:14
User Badges:
  • Cisco Employee,

Hi Berehou,


this forum is about PfR (Performance Routing) and analysis of log files is out of scope.


Various cisco products exist that you may want to investigate:

* csmars

* cisco works


as well as free open source tools:

* syslog-ng


and commercial tools:

* sawmill

* splunk


hth.



wowferhat Fri, 07/11/2008 - 10:34
User Badges:

Hi Aamer,


I have a cisco router 2821 ready to be connected to a Siemens OTLE8 NT 4x2 Mbit/s Optical network termination Series in both end of point of a lease line, could you please which the right card should I use it

could you please explain the difference

1

VWIC2-2MFT-G703= Port 2nd Gen Multiflex Trunk Voice/WAN Int. Card - G.7032

2

HWIC-1CE1T1-PRI= port channelized T1/E1 and PRI HWIC

Many thanks


Actions

This Discussion