Unanswered Question
Jun 27th, 2008

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how Performance Routing allows you to place each applications' traffic on the best available path with Cisco expert Aamer Akhter. Aamer is currently responsible for the deployment and technical marketing of Performance Routing, Wan-Optimization systems, Video systems, Routing Protocols, NBAR and NetFlow. He is CCIE certified (# 4543).

Remember to use the rating system to let Aamer know if you have received an adequate response.

Aamer might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 11, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Joseph W. Doherty Fri, 06/27/2008 - 15:38

Is discussion limited to just PfR or PfR and OER?

Is a PfR MC with OER border routers a supported configuration?

aakhter Fri, 06/27/2008 - 17:42

Hi Joseph,

OER has been renamed to PfR. So they are essentially the same thing around 12.4(11)T.

In 12.4(15)T and onwards we've added new features that are being worked under the Performance Routing banner as we work to expand the use cases of PfR beyond just exit routing.

All the configuration for PfR is currently under the OER title. This will be changing in the 12.5T timeframe.

The PfR/OER MC and BR can be co-hosted on the same router.

harinirina Mon, 06/30/2008 - 02:39

Hi Aamer,

When using "oer-map", do we need to configure "leran" first or can it be used alone?

aakhter Mon, 06/30/2008 - 06:50

Hi Harinirina,

When using oer-maps (which allow granular control over traffic class selection and policy) it really depends on what information is required.

For example, if you've explicitly defined your traffic class via an ACL then you will not need the 'learn' functionality to find traffic classes for optimization.

However, if you want PfR to have access to information such as trhoughtput for a particular traffic class (which is usefull to have as PfR will check to see if the alternate path has enouch spare bandwidth) then 'learn' will be needed.

Learn will enable NetFlow on the border routers. Specifically ingress Traditional Netflow (in 12.4(15)T5) on the internal and external interfaces.

harinirina Mon, 06/30/2008 - 20:34

Hi Aamer,

That's what i want to do, i need some traffic to pass through ISP1 and others through ISP2 when there's no overload.

it doesn't work, traffic always pass through one link.

here is the config :

ip access-list extended AOer

permit ip host any

permit icmp host any

permit icmp any host

permit ip any host


oer-map MPAOer 10

match traffic-class access-list AOer

set periodic 180

set mode select-exit best

set holddown 300

set mode route control

set mode monitor fast

set resolve utilization priority 1 variance 2

set resolve range priority 2

set resolve delay priority 3 variance 2

set probe frequency 2

set link-group ISP2 fallback ISP1

oer master

policy-rules MPAOer

i tested "oer-map" alone (without link-group), it doesn't work.

Would you like to tell what's wrong?

aakhter Tue, 07/01/2008 - 08:23

Hi Hariani,

Is there a particular reason why you're doing mode monitor fast (there isn't a probe destination configured)? Would it be possible to use 'mode monitor both'?

Also can you show the output of 'show oer master policy' as well as the full PfR configuration? (for example the learn configuration under oer master as well as traffic direction to ISP1)

harinirina Wed, 07/02/2008 - 07:06

Hi Aamer,

Ok, we'll use "mode monitor both".

It seemed route changes faster when using monitor fast. What's the drawback of "monitor fast"?

here attached the full configuration of MC/BR and the output of "sh oer master policy".

the "sh oer master border detail" is also in the "sh oer output" file.

i haven't used learn cause i wanted to see "oer-map" working first.

aakhter Mon, 07/07/2008 - 18:53

Hi harinirina,

sorry about the late reply

I was able to go thru the config. Couple of comments:

1) mode monitor fast needs a forced probe assignment. This is one of the limitations, but if we think about the fact that mode monitor fast is supposed to track an explicit traffic class and the end destination is known beforehand we need a reliable target.

-- I am looking into wheter fast-mode is able to dynamically learn from the traffic class (as in mode active or mode both), but I don't believe this to be the case.

2) Your ACL that defines the traffic class can not use 'any' as the destination. You will need to use an explicit destination.

If you are in need of open-endedness of this type you will want to use learn-lists to dynamically create traffic classes (possiblly on /32 boundaries) .


harinirina Mon, 06/30/2008 - 02:40

Hi Aamer,

When using "oer-map", do we need to configure "learn" first or can it be used alone?

aakhter Fri, 07/11/2008 - 10:25

H Harinirina,

oer-map can be used with learn:

1841-AA0211(config-oer-map)#match oer learn ?

delay Match oer delay learned prefixes

inside Match oer inside learned prefixes

list Match oer learn list prefixes

throughput Match oer thruput learned prefixes

or the traffic classes can be explicitly defined (eg via ACL or prefix-list):

1841-AA0211(config-oer-map)#match traffic-class ?

access-list Specify Traffic class(es) using access-list

application Specify the application to learn

prefix-list Specify Traffic class(es) using prefix-list

Tahir Ali Wed, 07/02/2008 - 20:54

hi all,

PFR is a relatively new thing for me, can anybody explain the basis and how it works, and platform related stuff?

aakhter Sun, 07/06/2008 - 19:07


Performacne Routing is a reworking of a little known IOS feature called OER (Optimized Edge Routing). The renaming represents an expansion of the functionality of OER (application routing) as well as renewed commitment on the development side.

There are some very good papers on PfR at:

Performance Routing Design Guide

OER Config Guide

PfR is able to make measurements (either actively using IPSLA or passively by observation of the traffic) and will alter the paths of dynamically created traffic classes (eg an SRC subnet and DST subnet ACL can describe a traffic class). The path altering is done either by BGP, static routing or policy-based routing (PBR).

PFR is supported on c1800-c7200, cat6500 and c7600.



sakthi_1982 Tue, 07/01/2008 - 00:10

Hi Aamer

I have ADSL modem and 2800 series router. How to connect modem to router to share internet in two different local area networks. Can you give me the configuration.

aakhter Sun, 07/06/2008 - 18:57

Hi Sakthi,

please take a look at the sample configuration provided to Colin. I've provided the PfR portion of the configuration for loadsharing between two external interfaces. The ADSL configuration is out of scope (besides it could be done in number of different ways depending on your SP).




Currently we have a 837 with one ADSL connection-- I will include the config.

Could you help us migrate to an 1841- we have two DSL connections now, and I would like to enable PfR so the 1841 will distribute traffic generically between the two.

Each connection is static with one IP so we will need the NAT pools to act accordingly- I am looking for a generic config on how to use one router to distribute the traffic equally.

Thank you-

Colin Weaver-Johnson

aakhter Sun, 07/06/2008 - 18:55

Hi Colin,

As you're doing PAT using the interface IP addresses and do not have a generic pool to advertise out both links we'll need to use the PfR-NAT feature described on this page:

A simple config would look like the following (the pfr master controller and border routers are the same routers). Note the creation of the 'virtual-template' interface as well as its referencing in the NAT statement. The NAT inside and outside statements on the interfaces remain the same.

As far as the PfR configuration. The following configuration will try bring the interfaces within 5 percent of each others utilization. The method of control will be by the insertion of /32 host routes into the routing table.

oer master

max-range-utilization percent 5



border key-chain oer-key

interface GigabitEthernet0/1 external

interface GigabitEthernet0/2 external

interface FastEthernet4/0 internal





periodic-interval 0

monitor-period 1

aggregation-type prefix-length 32

no max range receive

mode route control

mode select-exit best

resolve range priority 1

resolve utilization priority 2 variance 10



oer border


local Loopback0

master key-chain oer-key


interface GigabitEthernet0/1

description To LY-VXR-7:G0/3

bandwidth 1500

ip address

ip nat outside

ip virtual-reassembly


interface GigabitEthernet0/2

description To LY-VXR-6:G0/3

bandwidth 1500

ip address

ip nat outside

ip virtual-reassembly


interface Virtual-Template1


ip access-list standard match104Net



ip nat inside source list match104Net interface Virtual-Template1 overload oer




aakhter Mon, 07/07/2008 - 18:03

Hi, is just a local address that the border process and master process use to talk to each other. In this case it was actually a loopback.

The default routes will be on the border routers pointing out to the ISP's router. if you're getting an address via DHCP, the router can be configured to install the route automatically.

The virtual-template is just a mechanism to create indirection such that PfR can pickup the packet and make the decision about where to actually route the packet. As NAT queues packets to the virtual-template, PfR will grab the packets and direct them to best physical interface at that time.


harinirina Sun, 07/06/2008 - 23:03


Could you open the file of my pfr configuration without problem?

i can re-send it if either there was a problem.

What should i add or change so that oer-map works?

ferdinand05 Mon, 07/07/2008 - 04:15

Hi Aamer,

I am currently beggining with the use of OER. The network I'm working on is connected to 2 ISPs. You can find the configuration I'm using at the bottom of this message (the "Add Attachments" system of Cisco's website does not sem to work).

I have a problem with the intruction "delay" in learning prefix.

When I try to learn "throughput", there is no problem, but when I'm using "delay", no prefix is learnt.

Could you please help me with my configuration so as to be able to learn prefixes using highest delay times.

Thanks in advance,


oer master


border 213.XXX.XXX.5 key-chain OER

interface vlan 300 external


interface GigabitEthernet 4/4 internal

interface GigabitEthernet 3/3 internal

interface GigabitEthernet 3/1 internal


border 213.XXX.XXX.6 key-chain OER

interface vlan 300 external


interface GigabitEthernet 7/4 internal

interface GigabitEthernet 7/1 internal

interface GigabitEthernet 1/2 internal


throughput // delay here does not work

aggregation-type bgp

monitor-period 5

periodic-interval 10

prefixes 100

mode monitor active

delay relative 50

loss relative 10

unreachable relative 50

mode select-exit good

holddown 300

mode route observe


aakhter Mon, 07/07/2008 - 17:55

Hi Ferdinand,

When you do:



do you not see any prefixes at all or not any additional prefixes relating to delay?

Can you try with mode monitor both (rather than mod monitor active)

harinirina Mon, 07/07/2008 - 22:31

Hi Aamer,

Thanks for your reply.

our traffic will go to the internet,that's why we use any as destination.

Would you like to give more information or a sample of config concerning learn-lists ?

aakhter Fri, 07/11/2008 - 10:32

Hi Harinirina,

Learn-lists allow the operator to describe the kind of traffic they are interested in when they do not know before hand what that traffic will be.

For example, you know that you'd like to treat DSCP==EF traffic differently, but don't know before hand the destination(s) for this set of traffic.

The following URL has information on the configuration goals of learn-lists:

And the command reference is here:


ferdinand05 Tue, 07/08/2008 - 00:36

Hi Aamer,

I do not know if I do well, but everytime I use "delay" after having used "throughput" (which means my MC as learned prefixes), I use "no oer master" in order to clear the prefixes learnt, and then enter again my config into the MC.

So I tried mode monitor both and the delay command and no prefixe at all is learnt.

I also tried to use delay after throughput, but after expiration time ("expire after time "), no prefix at all is learnt.

aakhter Fri, 07/11/2008 - 10:23

Hi Ferdinand,

You should not have to do 'no oer master', although there is nothing wrong with that.

To clear traffic classes you can use the less invasive command "clear oer master traffic-class"

It appears that you're running into a defect if you have actual TCP traffic running between your internal and external interfaces (as reported by 'show ip cache flow') and no flows are being reported.

Please open a case with TAC so that this can be properly tracked.

aakhter Fri, 07/11/2008 - 10:15

Hi Fatiha,

This forum is about PfR performance routing and analysis of radius log files is out of scope.

I believe tools such as csmars may allow for analysis of radius log files.


aakhter Fri, 07/11/2008 - 10:14

Hi Berehou,

this forum is about PfR (Performance Routing) and analysis of log files is out of scope.

Various cisco products exist that you may want to investigate:

* csmars

* cisco works

as well as free open source tools:

* syslog-ng

and commercial tools:

* sawmill

* splunk


wowferhat Fri, 07/11/2008 - 10:34

Hi Aamer,

I have a cisco router 2821 ready to be connected to a Siemens OTLE8 NT 4x2 Mbit/s Optical network termination Series in both end of point of a lease line, could you please which the right card should I use it

could you please explain the difference


VWIC2-2MFT-G703= Port 2nd Gen Multiflex Trunk Voice/WAN Int. Card - G.7032


HWIC-1CE1T1-PRI= port channelized T1/E1 and PRI HWIC

Many thanks


This Discussion