Why OER Prefixes don't learn(not any output from "show oer master prefix learn") when OER+PBR used

Unanswered Question
Jun 21st, 2010
User Badges:

Dear Sir


I am new for OER feature. My network topology is I have one internet GW router (2811), I have 2 x WAN (ISP A and ISP B) and 2 x LAN. LAN 1, I use for my Web Servers only so no any controls on this LAN 1, cause from LAN 1, I use Internet IP ADDRRESS from ISP B, then I need to do PBR to make sure that my Web Servers will go outside to ISP B only. For LAN 2, I also have some Web Servers that they must go to ISP A only because they use IP ADDRESS from ISP A. So, I also need to do PBR on LAN 2. Finally,  I would like to load balance internet traffic between ISP A and ISP B for Internal users only and all Internal users are behind FW, which will PAT all Internal users into 1 IP ADDRESS before send to outside interface. Here are my configuration.


######################################################

oer master
logging
!
border 1.1.1.1 key-chain OER
  interface FastEthernet0/0 external
   max-xmit-utilization absolute 4000
  interface FastEthernet0/1 external
   max-xmit-utilization absolute 4000
  interface Vlan10 internal
!
learn
  throughput
  delay
  periodic-interval 5
  monitor-period 10
  prefixes 500
mode route control
mode route metric static tag 2000
resolve range priority 5
!
oer border
logging
local Loopback0
master 1.1.1.1 key-chain OER


interface FastEthernet0/0
description ISP_A
ip address 2.2.2.162 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/1
description ISP_A
ip address 3.3.3.14 255.255.255.252
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto


interface Vlan1
description LAN_1
ip address 3.3.4.33 255.255.255.240
ip policy route-map ISPB-ForcePBR
!
interface Vlan10
descritipn LAN_2
ip address 2.2.4.182 255.255.255.252 secondary
ip address 2.2.5.65 255.255.255.240 secondary
ip address 2.2.6.209 255.255.255.240
ip nat inside
ip virtual-reassembly
ip policy route-map ISPA-ForcePBR
!


router bgp 65000
no synchronization
bgp router-id 2.2.2.162
bgp log-neighbor-changes
network 2.2.7.64 mask 255.255.255.240
network 2.2.6.208 mask 255.255.255.240
neighbor 2.2.8.28 remote-as 64600
neighbor 2.2.8.28 ebgp-multihop 4
neighbor 2.2.8.28 version 4
neighbor 2.2.8.28 soft-reconfiguration inbound
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 3.3.3.13
ip route 0.0.0.0 0.0.0.0 2.2.2.161
ip route 2.2.764 255.255.255.240 Null0 254 name BGP_Route_Originate
ip route 2.2.6.208 255.255.255.240 Null0 254 name BGP_Route_Originate
ip route 2.2.8.28 255.255.255.255 2.2.2.161 name force_bgp


ip nat inside source route-map INTERNAL-ISPA interface FastEthernet0/0 overload oer
ip nat inside source route-map INTERNAL-ISPB interface FastEthernet0/1 overload oer
!
ip access-list extended ISPA-NETWORK
permit ip 4.4.4.64 0.0.0.15 any
permit ip host 2.2.6.210 any
permit ip host 2.2.6.211 any
permit ip host 2.2.6.212 any
permit ip host 2.2.6.213 any
permit ip host 2.2.6.214 any
permit ip host 2.2.6.215 any
permit ip host 2.2.6.216 any
permit ip host 2.2.6.217 any
permit ip host 2.2.6.218 any
permit ip host 2.2.6.219 any
permit ip host 2.2.6.220 any
permit ip host 2.2.6.222 any
ip access-list extended ISPB-NETWORK
permit ip 3.3.4.32 0.0.0.15 any
ip access-list extended INTERNAL-INTERNAL
permit ip host 2.2.6.221 any
ip access-list extended VDO-Servers
permit ip any host 3.3.4.36
permit ip any host 3.3.4.37
permit ip any host 3.3.4.38
permit ip any host 3.3.4.39
permit ip any host 3.3.4.40
permit ip any host 3.3.4.41
permit ip any host 3.3.4.42
permit ip any host 3.3.4.43
permit ip any host 3.3.4.44
permit ip any host 3.3.4.45
permit ip any host 3.3.4.46
!        
route-map INTERNAL-ISPB permit 10
match ip address INTERNAL-INTERNAL
match interface FastEthernet0/1
!
route-map ISPB-ForcePBR permit 10
match ip address ISPB-NETWORK
set ip next-hop 3.3.3.13
!
route-map INTERNAL-ISPA permit 10
match ip address INTERNAL-INTERNAL
match interface FastEthernet0/0
!
route-map ISPA-ForcePBR permit 10
match ip address ISPA-NETWORK
set ip next-hop 2.2.2.161


## I have some BGP configuration to announce my ISP A prefix. ###################


My requirement is I would like to share internet traffic of Internal Users between ISP A and ISP B. Anyway, when I try to check how router learn prefix about which prefixes should be go outside to which ISPs by use command "show oer master prefix learn", there are no any output as below


###################################

Internet-GW#sh oer master prefix detail


Internet-GW#

###################################


I am not sure about does OER is operate ok or not? because sometime,  I can see router load traffic to ISP_B over "max-xmit-utilization absolute 4000" that I confgured. Please help me to find any solutions or answer. Thanks.


Best regards

Wisit

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Steve Lyons Wed, 12/08/2010 - 20:19
User Badges:
  • Cisco Employee,

Hello,

I have reviewed the router configuration and it appears you are missing the global key-chain definitions. I see they are defined on the master controller and border router configuration under oer master and oer border respectively. If you could post the output of show oer master border detail, show oer master, and show oer master policy it will provide additional information on the current status of PfR.


If you would prefer open a TAC case for configuration assistance and we can help you with this configuration.


Best Regards,


Steve Lyons - Cisco

Actions

This Discussion