Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how Performance Routing allows you to place each applications' traffic on the best available path with Cisco expert Aamer Akhter. Aamer is currently responsible for the deployment and technical marketing of Performance Routing, Wan-Optimization systems, Video systems, Routing Protocols, NBAR and NetFlow. He is CCIE certified (# 4543).
Remember to use the rating system to let Aamer know if you have received an adequate response.
Aamer might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 11, 2008. Visit this forum often to view responses to your questions and the questions of other community members.
OER has been renamed to PfR. So they are essentially the same thing around 12.4(11)T.
In 12.4(15)T and onwards we've added new features that are being worked under the Performance Routing banner as we work to expand the use cases of PfR beyond just exit routing.
All the configuration for PfR is currently under the OER title. This will be changing in the 12.5T timeframe.
The PfR/OER MC and BR can be co-hosted on the same router.
When using oer-maps (which allow granular control over traffic class selection and policy) it really depends on what information is required.
For example, if you've explicitly defined your traffic class via an ACL then you will not need the 'learn' functionality to find traffic classes for optimization.
However, if you want PfR to have access to information such as trhoughtput for a particular traffic class (which is usefull to have as PfR will check to see if the alternate path has enouch spare bandwidth) then 'learn' will be needed.
Learn will enable NetFlow on the border routers. Specifically ingress Traditional Netflow (in 12.4(15)T5) on the internal and external interfaces.
That's what i want to do, i need some traffic to pass through ISP1 and others through ISP2 when there's no overload.
it doesn't work, traffic always pass through one link.
here is the config :
ip access-list extended AOer
permit ip host 10.17.104.2 any
permit icmp host 10.17.104.2 any
permit icmp any host 10.17.104.2
permit ip any host 10.17.104.2
oer-map MPAOer 10
match traffic-class access-list AOer
set periodic 180
set mode select-exit best
set holddown 300
set mode route control
set mode monitor fast
set resolve utilization priority 1 variance 2
set resolve range priority 2
set resolve delay priority 3 variance 2
set probe frequency 2
set link-group ISP2 fallback ISP1
i tested "oer-map" alone (without link-group), it doesn't work.
Would you like to tell what's wrong?
Is there a particular reason why you're doing mode monitor fast (there isn't a probe destination configured)? Would it be possible to use 'mode monitor both'?
Also can you show the output of 'show oer master policy' as well as the full PfR configuration? (for example the learn configuration under oer master as well as traffic direction to ISP1)
Ok, we'll use "mode monitor both".
It seemed route changes faster when using monitor fast. What's the drawback of "monitor fast"?
here attached the full configuration of MC/BR and the output of "sh oer master policy".
the "sh oer master border detail" is also in the "sh oer output" file.
i haven't used learn cause i wanted to see "oer-map" working first.
sorry about the late reply
I was able to go thru the config. Couple of comments:
1) mode monitor fast needs a forced probe assignment. This is one of the limitations, but if we think about the fact that mode monitor fast is supposed to track an explicit traffic class and the end destination is known beforehand we need a reliable target.
-- I am looking into wheter fast-mode is able to dynamically learn from the traffic class (as in mode active or mode both), but I don't believe this to be the case.
2) Your ACL that defines the traffic class can not use 'any' as the destination. You will need to use an explicit destination.
If you are in need of open-endedness of this type you will want to use learn-lists to dynamically create traffic classes (possiblly on /32 boundaries) .
oer-map can be used with learn:
1841-AA0211(config-oer-map)#match oer learn ?
delay Match oer delay learned prefixes
inside Match oer inside learned prefixes
list Match oer learn list prefixes
throughput Match oer thruput learned prefixes
or the traffic classes can be explicitly defined (eg via ACL or prefix-list):
1841-AA0211(config-oer-map)#match traffic-class ?
access-list Specify Traffic class(es) using access-list
application Specify the application to learn
prefix-list Specify Traffic class(es) using prefix-list
PFR is a relatively new thing for me, can anybody explain the basis and how it works, and platform related stuff?
Performacne Routing is a reworking of a little known IOS feature called OER (Optimized Edge Routing). The renaming represents an expansion of the functionality of OER (application routing) as well as renewed commitment on the development side.
There are some very good papers on PfR at:
Performance Routing Design Guide
OER Config Guide
PfR is able to make measurements (either actively using IPSLA or passively by observation of the traffic) and will alter the paths of dynamically created traffic classes (eg an SRC subnet and DST subnet ACL can describe a traffic class). The path altering is done either by BGP, static routing or policy-based routing (PBR).
PFR is supported on c1800-c7200, cat6500 and c7600.
I have ADSL modem and 2800 series router. How to connect modem to router to share internet in two different local area networks. Can you give me the configuration.
please take a look at the sample configuration provided to Colin. I've provided the PfR portion of the configuration for loadsharing between two external interfaces. The ADSL configuration is out of scope (besides it could be done in number of different ways depending on your SP).
Currently we have a 837 with one ADSL connection-- I will include the config.
Could you help us migrate to an 1841- we have two DSL connections now, and I would like to enable PfR so the 1841 will distribute traffic generically between the two.
Each connection is static with one IP so we will need the NAT pools to act accordingly- I am looking for a generic config on how to use one router to distribute the traffic equally.
As you're doing PAT using the interface IP addresses and do not have a generic pool to advertise out both links we'll need to use the PfR-NAT feature described on this page:
A simple config would look like the following (the pfr master controller and border routers are the same routers). Note the creation of the 'virtual-template' interface as well as its referencing in the NAT statement. The NAT inside and outside statements on the interfaces remain the same.
As far as the PfR configuration. The following configuration will try bring the interfaces within 5 percent of each others utilization. The method of control will be by the insertion of /32 host routes into the routing table.
max-range-utilization percent 5
border 10.1.1.3 key-chain oer-key
interface GigabitEthernet0/1 external
interface GigabitEthernet0/2 external
interface FastEthernet4/0 internal
aggregation-type prefix-length 32
no max range receive
mode route control
mode select-exit best
resolve range priority 1
resolve utilization priority 2 variance 10
master 10.1.1.3 key-chain oer-key
description To LY-VXR-7:G0/3
ip address 10.17.37.1 255.255.255.0
ip nat outside
description To LY-VXR-6:G0/3
ip address 188.8.131.52 255.255.255.0
ip nat outside
ip access-list standard match104Net
permit 10.17.104.0 0.0.0.255
ip nat inside source list match104Net interface Virtual-Template1 overload oer
Is 10.1.1.3 intended to be the local IP address of FastEthernet4 ? Also, where do I add the default routes?
ip route 0.0.0.0 0.0.0.0 ISP1
ip route 0.0.0.0 0.0.0.0 ISP2
I don't quite understand how the virtual template knows to route data correctly.
10.1.1.3 is just a local address that the border process and master process use to talk to each other. In this case it was actually a loopback.
The default routes will be on the border routers pointing out to the ISP's router. if you're getting an address via DHCP, the router can be configured to install the route automatically.
The virtual-template is just a mechanism to create indirection such that PfR can pickup the packet and make the decision about where to actually route the packet. As NAT queues packets to the virtual-template, PfR will grab the packets and direct them to best physical interface at that time.
Could you open the file of my pfr configuration without problem?
i can re-send it if either there was a problem.
What should i add or change so that oer-map works?
I am currently beggining with the use of OER. The network I'm working on is connected to 2 ISPs. You can find the configuration I'm using at the bottom of this message (the "Add Attachments" system of Cisco's website does not sem to work).
I have a problem with the intruction "delay" in learning prefix.
When I try to learn "throughput", there is no problem, but when I'm using "delay", no prefix is learnt.
Could you please help me with my configuration so as to be able to learn prefixes using highest delay times.
Thanks in advance,
border 213.XXX.XXX.5 key-chain OER
interface vlan 300 external
interface GigabitEthernet 4/4 internal
interface GigabitEthernet 3/3 internal
interface GigabitEthernet 3/1 internal
border 213.XXX.XXX.6 key-chain OER
interface vlan 300 external
interface GigabitEthernet 7/4 internal
interface GigabitEthernet 7/1 internal
interface GigabitEthernet 1/2 internal
throughput // delay here does not work
mode monitor active
delay relative 50
loss relative 10
unreachable relative 50
mode select-exit good
mode route observe
When you do:
do you not see any prefixes at all or not any additional prefixes relating to delay?
Can you try with mode monitor both (rather than mod monitor active)
Thanks for your reply.
our traffic will go to the internet,that's why we use any as destination.
Would you like to give more information or a sample of config concerning learn-lists ?
Learn-lists allow the operator to describe the kind of traffic they are interested in when they do not know before hand what that traffic will be.
For example, you know that you'd like to treat DSCP==EF traffic differently, but don't know before hand the destination(s) for this set of traffic.
The following URL has information on the configuration goals of learn-lists:
And the command reference is here:
I do not know if I do well, but everytime I use "delay" after having used "throughput" (which means my MC as learned prefixes), I use "no oer master" in order to clear the prefixes learnt, and then enter again my config into the MC.
So I tried mode monitor both and the delay command and no prefixe at all is learnt.
I also tried to use delay after throughput, but after expiration time ("expire after time "), no prefix at all is learnt.
You should not have to do 'no oer master', although there is nothing wrong with that.
To clear traffic classes you can use the less invasive command "clear oer master traffic-class"
It appears that you're running into a defect if you have actual TCP traffic running between your internal and external interfaces (as reported by 'show ip cache flow') and no flows are being reported.
Please open a case with TAC so that this can be properly tracked.
hi , we have a project in log files of authentification service (radius), we need to learn the meaning about each word in the file. we need also some suggestions about the softwares that we can use to analyse those files .
you can send me the answers in my mail : email@example.com
hi , we have a project in log files of authentification service (radius), we need to learn the meaning about each word in the file . we need also some suggestions about the softwares that we can use to analyse those files .
you can send us the answers in our mails:
This forum is about PfR performance routing and analysis of radius log files is out of scope.
I believe tools such as csmars may allow for analysis of radius log files.
hi, I have a project about analized log files, I need some advices (softwares,...) if you can help me.
you can send me on my e_mail: