Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PfR design question

Hello support team,

I am running into some issues with PfR and hope that you can help me resolve this.

I am trying to optimize branch office traffic by using PfRv2.  I am only targeting a single host IP that is not local for the site.  The IP I am targeting is a proxy server located at our data center so for branch office users to browse they have to go through our regional data center.  With the configs below I see PfR rerouting the proxy traffic through the MPLS link when outbound utilization is above the threshold (by using local pref of 5000).  I have come to realize that when inbound traffic is over the threshold PfR can only do community or AS prepend which in my case i can't use because I don’t want to manipulate inbound flows to the site... I simply want the branch office proxy request to be moved to the MPLS link when utilization (ingress and egress) is above the threshold. Any suggestions? I tried using EEM scripting and was able to successfully move proxy traffic over to the MPLS link when the VPN inbound utilization is high by monitoring PfR syslog messages, but I couldn’t figure out how to move traffic back to the VPN link when utilization is low because no syslog message is generated when PfR traffic-class is INPOLICY. Please help. Thank you.

pfr master
 policy-rules HYBRID
 no max-range-utilization
 logging
 !
 border 10.2.0.1 key-chain LAB-PFR
  interface GigabitEthernet0/2 internal
  interface GigabitEthernet0/0.1 internal
  interface GigabitEthernet0/1 external
   max-xmit-utilization percentage 95
   maximum utilization receive percentage 85
   link-group MPLS
 !
 border 10.2.0.5 key-chain LAB-PFR
  interface GigabitEthernet0/2 internal
  interface GigabitEthernet0/0.1 internal
  interface Tunnel1 external
   max-xmit-utilization percentage 85
   maximum utilization receive percentage 15
   link-group VPN
 !
 learn
  traffic-class filter access-list NO_AUTO_LEARN
  list seq 5 refname PROXY
   traffic-class access-list PROXY filter PROXY
   aggregation-type prefix-length 32
   throughput
 mode monitor passive
 periodic 90
 !

sh ip access-lists PROXY
    10 permit ip any any
sh ip prefix-list PROXY
ip prefix-list PROXY: 1 entries
    10 permit 10.1.0.48/32

!
pfr-map HYBRID 10
 match pfr learn list PROXY
 set periodic 90
 set mode route control
 set mode monitor active throughput
 set probe frequency 4
 set link-group VPN fallback MPLS

33
Views
0
Helpful
0
Replies