Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

PFR Inbound/Outbound optimization

Hi.

I hope you are all doing well, and I'm sorry for posting such a long OT.

Straight to the issue, we have one 7609S which its IOS is 15.1(3)S. I should note that this an ISP environment and this router has 15 private IX peers, and 4 Exit links. The IX paths are not being advertised to eBGP exit peers.

I've configured the router being MC and BR the same time, 1 Internal interface, and 5 External interface.

I should note that we have categorized our BGP peers in 3 different template peer-policy.

  1. Also each eBGP exit peer is assigned an outbound route-map which denies IX paths to be advertised to them and also doing manaul prepending. Is this conflicting with what PFR does in prepending to AS-PATH?
  2. The issue is that, I see our routes are dampened a lot in the world of BGP, and I see no prepending to my AS-PATH when checking on route-views in different time.
  3. Why no probe is learned for the traffic over Tunnels?
  4. What is your opinion regarding the PFR parameters for an ISP?


Below you will find configurations and shows.

And I'm again sorry for such long post.

ip route 0.0.0.0 0.0.0.0 192.168.64.1

ip route 0.0.0.0 0.0.0.0 172.16.101.2

ip route 0.0.0.0 0.0.0.0 172.16.105.2

ip route 0.0.0.0 0.0.0.0 172.16.13.1

router bgp ******
template peer-policy CUST_BGP

  route-map BGP_CUST_NO-OUT out

  default-originate

  soft-reconfiguration inbound

  send-community both

exit-peer-policy

!

template peer-policy BW_UPLINKS

  prefix-list ISP_IX-in in

  next-hop-self all

  soft-reconfiguration inbound

  send-community both

exit-peer-policy

!

template peer-policy IX

  route-map IX_BGP-OUT out

  prefix-list ISP_IX-in in

  next-hop-self all

  soft-reconfiguration inbound

  send-community both

!


neighbor 172.16.101.2 remote-as ****

neighbor 172.16.101.2 route-map EXIT1-OUT out

neighbor 172.16.101.2 inherit peer-policy BW_UPLINKS

route-map EXIT1-OUT deny 1

description not advertising IX paths (AS) to PARDIS

match as-path 1

route-map EXIT1-OUT permit 10

description Advertising all other prefixes

set as-path prepend *****

!!!! OTHER eBGP exit peers have similar configuration!!!!

HT-CoreRT#s pfr mas

OER state: ENABLED and ACTIVE

  Conn Status: SUCCESS, PORT: 3949

  Version: 3.1

  Number of Border routers: 1

  Number of Exits: 4

  Number of monitored prefixes: 779 (max 5000)

  Max prefixes: total 5000 learn 2500

  Prefix count: total 779, learn 779, cfg 0

  PBR Requirements met

  Nbar Status: Inactive

Border           Status   UP/DOWN             AuthFail  Version  DOWN Reason

172.31.255.14    ACTIVE   UP       04:29:03          0  3.1

OER master in special monitor mode

Global Settings:

  max-range-utilization percent 60 recv 30

  rsvp post-dial-delay 0 signaling-retries 1

  mode route metric bgp local-pref 5000

  mode route metric static tag 5000

  trace probe delay 1000

  no logging

  exit holddown time 60 secs, time remaining 0

Default Policy Settings:

  backoff 150 150 150

  delay relative 50

  holddown 200

  periodic 150

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor both

  mode select-exit good

  loss relative 10

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable relative 50

  resolve utilization priority 1 variance 2

  resolve range priority 2 variance 0

Learn Settings:

  current state : SLEEP

  time remaining in current state : 148 seconds

  throughput

  no delay

  inside bgp

  monitor-period 5

  periodic-interval 5

  aggregation-type prefix-length 24

  prefixes 400 appls 400

  expire after time 30

HT-CoreRT#sh pfr bor active-probes

....

echo     5.134.193.10        N ********    PO8/1/0               6       6

0    

echo     2.125.42.232        N *******    PO8/1/0               6       5

0    

echo     109.162.130.162     N ******    Gi8/0/1               6       5

0    

echo     109.162.130.114     N ********    Gi8/0/1               6       6

0    

....

HT-CoreRT#show pfr mas traffic-class inside

......

x.x.80.0/22            N    N    N           N           N N                

               #          INPOLICY       38     172.31.255.14 Tu105           BGP

               U        U        0        0        0        0    10483     3470

               U        U        0        0        N        N        N        N

x.x.84.0/22            N    N    N           N           N N                

               #         HOLDDOWN*      166     172.31.255.14 PO8/1/0         BGP    

               U        U        0        0        0        0     4767    19494

               U        U        0        0        N        N        N        N

x.x.88.0/22            N    N    N           N           N N                

               #          HOLDDOWN       87     172.31.255.14 PO8/1/0         BGP

               U        U        0        0        0        0    21402    20568

               U        U        0        0        N        N        N        N

x.x.128.0/24           N    N    N           N           N N                

               #          DEFAULT*        0     172.31.255.14 Tu101           U      

               U        U        0        0        0        0        8       10

               U        U        0        0        N        N        N        N

.......

HT-CoreRT#sh pfr mas traffic-class performance inside

......

Traffic-class: (inside)

Destination Prefix : x.x.88.0/22          Source Prefix    : N/A

Destination Port   : N/A                     Source Port      : N/A

DSCP               : N                       Protocol         : N/A

Application Name:  : N/A

General:

   Control State                   : Controlled using BGP

   Traffic-class status            : HOLDDOWN

   Current Exit                    : BR 172.31.255.14 interface Gi8/0/1, Tie breaker was Non-OER

   Time on current exit            : 0d 0:0:8

   Time remaining in current state : 162 seconds

   Last uncontrol reason           : Couldn't control

   Time since last uncontrol       : 0d 0:1:24

   Traffic-class type              : Learned

   Improper config                 : None

Last Out of Policy event:

   Exit                            : BR 172.31.255.14 interface Gi8/0/1

   Reason                          : Range

   Time since Out of Policy event  : 0d 0:1:19

   Link OOP; no prefix performance :

Average Passive Performance Current Exit: (Average for last 5 minutes)

   Unreachable            : 0% -- Threshold: 50%

   Delay                  : 0% -- Threshold: 50%

   Loss                   : 0% -- Threshold: 10%

   Egress BW              : 16197 kbps

   Ingress BW             : 15232 kbps

   Time since last update : 2d 0:37:21

Average Active Performance Current Exit: (Average for last 5 minutes)

   Unreachable            : 0% -- Threshold: 50%

   Delay                  : 0% -- Threshold: 50%


This platform does not support "ip flow egress" on interfaces, but "ingress" is configured on all the router's interfaces.

HT-CoreRT#sr | s flow

ip flow-cache timeout active 1

mls netflow cache

mls flow ip interface-destination-source

no mls flow ipv6

ip flow ingress

........

ip flow-export source Loopback17231255

ip flow-export version 9

ip flow-aggregation cache as

enabled

ip flow-aggregation cache prefix

mask source minimum 24

mask destination minimum 24

enabled

................

Traffic-class: (inside)

Destination Prefix : x.x.96.0/22          Source Prefix    : N/A

Destination Port   : N/A                     Source Port      : N/A

DSCP               : N                       Protocol         : N/A

Application Name:  : N/A

General:

   Control State                   : Not Controlled

   Traffic-class status            : HOLDDOWN*

   Current Exit                    : BR 172.31.255.14 interface Tu105, Tie breaker was Non-OER

   Time on current exit            : 0d 0:0:9

   Time remaining in current state : 90 seconds

   Last uncontrol reason           : Couldn't control

   Time since last uncontrol       : 0d 0:1:45

   Traffic-class type              : Learned

   Improper config                 : None

Last Out of Policy event:

   Exit                            : BR 172.31.255.14 interface Tu105

   Reason                          : Range

   Time since Out of Policy event  : 0d 0:1:45

   Link OOP; no prefix performance :

Average Passive Performance Current Exit: (Average for last 5 minutes)

   Unreachable            : 0% -- Threshold: 50%

   Delay                  : 0% -- Threshold: 50%

   Loss                   : 0% -- Threshold: 10%

   Egress BW              : 9001 kbps

   Ingress BW             : 25642 kbps

   Time since last update : 2d 0:38:17

Average Active Performance Current Exit: (Average for last 5 minutes)

   Unreachable            : 0% -- Threshold: 50%

   Delay                  : 0% -- Threshold: 50%

..............


Best Regards,

Mohammad Moghaddas
Everyone's tags (5)
414
Views
0
Helpful
0
Replies
CreatePlease login to create content