Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
2
Replies

PFR Uncontrol Appl Prefix, Exclude prefix failed so uncontrol traffic

Junior Mateus
Level 1
Level 1

‎10-30-2013 04:31 AM - edited ‎03-04-2019 09:27 PM

Hello Everybody,

I´have set a Lab with

2 Routers, one is the MC/BR and the second is the second Border.

Here is the configuration ont MC/BR

MC_BR#sh pfr master

OER state: ENABLED and ACTIVE

  Conn Status: SUCCESS, PORT: 3949

  Version: 3.0

  Number of Border routers: 2

  Number of Exits: 3

  Number of monitored prefixes: 46 (max 5000)

  Max prefixes: total 5000 learn 2500

  Prefix count: total 46, learn 30, cfg 0

  PBR Requirements met

  Nbar Status: Active

Border           Status   UP/DOWN             AuthFail  Version

1.1.1.1          ACTIVE   UP       00:19:05          0  3.0

10.10.10.2       ACTIVE   UP       00:19:04          0  3.0

Global Settings:

  max-range-utilization percent 20 recv 0

  mode route metric bgp local-pref 5000

  mode route metric static tag 5000

  trace probe delay 1000

  no logging

  exit holddown time 60 secs, time remaining 0

Default Policy Settings:

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor fast

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  resolve delay priority 11 variance 20

Learn Settings:

  current state : STARTED

  time remaining in current state : 102 seconds

  throughput

  no delay

  no inside bgp

  monitor-period 1

  periodic-interval 0

  aggregation-type prefix-length 24

  prefixes 10 appls 10

  expire after time 720

  Learn-List seq 5 refname learning_APP

    Configuration:

     Traffic-Class Application: http httpssl dns

     Aggregation-type: prefix-length 24

     Learn type: throughput

     Session count: 1000 Max count: 1000

     Policies assigned: 10

     Status: ACTIVE

    Stats:

     Traffic-Class Count: 17

  Learn-List seq 6 refname learning_Mangement

    Configuration:

     Traffic-Class Application: icmp telnet

     Aggregation-type: prefix-length 24

     Learn type: throughput

     Session count: 1000 Max count: 1000

     Policies assigned: 11

     Status: ACTIVE

    Stats:

     Traffic-Class Count: 1

AS you can see on the configuration , i have used an automtatical Learn for Application, as the Border are connecting to the ISP or Internet , i don´t have BGP, i just use a static defautlt route with a parent route pointed to the ISP.

So i can´t configure a specific prefix for the ISP because i don´t know all the prefix people surf on the internet ?  so i let automatic learn

It appear that the PFR can´t optmized the application  traffic learning automatically with this error :

*Oct 30 11:53:43.957: %OER_MC-5-NOTICE: Uncontrol Appl Prefix 93.184.219.0/24 http, Exclude prefix failed so uncontrol traffic

MC_BR(config)#pfr mas

MC_BR(config)#pfr master

*Oct 30 11:53:44.169: %OER_MC-5-NOTICE: Uncontrol Appl Prefix 173.194.41.0/24 httpssl, Exclude prefix failed so uncontrol traffic

*Oct 30 11:53:44.181: %OER_MC-5-NOTICE: Uncontrol Appl Prefix 184.170.128.0/24 http, Exclude prefix failed so uncontrol traffic

*Oct 30 11:53:44.661: %OER_MC-5-NOTICE: Uncontrol Appl Prefix 80.94.76.0/24 http, Exclude prefix failed so uncontrol traffic

So i don´t know how can i solve this problem ? and what is the meaning of this log

Here is the Policy that i have :

Default Policy Settings:

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor fast

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  resolve delay priority 11 variance 20

oer-map QOS1 10

  sequence no. 8444249301975040, provider id 1, provider priority 30

    host priority 0, policy priority 10, Session id 0

  match oer learn list learning_APP

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

*probe frequency 4

  number of jitter probe packets 100

  mode route control

*mode monitor fast

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  next-hop not set

  forwarding interface not set

  resolve delay priority 11 variance 20

  Forced Assigned Target List:

   active-probe echo 4.2.2.2 target-port 0

oer-map QOS1 11

  sequence no. 8444249302040576, provider id 1, provider priority 30

    host priority 0, policy priority 11, Session id 0

  match oer learn list learning_Mangement

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor fast

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  next-hop not set

  forwarding interface not set

  resolve delay priority 11 variance 20

* Overrides Default Policy Setting

MC_BR#   

THANK U IN ADVANCE

Labels:
0 Helpful
2 Replies 2

sathvik k v
Level 3
Level 3

‎10-30-2013 07:05 AM

Hi Junior,

Try using mode monitor active or both.

Regards,

Sathvik K V

0 Helpful

Junior Mateus
Level 1
Level 1
In response to sathvik k v

‎11-01-2013 02:24 AM

Here is the config on the MC/BR and the BR

MC/BR

!

hostname MC_BR

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

no aaa new-model

!

!

dot11 syslog

!

flow record MYRECORD

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect ipv4 dscp

collect interface output

collect counter bytes

collect counter packets

!

!

flow monitor MYMONITOR

record MYRECORD

!

ip source-route

!

!

ip cef

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!        

!

!

key chain pfr

key 0

  key-string cisco

crypto pki token default removal timeout 0

!

!

!

pfr master

policy-rules QOS

logging

!

border 1.1.1.1 key-chain pfr

  interface FastEthernet0/0 external

   link-group isp_primary

  interface FastEthernet0/1 internal

!

border 10.10.10.2 key-chain pfr

  interface FastEthernet0/0 external

   link-group isp-secondary

  interface FastEthernet0/1 internal

  interface Vlan200 external

!       

learn

  throughput

  periodic-interval 0

  monitor-period 1

  prefixes 10 applications 10

  list seq 5 refname learning_APP

   traffic-class application nbar http secure-http dns

   throughput

  list seq 6 refname learning_management

   traffic-class application nbar icmp telnet ssh

delay threshold 250

unreachable threshold 3

loss threshold 3

mode route control

mode monitor active

mode select-exit best

no resolve delay

no resolve range

no resolve utilization

!

!

pfr border

local Loopback1

master 1.1.1.1 key-chain pfr

!

!

license udi pid CISCO2811 sn FCZ120570ZV

username cisco password 0 cisco

!

redundancy

!

!

!

track 10 ip sla 10 reachability

!

class-map match-any medium

match protocol icmp

match protocol telnet

class-map match-any WEB

match protocol http

match protocol secure-http

match protocol dns

!

!

policy-map Marking

class WEB

  set ip dscp cs2

class medium

  set dscp cs1

!

!

!

!

!

!

!

!

interface Loopback0

no ip address

!

interface Loopback1

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description ISP 1 ( EXTERNAL)

bandwidth 56

ip address 212.96.23.178 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

interface FastEthernet0/1

description LAN ( INTERNAL )

ip address 10.10.10.1 255.255.255.0

ip flow monitor MYMONITOR input

ip nat inside

ip virtual-reassembly in

standby 0 timers 2 4

standby 10 ip 10.10.10.50

standby 10 priority 150

standby 10 preempt

standby 10 name HSRPGRPE1

standby 10 track 10 decrement 100

duplex auto

speed auto

service-policy input Marking

!

router bgp 10

bgp router-id 1.1.1.1

bgp log-neighbor-changes

network 1.1.1.1 mask 255.255.255.255

redistribute static

neighbor 10.10.10.2 remote-as 10

neighbor 10.10.10.2 update-source FastEthernet0/1

neighbor 10.10.10.2 next-hop-self

default-information originate

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 10 interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.201 21 212.96.23.178 21 redundancy HSRPGRPE1 extendable

ip route 0.0.0.0 0.0.0.0 212.96.23.177 track 10

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 200

!

ip access-list extended CS1_Medium

permit ip any any dscp cs1

ip access-list extended CS2_WEB

permit ip 10.10.10.0 0.0.0.255 any dscp cs2

ip access-list extended QOS

permit tcp any any eq www

permit icmp any any

permit tcp any any eq 443

permit tcp any any eq domain

!        

!

ip prefix-list BORDER seq 2 permit 105.174.0.0/24

ip sla 10

icmp-echo 212.96.23.177

threshold 500

timeout 500

frequency 3

ip sla schedule 10 life forever start-time now

access-list 10 permit 10.10.10.0 0.0.0.255

!

!

!

route-map test permit 10

!

!

!

pfr-map QOS 10

match pfr learn list learning_APP

set delay threshold 250

set mode monitor fast

set active-probe echo 4.2.2.2

set probe frequency 2

!

pfr-map QOS 11

match pfr learn list learning_management

!

control-plane

!

!

alias exec flow sh flow monitor MYMONITOR cache format tabl

banner motd ^C **** WELCOM TO MASTER CONTROLLER ****

banner motd ^C

!

line con 0

password cisco

logging synchronous

login local

line aux 0

line vty 0 4

password cisco

logging synchronous

login local

transport input all

!

scheduler allocate 20000 1000

end

-------------------------------------------------------------------------------------------------------------------------------------                                 

Here is the config on th BR

!

hostname BORDER1

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

no aaa new-model

!

!

dot11 syslog

!

flow record MYRECORD

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect ipv4 dscp

collect interface output

collect counter bytes

collect counter packets

!

!

flow monitor MYMONITOR

record MYRECORD

!

ip source-route

!

!

ip cef

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!        

!

!

key chain pfr

key 0

  key-string cisco

crypto pki token default removal timeout 0

!

!

!

pfr border

local FastEthernet0/1

master 1.1.1.1 key-chain pfr

!

!

license udi pid CISCO2811 sn FCZ132671UR

username cisco password 0 cisco

!

redundancy

!

!

!

track 10 ip sla 10 reachability

!

!        

!

!

!

!

!

interface Loopback1

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

bandwidth 5000

ip address 105.174.0.10 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.10.10.2 255.255.255.0

ip flow monitor MYMONITOR input

ip nat inside

ip virtual-reassembly in

standby 0 timers 2 4

standby 10 ip 10.10.10.50

standby 10 preempt

standby 10 name HSRPGRPE1

duplex auto

speed auto

!

interface FastEthernet0/1/0

switchport access vlan 200

no ip address

load-interval 30

spanning-tree portfast

!

interface FastEthernet0/1/1

no ip address

!

interface FastEthernet0/1/2

no ip address

!

interface FastEthernet0/1/3

no ip address

!

interface FastEthernet0/1/4

no ip address

!

interface FastEthernet0/1/5

no ip address

!

interface FastEthernet0/1/6

no ip address

!

interface FastEthernet0/1/7

no ip address

!

interface FastEthernet0/1/8

no ip address

!

interface Vlan1

no ip address

!

interface Vlan200

bandwidth 1000

ip address 105.168.0.2 255.255.255.252

!

router rip

version 2

network 10.0.0.0

network 105.0.0.0

no auto-summary

!        

router bgp 10

bgp router-id 2.2.2.2

bgp log-neighbor-changes

network 2.2.2.2 mask 255.255.255.255

redistribute static

neighbor 10.10.10.1 remote-as 10

neighbor 10.10.10.1 update-source FastEthernet0/1

neighbor 10.10.10.1 next-hop-self

default-information originate

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 10 interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.201 21 105.174.0.10 21 redundancy HSRPGRPE1 extendable

ip route 0.0.0.0 0.0.0.0 105.174.0.9 name UNITEL

ip route 0.0.0.0 0.0.0.0 105.168.0.1 200 name ISP2

!

ip sla 10

icmp-echo 105.174.0.9

threshold 500

timeout 500

frequency 3

ip sla schedule 10 life forever start-time now

access-list 10 permit 10.10.10.0 0.0.0.255

!

!

!

!

!

control-plane

!

!

alias exec flow sh flow monitor MYMONITOR cache format tabl

!

line con 0

password cisco

logging synchronous

login local

line aux 0

line vty 0 4

password cisco

logging synchronous

login local

transport input all

!

scheduler allocate 20000 1000

end

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here is the Sho command for sh pfr master policy, sh pfr master learn list and sh pfr master

MC_BR#sh pfr master

OER state: ENABLED and ACTIVE

  Conn Status: SUCCESS, PORT: 3949

  Version: 3.0

  Number of Border routers: 2

  Number of Exits: 3

  Number of monitored prefixes: 19 (max 5000)

  Max prefixes: total 5000 learn 2500

  Prefix count: total 19, learn 19, cfg 0

  PBR Requirements met

  Nbar Status: Active

Border           Status   UP/DOWN             AuthFail  Version

1.1.1.1          ACTIVE   UP       00:07:09          0  3.0

10.10.10.2       ACTIVE   UP       00:07:09          0  3.0

Global Settings:

  max-range-utilization percent 20 recv 0

  mode route metric bgp local-pref 5000

  mode route metric static tag 5000

  trace probe delay 1000

  logging

  exit holddown time 60 secs, time remaining 0

Default Policy Settings:

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor active

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

Learn Settings:

  current state : STARTED

  time remaining in current state : 87 seconds

  throughput

  no delay

  no inside bgp

  monitor-period 1

  periodic-interval 0

  aggregation-type prefix-length 24

  prefixes 10 appls 10

  expire after time 720

  Learn-List seq 5 refname learning_APP

    Configuration:

     Traffic-Class Application: http secure-http dns

     Aggregation-type: prefix-length 24

     Learn type: throughput

     Session count: 1000 Max count: 1000

     Policies assigned: 10

     Status: ACTIVE

    Stats:

     Traffic-Class Count: 6

  Learn-List seq 6 refname learning_management

    Configuration:

     Traffic-Class Application: icmp telnet ssh

     Aggregation-type: prefix-length 24

     Learn type:

     Session count: 1000 Max count: 1000

     Policies assigned: 11

     Status: ACTIVE

    Stats:

     Traffic-Class Count: 0

MC_BR#                        sh pfr master policy

Default Policy Settings:

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor active

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

oer-map QOS 10

  sequence no. 8444249301975040, provider id 1, provider priority 30

    host priority 0, policy priority 10, Session id 0

  match oer learn list learning_APP

  backoff 300 3000 300

*delay threshold 250

  holddown 300

  periodic 0

*probe frequency 2

  number of jitter probe packets 100

  mode route control

*mode monitor fast

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  next-hop not set

  forwarding interface not set

  Forced Assigned Target List:

   active-probe echo 4.2.2.2 target-port 0

oer-map QOS 11

  sequence no. 8444249302040576, provider id 1, provider priority 30

    host priority 0, policy priority 11, Session id 0

  match oer learn list learning_management

  backoff 300 3000 300

  delay threshold 250

  holddown 300

  periodic 0

  probe frequency 56

  number of jitter probe packets 100

  mode route control

  mode monitor active

  mode select-exit best

  loss threshold 3

  jitter threshold 20

  mos threshold 3.60 percent 30

  unreachable threshold 3

  next-hop not set

  forwarding interface not set

* Overrides Default Policy Setting

pfr-map QOS 10

match pfr learn list learning_APP

set delay threshold 250

set mode monitor fast

set active-probe echo 4.2.2.2

set probe frequency 2

pfr-map QOS 11

match pfr learn list learning_management

learn

  throughput

  periodic-interval 0

  monitor-period 1

  prefixes 10 applications 10

  list seq 5 refname learning_APP

   traffic-class application nbar http secure-http dns

   throughput

  list seq 6 refname learning_management

   traffic-class application nbar icmp telnet ssh

delay threshold 250

unreachable threshold 3

loss threshold 3

mode route control

mode monitor active

mode select-exit best

no resolve delay

no resolve range

no resolve utilization

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card