Why OER Prefixes don't learn(not any output from "show oer master prefix learn") when OER+PBR used
I am new for OER feature. My network topology is I have one internet GW router (2811), I have 2 x WAN (ISP A and ISP B) and 2 x LAN. LAN 1, I use for my Web Servers only so no any controls on this LAN 1, cause from LAN 1, I use Internet IP ADDRRESS from ISP B, then I need to do PBR to make sure that my Web Servers will go outside to ISP B only. For LAN 2, I also have some Web Servers that they must go to ISP A only because they use IP ADDRESS from ISP A. So, I also need to do PBR on LAN 2. Finally, I would like to load balance internet traffic between ISP A and ISP B for Internal users only and all Internal users are behind FW, which will PAT all Internal users into 1 IP ADDRESS before send to outside interface. Here are my configuration.
oer master logging ! border 220.127.116.11 key-chain OER interface FastEthernet0/0 external max-xmit-utilization absolute 4000 interface FastEthernet0/1 external max-xmit-utilization absolute 4000 interface Vlan10 internal ! learn throughput delay periodic-interval 5 monitor-period 10 prefixes 500 mode route control mode route metric static tag 2000 resolve range priority 5 ! oer border logging local Loopback0 master 18.104.22.168 key-chain OER
interface FastEthernet0/0 description ISP_A ip address 22.214.171.124 255.255.255.252 no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto ! interface FastEthernet0/1 description ISP_A ip address 126.96.36.199 255.255.255.252 ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto
interface Vlan1 description LAN_1 ip address 188.8.131.52 255.255.255.240 ip policy route-map ISPB-ForcePBR ! interface Vlan10 descritipn LAN_2 ip address 184.108.40.206 255.255.255.252 secondary ip address 220.127.116.11 255.255.255.240 secondary ip address 18.104.22.168 255.255.255.240 ip nat inside ip virtual-reassembly ip policy route-map ISPA-ForcePBR !
router bgp 65000 no synchronization bgp router-id 22.214.171.124 bgp log-neighbor-changes network 126.96.36.199 mask 255.255.255.240 network 188.8.131.52 mask 255.255.255.240 neighbor 184.108.40.206 remote-as 64600 neighbor 220.127.116.11 ebgp-multihop 4 neighbor 18.104.22.168 version 4 neighbor 22.214.171.124 soft-reconfiguration inbound no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 126.96.36.199 ip route 0.0.0.0 0.0.0.0 188.8.131.52 ip route 2.2.764 255.255.255.240 Null0 254 name BGP_Route_Originate ip route 184.108.40.206 255.255.255.240 Null0 254 name BGP_Route_Originate ip route 220.127.116.11 255.255.255.255 18.104.22.168 name force_bgp
ip nat inside source route-map INTERNAL-ISPA interface FastEthernet0/0 overload oer ip nat inside source route-map INTERNAL-ISPB interface FastEthernet0/1 overload oer ! ip access-list extended ISPA-NETWORK permit ip 22.214.171.124 0.0.0.15 any permit ip host 126.96.36.199 any permit ip host 188.8.131.52 any permit ip host 184.108.40.206 any permit ip host 220.127.116.11 any permit ip host 18.104.22.168 any permit ip host 22.214.171.124 any permit ip host 126.96.36.199 any permit ip host 188.8.131.52 any permit ip host 184.108.40.206 any permit ip host 220.127.116.11 any permit ip host 18.104.22.168 any permit ip host 22.214.171.124 any ip access-list extended ISPB-NETWORK permit ip 126.96.36.199 0.0.0.15 any ip access-list extended INTERNAL-INTERNAL permit ip host 188.8.131.52 any ip access-list extended VDO-Servers permit ip any host 184.108.40.206 permit ip any host 220.127.116.11 permit ip any host 18.104.22.168 permit ip any host 22.214.171.124 permit ip any host 126.96.36.199 permit ip any host 188.8.131.52 permit ip any host 184.108.40.206 permit ip any host 220.127.116.11 permit ip any host 18.104.22.168 permit ip any host 22.214.171.124 permit ip any host 126.96.36.199 ! route-map INTERNAL-ISPB permit 10 match ip address INTERNAL-INTERNAL match interface FastEthernet0/1 ! route-map ISPB-ForcePBR permit 10 match ip address ISPB-NETWORK set ip next-hop 188.8.131.52 ! route-map INTERNAL-ISPA permit 10 match ip address INTERNAL-INTERNAL match interface FastEthernet0/0 ! route-map ISPA-ForcePBR permit 10 match ip address ISPA-NETWORK set ip next-hop 184.108.40.206
## I have some BGP configuration to announce my ISP A prefix. ###################
My requirement is I would like to share internet traffic of Internal Users between ISP A and ISP B. Anyway, when I try to check how router learn prefix about which prefixes should be go outside to which ISPs by use command "show oer master prefix learn", there are no any output as below
Internet-GW#sh oer master prefix detail
I am not sure about does OER is operate ok or not? because sometime, I can see router load traffic to ISP_B over "max-xmit-utilization absolute 4000" that I confgured. Please help me to find any solutions or answer. Thanks.
Re: Why OER Prefixes don't learn(not any output from "show oer m
I have reviewed the router configuration and it appears you are missing the global key-chain definitions. I see they are defined on the master controller and border router configuration under oer master and oer border respectively. If you could post the output of show oer master border detail, show oer master, and show oer master policy it will provide additional information on the current status of PfR.
If you would prefer open a TAC case for configuration assistance and we can help you with this configuration.
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...