Deploying Performance Routing pfr

March 20, 2018 | Author: Yopie Lisyadi | Category: Ip Address, Multiprotocol Label Switching, Router (Computing), Routing, Virtual Private Network
Share
Report this link


Comments



Description

DeployingPerformance Routing (PfR) EDCS-728322 BRKIPM-2362 BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Housekeeping  We value your feedback- don't forget to complete your online session evaluations after each session & complete the Overall Conference Evaluation which will be available online from Thursday  Visit the World of Solutions  Please remember this is a 'non-smoking' venue!  Please switch off your mobile phones  Please make use of the recycling bins provided  Please remember to wear your badge at all times including the Party  Related Sessions: LABNMS-2002 Deploying and Operating Performance Routing (lab) BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Agenda  PfR Overview  Deployment  Performance  Conclusion  Q and A  Backup Slides—Troubleshooting BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3 All rights reserved. Load. Inc. and $Cost Routing Policies Or Simply Put.What Is Performance Routing (PfR)? PfR Enhances Internet and WAN Connectivity for Prefixes and Applications by Enabling Performance. the Ability to Select a Path Based on More Than Just Routing Metrics BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 4 . Best Path Selection per Prefix. Cisco Public 5 . Inc. All rights reserved. Two or More Paths WAN Access Links Are Biggest End-to-End Bottleneck Headquarters SP C SP B SP A Remote Office By Default BGP Chooses Best Path Based on Fewest As-Path Hops Bottlenecks SP D SP E Telecommuter Shortest Path Is Not Always the Best Path in Terms of Performance BRKIPM-2362 © 2009 Cisco Systems. MOS*. Jitter*. All rights reserved. Throughput. Load. Loss. Delay.PfR Best Path PfR Path SP A SP C SP B Headquarters MC/BR Remote Office BR BR MC Bottlenecks BR SP D SP E MC/BR Optimize by: Reachability. Cisco Public 6 . Inc. and/or $Cost Telecommuter PfR Components  BR—Border Router  MC—Master Controller (decision maker) BRKIPM-2362 © 2009 Cisco Systems. Inc. All rights reserved.PfR and OER What’s the Difference?  PfR has a broader technology scope  PfR will greatly expand application intelligence  PfR will leverage OER and other Cisco IOS® technologies to enable adaptive routing throughout the enterprise OER PfR  Prefix  Applications  WAN edge  Private IP (MPLS)  Network selection  Path selection  Exit routing  Networkwide BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 7 . All rights reserved. Inc.Overview BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 8 . Cisco Public 9 . Delay. Loss. $Cost E-Mail MC Headquarters MPLS ATM FR BR BR BR Remote Office MC/BR BR BR Internet VPN MC/BR PfR Components Telecommuter  BR—Border Router (Forwarding Path)  MC—Master Controller (Decision Maker) BRKIPM-2362 © 2009 Cisco Systems. Load. MOS. All rights reserved. Inc.Performance Routing (PfR) Exit Selection Criteria Reachability. Jitter. Performance Routing Policy Engine Verify Enforcement and Performance Learn Applications on the Network Reroute Traffic Measure Application Performance Measure Alternate Paths Apply Performance Policies to Measurements BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Inc. Cisco Public 10 . Inc. verification. reporting Standalone or collocated with BR No routing protocol required No packet forwarding/ inspection required BR ISP1/WAN1 MC ISP2/WAN2 BR BR Internal (LAN) Interfaces  Border Router (BR) Cisco IOS software feature in forwarding router Learn. enforcement NetFlow collector Probe source (IP SLA client) BRKIPM-2362 © 2009 Cisco Systems.Component Description BR External (WAN) Interfaces  Master Controller (MC) Cisco IOS software feature Apply policy. measure. All rights reserved. Cisco Public 11 . Information Flow  MC controls all operation Response BR1 Issues commands to BRs Contains traffic class/link data MC Reports events Command Reports measurements Makes policy decisions BR2  BR responds to MC commands Sends responses to MC Uses NetFlow. IP SLA. PBR Measures traffic class performance Measures link performance Enforces performance-based routing BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 12 . BGP. All rights reserved. static. Inc. 0/24 dscp ef 10.0/24 dst-port 50 10.0.0/24 nbar RTP 20.1.0/16 ssh 10.PfR Operates on Traffic Classes Type Example Destination Prefix (Mandatory) ACL Application (Optional) Well-Known NBAR 10.1. Protocol.0/8 20.1. Application ID BRKIPM-2362 © 2009 Cisco Systems.1.1.0/24 10. Cisco Public 13 . All rights reserved. DSCP.0/24 telnet 20.1.1.0. Inc.1.1.1.0.1. Ports.0/24 nbar citrix Required: Destination Prefix Optional: Src Pfx.1.1. All rights reserved. jitter need ip sla responder Delay Reachability Jitter 12.4T MOS 12.4T  Both mode Attempts to measure performance passively with NetFlow and only launches IP SLA probes as needed Loss 12. Inc. Cisco Public 14 .Measuring Traffic Class Performance  Passive Delay PfR NetFlow monitoring of traffic classes Loss Flows do not need to be on symmetrical paths provided that all exit/entry points are PfR-managed  Active Reachability Egress BW Ingress BW PfR enables IP SLA feature Probes sourced from BRs icmp probes learned or configured tcp.4(15)T BR  Fast mode Probes all path all the time BRKIPM-2362 © 2009 Cisco Systems. udp. Global or per Policy Cisco Public 15 . Inc.PfR Policy Traffic Class Performance Link Security  Delay  Sinkhole  Loss  Blackhole  Reachability Performance Administrative  Load balancing  Link grouping  Max utilization  $Cost  MOS  Jitter Scope BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Select Current. All rights reserved. Inc. Cisco Public 16 .Selecting “Best” Traffic Class Path Best Path Winner? If Tie. Random Select Best Performing Paths Depending on Priority with Variance M BRKIPM-2362 Remove Paths Which Do Not Have Sufficient Capacity © 2009 Cisco Systems. Inc. All rights reserved. Cisco Public 17 .Selecting “Best” Traffic Class Path Delay (ms) Jitter (ms) Priority 1 Priority 2 Link Utilization Serial1 89% 100 30 Serial2 50% 113 30 Serial3 60% 119 32 Serial4 40% 150 20 BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Inc.How Best Exit Path Is Enforced  MC tells BR to insert prefix in BGP or static table  MC tells BR to insert application/DSCP in policy route A BGP/Static Redis BR1 Route Commands ISP or MPLS Master B BGP/Static Redis BR2 ISP or MPLS  Modifying BGP local preference Local preference must be highest  Installing a static route at the exit Redistribute static should be configured Installing a Dynamic PBR route-map at the Exit Direct Link or GRE Tunnel Between BRs Necessary BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 18 . Cisco Public 19 . Inc. All rights reserved.How Best Entrance Path Is Chosen  Measurements gathered for all entrances  Measurements applied in priority order MC  Identify entrances to downgrade  Downgrade entrance using BGP advertisement AS path prepend Append downgrade BGP community BRKIPM-2362 © 2009 Cisco Systems. How Best Entrance Path Is Enforced  Needed for inbound load balancing  MC tells BR to modify eBGP advertisement A eBGP Advert BR1 Route Commands ISP or MPLS Master eBGP Advert B BR2 ISP or MPLS  Modifying eBGP Prepend AS hop(s) Append BGP downgrade community BRKIPM-2362 © 2009 Cisco Systems. Inc. All rights reserved. Cisco Public 20 . PfR Typical Customers  Large. All rights reserved. medium. and small enterprises with mission-critical Internet presence  Enterprises with redundant WAN networks  Enterprises with remote offices  Home office with dual internet connections Remote Office Headquarters Telecommuter BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 21 . Inc. PfR Platform Support Cisco 3800 ISR Cisco 2800 ISR Cisco 1800 ISR Cisco 7200-NPE-G2 Current Highest Performing PfR Device** Cisco 6500*** Cisco 7600 12.4T 2600* 12. 12.4. Inc.2(33)SRB 12. 12. no support for MC BRKIPM-2362 © 2009 Cisco Systems. 12.4T 1700* 12. 12.4. Cisco Public 22 . All rights reserved.4.4.4T *Announced/reached end-of-sale (EoS) **Cisco 7301 with fixed NPE-G1 also supports PfR ***Only BR function supported.4T 3640*/3660*/37 00* 12.2(33)SXH 12. Inc.Key Features of Cisco PfR Manager by Fluke Networks  Executive-level reports  Troubleshooting analysis  Network health reports  Easy traffic class and policy configuration  Fully Web-based  Technical support 24 hours a day  Reports and alerts on network events  Historical and trending graphical reports BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Cisco Public  Same design as NetFlow and IP SLA monitoring products 23 . Cisco Public 24 . Inc.Agenda  PfR Overview  Deployment  Performance  Conclusion  Q and A  Backup Slides—Troubleshooting BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. static covered by PfR All others. Frame Relay Configure as PfR external interfaces 2. All rights reserved. Do I have redundant WAN connections? Internet. Which routers terminate the WAN? These are PfR border routers 3.Design Questions 1. Inc. Which router is PfR master controller? Up to 5000 prefixes. IPSEC/GRE. cfg static with redistribution and filtering 4. What routing protocols over WAN? BGP. dedicated 7200 or 3800 MC Up to 20K prefixes with NPE-G2 For a few to few hundred prefixes. configure MC on BR BRKIPM-2362 © 2009 Cisco Systems. ATM. Cisco Public 25 . MPLS. reachability.4T Default priority is performance then load BRKIPM-2362 © 2009 Cisco Systems. MOS Entrance performance—12.4T Delay. reachability. Cisco Public 26 .Design Questions 5. What policy is important? Exit performance Delay. throughput Load distribution Cost minimization ($cost) Primary/backup link groups Path discovery (for troubleshooting) Security 12. loss. All rights reserved. throughput Jitter. Inc. loss. Cisco Public 27 . direct links (or GRE) required between all border routers for dynamic PBR BRKIPM-2362 © 2009 Cisco Systems. Inc. All rights reserved.Design Questions 6. Are prerequisites for prefix or application control met? Prefix control—parent route (or default) requirement needs to exist in BGP or static table Application control—parent route for prefix also required. Determine interesting traffic class by: Configure prefix Configure application Configure full ACL Learn interesting prefixes Learn interesting traffic classes Learn eBGP advertised prefixes (inbound optimization) Learn application 7. All rights reserved. Cisco Public 28 .Solution Topologies 2. Remote Office 1. Inc. Headquarters/Content/Hosting/Data Centers ISP1/WAN1 BR MC ISP2/WAN2 BR BR—Border Router. SOHO/Broadband ISP1/WAN1 BR MC/BR ISP2/WAN2 MC/BR 3. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 29 . Static default routing 4.SOHO/Broadband Deployment 1. Inc. Learn throughput and delay to get prefixes BR—Border Router. Cable and DSL WAN interfaces Eth8/0—OER Internal Eth9/0—OER External Ser12/0—OER External Eth9/0 Cable 2. ISR router terminates WAN Eth8/0 ISR is OER BR MC/BR 3.4 5. All rights reserved. 10 to 100 traffic classes Ser12/0 DSL ISR is also MC 12. Performance is most important Use OER default policy (performance overload) 6. Cisco Public 30 .1 key-chain key1 interface Ethernet8/0 ip address 10. All rights reserved.10.1 key-chain key1 Authentication Required interface Ethernet8/0 internal interface Ethernet9/0 external Limit Cable and max-xmit-utilization absolute 1000 DSL Throughput interface Ser12/0 external max-xmit-utilization absolute 300 learn Learn Delay and throughput Throughput delay Prefixes Every Minute monitor-period 1 MC and BR on periodic-interval 0 Same Router oer border logging Eth9/0 Cable local Ethernet8/0 Eth8/0 master 10. Inc.SOHO/Broadband Configuration key chain key1 key 1 key-string oer oer master logging mode route control max prefix total 100 Enable Logging Enforce Routing Changes backoff 90 3000 300 border 10.10.1 255.0 MC/BR interface Ethernet 9/0 load-interval 30 Ser12/0 DSL interface Serial 12/0 load-interval 30 BRKIPM-2362 © 2009 Cisco Systems.10.10.255.10.255.10. Mission-Critical Internet Presence Online banking E-mail hosting Online ticketing Instant messaging Online catalog News/weather       IM E-Mail      BRKIPM-2362 ISP1 Internet BR Web ISPD ISPA ISPE ISPB MC ISP2 BR ISPF ISPG ISPC Internet voice Application hosting DNS Online music Online video BR—Border Router. Inc. All rights reserved. MC—Master Controller © 2009 Cisco Systems. Cisco Public 31 . Cisco Public BR—Border Router.4T/14. Ser13/0. Support of up to 15.000 prefixes (with Cisco 7200-NPE-G2) 12.4M Entrance Optimization 5.Internet Presence Deployment 1. IM 2. DS3 interfaces Ser12/0. Learn prefixes by throughput and delay BRKIPM-2362 © 2009 Cisco Systems. MC—Master Controller 32 . Inc. Customers differ on policy priority 6. Cisco 7200 and Cisco 3800 are typical BR/MC with BR terminating WAN connections 3. All rights reserved. BGP routing BRs must be iBGP peers Default routing -orPartial routes -orFull routes Web E-mail BR MC BR Same PfR Configuration for All 4. etc. 2 key-chain key1 interface Ethernet8/0 internal BR 10.10.10.10.1.3 logging mode route control mode select-exit best backoff 90 3000 300 BR 10. All rights reserved.1. Cisco Public 33 .1.1 key-chain key1 interface ser12/0 load-interval 30 interface ser13/0 load-interval 30 interface Serial12/0 external interface Serial13/0 external border 10.2 local loopback 1 master 10. Inc.Internet Presence Configuration Default Policy: Performance Then Load key chain key1 key 1 key chain key1 MC 10.10.1 key-string oer oer master logging key 1 Choose Best Exit Regardless of In or Out of Policy key-string oer oer border periodic 600 Revaluate Exit 10 Minutes border 10.1.10.10.1.3 key-chain key1 IM interface Ethernet 8/0 internal interface Serial12/0 external Web BR MC interface Serial13/0 external E-Mail learn throughput BR Learn 500 Prefixes delay monitor-period 1 periodic-interval 0 Delete Prefix if Not Relearned in 240 Minutes prefixes 500 expire after time 240 BRKIPM-2362 © 2009 Cisco Systems.1. 1. Cisco Public 34 . Inc. All rights reserved.Internet Presence Configuration Outbound Load Balancing Only  Add to default policy configuration Disable Periodic Prefix Evaluation oer master MC 10.1.1.1.1.1.1 IM Web E-Mail BR MC BR no periodic resolve utilization priority 1 variance 5 resolve range priority 2 no resolve delay no resolve loss max-range-utilization percent 50 border 10.3 interface Serial12/0 external max-xmit-utilization percent 90 interface Serial13/0 external max-xmit-utilization percent 90 BRKIPM-2362 © 2009 Cisco Systems.2 Link OOP if :% util > Lowest + 50 % util > 90 interface Serial12/0 external max-xmit-utilization percent 90 interface Serial13/0 external max-xmit-utilization percent 90 border 10. 1 resolve cost priority 1 no resolve delay 100 10.Internet Presence Configuration $Cost Minimization Only  Add to default policy configuration oer master no periodic MC 10. Inc.1.000$ 75% 8000$ 40 4000$ No OER no resolve utilization border 10.2 interface Serial12/0 external cost-minimization tier 100 fee cost-minimization tier 75 fee cost-minimization tier 10000 8000 40 fee 10. All rights reserved. Cisco Public 35 .1.3 interface Serial12/0 external 75% 8000$ OER cost-minimization fixed fee 3000 interface Serial13/0 external cost-minimization fixed fee 3000 4000$ Fixed Tiered BRKIPM-2362 © 2009 Cisco Systems.000$ 4000 cost-minimization end day-of-month 31 interface Serial13/0 external cost-minimization fixed fee 3000 border 10.1.1.1.1. 1 key-chain oer interface ethernet1/0 external downgrade bgp community 3:2 BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Inc.1.Internet Presence Configuration Inbound Load Balancing Learning Inside Prefix oer master learn inside bgp oer-map MAP 10 match oer learn inside BGP Advertisement Enterprise BR ISP1 Internet MC Configuring Inside Prefix BR/CE ip prefix-list INSIDE permit 10.1.0/24 oer-map MAP 10 ip address prefix-list INSIDE inside ISP2 Choosing Downgrading Method AS prepend – No Configuration required BGP Community Oer master border 10.1. Cisco Public 36 .1. Cisco Public 37 . MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.Enterprise VPN Deployment Internet MC/BR Telecommuter MPLS Headquarters BR MC ATM BR Remote Office Frame Relay MC/BR BR BR—Border Router. Inc. All rights reserved. Inc.50. Cisco Public 38 .0 tunnel0 tag 10 ip route 0. OER External Interfaces Block redistribution of Default router eigrp 100 redistribute static route-map block-def route-map block-def deny 20 Remote Office match tag 10 route-map block-def permit 30 MC/BR PfR Integration with EIGRP Coming in 12.0.0 0.0. We Must Use This Workaround.0.0.0.0 ser12/0 tag 10 ip route 0.0.0.0 0.0.0 0.0.0.0 0.0.0 eth 9/0 50.2 tag 10 ip route 0. BRKIPM-2362 © 2009 Cisco Systems.Enterprise VPN Deployment PfR with EIGRP—Static Route Redistribution 1.50.0 tunnel1 tag 10 2.0. All rights reserved.0. Until That Time.0.5(P13)T.0.0. Configure Default to each external interface ip route 0. Enterprise VPN Deployment PfR with EIGRP 3. Inc. Block redistribution of PfR statics over externals router eigrp 100 distribute-list route-map block-oer out eth0/1 OER External Interfaces distribute-list route-map block-oer out ser12/0 distribute-list route-map block-oer out tunnel0 distribute-list route-map block-oer out tunnel1 route-map block-oer deny 10 match tag 5000 route-map block-oer permit 20 BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Cisco Public Default Tag for OER Statics 39 . Configure PfR learn oer master learn throughput delay 4. Cisco Public 40 . All rights reserved. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.1.1 Internet interface Tunnel 0 external interface Tunnel 1 external Tunnel1  Add to Internet default policy config oer master Tunnel0 MC/BR Remote Office border 10.1.10.Enterprise VPN Deployment Dual IPSec/GRE Tunnels  IPSec over GRE Tunnel0  DMVPN (at spokes only) Tunnel1  Tunnels are OER external MC/BR Add to SOHO Cfg Tunnel0 Headquarters Telecommuter oer master BR MC Tunnel1 Tunnel0 BR/CE border 10.10.1.1. Inc.3 interface Tunnel 0 external interface Tunnel 1 external BR—Border Router.2 interface Tunnel 0 external interface Tunnel 1 external Tunnel0 BR/CE border 10. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. Inc. Cisco Public 41 . All rights reserved.Enterprise VPN Deployment MPLS Primary with IPSec/GRE Backup  Combines Internet and IPSec/GRE  Tunnel and MPLS I/F are OER external  Backup then performance policy Tunnel0 Headquarters Internet Serial1 BR Remote Office MC Tunnel2 MC/BR BR/CE Serial3 MPLS VPN BR/CE BR—Border Router. 1 key-chain key1 interface Serial1 external link-group RED interface Tu0 external oer-map MAP 20 match Appl2 set link-group BLUE link-group BLUE interface eth1/1 internal border 1. All rights reserved.1.1.1.2 key-chain key2 interface Serial3 external Tunnel0 link-group RED interface Tu2 external link-group BLUE BR1 MC interface et3/1 internal Serial1 Tunnel2 BR2 Serial3 *PfR also supported with ISDN and 3G wireless interfaces BRKIPM-2362 © 2009 Cisco Systems. Inc.Enterprise VPN Deployment MPLS Primary and IPSec/GRE Backup Configurations* Group Links Specify Link Preference oer master oer-map MAP 10 match Appl1 set delay threshold 100 set link-group RED fallback BLUE border 1.1. Cisco Public 42 . 1.1.0.Enterprise VPN Deployment Fast Failover and Load Balancing  Simultaneous probing on all exits  Quick failover to alternate path within 3 seconds Headquarters MC/BR Serial0 BR Remote Office MPLS MC BR/CE BR/CE Serial0 Oer master max-range-utilization percent 10 learn list sequence 10 refname REM_OFC traffic-class prefix-list REM_OFC_LIST throughput Ip prefix-lst REM_OFC_LIST permit 10.1. Cisco Public 43 .1.1. Inc.1 set active-probe echo 10. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.0/0 oer-map MAP 10 match oer learn list REM_OFC set mode monitor fast set unreachable threshold 5 set active-probe echo 10.0/16 Ip prefix-lst REM_OFC_LIST deny 0.2 set probe frequency 2 set resolve range priority 1 BR—Border Router. All rights reserved.0.0. and loss Jitter 20 ms IP SLA Responder Tunnel0 Headquarters BR Tunnel0 ISP1 MC Internet BR/CE Tunnel1 ISP2 Remote Office MC/BR Tunnel1 BR/CE Jitter 5 ms  Select exit with highest percentage of estimated MOS above threshold Tunnel1–5 out of 100 sample had MOS < 4.00  better Tunnel0–20 out of 100 sample had MOS < 4. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. All rights reserved.Enterprise VPN Deployment Optimize Voice Traffic Between Two Sites  Select exit with least jitter.00 BR—Border Router. Inc. Cisco Public 44 . delay. 0.0 0.255 dscp ef Or UDP port range ip access-list extended VOICE-LIST permit udp any 10.0.0.1.1.Enterprise VPN Deployment Optimize Voice Traffic Between Two Sites Identify Voice Traffic Configure Voice Policy oer-map MAP 20 match traffic-class access-list VOICE-LIST set Jitter threshold 15 set mos percent 20 threshold 4.0 0.1.1 oer-map MAP 20 set active-probe jitter 10.0.1.255 range x y Jitter 20 ms Configure Jitter Probe IP SLA Responder 10.1.1 target-port 2000 codec g729a set probe frequency 2 Headquarters Tunnel0 1 BR MC Tunnel0 Internet BR/CE Tunnel1 Remote Office MC/BR Tunnel1 2 BR/CE Configure Responder on remote router Ip sla responder Jitter 5 ms BRKIPM-2362 © 2009 Cisco Systems. All rights reserved.00 set resolve mos priority 1 set resolve jitter priority 2 set mode monitor fast Packets marked with DSCP bits ip access-list extended VOICE-LIST permit ip any 10. Cisco Public 45 .1.1.1. Inc. Enterprise VPN Deployment Optimize Application  Traffic to branch office Latency < 100 ms Headquarters Latency sensitive application—telnet, ssh Tunnel0 1 BR Internet MC Latency tolerant—other BR/CE Tunnel1 Learn Application Traffic Ip prefix-list BRANCH_PFX permit 10.1.0.0/16 ! oer master learn list sequence 10 refname BRANCH_APPL traffic-class application telnet ssh filter BRANCH_PFX throughput list sequence 20 refname BRANCH_PFX traffic-class prefix-list BRANCH_PFX throughput 2 Latency > 200 ms Telnet or ssh Other Tunnel0 Tunnel1 Configure Policy oer-map MAP 10 match oer learn list BRANCH_APPL set delay threshold 100 set resolve delay priority 1 variance 5 BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public oer-map MAP 20 match oer learn list BRANCH_PFX set delay threshold 400 set resolve utilization priority 1 variance 5 46 Enterprise VPN Deployment Optimize Application—Define Your Own Application Define Application Using access-list Add Application Definition to OER Database Ip access-list extended APPL1_DEF permit tcp any eq 200 any permit tcp any any eq 200 Oer master application define APPL1 access-list APPL1_DEF application define APPL2 access-list APPL2_DEF Ip access-list extended APPL2_DEF permit ip any any dscp af12 Learning User Defined Applications Oer master learn list seq 30 refname LISTA traffic-class application APPL1 list seq 40 refname LISTB traffic-class application APPL2 BR Apply Policy to Learned Application MC oer-map MAP 10 match traffic-class learn list LISTA set resolve delay priority 1 variance 5 oer-map MAP 20 match traffic-class learn list LISTB set resolve range priority 1 BR BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 47 Enterprise VPN Deployment Optimize Application Identified by NBAR*  Use NBAR to identify application traffic  NBAR is activated automatically on BR BR Learning NBAR Identified Applications Oer master learn list seq 30 refname LISTA traffic-class application nbar rtp-audio list seq 40 refname LISTB MC BR traffic-class application nbar citrix Configure NBAR Identified Applications Ip prefix-list LIST1 permit 10.1.1.0/24 Ip prefix-list LIST1 permit 10.1.2.0/24 Oer-map MAP 10 match traffic-class application nbar citrix prefix-list LIST1 * To be released in 12.5 (1st) T BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 48 Security Policy—Ignore Performance Identify Blackhole Traffic Class ip prefix-list BLACKHOLE permit 100.1/32 ip access-list extended SINKHOLE permit udp 10.10. Inc.0.1.0.255 any eq www Identify Sinkhole Traffic Class ip prefix-list SINKHOLE permit 9.1.10.10.0.10.255 any eq domain permit ip any any dscp cs4 Apply Policy oer master policy-rules SECURITY oer-map SECURITY 10 match ip address prefix-list BLACKHOLE set interface Null0 oer-map SECURITY 40 match ip address access-list SINKHOLE set next-hop 10.10.10.0 0.0/24 ip access-list extended BLACKHOLE permit tcp 10. Cisco Public 49 .0.1. All rights reserved.1.4 BRKIPM-2362 © 2009 Cisco Systems.0 0. PfR with NAT MC/BR Router Combined  PfR and NAT RPF Check IM Web ISP1 New flow goes out via new exit ISP2 Avoids problems if ISP is performing RPF checking MC/BR CSS11500 E-Mail Existing flow continues on same exit. All rights reserved. no sessions are dropped NAT Translation Occurs Here ISP1 Minimal Configuration Change ISP2 interface virtual-template 1 ip nat inside source <x> interface Virtual-Template 1 overload oer BRKIPM-2362 © 2009 Cisco Systems. BR Cisco Public MC With Separate MC and BR 50 . Inc. 0 0.0.255.0. Cisco Public 51 .0 MC/BR ISP2 Eth3/0 Se2/0—ISP2 IP Pool BRKIPM-2362 © 2009 Cisco Systems.1. Inc. All rights reserved.0.PfR with NAT—Configuration Example Identify Traffic to be NAT Translated access-list 1 permit 10.255 route-map isp-1 permit 10 match ip address 1 match interface Se1/0 route-map isp-2 permit 10 match ip address 1 match interface Se2/0 interface Eth3/0 ip nat inside interface Se1/0 ip nat outside interface Se2/0 ip nat outside OER Internal Interface OER External Interface Single IP Se1/0—ISP1 interface virtual-template 1 ip nat inside source route-map isp-1 interface Virtual-Template1 overload oer Single IP ISP1 IP Pool ip nat pool ISP-2 <min-ip-addr> <max-ip-addr> prefix-length <len> ip nat inside source route-map isp-2 pool ISP-2 oer 10.1. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 52 . Inc. All rights reserved.Security Considerations  Deploy MC behind firewall  Separate private VLAN for MC and BR IM Web BR MC E-Mail BR  Private addressing for MC and BR communication  No routing on MC no ip routing Routing Not Required on MC no router … BR—Border Router. Inc.PfR MC Redundancy  What if MC goes down? Routing defaults to normal as if PfR was not configured  Still need MC redundancy? Available Stateless redundancy without configuration synchronization available using HSRP IM On roadmap Stateless redundancy with synchronized configuration and stateful redundancy BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. ISP1 Cisco Public BR Web ISP2 BR E-Mail MC 53 . Cisco Public 54 . All rights reserved.100 Duplicate Configuration on both MC BRKIPM-2362 © 2009 Cisco Systems. Inc.100 Standby interface Ethernet0/0 standby 100 ip 10.1.1.100 key-chain oer ISP1 IM BR Web BR E-Mail MC Active MC ISP2 HSRP Group IP 10.PfR MC Redundancy  Stateless redundancy using HSRP On Border Configure HSRP Group IP as MC IP oer border master 10.1.1.1.1. All rights reserved. Cisco Public 55 . Inc.Agenda  PfR Overview  Deployment  Performance  Conclusion  Q and A  Backup Slides—Troubleshooting BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Cisco Public 56 .3(11)T CPU Usage Cisco IOS Master Controller Comparing OER Process to Total System CPU Active + Learning Mode Enabled (2500 Prefixes) System Total—10 Border Routers/2500 Prefixes OER Process—10 Border Routers/2500 Prefixes System Total—10 Border Routers/5000 Prefixes OER Process—10 Border Routers/5000 Prefixes 28 26 24 22 1min % CPU 20 18 16 14 12 10 8 6 4 2 0 0 5 10 15 20 25 30 35 40 45 50 55 Time (Minutes) BRKIPM-2362 © 2009 Cisco Systems. Inc. Total System CPU 12.PfR MC Process vs. 3(11)T CPU Usage Cisco IOS Border Router Active + Learning Mode Enabled (2500 Prefixes) 2 Border Routers/1000 Prefixes 2 Border Routers/2500 Prefixes 2 Border Routers/5000 Prefixes 10 Border Routers/1000 Prefixes 10 Border Routers/2500 Prefixes 10 Border Routers/5000 Prefixes 8 7 1min % CPU 6 5 4 3 2 1 0 0 5 10 15 20 25 30 35 40 45 50 55 Time (Minutes) BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 57 . Inc.PfR BR Learning-Enabled 12.3(11)T CPU Usage Cisco IOS Border Router 12. All rights reserved. Inc. BRKIPM-2362 4:1 3:5000 3:4000 3:3000 3:2000 3:1000 3:1 2:5000 2:4000 2:3000 2:2000 2:1000 2:1 X:Y © 2009 Cisco Systems.Master Controller Memory Usage Memory Usage PfR Master Controller 2–5 Border Routers 1–5000 Prefixes MB 130 120 110 100 90 80 70 60 50 40 30 20 10 0 5:5000 5:4000 5:3000 5:2000 5:1000 5:1 4:5000 4:4000 4:3000 4:2000 4:1000 X = # of Border Routers. Cisco Public 60 Min. Y = # of Prefixes Monitored 1 Min. All rights reserved. 58 . 000 20.000 0 5:5000 5:4000 5:3000 5:2000 5:1000 5:1 4:5000 4:4000 4:3000 4:2000 4:1000 4:1 A = # of Border Routers.000 10. Inc.000.000 Memory—Bytes 25.000 15. All rights reserved.000. B = # of Prefixes Monitored 1 Min.000. 59 .000 5.000.000. Cisco Public 60 Min.Border Router Memory Usage Memory Usage PfR Border Router 2–5 Border Routers 1–5000 Prefixes 30. BRKIPM-2362 3:5000 3:4000 3:3000 3:2000 3:1000 3:1 2:5000 2:4000 2:3000 2:2000 2:1000 2:1 A:B © 2009 Cisco Systems.000. Inc.7200-NPE-G2 PfR Performance  Cisco’s highest performing OER solution  Supports > 15. Cisco Public BR Router 120 MB RAM 60 .000 prefixes BR Avg CPU  Ideal for enterprise OER solution Platform: 7200VXR-NPEG2 Mode Monitor: Active Prefix Count: 20.4(15)T image BRKIPM-2362 © 2009 Cisco Systems.000* Prefix Type: Configured Probe Frequency: 4 Seconds 24% Total 22%Total 5% IP MC 18%MC BR 9% IPSLA 5% BR MC Router 524 MB DRAM *12. All rights reserved. Cisco PfR platforms show very favorable PfR performance  7200-NPE-G2 is Cisco’s highest performing PfR platform BRKIPM-2362 © 2009 Cisco Systems. All rights reserved.Overall Performance Tests Summary  MC needs higher performing CPU and more memory compared to BR  In general. Cisco Public 61 . Inc. All rights reserved. Cisco Public 62 . Referencing graph test results from earlier BRKIPM-2362 © 2009 Cisco Systems. Inc. Referencing peak time data b.Deployment Suggestions  Measure performance impact on production BR during peak time (midday on a weekday) CPU: “show processes cpu” Memory: “show memory summary”  Determine viability of colocated MC/BR by: a. Cisco Public 63 .Agenda  OER Overview  Deployment  Troubleshooting  Performance  Conclusion  Q and A BRKIPM-2362 © 2009 Cisco Systems. Inc. All rights reserved. load balancing ISPA ISPD Internet  PfR reports issues ISPE ISPB Management application interface ISPC ISPF ISPG Syslog Show oer master prefix Troubleshoot issues during workaround instead of fire fighting  $ cost management OER saves $ on usage based pricing links BRKIPM-2362 © 2009 Cisco Systems. loss. throughput. Cisco Public $$$$$$$ 64 .Conclusions MPLS  PfR routes around soft errors Blackouts ATM Brownouts FR Congestion  PfR chooses the best performing path Delay. reachability. Inc. All rights reserved. jitter/MOS Utilization. Agenda  PfR Overview  Deployment  Performance  Conclusion  References  Q and A  Backup Slides—Troubleshooting BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Inc. Cisco Public 65 . com/go/release124t/  Cisco IOS Software Release 12.com/en/US/netsol/ns340/ns394/ ns302/ns296/networking_solutions_package.cisco. Cisco Public 66 .com/go/release/  Fluke Networks PfR Manager www.html BRKIPM-2362 © 2009 Cisco Systems.4 12.flukenetworks.htm  Empowered Branch 3 Launch Announcement CCO: http://www.3 12.com/fnet/en-us/products/PFR+Manager/ Overview.Technical References  PfR CCO www. Inc.cisco.2(33)SRB www.cisco. All rights reserved.com/go/PfR/  Cisco IOS Software Release 12.cisco.4T www. Q and A BRKIPM-2362 © 2009 Cisco Systems. Cisco Public 67 . Inc. All rights reserved.  Visit the Meeting Centre reception desk located in the Meeting Centre in World of Solutions BRKIPM-2362 © 2009 Cisco Systems. these face-to-face meetings will provide fascinating dialogue and a wealth of valuable insights and ideas.  Designed to provide a "big picture" perspective as well as "indepth" technology discussions.Meet The Expert  To make the most of your time at Cisco Networkers 2009. Cisco Public 68 . schedule a Face-to-Face Meeting with a top Cisco expert. All rights reserved. Inc. Cisco Public 69 .Recommended Reading  Continue your Cisco Live learning experience with further reading from Cisco Press  Check the Recommended Reading flyer for suggested books Available Onsite at the Cisco Company Store BRKIPM-2362 © 2009 Cisco Systems. Inc. All rights reserved. Inc. All rights reserved. Cisco Public 70 .BRKIPM-2362 © 2009 Cisco Systems. Backup Slides Troubleshooting PfR BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 71 How to Discover Current Path? show oer master prefix 100.1.1.0/24 traceroute current [now]  Displays current path of prefix  Uses responding target  If now, generate new result  Otherwise, display most recent result sh oer master prefix 100.1.1.0/24 traceroute current now Path for Prefix: 100.1.1.0/24 Target: 100.1.1.1 Exit ID: 2, Border: 10.10.10.1 External Interface: Se12/0 Status: DONE, How Recent: 00:00:00 minutes old Hop Host Time(ms) AS 1 30.30.30.2 24 0 2 60.60.60.4 12 0 3 100.0.0.2 20 0 Eth9/0 Cable Eth8/0 Done or In Progress BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. AS Is Unknown Likely Not Using BGP Cisco Public MC/BR Ser12/0 DSL 72 How to Discover All Paths? show oer master prefix 100.1.1.0/24 traceroute [now]  Displays path over each external interface  Uses responding target -------------------------------------------------------------------------------Path for Prefix: 100.1.1.0/24 Target: 100.1.1.1 Exit ID: 1, Border: 10.10.10.1 External Interface: Et9/0 Status: DONE, How Recent: 00:01:04 minutes old Hop Host Time(ms) AS 1 2 40.40.40.2 60.60.60.4 4 4 0 0 3 100.0.0.2 20 0 -------------------------------------------------------------------------------Path for Prefix: 100.1.1.0/24 Target: 100.1.1.1 Exit ID: 2, Border: 10.10.10.1 External Interface: Se12/0 Status: DONE, How Recent: 00:05:44 minutes old Hop Host Time(ms) AS 1 2 30.30.30.2 60.60.60.4 12 16 0 0 3 100.0.0.2 32 0 BRKIPM-2362 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL 73 10. How Recent: 00:00:00 minutes old Hop Host Time(ms) AS 1 30.0.1 Exit ID: 2.1.1.4 12 0 3 100.1 External Interface: Se12/0 Status: DONE.1. Border: 10.10.60. All rights reserved.60.0.0/24 traceroute current now Path for Prefix: 100. Cisco Public 74 . Inc.2 24 0 2 60.30.How to Discover Path on OOP? oer-map foo 10 Learned Top Throughput Prefixes.0/24 Target: 100.30.1.2 20 0 Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL BRKIPM-2362 © 2009 Cisco Systems.1. match oer learn throughput set traceroute reporting policy delay Discover Path on Delay OOP set traceroute reporting policy loss Discover Path on Loss OOP set traceroute reporting policy unreachable Discover Path on Unreachable OOP  To display traceroute result sh oer master prefix 100.1. Verify traffic class learning 5.Troubleshooting 1. Verify traffic class control Eth9/0 Cable 7. All rights reserved. Verify traffic class monitoring 6. Cisco Public 75 . Verify internal/external interfaces operational 4. Inc. Investigate traffic class history Eth8/0 MC/BR Ser12/0 DSL BR—Border Router. Verify master is operational 3. Verify master to border connection 2. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. Verify Master to Border Connection sh oer master border Border Status UP/DOWN 10.10.1 INACTIVE DOWN AuthFail 0  Key chain not configured or misconfigured  OER border local interface IP address and master IP address mismatch  OER border master IP address not reachable or not master  CEF not configured Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL BR—Border Router. Inc. Cisco Public 76 .10. All rights reserved. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. All rights reserved.Verify Master Operational  At least one internal and two external must be UP sh oer master border Border 10.10.10.1 Status UP/DOWN INACTIVE UP 00:00:28 sh oer master border detail | i Down Se12/0 EXTERNAL Admin Down Se12/0 1544 300 AuthFail 0 0 0 Admin Down  No shutdown serial 12/0 sh oer master border Border Status ACTIVE 10. Cisco Public 77 . Inc. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.1 UP/DOWN UP 00:17:06 AuthFail 0 sh oer master | i OER state OER state: ENABLED and INACTIVE Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL BR—Border Router.10.10. Inc.1 Se12/0 ACTIVE UP EXTERNAL UP Et9/0 Et8/0 UP/DOWN AuthFail 00:10:32 0 Eth9/0 Cable EXTERNAL UP INTERNAL UP Eth8/0 MC/BR Ser12/0 DSL External Interface --------Se12/0 Et9/0 Capacity (kbps) -------- Max BW (kbps) ------ 1544 300 120 300 78 1000 338 3 UP 1000 150 1 10000 BW Used Load Status (kbps) (%) ------.------. Cisco Public 78 .Verify Internal and External Interfaces Operational sh oer master border detail Border Status 10.10.------ Exit Id ------ 7 UP 3 4 Egress 2 Ingress BR—Border Router. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. All rights reserved.10. Verify Traffic Class Learning  Learning running on MC sh oer master | b Learn Learn Settings: current state : STARTED time remaining in current state : 93 seconds aggregation-type prefix-length 22 Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL BR—Border Router. All rights reserved. Inc. Cisco Public 79 . MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.Verify Traffic Class Learning  Learning running on BR (configuration) sh oer border passive learn OER Border Learn Configuration : State is enabled Measurement type: throughput. Inc. Duration: 5 min Aggregation type: prefix-length. Cisco Public 80 . Prefix length: 24 Appl ID: telnet Eth8/0 MC/BR Ser12/0 DSL BR—Border Router. Prefix length: 24 No port protocol config Learn List 10 Measurement type: throughput Session count: 50 Eth9/0 Cable Aggregation type: prefix-length. All rights reserved. 0/0 38 49 0 0 72. All rights reserved.0 45.0.0 0.2 0. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.15.2 0. 32 max chunks. 49151 free records.0/24 84 10.0 1005 0 0 0 0 10.0. 1 allocated records.0 0.1.15.15. Cisco Public 81 .0.Verify Traffic Class Learning Eth9/0 Cable  Learning running on BR Eth8/0 sh oer border pass cache learn traffic-class MC/BR OER Learn Cache: State is enabled Ser12/0 DSL Measurement type: throughput and delay.0.1.0 0 0 0 0 BR—Border Router.0 N N 0 0. Duration: 1 min Aggregation type: prefix-length.0.0.0.0 N N 0 0. Prefix length: 24 4096 oer-flows per chunk. 5767680 bytes allocated DstPrefix Pkts Host1 dport1 Appl_ID Dscp Prot B/Pk Host2 dport2 SrcPort Delay Host3 dport3 DstPort SrcPrefix Samples Host4 dport4 Active Host5 dport5 ------------------------------------------------------------------------------10.0.0.0.0.0 0.0. 12 chunks allocated.0/24 telnet defa N N N 0.15.0.0. Inc.2 1006 N defa 634 0.0.0.0.1.7 10.1.0. 1.Verify Traffic Class Learning Eth9/0 Cable  Learned traffic class in MC Eth8/0 MC/BR MC#show oer master traffic-class OER Prefix Statistics … Ser12/0 DSL DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ----------------------------------------------------------------------------10.0/0 INPOLICY 0 10.15.0/24 14 U N defa INPOLICY* 13 0 12 0 N N 0 0 0 N 0.0/0 10.1.0.1. Cisco Public 82 .1.0/24 telnet defa N N N 0. All rights reserved. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.1.0.0.0.2 Et2/0 0 0 14 N N U 1 BR—Border Router.2 Et2/0 PBR 22 22 0 0 1749 1395 1 1 U U 0 0 N N 10.15. Inc.1. 0/24 16 telnet defa 10.1. State: enabled.0.4 0 BR—Border Router.0/24 N defa N N N 0. Cisco Public 83 .0.1.2 0 0 N 27 N Et0/0 49 N 0.Verify Traffic Class Monitoring Eth9/0 Cable  Passive monitoring on BR Eth8/0 MC/BR show oer border passive cache traffic-class Ser12/0 DSL OER Passive Prefix Cache. 278544 bytes … DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Nexthop SrcIf DstIf Active Flows sDl #Dly Pkts B/Pk PktLos #UnRch -----------------------------------------------------------------------------10.0.0.0/0 10.7. All rights reserved. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.1. Inc.1.3 30 0 0 150 620 0 0 10.2 Et0/0 Et2/0 56.7.15.0/0 Et2/0 1 30.15. 2 Et2/0 PBR 22 22 0 0 1749 1395 1 1 U U 0 0 N N 10.0/0 INPOLICY 0 10.2 Et2/0 0 0 14 N N BGP 1 BR—Border Router.0/24 14 U N defa INPOLICY 13 0 12 0 N N 0 0 0 N 0.1. All rights reserved.0/0 10.0/24 telnet defa N N N 0.0. Cisco Public 84 .15.Verify Traffic Class Control Eth9/0 Cable  Traffic class control on MC Eth8/0 MC/BR show oer master traffic-class OER Prefix Statistics: … Ser12/0 DSL DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ----------------------------------------------------------------------------10. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.0.1.1.1.15.0. Inc.1.0.1. Verify Traffic Class Control Eth9/0 Cable  Verify traffic class control on BR Eth8/0 MC/BR Static or BGP Ser12/0 DSL show oer border routes bgp BGP table version is 88. i internal. Inc. N .IGP. S Stale Origin codes: i .Exact. r RIB-failure.2 CE LocPrf Weight Path 0 300 50 ? BR—Border Router. X .1 Status codes: s suppressed. e .Excluded. > best. local router ID is 10. E .4.EGP.Controlled.4.1. I Injected Network *> 10.0/24 Next Hop OER 10.incomplete OER Flags: C . MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems. h history. Cisco Public 85 . d damped. All rights reserved.15. ? .1.Non-exact. * valid.1. 2 Policy routing matches: 0 packets.1. identifier 1706070788 Match clauses: ip address (access-lists): oer#1 Set clauses: interface Ethernet2/0 External Interface ip next-hop 10.255.255 eq telnet 536870912 permit tcp any eq telnet 10.Verify Traffic Class Controlled Eth9/0 Cable  Verify application traffic class control on BR Eth8/0 show ip access-list dynamic Extended IP access list oer#1 536870911 permit tcp any 10. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.255.255 MC/BR Ser12/0 DSL show route-map dynamic route-map OER-02/21/06-04:27:44. Cisco Public 86 . sequence 0.0 0.15.15.255.4. All rights reserved.255. 0 bytes Current active dynamic routemaps = 1 BR—Border Router.1.0 0. permit.1.419-1-OER. Inc. i/f Se12/0. i/f Et9/0.15.1.1.1. prev BR Unknown i/f Unknown *Apr 26 23:10:51.1. BR 10.1. i/f Et9/0 *Apr 26 23:03:14. Inc. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.1.15.1.911: %OER_MC-5-NOTICE: Passive REL Loss OOP 10. BR 10. OOP Reason Loss *Apr 26 23:19:18. BR 10. i/f Et9/0. loss 133.0/24 telnet.10. Reason Delay.919: %OER_MC-5-NOTICE: Discovered Exit for prefix 10.919: %OER_MC-5-NOTICE: Passive REL Loss OOP 10. relative loss 23.1. Cisco Public 87 .15. prev BR Unknown i/f Unknown BR—Border Router. Reason Delay.15.0/24.0/24. loss 138.10.10. relative loss 66. OOP Reason Timer Expired *Apr 26 23:09:18.10.1.1.0 Ser12/0 DSL *Apr 26 22:58:20.987: %OER_MC-5-NOTICE: Route changed 10.10.10. BR 10. All rights reserved.10. i/f Se12/0. BR 10.10.Investigate Traffic Class History Eth9/0 Cable  Traffic class log Eth8/0 MC/BR sh log | i 10.0/24.10.15.15.1.10.0/24.123: %OER_MC-5-NOTICE: Route changed Appl 10. 1.1. All rights reserved.1 PasSDly PasLDly ActSDly ActLDly Et9/0 0 16 35 35 Se12/0 0 0 38 38 Latest Active Stats on Current Exit: Type Target echo 100. Inc.10.Investigate Traffic Class History Eth9/0 Cable  Detailed traffic class history Eth8/0 MC/BR sh oer master traffic-class prefix 10.1 10.15. Cisco Public 88 .1 TPort Attem Comps N 2 2 DSum Min Max Dly 88 40 48 44 BR—Border Router.1.15.10.0/24 detail Ser12/0 DSL Prefix: 10.10. MC—Master Controller BRKIPM-2362 © 2009 Cisco Systems.10.0/24 State: INPOLICY Time Remaining: 0 Policy: Default Most recent data per exit Border Interface *10.1. Inc.10. Cisco Public 89 .1 10.10.Why Is Traffic Class Always in Default State? Active Probes Are Not Responding  Verify active probes enabled sh oer master | i mode monitor Should Be Both or Active mode monitor both Eth9/0 Cable  clear oer master traffic-class prefix 10.0/24 State: DEFAULT* @ Indicates Probe All Time Remaining: @65 Policy: Default No Probes Responding Most recent data per exit Border *10.0/24 Eth8/0 This will remove learned prefixes MC/BR  Wait for probe all to complete Ser12/0 DSL  Verify active probes responding sh oer master traffic-class prefix 10.1.1 BRKIPM-2362 Interface PasSDly PasLDly ActSDly ActLDly Et9/0 0 0 0 0 Se12/0 0 0 0 0 © 2009 Cisco Systems.1.1.15.15.10.15.0/24 detail Prefix: 10. All rights reserved.10. 15.15. Cisco Public 90 . disabled  Target does not respond to echo probes Try configuring tcp-conn or udp-echo probes  Firewall is blocking probes Try traceroute to determine block point Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL show oer master prefix 10. All rights reserved.1.0/24 echo 10.9 sh oer master active-probes State Prefix Type Target Assigned 10.9 TPort How Codec N Cfgd N  No parent route for prefix BGP or static tables must include a route which includes prefix  Target is turned off. Inc.1.Why Are Active Probes Not Responding?  Is prefix configured? Probes must be configured for configured prefixes Probe assigned to prefix with longest match of probe target oer master active-probe echo 10.1.15.1.15.0/24 traceroute now BRKIPM-2362 © 2009 Cisco Systems. loss. All rights reserved. and reachability rely on TCP traffic  Long-lived TCP flows Passive delay and reachability rely on TCP SYN. Cisco Public 91 . TCP ACK Eth9/0 Cable Eth8/0 MC/BR Ser12/0 DSL BRKIPM-2362 © 2009 Cisco Systems.Why No Passive Measurements?  No traffic Check EBw in show oer master prefix  No TCP traffic Passive delay. Inc. Cisco Public 92 .BRKIPM-2362 © 2009 Cisco Systems. All rights reserved. Inc.
Copyright © 2024 DOKUMEN.SITE Inc.