Deploying Performance Routing

© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2362 Cisco Public

Deploying Performance Routing Jean-Marc Barozet

BRKRST-2362


Proliferation

of Devices

Users/ Machines

VDI | IaaS

Private Cloud

Public/Hybrid Cloud

SaaS/IaaS

NETWORK THE

Storage

Database

How Application are Consumed How applications are Delivered Type of applications

Business and IT are Changing Like Never Before Drastic Change in Application Type, Delivery, and Consumption

60% of IT professional cites performance as key challenge for cloud


WAN Challenges

• I don’t know, if I am getting my SLA

• I don’t know, the applications running in my network

• I don’t know, how to isolate performance problems

• I don’t know, how much non-business traffic is consuming

WAN Internet

Branch with no direct Internet access

Branch with direct Internet access

Public SaaS

Data Centers

• I can’t do, anything about poor and inconsistent performance

• I can’t do, anything about my Network outages

• I can’t do, anything about under utilization of my Expensive

WAN links

• I can’t do, anything about unreliability for my WAN links

Network Admin

4


Why we need Performance Routing?

Visibility Control Report

5


Introducing Performance Routing (PfR) Application aware adaptive routing

6

• Full utilization of expensive WAN bandwidth

Efficient distribution of traffic based upon load, circuit cost and path preference

• Improved Application Performance

Per application best path based on delay, loss, jitter measurements

• Increased Application Availability

Protection from carrier black holes and brownouts

SP A

MPLS

GETVPN

WAE Cluster

Internet

DMVPN ASR1K

ASR1K

PfR MCs

Headquarter

ISR G2

SP B

MPLS

GETVPN

ASR1K

ASR1K

Branch

PfR BRs

PfR MC/BR

Master Controller (MC) Border Router (BR)

Email VMs

Email Path Video Path


Performance Routing 101


Performance Routing – Components

• The Decision Maker: Master Controller (MC)

Apply policy, verification, reporting

No packet forwarding/ inspection required

MC

• The Forwarding Path: Border Router (BR) Gain network visibility in forwarding path (Learn, measure)

Enforce MC’s decision (path enforcement)

• Optimize by: Reachability, Delay, Loss, Jitter, MOS,

Throughput, Load, and/or $Cost

BR BR

WAN1 WAN2

8


Performance Routing Topologies

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

MC

BR BR

MC

Enterprise WAN ISP1 ISP2

Internet Edge

Branch

Optimize by: • Reachability, Loss, • Delay, Jitter, MOS, • Throughput, Load, and/or $Cost

9


Basic Configuration

BR BR

HQ

MC/BR MC/BR BR MC/BR

MC key chain pfr

key 0

key-string cisco

!

pfr master

!

border 10.4.5.4 key-chain pfr

interface Ethernet0/0 internal

interface Ethernet0/1 external

border 10.4.5.5 key-chain pfr

interface Ethernet0/0 internal

interface Ethernet0/1 external

!

learn

throughput

!

max-range-utilization 15

!

! Load-Balancing enabled by default

!

• 1. Provisioning • 2. Learning • 3. Monitoring and

Optimization

Learning enabled by default with 15.2(3)T and XE 3.6

BR (Forwarding Path)

!

key chain pfr

key 0

key-string cisco

!

pfr border

local Ethernet0/0

master 10.2.3.3 key-chain pfr

!

MC (Decision Maker)

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

10


pfr master

border 192.168.254.2 key-chain pfr-keychain

interface GigabitEthernet0/2 external

max-xmit-utilization percentage 80

link-group secondary

interface GigabitEthernet0/1.34 internal

interface GigabitEthernet0/1.32 internal

interface Tunnel0 internal

interface Tunnel2 internal

What you Need to Enable PfR + WAAS

11

• WCCP establishes tunnels

between router and WAAS

device

• PfR needs to be aware of the

WCCP Tunnel interfaces

• PfR cannot control WAAS

Express traffic which is sourced

from the router

router#show tunnel groups

2 tunnel groups active

WCCP : service group 317 in "Default", ver v2, assgnmnt: mask-value set

intf: Tunnel0, locally sourced

WCCP : service group 318 in "Default", ver v2, assgnmnt: mask-value set

intf: Tunnel2, locally sourced

Add both interfaces as

PfR internal interfaces


Performance Routing – The Journey …

Get the Traffic Classes in the MC database

Get the Traffic Classes Performance Metrics

Check Delay, loss, threshold, Bandwidth and more … Use a good performing path per Traffic Class

Learning

Monitoring (Passive – Active)

Choosing Your Policies

Enforcing the Path

12


Step #1 – Learning Automatic vs Static

Learning

Prefixes

ACL

DSCP Based

Applications

Traffic Classes

Learning



Enforcing the Path

BR BR

HQ


MC

Static

Automatic

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

13


Learning PfR Operates on Traffic Classes

Traffic Classes

BR BR

HQ


MC

The Rest of the Traffic

Voice, Video, Critical

10.1.1.0/24 10.1.2.0/24

10.2.1.0/24 … 10.2.9.0/24

• PfR determines the traffic classes from the traffic flowing through the border routers

• Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes

Dest. IP DSCP Delay Loss Jitter BW

10.2.2.0/24 - 0 … …

… … … … …

Dest. IP DSCP AppID Delay Loss Jitter BW

10.2.2.0/24 EF 0 … …

… … … … …

Dest. IP DSCP AppID Delay Loss Jitter BW

10.2.2.0/24 AF31 0 … …

… … … … …

Prefixes

Applications

or

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

14


Learning Traffic Classes On a global basis

• Global learning

• Aka Similar to the default class in QoS

Global Learn BR BR

HQ


MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

15


Learning Traffic Classes Or Per Service Class

• Or define Service Classes

• Aka Similar to the class-map concept in QoS

‒ Allows to define:

Specific policies per group

Specific thresholds per group

Specific monitoring mode per group

Rest of the Traffic

Voice - Video

Critical Application Service Class BR BR

HQ


MC



WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

16


Learning Traffic Classes

Definition

• Automatic learning is enabled by

default

• Default is to learn based on destination

prefixes with aggregation mask /24

Type Example

Destination Prefix (Mandatory)

10.0.0.0/8

20.1.1.0/24

Application (Optional)

ACL 10.1.1.0/24 dscp ef

10.1.1.0/24 dst-port 50

Well-Known 10.1.1.0/24 telnet

20.1.0.0/16 ssh

NBAR 10.1.1.0/24 nbar RTP

20.1.1.0/24 nbar citrix

17


Traffic Class Learning Configuration Sample

pfr master

!

learn

throughput

list seq 10 refname <CLASS_NAME_1>

traffic-class access-list <ACL1> filter <PREFIX_LIST1>

aggregation-type prefix-length <LENGTH1>

throughput




throughput

[Rest of the traffic]

BR BR

HQ


MC

#1

#2

DEFAULT

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

18


pfr master

learn

throughput

traffic-class filter access-list DENY_GLOBAL_LEARN_LIST




throughput

!

! Access-list for disabling global learn.

!

ip access-list extended DENY_GLOBAL_LEARN_LIST

deny ip any any

BR BR

HQ


MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

Traffic Class Learning Disable Global Learning (Optional)


• When you want to use PfR for a subset of the

traffic (ie Voice traffic only, rest is controlled by

the routing protocol)

19


Traffic Class Learning Using NetFlow on BRs

Traffic Classes

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

BR BR

HQ


MC

NetFlow Cache

NetFlow Cache

Automatic Learning is enabled by default once

you enable PfR and add the Border Routers

MC commands BRs to learn Traffic Classes

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

20


Learning Traffic Classes Database Filled with TCs

Traffic Classes

BR BR

HQ


MC

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 EF BR1 E0/0

20.2.1.0/24 AF31 BR2 E0/0

30.1.1.0/24 0 BR1 E0/0

NetFlow Cache

NetFlow Cache

BRs use their NetFlow cache

‒ Top Talkers based on throughput

BRs aggregate based on the configured

destination mask

Send the reports to the MC every minute

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

21


Step #2 – Measurement Passive Monitoring

Traffic Classes

Learning



Enforcing the Path

Passive

PfR Netflow Monitoring

Flows Need not be symmetrical

Delay Loss

Egress BW

Reachability

Ingress BW

Passive Performance

Metrics BR BR

HQ


MC

NetFlow Cache

NetFlow Cache

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

22


Measuring – Passive Mode For Data, Best Effort Applications

BR BR

HQ


MC

BR Links Ingress Egress

BR1 Gig1/1

BR2 Gig1/2

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 0 BR1 Gi1/1

10.1.10.0/24 AF11 BR1 Gi1/2

… 0 BR2 Gi1/1

PfR uses NetFlow to collect and aggregate

passive monitoring statistics on a per traffic

class basis.

MC Instructs BRs to monitor the performance

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

23


Measuring – Passive Mode For Data, Best Effort Applications

BR Links Ingress Egress

BR1 Gig1/1 200 40

BR2 Gig1/2 130 60

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 0 60 0 20 40 BR1 Gi1/1

10.1.10.0/24 AF11 110 0 52 60 BR1 Gi1/2

… 0 89 1 34 10 BR2 Gi1/1

BR BR

HQ


NetFlow Cache

MC

NetFlow Cache

Border routers collect and report passive monitoring

statistics to the master controller approximately once per

minute.

BRs gather performance measurements using Netflow

BRs report Performance Metrics for Traffic Classes to

the Master Controller

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

24


Step #2 – Measurement Active Mode

Learning

Monitoring (Passive - Active)


Enforcing the Path

Active

PfR enables IP SLA feature

Probes sourced from BR

ICMP probes learned or configured

TCP, UDP, JITTER need ip sla responder

Delay Loss

Jitter

Reachability

MOS BR BR

HQ


MC

Active Performance

Metrics

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

Probe active path

SLA IP SLA Responder

25


Measuring – Active Mode Hybrid Modes

Fast

Active Throughput

Active probes on all path all the time

Passive to measure BW only

Passive to measure BW only

Active probing on current exit

BR BR

HQ


MC

Active Performance

Metrics

Fast Mode is used when fast failover is

needed

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

Traffic Classes

Probe all paths

SLA

26


Measuring – Active Mode For Voice, Video and Critical Apps

BR BR

HQ


MC

Destination Prefix

DSCP App

Id Delay Jitter Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 EF BR1 Gi1/1

10.1.10.0/24 AF31 BR1 Gi1/2

… 0 BR2 Gi1/1

Active monitoring involves creating a stream of

synthetic traffic (IP SLA probes) that replicates

a traffic class as closely as possible.

MC Instructs BRs to monitor the performance

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA

27


Measuring – Active Mode For Voice, Video and Critical Apps

BR BR

HQ


Destination Prefix

DSCP App


Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 EF 60 10 0 20 40 BR1 Gi1/1

10.1.10.0/24 AF31 110 15 0 52 60 BR1 Gi1/2

… 0 89 26 1 34 10 BR2 Gi1/1

MC

BRS gather performance measurements using IP SLA

probes

‒ The performance metrics of the synthetic traffic are

measured

‒ The results are applied to the traffic class entry in the

Master Controller database

BRs report Performance Metrics for Traffic Classes

Traffic Classes

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA

28


PfR and Monitor Mode

Monitor Mode

Dela

y

Lo

ss

Un

rea

ch

ab

le

Jitte

r

MO

S

Ban

dw

idth

When to use?

Passive √ √ √ √ • Internet presence deployment

• Destination prefixes are all over the internet. These

destinations may not respond to ICMP probes.

• Traffic is TCP traffic

Both √ √ √ √ • Enterprise deployment

• Traffic is Between Head-quarter/Branch.

• If there is TCP traffic

Active √ √ √ √ √ • Traffic is Between Head-quarter/Branch.

• The only optimization criteria is traffic-class performance

(i.e. no optimization based on bandwidth).

Active Throughput √ √ √ √ √ √ • Traffic is Between Head-quarter/Branch.

• Traffic is UDP or it is Encrypted

Fast √ √ √ √ √ √ • Traffic is time-sensitive like video-stream, VoIP.

• Traffic is Between Head-quarter/Branch

For Your Reference

29


Step #3 – Policy Definitions Choosing Your Policies

Traffic Classes

Learning



Enforcing the Path

Link Load balancing

Max utilization

Link grouping

$Cost

Application Performance

BR BR

HQ


MC



WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

Reachability

Delay

Loss

MOS

Jitter

30



Choosing Your Policies Resolvers per Group

BR BR

HQ


2. Loss


3. Jitter

4. Delay

Load-Balancing Rest of the Traffic

Voice - Video

Critical Application

MC 1. Link-Group

2. Loss

4. Delay

1. Link-Group

Multiple resolvers can be assigned

Set of Policies per Application Group

Resolver Priority

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

31


Performance Routing Policies Option1 - Global - Interface

BR BR

HQ


pfr master max-range-utilization percent 30 delay relative 200 loss threshold 50000 mode <monitor-mode> resolve delay … resolve loss …

IOS 15.2(3)T

pfr master border 10.2.4.4 interface Ethernet0/1 external max-xmit-utilization percentage 80 maximum utilization receive percentage 80 link-group WAN1

Global

Per Interface

MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

32


Performance Routing Policies Option2 - Per Group (pfr-map)

pfr-map MYMAP 10 match pfr learn list <CLASS_NAME_1> <Threshold definitions> <Monitoring mode definition> <Policy definitions> <Preferred Path and Fallback option> <Probe frequency> <Periodic timer definition>

IOS 15.2(3)T

BR BR

HQ


Application Group #1

pfr-map MYMAP 20 match pfr learn list <CLASS_NAME_2> <Threshold definitions> <Monitoring mode definition> <Policy definitions> <Preferred Path and Fallback option> <Probe frequency> <Periodic timer definition>

Application Group #2

MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

33


Define Your Policy Thresholds? Absolute vs. Relative

Delay Relative

0

10

20

30

40

50

60

70

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33

Delay Absolute

0

10

20

30

40

50

60

70

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33

OOP Detected

Short Avg is higher than the absolute threshold

Long Term Avg (60 minute)

Short Term Avg (5 minute)

Short Term Avg (5 minute)

Threshold 35 ms

OOP Detected

Short Avg is higher than Long Avg by X Percent

The required characteristic can be represented in two ways

Absolute – Short Avg exceeds the threshold of N msec. Used for delay, loss, unreachable, jitter

Relative – Short Avg exceeds the Long Avg by X percent. Used for delay, loss, unreachable

34


Step #4 – Enforce the Path Automatic or force PBR

Learning


Enforcing the Path


Destination Prefix

BGP

- Egress: route injection or Modifying the BGP Local Preference attribute

- Ingress: BGP AS-PATH Prepend or AS Community

EIGRP Route Control

Static Route Injection

PIRO

Application

Dynamic PBR

NBAR/CCE BR BR

HQ




MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

35


Performance Routing – The Journey …

Learning



Enforcing the Path

pfr master learn <learn-list>

pfr-map match <list> parameters policy definitions

Automatic, PBR

36


Performance Routing Domain Moving PfR to multi-Sites


Active Mode

Simplifying the Configuration

38

BR BR

HQ

MC


WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

Active

Fast

Active Throughput

TCP, UDP, JITTER probe need ip sla responder

What’s needed:

‒ Configure a pfr-map that matches prefixes or

applications @ Remote-site1

‒ Define the policies

‒ Define the jitter probes

And REPEAT for each remote site

IP SLA Responder SLA

pfr-map MYMAP 10 match pfr learn list LEARN_LIST_VIDEO_BRANCH1 set periodic 90 set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000


PfR Multisite System Evolution Peering & Discovery

• Multisite MC Peering Framework

• MC to MC Peering Framework can be used

to exchange policies, services and feedback

• Remote Site Discovery

‒ Automatic discovery of branch routers

‒ Simplifies Configuration – prefix and target

discovery

‒ Probing Efficiency – sharing of probe data across

policies

‒ Enhance PfR – remote site bandwidth discovery

BR BR

HQ

MC


WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

IP SLA Responder

IP SLA Responder SLA

39


PfR Domain

• Each MC announces its inside

prefixes, together with probe target

address and site names

BR BR

HQ

MC

MC/BR MC/BR BR MC/BR Site 1

Publish

Prefix A

Responder 1

Site 2

Publish

Prefix B

Responder 2

Site 3

Publish

Prefix C, D, E

Responder 3, 4

Active

Fast

Active Throughput

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA

IP SLA Responder

Site HQ

Publish

Prefix H1, H2, H3

Responder H

40


PfR Domain Target Discovery

• Mapping table built on each site

• Allows automatic jitter probe configuration

• Allows automatic probe generation

• Remote Bandwidth discovery per remote

site

BR BR

HQ

MC


Prefixes Responders BW Sites

Prefix A Responder1 1.2 Mbps Site 1

Prefix B Responder2 2.3 Mbps Site2

Prefix C, D, E Responder3, 4 10 Mbps Site3

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA

41


pfr-map MAP-TEST3 10 match pfr learn list LEARN_LIST_BRANCH1 set periodic 90 set mode route control set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000



set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90














set periodic 90

set mode route control












pfr master

policy-rules MYMAP

mc-peer head-end Loopback1

target-discovery

[SNIP]

!

pfr-map MYMAP 10

match pfr learn list LEARN_LIST_BRANCH

set periodic 90











With Target Discovery Enabled

42


PfR Domain

Summary

• PfR is now multi-site aware

• MC to MC Peering Framework can be used to exchange policies, services and feedback

• Target Discovery is just the first feature running over this framework

‒ Automatic configuration and generation of all jitter probes

‒ Reduces IP SLA target configuration per destination and per policy.

‒ Improves IP SLA probing efficiency through the sharing of probe data across multiple

policies

• Possible future features:

‒ Solving the Asymmetric Routing issue

‒ PfR Policies distribution

‒ QoS Policies distribution

43


Internet Edge Load-Balancing



WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

MC

BR BR

MC

ISP1 ISP2

Internet Edge

Branch

45


Manual Traffic Engineering Overview

• Problem Statement

‒ Ingress/Egress path are under/over utilized

‒ Maximize bandwidth utilization (uplinks with different BW)

• Manual Solution

‒ Consider The Traffic Patterns of the Enterprise.

Does the Enterprise Host Content?

Does the Enterprise Access Content?

‒ Not Sure?

Graph Interface Byte Count

Use NetFlow

Even better, use Flexible NetFlow

• In General, sites have a 80:20 traffic volume (in

bytes) mix. Fix only the 80% Direction.

‒ 20% direction doesn’t matter unless links are widely varying

speeds.

R1 R2

ISP X ISP Z

ISP Y

ISP A ISP B

Eg

ress

Ing

ress

1GE 100M

46


Manual Traffic Engineering BGP Policy Instruments

• “Direction Applied”, works together with Route Maps

Tool/Attribute Direction of Traffic

Flow Affected Implementation

Longest Match

Local Preference

AS_Path

Inbound and Outbound

Outbound

Static or Redistribution / Received

Direction Applied: Inbound

Direction Applied: Outbound Inbound

Communities Inbound Direction Applied: Outbound

47


Automatic Traffic Engineering

Load-Balancing with PfR

• Solution: PfR used to load balance the traffic

• New default policies based on load-balancing

• Cisco ASR1k is typical BR/MC with BR terminating WAN connections

• BGP routing

• BRs must be iBGP peers

• Default routing or

• Partial routes or

• Full routes

• PfR can actively manage up to 20k Prefixes concurrently (with ASR1000)

• 12.4T/15.0.1M

• IOS-XE 3.3.0

eBGP eBGP

R5 R4

HQ

R3

iBGP

ISP1 ISP2

ISP3

ISP4 ISP5

48


Egress Load Balancing PfR Solution Used

Dest Prefixes (NetFlow) Learning

Monitoring Passive – Global

Policies

Path Enforcement BGP

Egress BW

Load-Balancing (range)

Inject BGP Route

BGP Local Pref

R5 R4

HQ

R3

55% 45% eBGP eBGP

iBGP

ISP1 ISP2

ISP3

ISP4 ISP5

49


Internet Presence Outbound Load Balancing Only

pfr master max-range-utilization percent 25 logging ! border 10.4.5.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! border 10.4.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! learn prefixes 1000 applications 0 expire after time 300 ! ! max prefix total 10000 learn 10000 exporter MYEXPORTER mode monitor passive periodic 600

Link Range Utilization

• Keep the usage on a set of exit links

within a certain percentage range of

each other

Max Link Utilization

• Upper threshold on the amount of

traffic a specific link can carry

Max Prefixes

• Learn 1000 Prefixes

• Delete Prefix if not relearned in 60

Minutes

Global Policies

• Load Balancing enabled by default

• Link OOP if :

• % Util > Lowest + 10

• % Util > 90

• Revaluate Exit every 10 Minutes

50


Ingress Load Balancing PfR Solution Used

Inside Prefixes (BGP) Learning

Monitoring Passive – Global

Policies

Path Enforcement BGP

Ingress BW

Load-Balancing (range)

BGP AS-PATH Prepend

BGP Community

R5 R4

HQ

R3

20% 17% eBGP eBGP

iBGP

ISP1 ISP2

ISP3

ISP4 ISP5

51


Internet Presence Inbound Load Balancing

pfr master policy-rules MYMAP max-range-utilization percent 25 logging ! [BR PROVISIONNING] ! learn inside bgp prefixes 1000 applications 0 expire after time 300 ! max prefix total 10000 learn 10000 max range receive percent 35 exporter MYEXPORTER mode monitor passive periodic 600 !

pfr-map MYMAP 10 match ip address prefix-list HQ_PREFIX inside ! ip prefix-list HQ_PREFIX seq 5 permit 10.10.1.0/24 ip prefix-list HQ_PREFIX seq 10 permit 10.10.2.0/24 ip prefix-list HQ_PREFIX seq 15 permit 10.10.3.0/24 ip prefix-list HQ_PREFIX seq 20 permit 10.10.4.0/24

pfr-map MYMAP 10 match pfr learn inside !

Learning Inside Prefix

Configuring Inside Prefix

pfr master policy-rules MYMAP max-range-utilization percent 10 logging ! [BR PROVISIONNING] ! learn prefixes 1000 expire after time 300 ! max prefix total 10000 learn 10000 max range receive percent 5 exporter MYEXPORTER mode monitor passive periodic 600 !

Link Range Utilization - Ingress

• Keep the usage on a set of exit

links within a certain

percentage range of each

other

52


Internet Presence Downgrade Method

Nothing required

AS-PATH PREPEND BGP Community

pfr master max-range-utilization percent 10 logging ! border 10.4.5.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external downgrade bgp community 3:100 ! border 10.4.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external downgrade bgp community 4:200 !

Downgrade Community

• Specific value per Provider

Check the following: • Send-community enabled under bgp • neighbor <ip> soft-reconfiguration inbound” per neighbor • max range receive percent X under pfr master

53


PfR Master Controller Database Display Traffic Classes Performance Metrics

R3#sh pfr master traffic-class OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms), MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe all # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is denied DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 20.20.0.0/24 N N N N N N INPOLICY 32 10.4.4.4 Et0/1 BGP 53 53 0 0 0 0 12 1 N N N N N N 20.20.8.0/24 N N N N N N INPOLICY 42 10.4.4.4 Et0/1 BGP 53 53 0 0 0 0 12 1 N N N N N N 20.20.16.0/24 N N N N N N INPOLICY 59 10.5.5.5 Et0/1 BGP 105 105 0 0 0 0 27 1 N N N N N N

• Passive Delay (from TCP

Syn/Ack)

• No Active Delay

• Passive Mode used

• PfR has calculated the

per traffic class (which is

per /24 destination in this

case) egress bandwidth

usage as well as the

ingress

54


PfR Master Controller Database Traffic Class Performance

R3#sh pfr master traffic-class performance ip any 20.20.0.0/24 ============================================================================================== Traffic-class: Destination Prefix : 20.20.0.0/24 Source Prefix : N/A Destination Port : N/A Source Port : N/A DSCP : N Protocol : N/A Application Name: : N/A General: Control State : Controlled using BGP Traffic-class status : INPOLICY Current Exit : BR 10.4.4.4 interface Et0/1, Tie breaker was Range Time on current exit : 0d 0:4:49 Time remaining in current state : @10 seconds Traffic-class type : Learned Improper config : None Last Out-of-Policy event: No Out-of-Policy Event Average Passive Performance Current Exit: (Average for last 5 minutes) Unreachable : 0% -- Threshold: 50% Delay : 60% -- Threshold: 50% Loss : 0% -- Threshold: 10% Egress BW : 13 kbps Ingress BW : 1 kbps Time since last update : 0d 0:0:15 Average Active Performance Current Exit: (Average for last 5 minutes) Unreachable : 0% -- Threshold: 50% Delay : 50% -- Threshold: 50% ============================================================================================== R3#

TC Performance

• Performance Details

• Last Resolver decisions

• Filter on any type of traffic

55


Load Balancing Checking Load Balancing Accuracy

R3#sh pfr master exits ============================================================================================== PfR Master Controller Exits: General Info: ============= E - External I - Internal N/A - Not Applicable Up/ ID Name Border Interface ifIdx IP Address Mask Policy Type Down --- ------------ --------------- ----------- ----- --------------- ---- ----------- ---- ---- 2 10.4.4.4 Et0/1 2 100.4.81.4 24 Util E UP 1 10.5.5.5 Et0/1 2 100.5.82.5 24 Util E UP Global Exit Policy: =================== Cost: In Policy Exits Performance: ================== Egress Ingress ---------------------------------------------------- ------------------------------------ ID Capacity MaxUtil Usage % RSVP POOL OOP Capacity MaxUtil Usage % OOP --- -------- -------- -------- --- -------------- ----- -------- -------- -------- --- ----- 2 1000 900 232 23 N/A N/A 1000 1000 42 4 N/A 1 1000 900 317 31 N/A N/A 1000 1000 16 1 N/A TC and BW Distribution: ======================= # of TCs BW (kbps) Probe Active Name/ID Current Controlled InPolicy Controlled Total Failed Unreach (count) (fpm) ---- ---------------------------- ---------------------- ------ -------- 2 23 23 23 509 232 0 0 1 26 26 26 1203 317 0 0 Exit Related TC Stats: ====================== Priority highest nth ------------------ Number of TCs with range: 0 0 Number of TCs with util: 0 0 Number of TCs with cost: 0 0 Total number of TCs: 59 R3#

R5 R4

HQ

R3

eBGP eBGP

iBGP

ISP1 ISP2

ISP3

ISP4 ISP5

56


Enterprise WAN Application Based Routing



WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

MC

BR BR

MC

Enterprise WAN ISP1 ISP2

Branch

Rest of the Traffic

Voice - Video


58


Enterprise WAN Use Case Blackout and Brownout

• Problem Statement:

‒ Recent carrier routing problem cause

a network outage (Blackout).

‒ Fluctuating performance over the WAN is

causing intermittent application problems (Brownout)

‒ Secondary/Backup WAN path under utilized

• Solution: PfR Application based optimization

‒ Protect Voice and Video traffic:

primary path, check delay, loss, jitter – fallback secondary

‒ Protect Business Applications:

primary path, check loss, utilization – fallback secondary

‒ Best effort Applications – Maximize bandwidth

utilization:

load balanced across SPs or use the secondary path

Rest of the Traffic

Voice - Video


BR BR

HQ


MC



WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

59


Deployment – With Target Discovery (Recommended)

• Multisite MC Peering Framework

• MC to MC Peering Framework can be used to exchange policies, services and feedback

• Remote Site Discovery

• Simplifies Configuration – prefix and target discovery

• Probing Efficiency – sharing of probe data across policies

ISP-1 ISP-2

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

MC

BR BR

MC

Rest of the Traffic

Voice - Video


60


Enabling Target Discovery Ease Configuration for Active Probing

• The MC peering system must

configure a source loopback interface

with an IP address that is reachable

(routed) through the network

• The Head-End MC is configured into

‘unicast-listen’ mode and each of the

Branch MCs will have a static unicast

neighbor configuration with the Head-

End MC peer address

BR BR

HQ




R3

LISTEN

BRANCH

SETUP

The peering to the

head-end

10.10.0.0/16

20.20.0.0/16

10.3.3.3

MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

30.30.0.0/16 20.20.0.0/16

30.10.10.10 20.9.9.9

61


Target Discovery Configuration Example

BR BR

HQ

MC/BR BR MC/BR


10.10.0.0/16

10.3.3.3 ! pfr master policy-rules MYMAP mc-peer head-end Loopback0 target-discovery <responder-list HQ_TARGET> <inside- prefixes HQ_PREFIX> border 10.4.4.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP1 ! border 10.5.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP2 !

pfr master

policy-rules MYMAP

mc-peer 10.3.3.3 Loopback0

target-discovery


IOS 15.2(3)T

MC

MC/BR

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

30.30.0.0/16 20.20.0.0/16

20.9.9.9 30.10.10.10

62


Target Discovery Hub Site

BR BR

HQ




10.10.0.0/16

MC 10.3.3.3

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

30.30.0.0/16 20.20.0.0/16

20.9.9.9 30.10.10.10

R3#sh pfr master target-discovery

PfR Target-Discovery Services

Mode: Static Domain: 59501

Responder list: HQ_TARGET Inside-prefixes list: HQ_PREFIX

SvcRtg: client-handle: 7 sub-handle: 6 pub-seq: 1

PfR Target-Discovery Database (local)

Local-ID: 10.3.3.3 Desc: R3

Target-list: 10.4.5.5, 10.4.5.4

Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24

PfR Target-Discovery Database (remote)

MC-peer: 30.10.10.10 Desc: R10

Target-list: 30.30.0.10

Prefix-list: 30.30.0.0/16

MC-peer: 20.9.9.9 Desc: R9



R3#

63


BR BR

HQ




10.10.0.0/16

MC

Target Discovery Branch

10.3.3.3

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

30.30.0.0/16 20.20.0.0/16

20.9.9.9 30.10.10.10

R10#sh pfr master target-discovery

PfR Target-Discovery Services

Mode: Dynamic Domain: 59501

SvcRtg: client-handle: 2 sub-handle: 1 pub-seq: 1

PfR Target-Discovery Database (local)

Local-ID: 30.10.10.10 Desc: R10



PfR Target-Discovery Database (remote)





Target-list: 10.4.5.5, 10.4.5.4

Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24

R10#

64


Step1 – Learning Traffic Defines your groups

Prefixes

Prefixes + DSCP

Applications

Traffic Classes

Definition

Traffic Classes

BR BR

HQ


MC


WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)


• Check Prefixes and

application/DSCP per

branch

‒ This will give an idea of the

number of Traffic Classes

‒ Tune Aggregation Mask as

needed

SLA

Rest of the Traffic

Voice - Video


10.10.1.0/24 10.10.2.0/24

10.20.1.0/24 … 10.20.9.0/24

EXAMPLE

Critical Apps – DSCP AF31

• Mask 24 – 11 TCs

• Mask 16 – 2 TCs

65


Traffic Class Learning Configuration Example

pfr master

!

learn

throughput

!

list seq 10 refname LEARN_VOICE_VIDEO

traffic-class access-list VOICE_VIDEO filter BRANCH_PREFIX

aggregation-type prefix-length <LENGTH>

throughput

!

list seq 20 refname LEARN_CRITICAL

traffic-class access-list CRITICAL filter BRANCH_PREFIX

aggregation-type prefix-length <LENGTH>

throughput

!

[Rest of the traffic]

Traffic Classes

BR BR

HQ


MC


WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)


SLA

66


Traffic Class Learning Configuration Example

!

ip access-list extended VOICE_VIDEO

permit ip any any dscp ef

!

ip access-list extended CRITICAL

permit ip any any dscp af31

!

ip prefix-list BRANCH_PREFIX seq 5 permit 20.20.0.0/16

ip prefix-list BRANCH_PREFIX seq 10 permit 30.30.0.0/16

!

Branch Prefixes

• Filters on remote prefixes

Traffic Classes

BR BR

HQ


MC


WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)


SLA

Access-List

• Automatically learn based on DSCP values

for Voice, Video and Critical Applications

• Rest of the Traffic falls under global

learning (kind of “default class)

67


!

pfr master

learn

list seq 10 refname VOICE_VIDEO

traffic-class application nbar rtp-audio filter BRANCH

thoughput

list seq 20 refname CRITICAL

traffic-class application nbar citrix filter BRANCH

thoughput

!

Traffic Class Learning Configuration Example with NBAR

BR BR

HQ


MC

Use NBAR to identify Application Traffic

NBAR is activated automatically on BR

NBAR Support was added in 12.4(20T) release

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA

68


Learning Traffic Classes Example

MC#sh pfr master learn list Learn-List seq 10 refname LEARN_VOICE_VIDEO Configuration: Traffic-Class Access-list: VOICE_VIDEO Filter: BRANCH_PREFIX Aggregation-type: prefix-length 32 Learn type: throughput Session count: 1000 Max count: 1000 Policies assigned: 10 Status: ACTIVE Stats: Traffic-Class Count: 2 Traffic-Class Learned: Appl Prefix 20.20.1.0/24 ef 256 Appl Prefix 20.20.2.0/24 ef 256 Learn-List seq 20 refname LEARN_CRITICAL Configuration: Traffic-Class Access-list: CRITICAL Filter: BRANCH_PREFIX Aggregation-type: prefix-length 24 Learn type: throughput Session count: 50 Max count: 100 Policies assigned: 20 Status: ACTIVE Stats: Traffic-Class Count: 37 Traffic-Class Learned: Appl Prefix 20.20.14.0/24 af31 256 Appl Prefix 20.20.6.0/24 af31 256 Appl Prefix 30.30.5.0/24 af31 256 Appl Prefix 20.20.8.0/24 af31 256 Appl Prefix 30.30.14.0/24 af31 256 [SNIP]

BR BR

HQ


MC


WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)


SLA

69


Step2 – Performance Measurement PfR Solution Used

Monitoring Fast – Voice/Video

Passive – Rest

Active – Critical Apps NetFlow NetFlow

Destination Prefix

DSCP App


Ingress

BW

Egress

BW BR Exit

10.1.1.0/24 EF 60 10 0 20 40 BR1 Gi1/1

10.1.10.0/24 AF31 110 20 0 52 60 BR1 Gi1/2

… EF 89 35 1 34 10 BR2 Gi1/1

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.0/24 - 60 0 20 40 BR1 Gi1/1

10.1.10.0/24 - 110 0 52 60 BR1 Gi1/2

… - 89 1 34 10 BR2 Gi1/1

Probes Probes

Traffic Classes

BR BR

HQ


MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

TD Enabled

MC tells the BR to configure and generate all Jitter probes needed

SLA Shadow Router

IP Sla Responder

70


Step3 – Policies Define your policies per group

2. Loss

3. Jitter

4. Delay

Load-Balancing Rest of the Traffic

Voice - Video


1. Link-Group

2. Loss

4. Delay

1. Link-Group

Policies

BR BR

HQ


MC



WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

71


Configuration Sample Policies – Voice and Video

pfr-map MYMAP 10 match pfr learn list LEARN_VOICE_VIDEO set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90

Policies Thresholds

• Applied to the voice and video traffic

• Loss, delay and jitter

Policies Definition

• List all policies

• Assign priority

• Administrative policy: SP1 is the primary

path, fallback to SP2 if OOP

Jitter Probe

• Target Discovery is used

• No need to manually define the probe

target

Monitor mode fast

• Actively probe all exits to get performance

metrics

IOS 15.2(3)T

72


Configuration Sample Policies – Critical Applications

pfr-map MYMAP 20 match pfr learn list LEARN_CRITICAL set delay threshold 120 set loss threshold 200000 set mode monitor active throughput set resolve delay priority 1 variance 20 set resolve loss priority 5 variance 10 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90

Policies Thresholds

• Applied to the voice and video traffic

• Loss, delay and jitter

Policies Definition

• List all policies

• Assign priority

• Administrative policy: SP1 is the primary

path, fallback to SP2 if OOP

Active Probes

• Automatic configuration and generation of

probes

Monitor mode Active

• Actively probe the current exit to get

performance metrics. Mode fast is also an

option

IOS 15.2(3)T

73


Configuration Sample Policies – Rest of the Traffic

! pfr master policy-rules MYMAP max-range-utilization percent 22 ! mc-peer head-end Loopback0 target-discovery ! logging ! ! Default Policies ! mode route protocol pbr !

Link Range Utilization

• Keep the usage on a set of exit links

within a certain percentage range of

each other

Global Policies

• Apply for the rest of the traffic

• Load Balancing enabled by default

IOS 15.2(3)T

74


Target Discovery Hub Site – Jitter probes Generated

BR BR

HQ




10.10.0.0/16

20.20.0.0/16

MC 10.3.3.3

20.9.9.9

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

SLA Shadow Router

IP Sla Responder

30.30.0.0/16

30.10.10.10

R3#sh pfr master active-probes target-discovery PfR Master Controller active-probes (TD) Border = Border Roter running this probe MC-Peer = Remote MC associated with this target Type = Probe Type Target = Target Address TPort = Target Port N - Not applicable Destination Site Peer Addresses: MC-Peer Targets 30.10.10.10 30.30.0.10 20.9.9.9 20.20.0.9 The following Probes are running: Border Idx State MC-Peer Type Target TPort 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.5.5.5 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.5.5.5 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 R3#

75


PfR Master Controller Database Display Traffic Classes Performance Metrics

MC#sh pfr master traffic-class OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms), MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe all # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is denied DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 30.1.8.0/24 N defa 256 N N 0.0.0.0/0 INPOLICY 17 10.4.5.4 Et0/1 PBR 52 52 0 0 0 0 65 7 53 52 0 0 N N N N 30.1.1.0/24 N ef 256 N N 0.0.0.0/0 INPOLICY 41 10.4.5.5 Et0/1 PBR 52 52 0 0 0 0 66 7 54 51 0 0 N N N N 30.1.9.0/24 N defa 256 N N 0.0.0.0/0 INPOLICY @47 10.4.5.4 Et0/1 PBR 52 52 0 0 0 0 64 7 52 51 0 0 N N N N 30.1.3.0/24 N af31 256 N N 0.0.0.0/0 INPOLICY 113 10.4.5.4 Et0/1 PBR 52 52 0 0 0 0 65 7 52 52 0 0 N N N N 30.1.4.0/24 N af31 256 N N 0.0.0.0/0 INPOLICY 75 10.4.5.5 Et0/1 PBR 52 52 0 0 0 0 64 7 54 51 0 0 N N N N

• Passive Delay (from TCP

Syn/Ack)

• Active Delay (from

probes)

• PfR has calculated the

per traffic class (which is

per /24 destination in this

case) egress bandwidth

usage as well as the

ingress

76


PfR Master Controller Database Traffic Class Performance

MC#sh pfr master traffic-class performance ip any 20.20.0.0/24 dscp ef ============================================================================================== Traffic-class: Destination Prefix : 20.20.0.0/24 Source Prefix : 0.0.0.0/0 Destination Port : N Source Port : N DSCP : ef Protocol : 256 Application Name: : N/A General: Control State : Controlled using PBR Traffic-class status : INPOLICY Current Exit : BR 10.4.4.4 interface Et0/1, Tie breaker was None Time on current exit : 0d 0:9:32 Time remaining in current state : @34 seconds Last uncontrol reason : Probe frequency changed Time since last uncontrol : 0d 1:12:1 Traffic-class type : Learned Improper config : None Last Out-of-Policy event: No Out-of-Policy Event Average Passive Performance Current Exit: (Average for last 5 minutes) Unreachable : 0% -- Threshold: 50% Loss : 0 ppm -- Threshold: 50000 ppm Delay : 52 msecs -- Threshold: 200 msecs Egress BW : 7 kbps Ingress BW : 5 kbps Time since last update : 0d 0:0:24 Average Active Performance Current Exit: (Average for last 5 minutes) Unreachable : 0% -- Threshold: 50% Loss : 0 ppm -- Threshold: 50000 ppm Jitter : 0 msec -- Threshold: 3000 msec Delay : 52 msec -- Threshold: 200 msec Last Resolver Decision: BR Interface Status Reason Performance Threshold --------------- ------------ ------------ ------------ ----------- --------- 10.5.5.5 Et0/1 Eliminated Link Group N/A N/A 10.4.4.4 Et0/1 Best Exit Unreachable N/A N/A ============================================================================================== MC#

TC Performance

• Performance Details

• Last Resolver decisions

• Filter on any type of traffic

77



Enforcing the Path Dynamic PBR

• MC instructs BRs to apply Dynamic

Route Maps on their inside interfaces

• Direct connection between BRs is

needed

‒ Direct connection

‒ GRE/mGRE tunnel

BR BR

HQ



MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

78


PBR Example Troubleshooting Path Enforcement

R4#sh route-map dynamic route-map OER_INTERNAL_RMAP, permit, sequence 0, identifier 402653185 Match clauses: ip address (access-lists): oer#1 Set clauses: ip next-hop 10.4.5.5 interface Ethernet0/0 Policy routing matches: 98809 packets, 67823285 bytes route-map OER_INTERNAL_RMAP, permit, sequence 1, identifier 3439329282 Match clauses: ip address (access-lists): oer#2 Set clauses: ip next-hop 100.4.8.8 interface Ethernet0/1 Policy routing matches: 75247 packets, 51786342 bytes Current active dynamic routemaps = 1 R4#

R4#sh ip access-lists dynamic Extended IP access list oer#1 67108863 permit ip any 30.1.6.0 0.0.0.255 dscp af31 (17981 matches) 134217727 permit ip any 30.1.4.0 0.0.0.255 dscp af31 (17984 matches) 268435455 permit ip any 30.1.5.0 0.0.0.255 dscp af31 (17975 matches) 536870911 permit ip any 30.1.2.0 0.0.0.255 dscp ef (17938 matches) 1073741823 permit ip any 30.1.1.0 0.0.0.255 dscp ef (18002 matches) Extended IP access list oer#2 67108863 permit ip any 30.1.3.0 0.0.0.255 dscp af31 (15000 matches) 134217727 permit ip any 30.1.7.0 0.0.0.255 dscp default (15034 matches) 268435455 permit ip any 30.1.10.0 0.0.0.255 dscp default (15958 matches) 536870911 permit ip any 30.1.9.0 0.0.0.255 dscp default (15937 matches) 1073741823 permit ip any 30.1.8.0 0.0.0.255 dscp default (15966 matches) R4#

• A dynamic route-map is created

by PfR to enforce traffic to the

chosen exit point

• Next hop = R5

• A dynamic route-map is created

by PfR to enforce traffic to the

chosen exit point

• Next hop = WAN


Design Considerations

80

Traffic Classes

BR BR

HQ


MC

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)

• Scalability on the hub

‒ Number of jitter probes

CPU impact on the BRs

‒ Probe Frequency

CPU impact on the BRs

‒ Number of Traffic Classes

TCAM space on ASR1k BRs

CPU/ Memory usage on MC

• How fast is Fast Mode?

‒ Min Probe Frequency: 2 sec

Probes Probes

Shadow Router IP Sla Responder SLA


Network Management NetFlow v9 Export

SNMP MIB


PfR NetFlow v9 Export

82

• PfR NetFlow v9 Export

‒ The PfR NetFlow v9 Exporter resides on the PfR Master

Controller

‒ Exports Passive Metrics, Active Metrics, Events,

Configuration

• PfR SNMP MIB (Traps coming)

‒ TC as a row of cpfrTrafficClassTable

‒ TC Status as a row of cpfrTrafficClassStatusTable

‒ performance metrics as a row of

cpfrTrafficClassMetricsTable

• NMS application vendors engaged!

• Cisco Prime Assurance engaged!

BR BR

HQ

MC


NetFlow

SNMP Read

WAN2 (IPVPN, DMVPN)

WAN1 (IP-VPN)


Traffic Class Identifier

• Each TC will have its own Identifier

• “Traffic-Class ID” is encoded into “application tag” as follows:

Classification

Engine ID

(1 Byte)

Type

(1 Byte)

Traffic Class Id

(4 Bytes)

Type: Type=1: Passive Update, Type=2: Passive Performance, Type=3: Active Update, Type=4: Active Performance, Type=5: Traffic-Class Event

Classification Engine ID: 17

83


Configuration Templates – Options

Encoded Traffic-Class ID,

Source prefix, Source mask,

Destination prefix, Destination mask,

Protocol,

DSCP,

Source port min, Source port max,

Destination port min, Destination port max,

Application Name,

Policy id

Traffic Class Config

BR address,

External interface id,

BR interface name,

Link capacity,

RSVP reserved bandwidth pool,

Maximum ingress bandwidth,

Maximum egress bandwidth,

BGP Community

Link group Name,

Cost nickname, Cost type

Cost discard rollup count

External Interface Config

BR address

Internal interface id

BR interface name

Internal Interface Config

Policy id

pfr-map name

State

Threshold

Priority

Variance

MOS

Link group Name

Policy Config

Reason id

Reason text

Reason Config

http://docwiki.cisco.com/wiki/AVC-Export:PfR

84


Passive/Active Reports

Encoded Traffic-Class ID

BR Address,

External interface ID,

Direction

State

First switched time

Last switched time

Sum of round-trip-time,

Samples,

Loss,

Unreachable,

Bytes,

Packets,

Flows,

Next hop address

Passive Update


BR Address, External interface ID

Direction

Routing protocol

State

Reason ID

Timestamp

Left time

Passive short-term unreachable

Passive short-term loss

Passive short-term round-trip-time

Passive long-term unreachable

Passive long-term loss

Passive long-term round-trip-time

Egress bandwidth

Ingress bandwidth

BGP Prepend

BGP Community

Passive Performance


BR Address

External Interface ID

State

Average round-trip-time

Minimum round-trip-time

Maximum round-trip-time

Sum of round-trip-time

Unreachable

Loss

Jitter

MOS below counts

MOS total counts

Initiations

Completes

Active Update


BR Address

External interface ID

Routing protocol

State

Reason ID

Timestamp

Left time

Active short-term unreachable

Active short-term loss

Active short-term round-trip-time

Active short-term jitter

Active Short-term MOS

Active long-term unreachable

Active long-term loss

Active long-term round-trip-time

Passive Performance


85


Interface Update, Various

BR Address


State

Reason ID

Egress bandwidth

Ingress bandwidth

Cost target bandwidth

RSVP bandwidth pool

TC total counts

Controlled TC counts

In Policy TC counts

Controlled bandwidth

External Interface Update

BR Address

Internal interface ID

State

Reason ID

Internal Interface Update


BR address


Direction

Routing protocol

State

Reason ID

Timestamp

Left time

BGP Prepend

BGP Community

Traffic Class Performance Cost Minimization Performance

BR Address


State

Timestamp

Counter of left rollup

Ingress rollup bandwidth (kbps)

Egress rollup bandwidth (kbps)

k-th rollup bandwidth (kbps)

k-th tier percentage (%)

k-th fee

BR address

State

BR Up/Down Alert


86


Billing Denial of Service

Leverage NetFlow Partners Eco-system

Traffic Analysis

More info: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/ 87

http://www.portal.com/

http://www.valenciasystems.com/index.htm

http://www.ibm.com/us/

http://www.netimonitor.com/index.php


PfR Reporting Tools

• NetFlow Partners – Plixer, ActionPacked

• Cisco Prime Infrastructure 2.x – Future (H1/CY13)

LiveAction

88


Conclusion Platform Support

Software Packages

URLs


Cisco 7200-NPE-G2, 7301

12.4, 12.4T

15M/T

Cisco 3900

Cisco 3800 12.4, 12.4T

15M/T

Cisco 2900

Cisco 2800 12.4, 12.4T

15M/T

Cisco 1900

Cisco 1800 12.4, 12.4T,

15M/T Cisco 6500

12.2(33)SXH

(Deprecated)

Cisco 7600

12.2(33)SRB

(Limited Support)

PfR Platform Support

90

Cisco ASR 1000

BR in IOS-XE 2.6.1 MC in IOS-XE 3.3.0

Cisco 3900

Cisco 3800 12.4, 12.4T

15M/T


PfR Software Packaging

91

PfR

New Cisco ISR G2 Simplified Feature Sets Classic Cisco IOS Software Feature Sets

• New ISR-G2 1900, 2900, 3900

• A single IOS Universal Image for all ISR Generation 2 ISR Platforms

• PfR is within the DATA package.

• Existing ISR 1800, 2800, 3800, 7200

ASR 1000 Series • ASR1001: Use Universal Image (U or UK9) with Advanced IP Services (AIS) or Advanced Enterprise

Services (AES) technology package license

• All other ASR1000 (ASR1002-F, ASR1002, ASR1004, ASR1006, ASR1013): Use Advanced IP Services (AIS/AISK9) or Advanced Enterprise Services (AES/AESK9) images


Technical References

92

• Docwiki – Performance Routing Home

‒ Technology Overview, Solution Guides, Troubleshooting Guides, FAQ

http://docwiki.cisco.com/wiki/PfR:Home

‒ Performance Routing Technology Overview

http://docwiki.cisco.com/wiki/PfR:Technology_Overview

‒ Performance Routing Solution Guides

http://docwiki.cisco.com/wiki/PfR:Solutions

‒ Performance Routing Troubleshooting Guide

http://docwiki.cisco.com/wiki/PfR:Troubleshooting

• Configuration

‒ Understanding Performance Routing http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html

‒ Basic Configuration http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html

‒ Advanced Configuration

http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html


Recommended Reading for BRKRST-2362

93


Call to Action

• Visit the Cisco Campus at the World of Solutions to experience Cisco innovations in action

• Get hands-on experience attending one of the Walk-in Labs

• Schedule face to face meeting with one of Cisco’s engineers

at the Meet the Engineer center

• Discuss your project’s challenges at the Technical Solutions Clinics

94

© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2362 Cisco Public 95

Documents

Deploying Performance Routing