Upload
rockerptit
View
50
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Performance Routing PfR
Citation preview
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1
Clayton Daffron
Systems Engineer
Cisco Systems
Performance Routing (PfR) PACUG – 3/2012
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Changing Landscape
How it Works
PfR Use Cases
Configuration Details
Lab Demo
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Applications are moving to Cloud-based services
• Increasing Video (real-time) traffic
• Visibility for all applications will be critical
• Traffic management and control of the flows is necessary to guarantee performance
• Increased usage of Ethernet connectivity
SaaS/Public Internet Public DC
Hosting Provider DC
Service Provider DC
Private DC
HQ / Main Site
Branch Office
@
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Full utilization of expensive network resources Efficient distribution of traffic based upon load Traffic optimized based upon circuit $ cost profiles Minimization of underutilized expensive WAN paths
• Avoidance of network brownouts and soft errors
Hot spots, congestion, delay, suboptimal performance
• Responsiveness to critical application performance requirements
Time/delay sensitive: voice, video, etc Loss sensitive: video, circuit emulation Data center traffic: SAN extension, Internet ISP load balancing Transactional traffic: e-commerce transactions, automated B2B, ERP
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• Enhances traditional routing by factoring in performance visibility into path selection
Automatic integration for Routing and Instrumentation provide better service levels The PfR policy can: minimize cost, efficiently distribute traffic load, and/or select the optimum performing path for applications
• Dynamically route around blackholes and brownout conditions in the Enterprise WAN or Internet
• Makes adaptive routing adjustments based on real-time performance metrics
Response time, packet loss, jitter, mean opinion score (MOS), availability, traffic load, and $ cost policies
Internet DMVPN
Central Site
MC
BR2 BR1
MPLS-VPN High SLA
MC/BR
MC/BR MC/BR
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 7
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
IT Resources
Provision
Control
Optimize
Baseline
Network Adjustments
Network Capabilities to Support Application (Data/Voice/Video) Delivery
• Plan, configure, monitor, troubleshoot
• Sessions, endpoints and service infrastructure
• SLA measurements
Network Management
• Application acceleration, offload
• Reduce WAN traffic, application latency
Optimization
• Capacity planning • Visibility into network and
application behavior
• Dynamic troubleshooting
Monitoring and Instrumentation
• Prioritize business-critical traffic
• Meets established business policies and priorities
Control
• Automatic application recognition • Application Context awareness
Identification and Classification
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Performance Routing Policy Engine
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Learn Applications: MC tells BR to learn “interesting” applications, called Traffic Classes: • This could be destination prefix with or without port, dscp, source prefix or even
application using NBAR. • This profiling process can be entirely automatic based on the top talkers (using Netflow)
or configured manually. Measure Application performance (Collects traffic class statistics for learned applications): • Monitor Modes: Passive, Active, Both, Fast, Special (Cat6K) • Netflow for UDP (bandwidth) and TCP flows (availability, delay, bandwidth, loss) • IP SLA for TCP and UDP flows (Availability, delay, loss, jitter, MOS). Apply Policy: • Use measured application data to determine whether managed traffic-class is out of
policy (OOP) and if an alternate path can meet the policy requirements Enforce (re-route traffic): • Prefix Control: Inject BGP or Static routes • Application Control: Dynamic Route-map/PBR for traffic classes defined by ACLs, NBAR,
unsupported routing protocols (OSPF, ISIS) or, BRs running a mix of routing protocols. Verify that the new route match the policy.
PfR Policy Engine, Continued
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• The Decision Maker: Master Controller (MC) Cisco IOS software feature Apply policy, verification, reporting Standalone or collocated with BR No routing protocol required No packet forwarding/ inspection required
• The Forwarding Path: Border Router (BR) Cisco IOS software feature Learn, measure, enforcement NetFlow collector Probe source (IP SLA client)
Internet VPN
Central Site MC
BR2 BR1
MPLS-VPN High SLA
MC/BR
MC/BR MC/BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
MC
BR2 BR1
• Learning
• Performance Monitoring Using Netflow
Using IP SLA Probes
And much more in the future
• Enforcement using Routing protocols or PBR
• Route/Application Control MC commands BRs to learn traffic classes
Instruct BR to monitor the performance
Verify the Performance
If not performing, make a policy decision and instruct the BRs to enforce a new route
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• PfR has to determine the traffic classes from the traffic flowing through the border routers
• Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes
• Automatically learning or manual configuration
Type Example
Destination Prefix (Mandatory)
10.0.0.0/8
20.1.1.0/24
Application (Optional)
ACL 10.1.1.0/24 dscp ef
10.1.1.0/24 dst-port 50
Well-Known 10.1.1.0/24 telnet
20.1.0.0/16 ssh
NBAR 10.1.1.0/24 nbar RTP
20.1.1.0/24 nbar citrix
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Both Fast Active Throughput Passive to measure
performance Active probing as needed It is the default
Active probes on all path all the time
Passive to measure BW only
Passive to measure BW only
Active probing on current exit
Passive
PfR Netflow Monitoring Flows Need not be
symmetrical
Active
PfR enables IP SLA feature Probes sourced from BR ICMP probes learned or
configured TCP, UDP, JITTER need ip
sla responder
Delay Loss Reachability
Egress BW Ingress BW
Delay Loss Reachability
Jitter MOS
Hybrid Modes
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
10.1.1.0/24 Site #1
Traffic Flow Based on the
RIB
10.2.2.0/24 Site #2
BR MC/BR
PfR optimizes performance of traffic-class and optimizes the usage of the links. Choose the best path for the application
If the performance of traffic-class does not meet the requirement then traffic-class is deemed Out of Policy.
If the link usage does not meet the requirement then link is deemed Out of Policy.
EF Traffic Flow Based on PfR
Policies
Traffic loss Delay increase
MC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Link Utilization Delay (ms) Priority 1
Jitter (ms) Priority 2
Serial1 89% 100 30
Serial2 50% 113 30
Serial3 60% 119 25
Serial4 40% 150 20
Serial2 and serial3 are considered because 113 and 119 are below 132 (which is 120% of 110).
Even though serial3 has slightly higher delay it is still chosen as best exit because jitter is lower and has no variance configured.
Policies
• Utilization: <75% • Delay: < 110 ms variance 20 • Jitter: < 50 ms
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 18
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
• Cisco 7200 and now Cisco ASR1k are typical BR/MC with BR terminating WAN connections
• BGP routing • BRs must be iBGP peers • Default routing or • Partial routes or • Full routes
• PfR can actively manage the top 20k Prefixes concurrently (with Cisco 7200-NPE-G2 or ASR1000)
• 12.4T/15.0.1M • IOS-XE 3.3.0 • Entrance optimization
• Customers differ on policy priority • Learn prefixes by throughput and delay
Internet ISP2
Central Site
MC
BR2 BR1
Internet ISP1
IM Web Email
Internet ISP4 Internet
ISP3
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• Requirements: basic load Balancing on external interfaces
Dual IP-VPN Routing is BGP or static Dedicated MC or MC/BR combo Load-balancing based on external interfaces load (delay unused)
• PfR Solution used Learn throughput to get prefixes Measurement: monitor both Policies: range/utilization
SP2 IP-VPN
Central Site
MC
BR2 BR1
SP1 IP-VPN
MC/BR
MC/BR MC/BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
• Primary MPLS VPN and secondary using DMVPN over Internet. Select optimum performing path for applications
• Use PfR traffic class based routing Use PfR traffic class based routing to route voice and video traffic over MPLS and route data traffic over the public WAN If the utilization on DMVPN is > 80% then excess non-critical traffic is moved to MPLS if there is enough BW to accommodate
• Critical Traffic Monitor mode fast If moderate level traffic loss is noticed in MPLS path (>=5%), all traffic is routed to the Public WAN Delay threshold is configured as 300 msec Jitter threshold is configured as 30 ms
Internet VPN
Central Site
MC
BR2 BR1
MPLS-VPN High SLA
MC/BR
MC/BR MC/BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Cisco 7200-NPE-G2
12.4, 12.4T 15M/T
Cisco 3900 Cisco 3800
12.4, 12.4T 15M/T
Cisco 2900 Cisco 2800
12.4, 12.4T 15M/T
Cisco 1900 Cisco 1800
12.4, 12.4T, 15M/T
Cisco 6500* 12.2(33)SXH
(limited support)
Cisco 7600 12.2(33)SRB
(Limited support)
Cisco ASR 1000
BR in IOS-XE 2.6.1 MC in IOS-XE 3.3.0
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
PfR
New Cisco ISR G2 Simplified Feature Sets Classic Cisco IOS Software Feature Sets • New ISR-G2 1900, 2900, 3900
• A single IOS Universal Image for all ISR Generation 2 ISR Platforms
• PfR is within the DATA package.
• Existing ISR 1800, 2800, 3800, 7200
ASR 1000 Series • Universal image NPEK9 or UK9
• Use Advanced IP Services (AIS/AISK9) or Advanced Enterprise Services (AES/AESK9) Technology package license
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Configuration Details
Master Controller • Vast majority of configuration is on MC router
• Identify border routers by IP address, authentication key, and their interfaces
• Configure learning parameters
• Many other optional settings – traffic types, policy thresholds, timers, out-of-policy actions, active probes, etc
Border Router • Identify MC by IP address and configure authentication key
• Identify local interface for MC peering (like BGP update-source)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Basic PFR Requirements
• One MC, at least one BR (can co-exist on same router), max of 10 BR’s
• CEF must be enabled
• At least two External interfaces; one Internal interface
• If more than one BR, “internal” interfaces must be directly connected
• Each BR must be in the traffic forwarding path; MC doesn’t have to be
• Equal-cost “Parent Routes” must be present
10.1.0.0/16
Destination Prefix: 10.1.1.0/24
0.0.0.0/0
MC / BR
MC / BR
BR
ext
ext
ext
ext int
int
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Basic PFR Deployment Options
Decide which prefixes or traffic classes are “interesting” – the default is all traffic; ACL’s can be used to get very granular Decide which “mode” to use – observe is the default, and will generate syslog messages when traffic is out-of-policy (OOP). Control mode allows the MC to tell the BR’s how to reroute OOP traffic so that they are back in-policy Decide which method of performance measurement to use: • Passive monitoring uses only NetFlow data (NetFlow collection is automated) • Active monitoring uses automated IP SLA streams • Both is an option, and uses… both
Decide policy requirements – can include packet loss, delay, link utilization, jitter, etc. Policies can overlap, so each must be configured with a priority and “range” of acceptable metrics
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• Docwiki – Performance Routing Home Technology Overview, Solution Guides, Troubleshooting Guides, FAQ
http://docwiki.cisco.com/wiki/PfR:Home Performance Routing Technology Overview
http://docwiki.cisco.com/wiki/PfR:Technology_Overview Performance Routing Solution Guides
http://docwiki.cisco.com/wiki/PfR:Solutions Performance Routing Troubleshooting Guide
http://docwiki.cisco.com/wiki/PfR:Troubleshooting
• Configuration Understanding Performance Routing
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html
Basic Configuration http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html
Advanced Configuration http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Branch MC/ BR
PFR Lab Two PFR instances – Branch and Campus
Campus Site Branch Site
Low Latency
Low Bandwidth
High Latency High Bandwidth
T1
4G
Campus MC/ BR
Campus BR
Traffic Class: VOIP Dest: 10.254.4.4 DSCP=46
10.254.4.4
10.254.44.44
VOIP
Data
tunn
el0