This topic is to discuss the following lesson:
Hello,
it was a great lesson very interesting!!!, when I lab ( had to use OER instead) it up, it worked but I came up with a couple of question.
- Delay statistics. Default policy is
resolve delay priority 11 variance 20
resolve utilization priority 12 variance 20
and learn
throughput
delayusing command show oer master border detail, only shows utilization, however in the policy it uses delay also, in fact is priority 11 more than 12 utilization, as in this lab the delay its the same is deciding with utilization, but delay has the highest priority, how display the delay statistics? show oer master prefix detail?
-
PBR with applications, can you show an example?
I see that with oer-map we can do a lot of things, thresholds, variance, parameters. In oer-map I can only match a prefix list maybe in pfr its an extended access-list with ports and when it recognizes it uses PBR automatically?
Thanks
Regards
Hi Ignacio,
If you lab this up, I highly recommend to use PfR. OER is pretty buggy and I had lots of issues with it.
One command I can think of is show pfr master traffic-class detail:
MC#show pfr master traffic-class detail
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
Prefix: 10.40.40.0/24
State: INPOLICY Time Remaining: 0
Policy: Default
Most recent data per exit
Border Interface PasSDly PasLDly ActSDly ActLDly
*2.2.2.2 Gi3 0 0 11 11
3.3.3.3 Gi3 0 0 2 2
Latest Active Stats on Current Exit:
Type Target TPort Attem Comps DSum Min Max Dly
echo 10.40.40.4 N 1 1 17 6 17 17
echo 10.40.40.3 N 1 1 18 6 18 18
echo 10.40.40.4 N 1 1 6 6 6 6
echo 10.40.40.3 N 1 1 6 6 6 6
Prefix performance history records
Current index 7, S_avg interval(min) 5, L_avg interval(min) 60
Age Border Interface OOP/RteChg Reasons
Pas: DSum Samples DAvg PktLoss Unreach Ebytes Ibytes Pkts Flows
Act: Dsum Attempts DAvg Comps Unreach Jitter LoMOSCnt MOSCnt
00:00:57 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1909362 1906002 5074 480
Act: 0 0 0 0 0 N N N
00:01:57 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1912666 1910036 5087 488
Act: 0 0 0 0 0 N N N
00:02:58 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1923670 1921040 5115 488
Act: 0 0 0 0 0 N N N
00:03:59 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1907004 1906788 5072 480
Act: 0 0 0 0 0 N N N
00:04:59 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1911880 1905320 5080 488
Act: 0 0 0 0 0 N N N
00:05:59 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1429860 1427340 3800 360
Act: 35 2 17 2 0 N N N
00:07:00 2.2.2.2 Gi3
Pas: 0 0 0 0 0 1906218 1901286 5064 480
Act: 12 2 6 2 0 N N N
--------------------------------------------------------------------------------The ActSDly and ActLDly are short-term and long-term active delay. This is measured with active probes.
I’d have to test when PfR uses PBR exactly. I found this document from Cisco:
Where they describe:
When a PfR master controller (MC) decides to control a prefix using a protocol BGP, for example, it sends the control request to a selected PfR border router (BR). If the MC receives the successful control notification from the BR, it will notify all the other BRs to exclude the prefix. Some BRs may not have a parent route to this prefix via the same protocol. When no parent route exists for the prefix, this is detected as a RIB mismatch, the prefix is moved into a default state, and the control procedure begins again.
To simplify PfR, CSCtr26978 introduced new behavior when no parent route is detected. In this situation, PfR automatically switches to using dynamic policy-based routing (PBR) instead of trying all the other routing protocols in the following order; BGP, EIGRP, static, and PBR. With CSCtr26978, the existing mode route protocol pbr command behavior was enabled by default. Configuration of the no mode route protocol pbr command initially sets the traffic classes to be uncontrolled and PfR then uses a single protocol to control the traffic class in the following order: BGP, EIGRP, static, and PBR.
So, it seems to prefer regular routing before using PBR but with the mode route protocol pbr you can force it to use PBR right away.
In an oer-map (or pfr-map) you can match with prefix-lists, access-lists, PfR learned prefixes, and NBAR.
Rene
1 Like
Thanks very much for the explanation.
1 Like
Hello,
Is it possible to use PFR when you are receiving default routes from a service provider or this can only be effective when the full routing table is being received?
1 Like
Hello Tariq
PfR will function regardless of whether or not the ISP simply sends you a default route or more routing information. The policy that is used to determine the routing is based on the traffic itself and not on whether or not it is a default route. In the lesson, the PfR is actually used to balance the use of traffic between the multiple exit points from the local AS. This is why at least two external interfaces are required to make PfR work.
I hope this has been helpful!
Laz
1 Like
Thank you Lazaros for the clarification, the setup I am referring to is a BGP setup between 2 SP’s. However I also just realised that in the lab a class A subnet was advertised however PFR was able to categorize the individual /24 subnets into various traffic classes. Thanks
1 Like
Can a router share two roles (MC and border router)? For example, can I enable PfR on a system with only 2 routers?
Pascal
Hello Pascal
Yes, a router can indeed serve two roles, as an MC and a BR. In a PfR environment, the MC and BR can be on the same router. This is particularly common in smaller network deployments where there are only two routers as you suggest.
In a two-router setup, one router can be set up as both the MC and a BR, while the other router can be set up as a BR.
Keep in mind that while this is possible, it may not be the best solution for larger networks due to potential performance issues. The dual role of MC and BR can put a significant load on a single router in a larger network environment. In such a case, it is preferrable to give different routers these roles.
I hope this has been helpful!
Laz