Cisco Performance Routing (PfR)

This topic is to discuss the following lesson:

Hello,

it was a great lesson very interesting!!!, when I lab ( had to use OER instead) it up, it worked but I came up with a couple of question.

  1. Delay statistics. Default policy is
    resolve delay priority 11 variance 20
    resolve utilization priority 12 variance 20
    and learn 
    throughput
    delay

using command show oer master border detail, only shows utilization, however in the policy it uses delay also, in fact is priority 11 more than 12 utilization, as in this lab the delay its the same is deciding with utilization, but delay has the highest priority, how display the delay statistics? show oer master prefix detail?

  1. PBR with applications, can you show an example?
    I see that with oer-map we can do a lot of things, thresholds, variance, parameters. In oer-map I can only match a prefix list maybe in pfr its an extended access-list with ports and when it recognizes it uses PBR automatically?

Thanks
Regards

Hi Ignacio,

If you lab this up, I highly recommend to use PfR. OER is pretty buggy and I had lots of issues with it.

One command I can think of is show pfr master traffic-class detail:

MC#show pfr master traffic-class detail 
OER Prefix Statistics:
 Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
 P - Percentage below threshold, Jit - Jitter (ms), 
 MOS - Mean Opinion Score
 Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
 E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
 U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
 # - Prefix monitor mode is Special, & - Blackholed Prefix
 % - Force Next-Hop, ^ - Prefix is denied

DstPrefix           Appl_ID Dscp Prot     SrcPort     DstPort SrcPrefix         
           Flags             State     Time            CurrBR  CurrI/F Protocol
         PasSDly  PasLDly   PasSUn   PasLUn  PasSLos  PasLLos      EBw      IBw
         ActSDly  ActLDly   ActSUn   ActLUn  ActSJit  ActPMOS  ActSLos  ActLLos
--------------------------------------------------------------------------------
Prefix: 10.40.40.0/24
   State: INPOLICY    Time Remaining: 0       
   Policy: Default

   Most recent data per exit
   Border          Interface           PasSDly    PasLDly    ActSDly    ActLDly
  *2.2.2.2         Gi3                       0          0         11         11
   3.3.3.3         Gi3                       0          0          2          2
          
   Latest Active Stats on Current Exit:
   Type     Target          TPort Attem Comps    DSum     Min     Max     Dly
   echo     10.40.40.4          N     1     1      17       6      17      17
   echo     10.40.40.3          N     1     1      18       6      18      18
   echo     10.40.40.4          N     1     1       6       6       6       6
   echo     10.40.40.3          N     1     1       6       6       6       6

Prefix performance history records
 Current index 7, S_avg interval(min) 5, L_avg interval(min) 60

Age       Border          Interface       OOP/RteChg Reasons                  
Pas: DSum  Samples  DAvg  PktLoss  Unreach   Ebytes   Ibytes     Pkts    Flows
Act: Dsum Attempts  DAvg    Comps  Unreach   Jitter LoMOSCnt   MOSCnt
00:00:57  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1909362  1906002     5074      480
Act:    0        0     0        0        0        N        N        N
00:01:57  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1912666  1910036     5087      488
Act:    0        0     0        0        0        N        N        N
00:02:58  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1923670  1921040     5115      488
Act:    0        0     0        0        0        N        N        N
00:03:59  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1907004  1906788     5072      480
Act:    0        0     0        0        0        N        N        N
00:04:59  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1911880  1905320     5080      488
Act:    0        0     0        0        0        N        N        N
00:05:59  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1429860  1427340     3800      360
Act:   35        2    17        2        0        N        N        N
00:07:00  2.2.2.2         Gi3                                                 
Pas:    0        0     0        0        0  1906218  1901286     5064      480
Act:   12        2     6        2        0        N        N        N
--------------------------------------------------------------------------------

The ActSDly and ActLDly are short-term and long-term active delay. This is measured with active probes.

I’d have to test when PfR uses PBR exactly. I found this document from Cisco:

Where they describe:

When a PfR master controller (MC) decides to control a prefix using a protocol BGP, for example, it sends the control request to a selected PfR border router (BR). If the MC receives the successful control notification from the BR, it will notify all the other BRs to exclude the prefix. Some BRs may not have a parent route to this prefix via the same protocol. When no parent route exists for the prefix, this is detected as a RIB mismatch, the prefix is moved into a default state, and the control procedure begins again.

To simplify PfR, CSCtr26978 introduced new behavior when no parent route is detected. In this situation, PfR automatically switches to using dynamic policy-based routing (PBR) instead of trying all the other routing protocols in the following order; BGP, EIGRP, static, and PBR. With CSCtr26978, the existing mode route protocol pbr command behavior was enabled by default. Configuration of the no mode route protocol pbr command initially sets the traffic classes to be uncontrolled and PfR then uses a single protocol to control the traffic class in the following order: BGP, EIGRP, static, and PBR.

So, it seems to prefer regular routing before using PBR but with the mode route protocol pbr you can force it to use PBR right away.

In an oer-map (or pfr-map) you can match with prefix-lists, access-lists, PfR learned prefixes, and NBAR.

Rene

1 Like

Thanks very much for the explanation.

1 Like

Hello,

Is it possible to use PFR when you are receiving default routes from a service provider or this can only be effective when the full routing table is being received?

1 Like

Hello Tariq

PfR will function regardless of whether or not the ISP simply sends you a default route or more routing information. The policy that is used to determine the routing is based on the traffic itself and not on whether or not it is a default route. In the lesson, the PfR is actually used to balance the use of traffic between the multiple exit points from the local AS. This is why at least two external interfaces are required to make PfR work.

I hope this has been helpful!

Laz

1 Like

Thank you Lazaros for the clarification, the setup I am referring to is a BGP setup between 2 SP’s. However I also just realised that in the lab a class A subnet was advertised however PFR was able to categorize the individual /24 subnets into various traffic classes. Thanks

1 Like

Can a router share two roles (MC and border router)? For example, can I enable PfR on a system with only 2 routers?

Pascal

Hello Pascal

Yes, a router can indeed serve two roles, as an MC and a BR. In a PfR environment, the MC and BR can be on the same router. This is particularly common in smaller network deployments where there are only two routers as you suggest.

In a two-router setup, one router can be set up as both the MC and a BR, while the other router can be set up as a BR.

Keep in mind that while this is possible, it may not be the best solution for larger networks due to potential performance issues. The dual role of MC and BR can put a significant load on a single router in a larger network environment. In such a case, it is preferrable to give different routers these roles.

I hope this has been helpful!

Laz