performance routing pfr
Post on 18-Nov-2014
962 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
• What is PfRBenefits of PfR
Why is PfR interesting now?
Example PfR deployment scenarios
• How it Works
• How to demonstrate PfR
• Example Deployments (case studies)
• Scaling, Recommended Hardware
• Summary
• Resources
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• WAN performance is more critical to the enterprise than ever before
• How to engineer performance for applications?Redundant links may be idle
Degraded links may be carrying critical traffic!
• Application intelligence is needed in the networkRecognise important traffic
Recognise problems (or lack of) in the network
Send the important traffic over the best link for that type of traffic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
ISRISR ASRASR
Internet
MPLSVPN
ISP 1
ISP 2
Media- andApplication- AwareRouting
Improved user experience
Improves PerformanceImproves PerformanceImproves PerformanceImproves Performance Improves ReliabilityImproves ReliabilityImproves ReliabilityImproves Reliability
High availability for DC and Cloud apps; increased uptime
Active probes for fast response
No manual Interaction
Takes action on black-holes
WAN Cost ReductionWAN Cost ReductionWAN Cost ReductionWAN Cost Reduction
Makes best use of multiple links
DSL/3G/4G
• Dynamically influence routing – before users even detect faults• Maintains user experience even in changing network conditions
Cloud EnabledBranch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• PfR reuses many existing technologies
• .. and introduces an algorithm and comms link
NetFlow
Policy Based Routing (PBR)
Routing Protocols
IP SLA
AVC (NBAR)
Border Router (BR)Master Controller (MC)
State Machines
Timers
Control Loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• ISR G2 (1800 router upward) – Requires DATA license
• ASR 1000 – Requires AdvIp/AdvEnt
• Additional recommended licenses: SEC (required for encryption over the Internet), AVC (ideal for additional visibility/control functions)
Platform License or Image DescriptionISR G2 (1800 upwards) Data (e.g. SL-19-DATA-K9) Needed for PfR
Security (e.g. SL-19-SEC-K9) Needed for DMVPNASR 1000 Advanced Enterprise K9 or
Advanced IP K9Needed for PfR and DMVPN
FLASR1-IPSEC License for DMVPNFLASR1-AVC Recommended to use AVC at the
HQ
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Cloud Lean Branch Rapid ScalabilityWorkplace Flexibility
BYOD
IPv6 Cloud AppsAuth/Encrypt
Video Smartphone AdoptionBusiness Video Immersive Video
VDI
Software Capabilities Unified FabricSave Costs
• Market transitions leading to apps in Clouds and DCs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
• WAN connectivity options (e.g. DSL, 3G, 4G)DSL is more reliable than it was 5 years ago
3G offers high throughput
4G offers low latency
• Drive to remain cost-effective and maintain performanceOpportunity to reduce costs greatly; 75-90% savings in WAN costs per branch is possible with PfR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• Maintain cost-effectiveness/sustain savings moving to PfR/NGN
• Get best utilisation from 2 DSL lines
• Best user experience for business-critical apps:Protect business-critical apps
Ensure the app works, and is responsive
• Maintain app performance even if a DSL line is suffering from contention or anything else causing packet loss or delay
• Ability to handle voice and video, on the same solution, at zero additional cost
• Have a solution that will work with DMVPN, GET VPN and other features
• Something that also works with 3G, i.e. access-agnostic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Requirement: Improve user experience Solution: PfR to maintain application performanceBenefits:Per-application policies can be set using the parameters that matter for the scenarioDynamic best path determination before the user even uses the applicationVoice and video performance is dynamically maintained throughout the callSelects best path in both directions (Branch and HQ)
Requirement: Make best use of multiple links Solution: PfR to provide load balancingBenefits:The entire bandwidth of multiple links can be usedApplications will move link to meet performance needsCost minimization; load balancing takes into account ISP billing model
Requirement: Increased branch uptime Solution: PfR to control all WAN linksBenefits:Most cost-effective way of increasing uptimeNo manual interaction neededTakes action on black-holes which traditional routing will not detect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
(aka External Interfaces)
• PfR controlled exits – known as Exit Links
• PfR is transport agnostic, and ISP agnostic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• Some example topologies (redundancy not shown)
• Master Controller and Border Router can be co-located
MC
BR
MC BR
Branch
BR
WAN Aggregation
MC
BR
BR
Enterprise Edge
Exit Links
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• TCP/IP communication between MC and BR
• Example message flows:
Red: Setting/querying statistics via NetFlow
Green: Programming in a new path
Reporting
Database
Config
Passive DataController
Top Talker Controller
Active ProbeController
Policy Decision Point
Master Controller
NetFlow Export
Top TalkerExport
Active ProbeExport
NetFlow API
SAA API
PBR API
Policy Enforcement Point
NetFlow Client
NBAR Client
PfR Client
RP RP ESP
Border Router
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
• Branch to HQ direction
• HQ to Branch direction
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
1. Identify traffic of interest
2. Monitor the traffic
3. Compare with policy
4. Apply path enforcement
5. Control loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Automatic LearningHighest throughput destinations
Most delay-suffering (TCP)
Manual LearningIP addresses of important destinations
Configured in prefix lists
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
• Several methods possible: Passive, Active and some hybrids
Some ExamplesLatency: TCP handshake
Packet loss: TCP sequence numbers
UDP, TCP, ICMP probes
RTP probes
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Active mode(delay, loss, reachability, jitter, MOS)
Current exits: always
Other exits: only when current exit is OOP
‘Both’ mode Current exits: always
Other exits: only when current exit is OOP
‘Fast’ mode All exits: always
Useful for Enterprise Edge only
Allows for best path determination even without traffic
Provides additional data points
Ultra-quick best path determination
Passive mode(delay, loss, reachability, throughput)
As soon as configured (manual mode)
As soon as traffic identified (automatic mode)
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• ‘Relative’ and ‘Threshold’ methods of specification are possible
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
A parent route needs to exist!
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
Inside the ASR 1000
Exact route already exists
Change local preference, or modify next-hop
Higher route exists Prefix-split injected (not sent outside AS)
More granularity needed
PBR used
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop
Responsiveness
Prevent ‘flapping’
Allow network to ‘settle’
Hold-down timer – delay between exit changes
Back-off timer – delay if no suitable exit can be found
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
No
Monitor Prefixes and
Exits
Out-of-Policy
Decision
Optimal Exit
Link Selection
Change a Prefix Exit
Link
Damping
Yes No Better EL
Yes
Yes
Apply failed
• Monitoring can be passive, active (probes) or some hybrids
• What is measured passively? Throughput, TCP latency, TCP packet loss, TCP ‘reachability’(i.e. were there SYNs with no ACK?)
• What active probes are available? ICMP echo (ping) to see if the destination is alive, UDP and TCP probe, RTP probes (for jitter, latency, etc).
• How are paths enforced? – PfR will choose the best method. It can influence routing tables, or use dynamic route-maps, or static routing. There is a control loop to make sure changes are effective.
• The damping is used to ensure stability
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
DefaultTraffic initially identified or configured
InPolicyTraffic meets
configured policy
OOPOut-of-policy;
no routes meet the configured
policy
HolddownWait state to
prevent flapping and gather rapid measurements
InterimInterim state
while link selection is
made
UnreachableOOP
Short delayto allow
configuration to settle
Successfulexit selection
Periodic selection configured
OOP No suitable exit
Backoff timehas expired
Newexit selection Holddown time
has expired
Unreachable
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
• Number of traffic classes: 20k TCsTotal TC = TC per branch x number of branches
In practise, this will easily allow 300-500 branches per cluster
• Number of branches: 300 (with a high number of TCs)Realistically slightly higher should be possible with a reasonable number of TCs, but needs testing beyond 300
• IP SLA responder sizingUse Performance dashboard: http://wwwin-tools.cisco.com/CCIT/GPEOBI/saw.dll?PortalPages&PortalPath=/shared/Meteoric%20Dashboard/_portal/Meteoric%20%28ASR1k%20Performance%29
Realistically, ASR 1001 should be sufficient for most deployments
• DPI (NBAR)There is a performance hit, but realistically not all traffic needs this to identify the important traffic. ASR 1002-X has good DPI capability – 5Gbit/sec of inspected traffic
XE 3.8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• HQ MC, BRASR 1002-X or ASR 1004
• IP SLA ResponderASR 1001 or ASR 1002-X
• Branch routers1800 series upwards
Significant levels of NBAR? Pick a router model one step up
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Network ManagementPrime Infrastructure is a good for configuration of PfR (create a template)
Monitoring: Prime Infra 2.0 doesn’t really address this well
ActionPacked has already demonstrated monitoring for PfR
Plixer is another vendor with PfR monitoring capability
• Further scale improvementsCENT (Connected ENTerprise) will address this towards the end of next year
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• PfR supports modern requirements – WAN performance is more critical to the enterprise today
• PfR:Improves user experience
Makes best use of multiple links and is cost effective
Greatly increases application availability and reliability
• PfR is access-agnostic, ISP-agnostic
• PfR can be combined with DMVPN, HQoS and other Cisco solutions (e.g. MediaNet)
• PfR helps combat against other vendor routers; they don’t have a good equivalent solution today
top related