cisco oer pfr
TRANSCRIPT
-
7/28/2019 Cisco Oer Pfr
1/28
Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 1
Clayton Daffron
Systems EngineerCisco Systems
Performance Routing (PfR)PACUG 3/2012
-
7/28/2019 Cisco Oer Pfr
2/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Changing Landscape
How it Works
PfR Use Cases
Configuration Details
Lab Demo
-
7/28/2019 Cisco Oer Pfr
3/28
Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 3
-
7/28/2019 Cisco Oer Pfr
4/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Applications are moving toCloud-based services
Increasing Video (real-time)traffic
Visibility for all applications willbe critical
Traffic management and controlof the flows is necessary toguarantee performance
Increased usage of Ethernetconnectivity
SaaS/Public InternetPublic DC
HostingProvider DC
ServiceProvider DC
Private DC
HQ / MainSite
Branch Office
@
-
7/28/2019 Cisco Oer Pfr
5/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Full utilization of expensive network resourcesEfficient distribution of traffic based upon load
Traffic optimized based upon circuit $ cost profiles
Minimization of underutilized expensive WAN paths
Avoidance of network brownouts and softerrors
Hot spots, congestion, delay, suboptimal performance
Responsiveness to critical applicationperformance requirements
Time/delay sensitive: voice, video, etc
Loss sensitive: video, circuit emulationData center traffic: SAN extension, Internet ISP loadbalancing
Transactional traffic: e-commerce transactions,automated B2B, ERP
-
7/28/2019 Cisco Oer Pfr
6/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Enhances traditional routing by factoring inperformance visibility into path selection
Automatic integration for Routing and Instrumentationprovide better service levels
The PfR policy can: minimize cost, efficiently distributetraffic load, and/or select the optimum performing path forapplications
Dynamically route around blackholes andbrownout conditions in the Enterprise WAN orInternet
Makes adaptive routing adjustments based onreal-time performance metrics
Response time, packet loss, jitter, mean opinion score(MOS), availability, traffic load, and $ cost policies
InternetDMVPN
CentralSite
MC
BR2BR1
MPLS-VPNHigh SLA
MC/BR
MC/BRMC/BR
-
7/28/2019 Cisco Oer Pfr
7/28Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 7
-
7/28/2019 Cisco Oer Pfr
8/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
ITResources
Provision
ControlOptimize
Baseline
NetworkAdjustments
Network Capabilities to SupportApplication (Data/Voice/Video) Delivery
Plan, configure, monitor,troubleshoot
Sessions, endpoints andservice infrastructure
SLA measurements
NetworkManagement
Application acceleration,offload
Reduce WAN traffic,application latency
Optimization
Capacity planning Visibility into network and
application behavior
Dynamic troubleshooting
Monitoring andInstrumentation
Prioritize business-criticaltraffic
Meets established businesspolicies and priorities
Control
Automatic application recognition Application Context awareness
Identification andClassification
-
7/28/2019 Cisco Oer Pfr
9/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Performance Routing Policy Engine
-
7/28/2019 Cisco Oer Pfr
10/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Learn Applications: MC tells BR to learn interesting applications, called Traffic Classes: This could be destination prefix with or without port, dscp, source prefix or even
application using NBAR. This profiling process can be entirely automatic based on the top talkers (using Netflow)
or configured manually.
Measure Application performance (Collects traffic class statistics for learned applications): Monitor Modes: Passive, Active, Both, Fast, Special (Cat6K) Netflow for UDP (bandwidth) and TCP flows (availability, delay, bandwidth, loss) IP SLA for TCP and UDP flows (Availability, delay, loss, jitter, MOS).Apply Policy: Use measured application data to determine whether managed traffic-class is out of
policy (OOP) and if an alternate path can meet the policy requirements
Enforce (re-route traffic): Prefix Control: Inject BGP or Static routes Application Control: Dynamic Route-map/PBR for traffic classes defined by ACLs, NBAR,
unsupported routing protocols (OSPF, ISIS) or, BRs running a mix of routing protocols.
Verify that the new route match the policy.
PfR Policy Engine, Continued
-
7/28/2019 Cisco Oer Pfr
11/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
The Decision Maker: Master Controller (MC)Cisco IOS software featureApply policy, verification, reporting
Standalone or collocated with BR
No routing protocol required
No packet forwarding/ inspection required
The Forwarding Path: Border Router (BR)Cisco IOS software feature
Learn, measure, enforcement
NetFlow collector
Probe source (IP SLA client)
InternetVPN
CentralSite MC
BR2BR1
MPLS-VPNHigh SLA
MC/BR
MC/BRMC/BR
-
7/28/2019 Cisco Oer Pfr
12/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
MC
BR2BR1
Learning Performance Monitoring
Using NetflowUsing IP SLA Probes
And much more in the future
Enforcement using Routing protocols or PBR
Route/Application ControlMC commands BRs to learn traffic classes
Instruct BR to monitor the performance
Verify the Performance
If not performing, make a policy decision andinstruct the BRs to enforce a new route
-
7/28/2019 Cisco Oer Pfr
13/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
PfR has to determine the traffic classes from the traffic flowing through the borderrouters
Subsets of the total traffic must be identified, and these traffic subsets are namedtraffic classes
Automatically learning or manual configuration
Type Example
Destination Prefix(Mandatory)
10.0.0.0/8
20.1.1.0/24
Application(Optional)
ACL10.1.1.0/24 dscp ef
10.1.1.0/24 dst-port 50
Well-Known10.1.1.0/24 telnet
20.1.0.0/16 ssh
NBAR10.1.1.0/24 nbar RTP
20.1.1.0/24 nbar citrix
-
7/28/2019 Cisco Oer Pfr
14/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Both Fast Active Throughput
Passive to measureperformance
Active probing as needed
It is the default
Active probes on allpath all the time
Passive to measureBW only
Passive to measureBW only
Active probing oncurrent exit
Passive
PfR Netflow Monitoring
Flows Need not besymmetrical
Active
PfR enables IP SLA feature
Probes sourced from BR ICMP probes learned or
configured
TCP, UDP, JITTER need ipsla responder
Delay LossReachability
Egress BW Ingress BW
Delay LossReachability
Jitter MOS
Hybrid Modes
-
7/28/2019 Cisco Oer Pfr
15/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
-
7/28/2019 Cisco Oer Pfr
16/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
10.1.1.0/24Site#1
TrafficFlowBasedonthe
RIB
10.2.2.0/24Site#2
BR MC/BR
PfR optimizes performance of traffic-class and optimizes the usage of thelinks. Choose the best path for the application
If the performance of traffic-class does not meet the requirement then traffic-class is deemed Out of Policy.
If the link usage does not meet the requirement then link is deemed Out ofPolicy.
EFTrafficFlowBasedonPfR
Policies
TrafficlossDelayincrease
MC
-
7/28/2019 Cisco Oer Pfr
17/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Link Utilization Delay (ms)Priority 1
Jitter (ms)Priority 2
Serial1 89% 100 30
Serial2 50% 113 30
Serial3 60% 119 25
Serial4 40% 150 20
Serial2 and serial3 areconsidered because 113 and119 are below 132 (which is120% of 110).
Even though serial3 has slightlyhigher delay it is still chosen asbest exit because jitter is lowerand has no variance configured.
Policies
Utilization:
-
7/28/2019 Cisco Oer Pfr
18/28
Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 18
-
7/28/2019 Cisco Oer Pfr
19/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cisco 7200 and now Cisco ASR1kare typical BR/MC with BRterminating WAN connections
BGP routing BRs must be iBGP peers Default routing or Partial routes or Full routes
PfR can actively manage the top 20k Prefixesconcurrently (with Cisco 7200-NPE-G2 orASR1000)
12.4T/15.0.1M IOS-XE 3.3.0 Entrance optimization
Customers differ on policy priority Learn prefixes by throughput and delay
InternetISP2
CentralSite
MC
BR2BR1
InternetISP1
IM WebEmail
InternetISP4Internet
ISP3
-
7/28/2019 Cisco Oer Pfr
20/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Requirements: basic load Balancing onexternal interfaces
Dual IP-VPN
Routing is BGP or static
Dedicated MC or MC/BR combo
Load-balancing based on external interfacesload (delay unused)
PfR Solution usedLearn throughput to get prefixes
Measurement: monitor both
Policies: range/utilization
SP2IP-VPN
CentralSite
MC
BR2BR1
SP1IP-VPN
MC/BR
MC/BRMC/BR
-
7/28/2019 Cisco Oer Pfr
21/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Primary MPLS VPN and secondary usingDMVPN over Internet. Select optimumperforming path for applications
Use PfR traffic class based routingUse PfR traffic class based routing to route voiceand video traffic over MPLS and route data traffic
over the public WANIf the utilization on DMVPN is > 80% then excessnon-critical traffic is moved to MPLS if there isenough BW to accommodate
Critical TrafficMonitor mode fastIf moderate level traffic loss is noticed in MPLSpath (>=5%), all traffic is routed to the Public WAN
Delay threshold is configured as 300 msec
Jitter threshold is configured as 30 ms
InternetVPN
CentralSite
MC
BR2BR1
MPLS-VPNHigh SLA
MC/BR
MC/BRMC/BR
-
7/28/2019 Cisco Oer Pfr
22/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Cisco
7200-NPE-G2
12.4, 12.4T
15M/T
Cisco 3900
Cisco 380012.4, 12.4T
15M/T
Cisco 2900
Cisco 280012.4, 12.4T
15M/T
Cisco
1900
Cisco
180012.4, 12.4T,
15M/T
Cisco 6500*
12.2(33)SXH(limited support)
Cisco 7600
12.2(33)SRB(Limited
support)
Cisco
ASR 1000
BR in IOS-XE 2.6.1
MC in IOS-XE 3.3.0
-
7/28/2019 Cisco Oer Pfr
23/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
PfR
New Cisco ISR G2 Simplified Feature Sets Classic Cisco IOS Software Feature Sets New ISR-G2 1900, 2900, 3900 A single IOS Universal Image for all ISR
Generation 2 ISR Platforms
PfR is within the DATA package.
Existing ISR 1800, 2800, 3800, 7200
ASR 1000 Series
Universal image NPEK9 or UK9 Use Advanced IP Services (AIS/AISK9) or Advanced
Enterprise Services (AES/AESK9) Technology packagelicense
-
7/28/2019 Cisco Oer Pfr
24/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Configuration Details
Master Controller
Vast majority of configuration is on MC routerIdentify border routers by IP address, authentication key, and their interfacesConfigure learning parametersMany other optional settings traffic types, policy thresholds, timers, out-of-policy actions, active probes, etc
Border Router
Identify MC by IP address and configure authentication key
Identify local interface for MC peering (like BGP update-source)
-
7/28/2019 Cisco Oer Pfr
25/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Basic PFR Requirements
One MC, at least one BR (can co-exist on same router), max of 10 BRsCEF must be enabledAt least two External interfaces; one Internal interfaceIf more than one BR, internal interfaces must be directly connectedEach BR must be in the traffic forwarding path; MC doesnt have to beEqual-cost Parent Routes must be present
10.1.0.0/16
Destination Prefix: 10.1.1.0/24
0.0.0.0/0
MC / BR
MC / BR
BR
ext
ext
ext
ext
intint
-
7/28/2019 Cisco Oer Pfr
26/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Basic PFR Deployment Options
Decide which prefixes or traffic classes are interesting the default is
all traffic; ACLs can be used to get very granular
Decide which mode to use observe is the default, and will generatesyslog messages when traffic is out-of-policy (OOP). Control modeallows the MC to tell the BRs how to reroute OOP traffic so that theyare back in-policy
Decide which method of performance measurement to use:Passive monitoring uses only NetFlow data (NetFlow collection isautomated)Active monitoring uses automated IP SLA streamsBoth is an option, and uses bothDecide policy requirements can include packet loss, delay, linkutilization, jitter, etc. Policies can overlap, so each must be configuredwith a priority and range of acceptable metrics
-
7/28/2019 Cisco Oer Pfr
27/28
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Docwiki Performance Routing HomeTechnology Overview, Solution Guides, Troubleshooting Guides, FAQ
http://docwiki.cisco.com/wiki/PfR:Home
Performance RoutingTechnology Overview
http://docwiki.cisco.com/wiki/PfR:Technology_Overview
Performance Routing Solution Guides
http://docwiki.cisco.com/wiki/PfR:SolutionsPerformance Routing Troubleshooting Guide
http://docwiki.cisco.com/wiki/PfR:Troubleshooting
ConfigurationUnderstanding Performance Routing
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html
Basic Configurationhttp://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html
Advanced Configurationhttp://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html
PFR L b
-
7/28/2019 Cisco Oer Pfr
28/28
Branch MC/BR
PFR LabTwo PFR instances Branch and Campus
Campus SiteBranch Site
LowLat
ency
LowBan
dwidth
HighLatencyHighBandwidth
T1
4G
Campus MC/BR
Campus BR
Traffic Class:VOIPDest: 10.254.4.4 DSCP=46
10.254.4.4
10.254.44.44
VOIP
Data
tunn
el0