cisco oer pfr

7/28/2019 Cisco Oer Pfr

1/28

Cisco Confidential 2011 Cisco and/or its affiliates. All rights reserved. 1

Clayton Daffron

Systems EngineerCisco Systems

Performance Routing (PfR)PACUG 3/2012


2/28

2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Changing Landscape

How it Works

PfR Use Cases

Configuration Details

Lab Demo


3/28



4/28


Applications are moving toCloud-based services

Increasing Video (real-time)traffic

Visibility for all applications willbe critical

Traffic management and controlof the flows is necessary toguarantee performance

Increased usage of Ethernetconnectivity

SaaS/Public InternetPublic DC

HostingProvider DC

ServiceProvider DC

Private DC

HQ / MainSite

Branch Office

@


5/28


Full utilization of expensive network resourcesEfficient distribution of traffic based upon load

Traffic optimized based upon circuit $ cost profiles

Minimization of underutilized expensive WAN paths

Avoidance of network brownouts and softerrors

Hot spots, congestion, delay, suboptimal performance

Responsiveness to critical applicationperformance requirements

Time/delay sensitive: voice, video, etc

Loss sensitive: video, circuit emulationData center traffic: SAN extension, Internet ISP loadbalancing

Transactional traffic: e-commerce transactions,automated B2B, ERP


6/28


Enhances traditional routing by factoring inperformance visibility into path selection

Automatic integration for Routing and Instrumentationprovide better service levels

The PfR policy can: minimize cost, efficiently distributetraffic load, and/or select the optimum performing path forapplications

Dynamically route around blackholes andbrownout conditions in the Enterprise WAN orInternet

Makes adaptive routing adjustments based onreal-time performance metrics

Response time, packet loss, jitter, mean opinion score(MOS), availability, traffic load, and $ cost policies

InternetDMVPN

CentralSite

MC

BR2BR1

MPLS-VPNHigh SLA

MC/BR

MC/BRMC/BR


8/28 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

ITResources

Provision

ControlOptimize

Baseline

NetworkAdjustments

Network Capabilities to SupportApplication (Data/Voice/Video) Delivery

Plan, configure, monitor,troubleshoot

Sessions, endpoints andservice infrastructure

SLA measurements

NetworkManagement

Application acceleration,offload

Reduce WAN traffic,application latency

Optimization

Capacity planning Visibility into network and

application behavior

Dynamic troubleshooting

Monitoring andInstrumentation

Prioritize business-criticaltraffic

Meets established businesspolicies and priorities

Control

Automatic application recognition Application Context awareness

Identification andClassification



Performance Routing Policy Engine



Learn Applications: MC tells BR to learn interesting applications, called Traffic Classes: This could be destination prefix with or without port, dscp, source prefix or even

application using NBAR. This profiling process can be entirely automatic based on the top talkers (using Netflow)

or configured manually.

Measure Application performance (Collects traffic class statistics for learned applications): Monitor Modes: Passive, Active, Both, Fast, Special (Cat6K) Netflow for UDP (bandwidth) and TCP flows (availability, delay, bandwidth, loss) IP SLA for TCP and UDP flows (Availability, delay, loss, jitter, MOS).Apply Policy: Use measured application data to determine whether managed traffic-class is out of

policy (OOP) and if an alternate path can meet the policy requirements

Enforce (re-route traffic): Prefix Control: Inject BGP or Static routes Application Control: Dynamic Route-map/PBR for traffic classes defined by ACLs, NBAR,

unsupported routing protocols (OSPF, ISIS) or, BRs running a mix of routing protocols.

Verify that the new route match the policy.

PfR Policy Engine, Continued



The Decision Maker: Master Controller (MC)Cisco IOS software featureApply policy, verification, reporting

Standalone or collocated with BR

No routing protocol required

No packet forwarding/ inspection required

The Forwarding Path: Border Router (BR)Cisco IOS software feature

Learn, measure, enforcement

NetFlow collector

Probe source (IP SLA client)

InternetVPN

CentralSite MC

BR2BR1

MPLS-VPNHigh SLA

MC/BR

MC/BRMC/BR



MC

BR2BR1

Learning Performance Monitoring

Using NetflowUsing IP SLA Probes

And much more in the future

Enforcement using Routing protocols or PBR

Route/Application ControlMC commands BRs to learn traffic classes

Instruct BR to monitor the performance

Verify the Performance

If not performing, make a policy decision andinstruct the BRs to enforce a new route



PfR has to determine the traffic classes from the traffic flowing through the borderrouters

Subsets of the total traffic must be identified, and these traffic subsets are namedtraffic classes

Automatically learning or manual configuration

Type Example

Destination Prefix(Mandatory)

10.0.0.0/8

20.1.1.0/24

Application(Optional)

ACL10.1.1.0/24 dscp ef

10.1.1.0/24 dst-port 50

Well-Known10.1.1.0/24 telnet

20.1.0.0/16 ssh

NBAR10.1.1.0/24 nbar RTP

20.1.1.0/24 nbar citrix


14/28


Both Fast Active Throughput

Passive to measureperformance

Active probing as needed

It is the default

Active probes on allpath all the time

Passive to measureBW only

Passive to measureBW only

Active probing oncurrent exit

Passive

PfR Netflow Monitoring

Flows Need not besymmetrical

Active

PfR enables IP SLA feature

Probes sourced from BR ICMP probes learned or

configured

TCP, UDP, JITTER need ipsla responder

Delay LossReachability

Egress BW Ingress BW

Delay LossReachability

Jitter MOS

Hybrid Modes


15/28



16/28


10.1.1.0/24Site#1

TrafficFlowBasedonthe

RIB

10.2.2.0/24Site#2

BR MC/BR

PfR optimizes performance of traffic-class and optimizes the usage of thelinks. Choose the best path for the application

If the performance of traffic-class does not meet the requirement then traffic-class is deemed Out of Policy.

If the link usage does not meet the requirement then link is deemed Out ofPolicy.

EFTrafficFlowBasedonPfR

Policies

TrafficlossDelayincrease

MC


17/28


Link Utilization Delay (ms)Priority 1

Jitter (ms)Priority 2

Serial1 89% 100 30

Serial2 50% 113 30

Serial3 60% 119 25

Serial4 40% 150 20

Serial2 and serial3 areconsidered because 113 and119 are below 132 (which is120% of 110).

Even though serial3 has slightlyhigher delay it is still chosen asbest exit because jitter is lowerand has no variance configured.

Policies

Utilization:


18/28



19/28


Cisco 7200 and now Cisco ASR1kare typical BR/MC with BRterminating WAN connections

BGP routing BRs must be iBGP peers Default routing or Partial routes or Full routes

PfR can actively manage the top 20k Prefixesconcurrently (with Cisco 7200-NPE-G2 orASR1000)

12.4T/15.0.1M IOS-XE 3.3.0 Entrance optimization

Customers differ on policy priority Learn prefixes by throughput and delay

InternetISP2

CentralSite

MC

BR2BR1

InternetISP1

IM WebEmail

InternetISP4Internet

ISP3


20/28


Requirements: basic load Balancing onexternal interfaces

Dual IP-VPN

Routing is BGP or static

Dedicated MC or MC/BR combo

Load-balancing based on external interfacesload (delay unused)

PfR Solution usedLearn throughput to get prefixes

Measurement: monitor both

Policies: range/utilization

SP2IP-VPN

CentralSite

MC

BR2BR1

SP1IP-VPN

MC/BR

MC/BRMC/BR


21/28


Primary MPLS VPN and secondary usingDMVPN over Internet. Select optimumperforming path for applications

Use PfR traffic class based routingUse PfR traffic class based routing to route voiceand video traffic over MPLS and route data traffic

over the public WANIf the utilization on DMVPN is > 80% then excessnon-critical traffic is moved to MPLS if there isenough BW to accommodate

Critical TrafficMonitor mode fastIf moderate level traffic loss is noticed in MPLSpath (>=5%), all traffic is routed to the Public WAN

Delay threshold is configured as 300 msec

Jitter threshold is configured as 30 ms

InternetVPN

CentralSite

MC

BR2BR1

MPLS-VPNHigh SLA

MC/BR

MC/BRMC/BR


22/28


Cisco

7200-NPE-G2

12.4, 12.4T

15M/T

Cisco 3900

Cisco 380012.4, 12.4T

15M/T

Cisco 2900

Cisco 280012.4, 12.4T

15M/T

Cisco

1900

Cisco

180012.4, 12.4T,

15M/T

Cisco 6500*

12.2(33)SXH(limited support)

Cisco 7600

12.2(33)SRB(Limited

support)

Cisco

ASR 1000

BR in IOS-XE 2.6.1

MC in IOS-XE 3.3.0


23/28


PfR

New Cisco ISR G2 Simplified Feature Sets Classic Cisco IOS Software Feature Sets New ISR-G2 1900, 2900, 3900 A single IOS Universal Image for all ISR

Generation 2 ISR Platforms

PfR is within the DATA package.

Existing ISR 1800, 2800, 3800, 7200

ASR 1000 Series

Universal image NPEK9 or UK9 Use Advanced IP Services (AIS/AISK9) or Advanced

Enterprise Services (AES/AESK9) Technology packagelicense


24/28


Configuration Details

Master Controller

Vast majority of configuration is on MC routerIdentify border routers by IP address, authentication key, and their interfacesConfigure learning parametersMany other optional settings traffic types, policy thresholds, timers, out-of-policy actions, active probes, etc

Border Router

Identify MC by IP address and configure authentication key

Identify local interface for MC peering (like BGP update-source)


25/28


Basic PFR Requirements

One MC, at least one BR (can co-exist on same router), max of 10 BRsCEF must be enabledAt least two External interfaces; one Internal interfaceIf more than one BR, internal interfaces must be directly connectedEach BR must be in the traffic forwarding path; MC doesnt have to beEqual-cost Parent Routes must be present

10.1.0.0/16

Destination Prefix: 10.1.1.0/24

0.0.0.0/0

MC / BR

MC / BR

BR

ext

ext

ext

ext

intint


26/28


Basic PFR Deployment Options

Decide which prefixes or traffic classes are interesting the default is

all traffic; ACLs can be used to get very granular

Decide which mode to use observe is the default, and will generatesyslog messages when traffic is out-of-policy (OOP). Control modeallows the MC to tell the BRs how to reroute OOP traffic so that theyare back in-policy

Decide which method of performance measurement to use:Passive monitoring uses only NetFlow data (NetFlow collection isautomated)Active monitoring uses automated IP SLA streamsBoth is an option, and uses bothDecide policy requirements can include packet loss, delay, linkutilization, jitter, etc. Policies can overlap, so each must be configuredwith a priority and range of acceptable metrics


27/28


Docwiki Performance Routing HomeTechnology Overview, Solution Guides, Troubleshooting Guides, FAQ

http://docwiki.cisco.com/wiki/PfR:Home

Performance RoutingTechnology Overview

http://docwiki.cisco.com/wiki/PfR:Technology_Overview

Performance Routing Solution Guides

http://docwiki.cisco.com/wiki/PfR:SolutionsPerformance Routing Troubleshooting Guide

http://docwiki.cisco.com/wiki/PfR:Troubleshooting

ConfigurationUnderstanding Performance Routing

http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html

Basic Configurationhttp://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html

Advanced Configurationhttp://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html

PFR L b


28/28

Branch MC/BR

PFR LabTwo PFR instances Branch and Campus

Campus SiteBranch Site

LowLat

ency

LowBan

dwidth

HighLatencyHighBandwidth

T1

4G

Campus MC/BR

Campus BR

Traffic Class:VOIPDest: 10.254.4.4 DSCP=46

10.254.4.4

10.254.44.44

VOIP

Data

tunn

el0

cisco oer pfr

Documents