performance routing pfr

Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1

Clayton Daffron

Systems Engineer

Cisco Systems

Performance Routing (PfR) PACUG – 3/2012

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

Changing Landscape

How it Works

PfR Use Cases

Configuration Details

Lab Demo


•  Applications are moving to Cloud-based services

•  Increasing Video (real-time) traffic

•  Visibility for all applications will be critical

•  Traffic management and control of the flows is necessary to guarantee performance

•  Increased usage of Ethernet connectivity

SaaS/Public Internet Public DC

Hosting Provider DC

Service Provider DC

Private DC

HQ / Main Site

Branch Office

@


•  Full utilization of expensive network resources Efficient distribution of traffic based upon load Traffic optimized based upon circuit $ cost profiles Minimization of underutilized expensive WAN paths

•  Avoidance of network brownouts and soft errors

Hot spots, congestion, delay, suboptimal performance

•  Responsiveness to critical application performance requirements

Time/delay sensitive: voice, video, etc Loss sensitive: video, circuit emulation Data center traffic: SAN extension, Internet ISP load balancing Transactional traffic: e-commerce transactions, automated B2B, ERP


•  Enhances traditional routing by factoring in performance visibility into path selection

Automatic integration for Routing and Instrumentation provide better service levels The PfR policy can: minimize cost, efficiently distribute traffic load, and/or select the optimum performing path for applications

•  Dynamically route around blackholes and brownout conditions in the Enterprise WAN or Internet

•  Makes adaptive routing adjustments based on real-time performance metrics

Response time, packet loss, jitter, mean opinion score (MOS), availability, traffic load, and $ cost policies

Internet DMVPN

Central Site

MC

BR2 BR1

MPLS-VPN High SLA

MC/BR

MC/BR MC/BR


IT Resources

Provision

Control

Optimize

Baseline

Network Adjustments

Network Capabilities to Support Application (Data/Voice/Video) Delivery

•  Plan, configure, monitor, troubleshoot

•  Sessions, endpoints and service infrastructure

•  SLA measurements

Network Management

•  Application acceleration, offload

•  Reduce WAN traffic, application latency

Optimization

•  Capacity planning •  Visibility into network and

application behavior

•  Dynamic troubleshooting

Monitoring and Instrumentation

•  Prioritize business-critical traffic

•  Meets established business policies and priorities

Control

•  Automatic application recognition •  Application Context awareness

Identification and Classification


Performance Routing Policy Engine


Learn Applications: MC tells BR to learn “interesting” applications, called Traffic Classes: •  This could be destination prefix with or without port, dscp, source prefix or even

application using NBAR. •  This profiling process can be entirely automatic based on the top talkers (using Netflow)

or configured manually. Measure Application performance (Collects traffic class statistics for learned applications): •  Monitor Modes: Passive, Active, Both, Fast, Special (Cat6K) •  Netflow for UDP (bandwidth) and TCP flows (availability, delay, bandwidth, loss) •  IP SLA for TCP and UDP flows (Availability, delay, loss, jitter, MOS). Apply Policy: •  Use measured application data to determine whether managed traffic-class is out of

policy (OOP) and if an alternate path can meet the policy requirements Enforce (re-route traffic): •  Prefix Control: Inject BGP or Static routes •  Application Control: Dynamic Route-map/PBR for traffic classes defined by ACLs, NBAR,

unsupported routing protocols (OSPF, ISIS) or, BRs running a mix of routing protocols. Verify that the new route match the policy.

PfR Policy Engine, Continued


•  The Decision Maker: Master Controller (MC) Cisco IOS software feature Apply policy, verification, reporting Standalone or collocated with BR No routing protocol required No packet forwarding/ inspection required

•  The Forwarding Path: Border Router (BR) Cisco IOS software feature Learn, measure, enforcement NetFlow collector Probe source (IP SLA client)

Internet VPN

Central Site MC

BR2 BR1

MPLS-VPN High SLA

MC/BR

MC/BR MC/BR


MC

BR2 BR1

•  Learning

•  Performance Monitoring Using Netflow

Using IP SLA Probes

And much more in the future

•  Enforcement using Routing protocols or PBR

•  Route/Application Control MC commands BRs to learn traffic classes

Instruct BR to monitor the performance

Verify the Performance

If not performing, make a policy decision and instruct the BRs to enforce a new route


•  PfR has to determine the traffic classes from the traffic flowing through the border routers

•  Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes

•  Automatically learning or manual configuration

Type Example

Destination Prefix (Mandatory)

10.0.0.0/8

20.1.1.0/24

Application (Optional)

ACL 10.1.1.0/24 dscp ef

10.1.1.0/24 dst-port 50

Well-Known 10.1.1.0/24 telnet

20.1.0.0/16 ssh

NBAR 10.1.1.0/24 nbar RTP

20.1.1.0/24 nbar citrix


Both Fast Active Throughput   Passive to measure

performance   Active probing as needed   It is the default

  Active probes on all path all the time

  Passive to measure BW only

  Passive to measure BW only

  Active probing on current exit

Passive

  PfR Netflow Monitoring   Flows Need not be

symmetrical

Active

  PfR enables IP SLA feature   Probes sourced from BR   ICMP probes learned or

configured   TCP, UDP, JITTER need ip

sla responder

Delay Loss Reachability

Egress BW Ingress BW

Delay Loss Reachability

Jitter MOS

Hybrid Modes


10.1.1.0/24 Site #1

Traffic Flow Based on the

RIB

10.2.2.0/24 Site #2

BR MC/BR

  PfR optimizes performance of traffic-class and optimizes the usage of the links. Choose the best path for the application

  If the performance of traffic-class does not meet the requirement then traffic-class is deemed Out of Policy.

  If the link usage does not meet the requirement then link is deemed Out of Policy.

EF Traffic Flow Based on PfR

Policies

Traffic loss Delay increase

MC


Link Utilization Delay (ms) Priority 1

Jitter (ms) Priority 2

Serial1 89% 100 30

Serial2 50% 113 30

Serial3 60% 119 25

Serial4 40% 150 20

Serial2 and serial3 are considered because 113 and 119 are below 132 (which is 120% of 110).

Even though serial3 has slightly higher delay it is still chosen as best exit because jitter is lower and has no variance configured.

Policies

• Utilization: <75% • Delay: < 110 ms variance 20 • Jitter: < 50 ms


•  Cisco 7200 and now Cisco ASR1k are typical BR/MC with BR terminating WAN connections

•  BGP routing •  BRs must be iBGP peers •  Default routing or •  Partial routes or •  Full routes

•  PfR can actively manage the top 20k Prefixes concurrently (with Cisco 7200-NPE-G2 or ASR1000)

•  12.4T/15.0.1M •  IOS-XE 3.3.0 •  Entrance optimization

•  Customers differ on policy priority •  Learn prefixes by throughput and delay

Internet ISP2

Central Site

MC

BR2 BR1

Internet ISP1

IM Web Email

Internet ISP4 Internet

ISP3


•  Requirements: basic load Balancing on external interfaces

Dual IP-VPN Routing is BGP or static Dedicated MC or MC/BR combo Load-balancing based on external interfaces load (delay unused)

•  PfR Solution used Learn throughput to get prefixes Measurement: monitor both Policies: range/utilization

SP2 IP-VPN

Central Site

MC

BR2 BR1

SP1 IP-VPN

MC/BR

MC/BR MC/BR


•  Primary MPLS VPN and secondary using DMVPN over Internet. Select optimum performing path for applications

•  Use PfR traffic class based routing Use PfR traffic class based routing to route voice and video traffic over MPLS and route data traffic over the public WAN If the utilization on DMVPN is > 80% then excess non-critical traffic is moved to MPLS if there is enough BW to accommodate

•  Critical Traffic Monitor mode fast If moderate level traffic loss is noticed in MPLS path (>=5%), all traffic is routed to the Public WAN Delay threshold is configured as 300 msec Jitter threshold is configured as 30 ms

Internet VPN

Central Site

MC

BR2 BR1

MPLS-VPN High SLA

MC/BR

MC/BR MC/BR


Cisco 7200-NPE-G2

12.4, 12.4T 15M/T

Cisco 3900 Cisco 3800

12.4, 12.4T 15M/T


12.4, 12.4T 15M/T


12.4, 12.4T, 15M/T

Cisco 6500* 12.2(33)SXH

(limited support)

Cisco 7600 12.2(33)SRB

(Limited support)

Cisco ASR 1000

BR in IOS-XE 2.6.1 MC in IOS-XE 3.3.0


PfR

New Cisco ISR G2 Simplified Feature Sets Classic Cisco IOS Software Feature Sets •  New ISR-G2 1900, 2900, 3900

•  A single IOS Universal Image for all ISR Generation 2 ISR Platforms

•  PfR is within the DATA package.

•  Existing ISR 1800, 2800, 3800, 7200

ASR 1000 Series •  Universal image NPEK9 or UK9

•  Use Advanced IP Services (AIS/AISK9) or Advanced Enterprise Services (AES/AESK9) Technology package license


Configuration Details

Master Controller • Vast majority of configuration is on MC router

• Identify border routers by IP address, authentication key, and their interfaces

• Configure learning parameters

• Many other optional settings – traffic types, policy thresholds, timers, out-of-policy actions, active probes, etc

Border Router • Identify MC by IP address and configure authentication key

• Identify local interface for MC peering (like BGP update-source)


Basic PFR Requirements

• One MC, at least one BR (can co-exist on same router), max of 10 BR’s

• CEF must be enabled

• At least two External interfaces; one Internal interface

• If more than one BR, “internal” interfaces must be directly connected

• Each BR must be in the traffic forwarding path; MC doesn’t have to be

• Equal-cost “Parent Routes” must be present

10.1.0.0/16

Destination Prefix: 10.1.1.0/24

0.0.0.0/0

MC / BR

MC / BR

BR

ext

ext

ext

ext int

int


Basic PFR Deployment Options

Decide which prefixes or traffic classes are “interesting” – the default is all traffic; ACL’s can be used to get very granular Decide which “mode” to use – observe is the default, and will generate syslog messages when traffic is out-of-policy (OOP). Control mode allows the MC to tell the BR’s how to reroute OOP traffic so that they are back in-policy Decide which method of performance measurement to use: • Passive monitoring uses only NetFlow data (NetFlow collection is automated) • Active monitoring uses automated IP SLA streams • Both is an option, and uses… both

Decide policy requirements – can include packet loss, delay, link utilization, jitter, etc. Policies can overlap, so each must be configured with a priority and “range” of acceptable metrics


•  Docwiki – Performance Routing Home Technology Overview, Solution Guides, Troubleshooting Guides, FAQ

http://docwiki.cisco.com/wiki/PfR:Home Performance Routing Technology Overview

http://docwiki.cisco.com/wiki/PfR:Technology_Overview Performance Routing Solution Guides

http://docwiki.cisco.com/wiki/PfR:Solutions Performance Routing Troubleshooting Guide

http://docwiki.cisco.com/wiki/PfR:Troubleshooting

•  Configuration Understanding Performance Routing

http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html

Basic Configuration http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html

Advanced Configuration http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html


Branch MC/ BR

PFR Lab Two PFR instances – Branch and Campus

Campus Site Branch Site

Low Latency

Low Bandwidth

High Latency High Bandwidth

T1

4G

Campus MC/ BR

Campus BR

Traffic Class: VOIP Dest: 10.254.4.4 DSCP=46

10.254.4.4

10.254.44.44

VOIP

Data

tunn

el0

performance routing pfr

Documents

routing protocols

ip address

traffic classes

vpnhigh sla

measure bw

rights reserved

limited support

cisco confidential