# Cisco PfR/OER

Cisco Performance Routing (PfR), formely known as Optimized Edge Routing (OER), allows routing based on destination prefix and application type.
PfR is designed to make the best use of available bandwidth, but it does not solve the problem of over-subscribed bandwidth.

Stages

- Learn
- Measure
- Apply Policy
- Enforce
- Verify

Learn

BRs learn interesting applications (traffic classes) using destination prefix with or without port, dscp, source prefix or even application using NBAR.
This profiling process can be automatic or configured manually.

- Automatic

MC(config)# key chain key1
MC(config-keychain)# key 1
MC(config-keychain-key)# key-string cisco
MC(config)# oer master
MC(config-oer-mc)# logging
MC(config-oer-mc)# border 10.0.1.1 key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface fa0/1 external
MC(config-oer-mc)# border 10.0.2.1 key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface fa0/1 external
MC(config-oer-mc)# learn
MC(config-oer-mc-learn)# throughput
MC(config-oer-mc-learn)# monitor 1
MC(config-oer-mc-learn)# periodic 0

- Manual

MC(config)# ip prefix-list FILTERBRANCH1 seq 10 permit 10.1.1.0/24
MC(config)# ip prefix-list FILTERBRANCH1 seq 20 permit 10.1.2.0/24
MC(config)# ip prefix-list FILTERBRANCH2 seq 10 permit 10.2.1.0/24
MC(config)# ip prefix-list FILTERBRANCH2 seq 20 permit 10.2.2.0/24
MC(config)# ip access-list extended MYAPP
MC(config-ext-nacl)# permit tcp any any eq 21
MC(config)# oer-map MYMAP 10
MC(config-oer-map)#  match traffic-class application telnet prefix-list FILTERBRANCH1
MC(config-oer-map)#  set mode select-exit good
MC(config-oer-map)#  set delay threshold 2000
MC(config-oer-map)#  set mode route control
MC(config-oer-map)#  set mode monitor both
MC(config-oer-map)#  no set resolve delay
MC(config-oer-map)#  set active-probe echo 10.1.1.10 ! IP SLA probe
MC(config)# oer-map MYMAP 20
MC(config-oer-map)# match traffic-class application http prefix-list FILTERBRANCH2
MC(config-oer-map)# set mode select-exit good
MC(config-oer-map)# set delay threshold 2000
MC(config-oer-map)# set mode route control
MC(config-oer-map)# set mode monitor both
MC(config-oer-map)# no set resolve delay
MC(config)# oer-map MYMAP 30
MC(config-oer-map)# traffic-class access-list MY_APP filter FILTERBRANCH2
MC(config-oer-map)# set mode select-exit good
MC(config-oer-map)# set delay threshold 2000
MC(config-oer-map)# set mode route control
MC(config-oer-map)# set mode monitor both
MC(config-oer-map)# no set resolve delay
MC(config-oer-map)# set active-probe echo 10.1.3.10 ! IP SLA probe
MC(config)# oer master
MC(config-oer-mc)# policy-rules MYMAP
MC(config-oer-mc)# logging
MC(config-oer-mc)# border 10.1.0.1 key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface fa0/1 external
MC(config-oer-mc)# border 10.2.0.1 key-chain key1
MC(config-oer-mc-br)# interface fa0/0 internal
MC(config-oer-mc-br)# interface fa0/1 external

Measure

Collect traffic class statistics.
The monitor modes are: passive (Netflow), active (IP SLA), both (Netflow + IP SLA), fast and special (cat6k).

Apply Policy

Determine whether traffic class is out of policy and if an alternate path can meet the policy requirements.
Traffic class states:

- Default: Prefix manually configured but has not been determined to be out-of-policy ~ shutdown
- InPolicy: The prefix meets its respective policy.
- Out-of-Policy: The prefix fails its respective policy.
- HoldDown: Is a period of wait to avoid erratic behaviour after a prefix has been changed.

Enforce

Re-route traffic injecting static routes, BGP local preference or using PBR.
Two modes:

- Observe mode

Default mode. MC monitors traffic classes and exit links.

- Control mode

Configured using the mode route control command. MC coordinates information from BRs and changes the routing process.

Verify

Check the new route match the policy.
Use the logging command to log PfR state changes.
To display PfR information about prefixes or routes use:
show oer master prefix
show oer border routes ?

Laboratory

Topology:

R1-R2-R3-R5
R2-R4-R5

R2 is the MC.
R3 and R4 are the BRs.

Routing configuration:

R1(config)# interface fa0/0
R1(config-if)# ip address 192.168.12.1 255.255.255.0
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.12.2
R2(config)# interface lo2
R2(config-if)# ip address 2.2.2.2 255.255.255.255
R2(config)# interface fa0/0
R2(config-if)# ip address 192.168.23.2 255.255.255.0
R2(config)# interface fa0/1
R2(config-if)# ip address 192.168.24.2 255.255.255.0
R2(config)# interface fa1/0
R2(config-if)# ip address 192.168.12.2 255.255.255.0
R2(config)# router bgp 10
R2(config-router)# network 2.2.2.2 mask 255.255.255.255
R2(config-router)# network 192.168.12.0
R2(config-router)# network 192.168.23.0
R2(config-router)# network 192.168.24.0
R2(config-router)# neighbor 192.168.23.3 remote-as 10
R2(config-router)# neighbor 192.168.24.4 remote-as 10
R3(config)# interface lo3
R3(config-if)# ip address 3.3.3.3 255.255.255.255
R3(config)# interface fa0/0
R3(config-if)# ip address 192.168.23.3 255.255.255.0
R3(config)# interface sel1/0
R3(config-if)# ip address 192.168.35.3 255.255.255.0
R3(config)# router bgp 10
R3(config-router)# network 3.3.3.3 mask 255.255.255.255
R3(config-router)# network 192.168.23.0
R3(config-router)# network 192.168.35.0
R3(config-router)# neighbor 192.168.23.2 remote-as 10
R3(config-router)# neighbor 192.168.35.5 remote-as 20
R4(config)# interface lo4
R4(config-if)# ip address 4.4.4.4 255.255.255.255
R4(config)# interface fa0/0
R4(config-if)# ip address 192.168.45.4 255.255.255.0
R4(config)# interface fa0/1
R4(config-if)# ip address 192.168.24.4 255.255.255.0
R4(config)# router bgp 10
R4(config-router)# network 4.4.4.4 mask 255.255.255.255
R4(config-router)# network 192.168.24.0
R4(config-router)# network 192.168.45.0
R4(config-router)# neighbor 192.168.24.2 remote-as 10
R4(config-router)# neighbor 192.168.45.5 remote-as 20
R5(config)# interface lo5
R5(config-if)# ip address 5.5.5.5 255.255.255.255
R5(config)# interface fa0/0
R5(config-if)# ip address 192.168.45.5 255.255.255.0
R5(config)# interface se1/0
R5(config-if)# ip address 192.168.35.5 255.255.255.0
R5(config)# router bgp 20
R5(config-router)# network 5.5.5.5 mask 255.255.255.255
R5(config-router)# network 192.168.35.0
R5(config-router)# network 192.168.45.0
R5(config-router)# neighbor 192.168.35.3 remote-as 10
R5(config-router)# neighbor 192.168.45.4 remote-as 10

OER configuration:

R3(config)# key chain MYKEY
R3(config-keychain)# key 1
R3(config-keychain-key)# key-string OER
R3(config)# oer border
R3(config-oer-br)# logging
R3(config-oer-br)# local loopback 3
R3(config-oer-br)# master 2.2.2.2 key-chain MYKEY
R4(config)# key chain MYKEY
R4(config-keychain)# key 1
R4(config-keychain-key)# key-string OER
R4(config)# oer border
R4(config-oer-br)# logging
R4(config-oer-br)# local loopback 4
R4(config-oer-br)# master 2.2.2.2 key-chain MYKEY
R2(config)# key chain MYKEY
R2(config-keychain)# key 1
R2(config-keychain-key)# key-string OER
R2(config)# oer master
R2(config-oer-mc)# policy-rules CRITICAL-APP
R2(config-oer-mc)# logging
R2(config-oer-mc)# border 3.3.3.3 key-chain MYKEY
R2(config-oer-mc-br)# interface fa0/0 internal
R2(config-oer-mc-br)# interface se1/0 external
R2(config-oer-mc)# border 4.4.4.4 key-chain MYKEY
R2(config-oer-mc-br)# interface fa0/1 internal
R2(config-oer-mc-br)# interface fa0/0 external
R2# show oer master
R2(config)# ip prefix-list CRITICAL seq 10 permit 5.5.5.5/32
R2(config)# oer-map CRITICAL-APP 10
R2(config-oer-map)# match traffic-class prefix-list CRITICAL
R2(config-oer-map)# set periodic 90 ! Try to find a better path every 90 seconds
R2(config-oer-map)# set mode select-exit best ! Try to find the best exit
R2(config-oer-map)# set backoff 90 90 ! Time to wait for a OOPolicy prefix
R2(config-oer-map)# set holddown 90
R2(config-oer-map)# set delay threshold 50 ! Maximum delay time
R2(config-oer-map)# set mode route control ! Control mode
R2(config-oer-map)# set mode monitor active
R2(config-oer-map)# set resolve delay priority 1 variance 1
R2(config-oer-map)# set active-probe echo 5.5.5.5 ! From BRs
R2# show oer master policy
R2# show oer master prefix
R2# show ip bgp 5.5.5.5/32 ! Look for localpref

Debugging and delay modification:

R3# debug oer border active-probes
R4# debug oer border active-probes
R3(config)# int s1/0
R3(config-if)# traffic-shape rate 8000 1000 0 0

References

PfR:Technology_Overview

No comments: