Hi Moataz, thanks for responding. Yes, I've confirmed that with "show ip pfr bord activ"
Best Regards, *Mohammad Moghaddas* On Thu, Feb 13, 2014 at 5:24 PM, Moataz <[email protected]> wrote: > is your prob working fine ? > > Regards, > Moataz Tolba > ------------------------------ > *From:* Mohammad Moghaddas <[email protected]> > *To:* CCIE_RS OnlineStudyList <[email protected]> > *Sent:* Thursday, 13 February 2014, 15:45 > *Subject:* [OSL | CCIE_RS] OT: PFR Internet Inbound/Outbound LB > > Hi. > > I hope you are all doing well, and I'm sorry for posting such a long OT. > Straight to the issue, we have one 7609S which its IOS is 15.1(3)S. I > should note that this an ISP environment and this router has 15 private IX > peers, and 5 Exit links. > I've configured the router being MC and BR the same time, 1 Internal > interface, and 5 External interface. > Each exit link has specific customers, we have separated each link's > customers using ACL. When customer's TX traffic reaches the Internal > interface, they are routed using PBR (default next-hop) to their specific > exit link. Also these ACLs are referenced in a route-map assigned to each > exit BGP peer, so we only advertise the customers to their specific exit > BGP peer. > We have categorized our BGP peers in 3 template peer-policy. > > *The issue is that, I see PFR configuring /30 STATIC routes to exit links > > (it should be /24), and much more important for me, no inbound optimization > is happening.* > > > Below you will find some partial logging plus the configurations. > And I'm again sorry for such long post. > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, > Couldn't find the best exit > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, > Couldn't choose exit in prefix timeout > Feb 13 16:41:43: %OER_MC-5-NOTICE: Range Entrance OOP BR 172.31.255.14, i/f > Tu108, percent 100. Other BR 172.31.255.14, i/f Gi8/0/0 percent 15 > Feb 13 16:41:43: %OER_MC-5-NOTICE: Load Entrance OOP BR 172.31.255.14, i/f > Tu108, load 33000 policy 31350 > Feb 13 16:41:43: %OER_MC-5-NOTICE: Entrance 172.31.255.14 intf Tu108 OOP, > Tx BW 24, Rx BW 33000, Tx Load 0, Rx Load 100 > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, > Couldn't find the best exit > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, > Couldn't choose exit in prefix timeout > Feb 13 16:41:46: %OER_MC-5-NOTICE: Uncontrol Prefix 217.169.166.40/30, > Couldn't choose exit in prefix timeout > Feb 13 16:41:48: %OER_MC-5-NOTICE: Route changed Prefix 188.253.53.96/30, > BR 172.31.255.14, i/f Gi8/0/0, Reason Utilization, OOP Reason Timer Expired > > route-map CHNG_GW permit 10 > description ***CUST1 through EXIT1*** > match ip address CUST1 > set ip default next-hop 10.30.148.169 > route-map CHNG_GW permit 11 > description ****CUST2 through EXIT2**** > match ip address CUST2 > set ip default next-hop 172.16.108.2 > route-map CHNG_GW permit 12 > description ****CUST3 through EXIT3**** > match ip address CUST3 > set ip default next-hop 172.16.101.2 > route-map CHNG_GW permit 13 > description ****CUST4 through EXIT2**** > match ip address CUST4 > > !! All other customers are routed using the PRIMARY default route. !! > > ip route 0.0.0.0 0.0.0.0 192.168.64.1 name PRIMARY > ip route 0.0.0.0 0.0.0.0 10.30.148.169 5 name PFR > ip route 0.0.0.0 0.0.0.0 172.16.101.2 6 name PFR > ip route 0.0.0.0 0.0.0.0 172.16.105.2 7 name PFR > ip route 0.0.0.0 0.0.0.0 172.16.108.2 8 name PFR > > template peer-policy CUST_BGP > route-map BGP_CUST_NO-OUT out > default-originate > soft-reconfiguration inbound > send-community both > exit-peer-policy > ! > template peer-policy BW_UPLINKS > prefix-list ISP_IX-in in > next-hop-self all > soft-reconfiguration inbound > send-community both > exit-peer-policy > ! > template peer-policy IX > route-map IX_BGP-OUT out > prefix-list ISP_IX-in in > next-hop-self all > soft-reconfiguration inbound > send-community both > > pfr master > policy-rules PFR_BGP > max-range-utilization percent 80 > logging > ! > border 172.31.255.14 key-chain OER > interface GigabitEthernet8/0/0 external > max-xmit-utilization percentage 95 > maximum utilization receive percentage 95 > interface Tunnel101 external > max-xmit-utilization percentage 95 > maximum utilization receive percentage 95 > interface Tunnel108 external > max-xmit-utilization percentage 95 > maximum utilization receive percentage 95 > interface Tunnel105 external > max-xmit-utilization percentage 95 > maximum utilization receive percentage 95 > interface POS8/1/0 external > max-xmit-utilization percentage 95 > maximum utilization receive percentage 95 > interface GigabitEthernet5/1 internal > ! > learn > throughput > inside bgp > periodic-interval 0 > monitor-period 1 > prefixes 200 applications 200 > expire after time 30 > max range receive percent 80 > backoff 150 150 > mode route control > mode monitor fast > periodic 150 > no resolve delay > no resolve range > ! > active-probe tcp-conn 216.239.32.20 target-port 80 > active-probe tcp-conn 216.239.32.20 target-port 443 > active-probe echo 4.2.2.4 > active-probe echo 8.8.8.8 > active-probe tcp-conn 173.194.34.53 target-port 443 > active-probe tcp-conn 46.228.47.114 target-port 80 > active-probe echo 4.2.2.1 > active-probe echo 8.8.4.4 > active-probe echo 4.2.2.2 > pfr border > local Loopback17231255 > master 172.31.255.14 key-chain OER > active-probe address source interface GigabitEthernet5/1 > pfr-map PFR_BGP 10 > match pfr learn inside > set mode route control > set mode monitor passive > set resolve utilization priority 1 variance 10 > no set resolve delay > no set resolve range > > show pfr master: > OER state: ENABLED and INACTIVE > Conn Status: SUCCESS, PORT: 3949 > Version: 3.1 > Number of Border routers: 1 > Number of Exits: 5 > Number of monitored prefixes: 0 (max 5000) > Max prefixes: total 5000 learn 2500 > Prefix count: total 0, learn 0, cfg 0 > PBR Requirements met > Nbar Status: Inactive > > Border Status UP/DOWN AuthFail Version DOWN Reason > 172.31.255.14 INACTIVE DOWN 0 3.1 > > OER master in special monitor mode > > Global Settings: > max-range-utilization percent 80 recv 80 > rsvp post-dial-delay 0 signaling-retries 1 > mode route metric bgp local-pref 5000 > mode route metric static tag 5000 > trace probe delay 1000 > logging > exit holddown time 60 secs, time remaining 0 > > Default Policy Settings: > backoff 150 150 150 > delay relative 50 > holddown 300 > periodic 150 > probe frequency 56 > number of jitter probe packets 100 > mode route control > mode monitor fast > mode select-exit good > loss relative 10 > jitter threshold 20 > mos threshold 3.60 percent 30 > unreachable relative 50 > resolve utilization priority 13 variance 20 > > Learn Settings: > current state : DISABLED > time remaining in current state : 0 seconds > throughput > no delay > inside bgp > monitor-period 5 > periodic-interval 5 > aggregation-type prefix-length 24 > prefixes 200 appls 200 > expire after time 30 > > > show pfr master policy: > HT-CoreRT(config-pfr-mc)#do s pfr mas pol > Default Policy Settings: > backoff 150 150 150 > delay relative 50 > holddown 300 > periodic 150 > probe frequency 56 > number of jitter probe packets 100 > mode route control > mode monitor fast > mode select-exit good > loss relative 10 > jitter threshold 20 > mos threshold 3.60 percent 30 > unreachable relative 50 > resolve utilization priority 13 variance 20 > oer-map PFR_BGP 10 > sequence no. 8444249301975040, provider id 1, provider priority 30 > host priority 0, policy priority 10, Session id 0 > match oer learn inside > backoff 150 150 150 > delay relative 50 > holddown 300 > periodic 150 > probe frequency 56 > number of jitter probe packets 100 > *mode route control > *mode monitor passive > mode select-exit good > loss relative 10 > jitter threshold 20 > mos threshold 3.60 percent 30 > unreachable relative 50 > next-hop not set > forwarding interface not set > *resolve utilization priority 1 variance 10 > > Best Regards, > *Mohammad Moghaddas* > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
