The ACLs are not used in PFR configuration, they are assigned to a route-map for PBR, and different outbound route-maps for Exit BGP peers in bgp configuration. PBR and BGP was working fine before PFR, and they are still working fine. The issue is that PFR is not working the way I need it. It only adds /30 STATIC routes to exits which I need /24, and also it doesn't prepend to AS-PATH when advertising to Exit BGP peers.
Feb 13 16:41:43: %OER_MC-5-NOTICE: Range Entrance OOP BR 172.31.255.14, i/f Tu108, percent 100. Other BR 172.31.255.14, i/f Gi8/0/0 percent 15 Feb 13 16:41:43: %OER_MC-5-NOTICE: Load Entrance OOP BR 172.31.255.14, i/f Tu108, load 33000 policy 31350 Feb 13 16:41:43: %OER_MC-5-NOTICE: Entrance 172.31.255.14 intf Tu108 OOP, Tx BW 24, Rx BW 33000, Tx Load 0, Rx Load 100 Regards, *Mohammad* On Thu, Feb 13, 2014 at 5:38 PM, Moataz <[email protected]> wrote: > I think the problem maybe in the interesting traffic inside the ACL > > Can you check the access list configuration . > > > Sent from my iPhone > > ------------------------------ > * From: * Mohammad Moghaddas <[email protected]>; > * To: * Moataz <[email protected]>; > * Cc: * CCIE_RS OnlineStudyList <[email protected]>; > * Subject: * Re: [OSL | CCIE_RS] OT: PFR Internet Inbound/Outbound LB > * Sent: * Thu, Feb 13, 2014 2:01:33 PM > > Hi Moataz, > > thanks for responding. Yes, I've confirmed that with "show ip pfr bord > activ" > > Best Regards, > *Mohammad Moghaddas* > > > On Thu, Feb 13, 2014 at 5:24 PM, Moataz <[email protected]> wrote: > >> is your prob working fine ? >> >> Regards, >> Moataz Tolba >> ------------------------------ >> *From:* Mohammad Moghaddas <[email protected]> >> *To:* CCIE_RS OnlineStudyList <[email protected]> >> *Sent:* Thursday, 13 February 2014, 15:45 >> *Subject:* [OSL | CCIE_RS] OT: PFR Internet Inbound/Outbound LB >> >> Hi. >> >> I hope you are all doing well, and I'm sorry for posting such a long OT. >> Straight to the issue, we have one 7609S which its IOS is 15.1(3)S. I >> should note that this an ISP environment and this router has 15 private IX >> peers, and 5 Exit links. >> I've configured the router being MC and BR the same time, 1 Internal >> interface, and 5 External interface. >> Each exit link has specific customers, we have separated each link's >> customers using ACL. When customer's TX traffic reaches the Internal >> interface, they are routed using PBR (default next-hop) to their specific >> exit link. Also these ACLs are referenced in a route-map assigned to each >> exit BGP peer, so we only advertise the customers to their specific exit >> BGP peer. >> We have categorized our BGP peers in 3 template peer-policy. >> >> *The issue is that, I see PFR configuring /30 STATIC routes to exit links >> >> (it should be /24), and much more important for me, no inbound >> optimization >> is happening.* >> >> >> Below you will find some partial logging plus the configurations. >> And I'm again sorry for such long post. >> >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, >> Couldn't find the best exit >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, >> Couldn't choose exit in prefix timeout >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Range Entrance OOP BR 172.31.255.14, >> i/f >> Tu108, percent 100. Other BR 172.31.255.14, i/f Gi8/0/0 percent 15 >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Load Entrance OOP BR 172.31.255.14, i/f >> Tu108, load 33000 policy 31350 >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Entrance 172.31.255.14 intf Tu108 OOP, >> Tx BW 24, Rx BW 33000, Tx Load 0, Rx Load 100 >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, >> Couldn't find the best exit >> Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, >> Couldn't choose exit in prefix timeout >> Feb 13 16:41:46: %OER_MC-5-NOTICE: Uncontrol Prefix 217.169.166.40/30, >> Couldn't choose exit in prefix timeout >> Feb 13 16:41:48: %OER_MC-5-NOTICE: Route changed Prefix 188.253.53.96/30, >> BR 172.31.255.14, i/f Gi8/0/0, Reason Utilization, OOP Reason Timer >> Expired >> >> route-map CHNG_GW permit 10 >> description ***CUST1 through EXIT1*** >> match ip address CUST1 >> set ip default next-hop 10.30.148.169 >> route-map CHNG_GW permit 11 >> description ****CUST2 through EXIT2**** >> match ip address CUST2 >> set ip default next-hop 172.16.108.2 >> route-map CHNG_GW permit 12 >> description ****CUST3 through EXIT3**** >> match ip address CUST3 >> set ip default next-hop 172.16.101.2 >> route-map CHNG_GW permit 13 >> description ****CUST4 through EXIT2**** >> match ip address CUST4 >> >> !! All other customers are routed using the PRIMARY default route. !! >> >> ip route 0.0.0.0 0.0.0.0 192.168.64.1 name PRIMARY >> ip route 0.0.0.0 0.0.0.0 10.30.148.169 5 name PFR >> ip route 0.0.0.0 0.0.0.0 172.16.101.2 6 name PFR >> ip route 0.0.0.0 0.0.0.0 172.16.105.2 7 name PFR >> ip route 0.0.0.0 0.0.0.0 172.16.108.2 8 name PFR >> >> template peer-policy CUST_BGP >> route-map BGP_CUST_NO-OUT out >> default-originate >> soft-reconfiguration inbound >> send-community both >> exit-peer-policy >> ! >> template peer-policy BW_UPLINKS >> prefix-list ISP_IX-in in >> next-hop-self all >> soft-reconfiguration inbound >> send-community both >> exit-peer-policy >> ! >> template peer-policy IX >> route-map IX_BGP-OUT out >> prefix-list ISP_IX-in in >> next-hop-self all >> soft-reconfiguration inbound >> send-community both >> >> pfr master >> policy-rules PFR_BGP >> max-range-utilization percent 80 >> logging >> ! >> border 172.31.255.14 key-chain OER >> interface GigabitEthernet8/0/0 external >> max-xmit-utilization percentage 95 >> maximum utilization receive percentage 95 >> interface Tunnel101 external >> max-xmit-utilization percentage 95 >> maximum utilization receive percentage 95 >> interface Tunnel108 external >> max-xmit-utilization percentage 95 >> maximum utilization receive percentage 95 >> interface Tunnel105 external >> max-xmit-utilization percentage 95 >> maximum utilization receive percentage 95 >> interface POS8/1/0 external >> max-xmit-utilization percentage 95 >> maximum utilization receive percentage 95 >> interface GigabitEthernet5/1 internal >> ! >> learn >> throughput >> inside bgp >> periodic-interval 0 >> monitor-period 1 >> prefixes 200 applications 200 >> expire after time 30 >> max range receive percent 80 >> backoff 150 150 >> mode route control >> mode monitor fast >> periodic 150 >> no resolve delay >> no resolve range >> ! >> active-probe tcp-conn 216.239.32.20 target-port 80 >> active-probe tcp-conn 216.239.32.20 target-port 443 >> active-probe echo 4.2.2.4 >> active-probe echo 8.8.8.8 >> active-probe tcp-conn 173.194.34.53 target-port 443 >> active-probe tcp-conn 46.228.47.114 target-port 80 >> active-probe echo 4.2.2.1 >> active-probe echo 8.8.4.4 >> active-probe echo 4.2.2.2 >> pfr border >> local Loopback17231255 >> master 172.31.255.14 key-chain OER >> active-probe address source interface GigabitEthernet5/1 >> pfr-map PFR_BGP 10 >> match pfr learn inside >> set mode route control >> set mode monitor passive >> set resolve utilization priority 1 variance 10 >> no set resolve delay >> no set resolve range >> >> show pfr master: >> OER state: ENABLED and INACTIVE >> Conn Status: SUCCESS, PORT: 3949 >> Version: 3.1 >> Number of Border routers: 1 >> Number of Exits: 5 >> Number of monitored prefixes: 0 (max 5000) >> Max prefixes: total 5000 learn 2500 >> Prefix count: total 0, learn 0, cfg 0 >> PBR Requirements met >> Nbar Status: Inactive >> >> Border Status UP/DOWN AuthFail Version DOWN Reason >> 172.31.255.14 INACTIVE DOWN 0 3.1 >> >> OER master in special monitor mode >> >> Global Settings: >> max-range-utilization percent 80 recv 80 >> rsvp post-dial-delay 0 signaling-retries 1 >> mode route metric bgp local-pref 5000 >> mode route metric static tag 5000 >> trace probe delay 1000 >> logging >> exit holddown time 60 secs, time remaining 0 >> >> Default Policy Settings: >> backoff 150 150 150 >> delay relative 50 >> holddown 300 >> periodic 150 >> probe frequency 56 >> number of jitter probe packets 100 >> mode route control >> mode monitor fast >> mode select-exit good >> loss relative 10 >> jitter threshold 20 >> mos threshold 3.60 percent 30 >> unreachable relative 50 >> resolve utilization priority 13 variance 20 >> >> Learn Settings: >> current state : DISABLED >> time remaining in current state : 0 seconds >> throughput >> no delay >> inside bgp >> monitor-period 5 >> periodic-interval 5 >> aggregation-type prefix-length 24 >> prefixes 200 appls 200 >> expire after time 30 >> >> >> show pfr master policy: >> HT-CoreRT(config-pfr-mc)#do s pfr mas pol >> Default Policy Settings: >> backoff 150 150 150 >> delay relative 50 >> holddown 300 >> periodic 150 >> probe frequency 56 >> number of jitter probe packets 100 >> mode route control >> mode monitor fast >> mode select-exit good >> loss relative 10 >> jitter threshold 20 >> mos threshold 3.60 percent 30 >> unreachable relative 50 >> resolve utilization priority 13 variance 20 >> oer-map PFR_BGP 10 >> sequence no. 8444249301975040, provider id 1, provider priority 30 >> host priority 0, policy priority 10, Session id 0 >> match oer learn inside >> backoff 150 150 150 >> delay relative 50 >> holddown 300 >> periodic 150 >> probe frequency 56 >> number of jitter probe packets 100 >> *mode route control >> *mode monitor passive >> mode select-exit good >> loss relative 10 >> jitter threshold 20 >> mos threshold 3.60 percent 30 >> unreachable relative 50 >> next-hop not set >> forwarding interface not set >> *resolve utilization priority 1 variance 10 >> >> Best Regards, >> *Mohammad Moghaddas* >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc >> >> >> > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
