Moataz, thanks for sharing the link, but I've gone through it and did the steps exactly as mentioned there.
Best Regards, *Mohammad Moghaddas* On Fri, Feb 14, 2014 at 11:24 AM, Moataz <[email protected]> wrote: > Hello Mohamed > > did you check this document > > > http://www.cisco.com/c/en/us/td/docs/ios/pfr/configuration/guide/15_1/pfr_15_1_book/pfr-bgp-inbound.html#wp1058755 > > Regards, > Moataz Tolba > ------------------------------ > *From:* Mohammad Moghaddas <[email protected]> > *To:* Tony Singh <[email protected]> > *Cc:* CCIE_RS OnlineStudyList <[email protected]> > *Sent:* Friday, 14 February 2014, 9:48 > > *Subject:* Re: [OSL | CCIE_RS] OT: PFR Internet Inbound/Outbound LB > > Dear Tony, > > thanks for responding. > The cause of DOWN status is because I've pasted the info after shutting PFR > down. > All the traffic is pure internet (all the exits), and as I mentioned > before, using PBR customers are routed through different exits, but when > one exit become unavailable, EEM changes the configuration (ip sla+track). > So there was no need to separate them in different VRFs. > There is no ip sla responder, the tcp-connect probe are checking google, > yahoo, etc on port 80 from different exits. > Inbound Internet optimization is the most important part for me. I know > that PFR should prepend the AS-PATH to change the entrance, but it is not > behaving so. Is is only doing STATIC routes which affects Outbound traffic. > I should note that I've tried removing the PBR and also route-maps assigned > to Exit BGP peers, but nothing changed. I think my first post has more > complete info for you than this one. > I've "no shut" pfr and you find the relative info below: > > show pfr master: > OER state: ENABLED and ACTIVE > Conn Status: SUCCESS, PORT: 3949 > Version: 3.1 > Number of Border routers: 1 > Number of Exits: 5 > Number of monitored prefixes: 290 (max 5000) > Max prefixes: total 5000 learn 2500 > Prefix count: total 290, learn 290, cfg 0 > PBR Requirements met > Nbar Status: Inactive > > Border Status UP/DOWN AuthFail Version DOWN Reason > 172.31.255.14 ACTIVE UP 00:07:31 0 3.1 > > OER master in special monitor mode > ...... > > ! > > show pfr border active-p > ..... > Type Target TPort Source Interface Att > Comps > DSCP > echo 213.79.125.122 N 188.75.64.21 PO8/1/0 1 > 1 > 0 > echo 213.79.125.122 N 188.75.64.21 Tu108 1 > 0 > 0 > echo 213.79.125.122 N 188.75.64.21 Tu101 1 > 1 > 0 > echo 213.79.125.122 N 188.75.64.21 Gi8/0/0 1 > 1 > 0 > echo 213.79.125.122 N 188.75.64.21 Tu105 1 > 1 > 0 > ...... > ! > > show pfr master traffi > .... > > -------------------------------------------------------------------------------- > 37.32.34.0/24 N N N N N N > > # INPOLICY @5 172.31.255.14 PO8/1/0 > STATIC > U U 0 0 10420 10557 11 > 9 > 13 11 0 0 N N N > N > > 94.101.185.0/24 N N N N N N > > # INPOLICY @21 172.31.255.14 Gi8/0/0 > STATIC > U U 0 0 4077 5430 17 > 15 > 12 13 0 0 N N N > N > > 94.201.94.128/30 N N N N N N > > # DEFAULT* @25 172.31.255.14 Tu105 > U > 313 313 0 0 102311 96658 57 > 0 > U U 1000000 1000000 N N N > N > > 176.9.63.104/30 N N N N N N > > # INPOLICY @42 172.31.255.14 PO8/1/0 > STATIC > U U 0 0 0 0 0 > 0 > 132 132 0 0 N N N > N > 178.32.55.52/30 N N N N N N > > # HOLDDOWN @155 172.31.255.14 Gi8/0/0 > STATIC > U U 0 0 0 0 1 > 1 > 131 131 0 0 N N N > N > ..... > ! > > show pfr master traffi inside > .... > > -------------------------------------------------------------------------------- > x.x.64.0/18 N N N N N N > > DEFAULT* 0 U > U > > x.x.112.0/23 N N N N N N > > DEFAULT* 0 U > U > > x.x.114.0/23 N N N N N N > > DEFAULT* 0 U > U > > x.x.76.0/23 N N N N N N > > DEFAULT* 0 U > U > > > Best Regards, > *Mohammad Moghaddas* > > > > On Fri, Feb 14, 2014 at 1:13 AM, Tony Singh <[email protected]> wrote: > > > > > Border Status UP/DOWN AuthFail Version DOWN > > Reason > > 172.31.255.14 INACTIVE DOWN 0 3.1 > > > > That's not good for a start, second why are your customer routes in the > > same routing table sounds like you have no security policies tut tut > > > > can you post > > > > show pfr master > > show pfr master traffic-class > > sh run | s key-chain > > > > On both BR's > > > > Is the GRE tunnel up/up between the BR's > > > > The major 3. number must match between your MC and BR the minor .1 on MC > > must be greater or equal to the BR's minor version > > > > For echo probe you don't need ip sla responder for the other tcp-connect > > operations you do on the remote side > > > > -- > > BR > > > > Tony > > > > Sent from my iPad > > > > > On 13 Feb 2014, at 13:45, Mohammad Moghaddas <[email protected]> > > wrote: > > > > > > Hi. > > > > > > I hope you are all doing well, and I'm sorry for posting such a long > OT. > > > Straight to the issue, we have one 7609S which its IOS is 15.1(3)S. I > > > should note that this an ISP environment and this router has 15 private > > IX > > > peers, and 5 Exit links. > > > I've configured the router being MC and BR the same time, 1 Internal > > > interface, and 5 External interface. > > > Each exit link has specific customers, we have separated each link's > > > customers using ACL. When customer's TX traffic reaches the Internal > > > interface, they are routed using PBR (default next-hop) to their > specific > > > exit link. Also these ACLs are referenced in a route-map assigned to > each > > > exit BGP peer, so we only advertise the customers to their specific > exit > > > BGP peer. > > > We have categorized our BGP peers in 3 template peer-policy. > > > > > > *The issue is that, I see PFR configuring /30 STATIC routes to exit > links > > > (it should be /24), and much more important for me, no inbound > > optimization > > > is happening.* > > > > > > Below you will find some partial logging plus the configurations. > > > And I'm again sorry for such long post. > > > > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, > > > Couldn't find the best exit > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30, > > > Couldn't choose exit in prefix timeout > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Range Entrance OOP BR 172.31.255.14, > > i/f > > > Tu108, percent 100. Other BR 172.31.255.14, i/f Gi8/0/0 percent 15 > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Load Entrance OOP BR 172.31.255.14, > > i/f > > > Tu108, load 33000 policy 31350 > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Entrance 172.31.255.14 intf Tu108 > OOP, > > > Tx BW 24, Rx BW 33000, Tx Load 0, Rx Load 100 > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, > > > Couldn't find the best exit > > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, > > > Couldn't choose exit in prefix timeout > > > Feb 13 16:41:46: %OER_MC-5-NOTICE: Uncontrol Prefix 217.169.166.40/30, > > > Couldn't choose exit in prefix timeout > > > Feb 13 16:41:48: %OER_MC-5-NOTICE: Route changed Prefix > 188.253.53.96/30 > > , > > > BR 172.31.255.14, i/f Gi8/0/0, Reason Utilization, OOP Reason Timer > > Expired > > > > > > route-map CHNG_GW permit 10 > > > description ***CUST1 through EXIT1*** > > > match ip address CUST1 > > > set ip default next-hop 10.30.148.169 > > > route-map CHNG_GW permit 11 > > > description ****CUST2 through EXIT2**** > > > match ip address CUST2 > > > set ip default next-hop 172.16.108.2 > > > route-map CHNG_GW permit 12 > > > description ****CUST3 through EXIT3**** > > > match ip address CUST3 > > > set ip default next-hop 172.16.101.2 > > > route-map CHNG_GW permit 13 > > > description ****CUST4 through EXIT2**** > > > match ip address CUST4 > > > > > > !! All other customers are routed using the PRIMARY default route. !! > > > > > > ip route 0.0.0.0 0.0.0.0 192.168.64.1 name PRIMARY > > > ip route 0.0.0.0 0.0.0.0 10.30.148.169 5 name PFR > > > ip route 0.0.0.0 0.0.0.0 172.16.101.2 6 name PFR > > > ip route 0.0.0.0 0.0.0.0 172.16.105.2 7 name PFR > > > ip route 0.0.0.0 0.0.0.0 172.16.108.2 8 name PFR > > > > > > template peer-policy CUST_BGP > > > route-map BGP_CUST_NO-OUT out > > > default-originate > > > soft-reconfiguration inbound > > > send-community both > > > exit-peer-policy > > > ! > > > template peer-policy BW_UPLINKS > > > prefix-list ISP_IX-in in > > > next-hop-self all > > > soft-reconfiguration inbound > > > send-community both > > > exit-peer-policy > > > ! > > > template peer-policy IX > > > route-map IX_BGP-OUT out > > > prefix-list ISP_IX-in in > > > next-hop-self all > > > soft-reconfiguration inbound > > > send-community both > > > > > > pfr master > > > policy-rules PFR_BGP > > > max-range-utilization percent 80 > > > logging > > > ! > > > border 172.31.255.14 key-chain OER > > > interface GigabitEthernet8/0/0 external > > > max-xmit-utilization percentage 95 > > > maximum utilization receive percentage 95 > > > interface Tunnel101 external > > > max-xmit-utilization percentage 95 > > > maximum utilization receive percentage 95 > > > interface Tunnel108 external > > > max-xmit-utilization percentage 95 > > > maximum utilization receive percentage 95 > > > interface Tunnel105 external > > > max-xmit-utilization percentage 95 > > > maximum utilization receive percentage 95 > > > interface POS8/1/0 external > > > max-xmit-utilization percentage 95 > > > maximum utilization receive percentage 95 > > > interface GigabitEthernet5/1 internal > > > ! > > > learn > > > throughput > > > inside bgp > > > periodic-interval 0 > > > monitor-period 1 > > > prefixes 200 applications 200 > > > expire after time 30 > > > max range receive percent 80 > > > backoff 150 150 > > > mode route control > > > mode monitor fast > > > periodic 150 > > > no resolve delay > > > no resolve range > > > ! > > > active-probe tcp-conn 216.239.32.20 target-port 80 > > > active-probe tcp-conn 216.239.32.20 target-port 443 > > > active-probe echo 4.2.2.4 > > > active-probe echo 8.8.8.8 > > > active-probe tcp-conn 173.194.34.53 target-port 443 > > > active-probe tcp-conn 46.228.47.114 target-port 80 > > > active-probe echo 4.2.2.1 > > > active-probe echo 8.8.4.4 > > > active-probe echo 4.2.2.2 > > > pfr border > > > local Loopback17231255 > > > master 172.31.255.14 key-chain OER > > > active-probe address source interface GigabitEthernet5/1 > > > pfr-map PFR_BGP 10 > > > match pfr learn inside > > > set mode route control > > > set mode monitor passive > > > set resolve utilization priority 1 variance 10 > > > no set resolve delay > > > no set resolve range > > > > > > show pfr master: > > > OER state: ENABLED and INACTIVE > > > Conn Status: SUCCESS, PORT: 3949 > > > Version: 3.1 > > > Number of Border routers: 1 > > > Number of Exits: 5 > > > Number of monitored prefixes: 0 (max 5000) > > > Max prefixes: total 5000 learn 2500 > > > Prefix count: total 0, learn 0, cfg 0 > > > PBR Requirements met > > > Nbar Status: Inactive > > > > > > Border Status UP/DOWN AuthFail Version DOWN > > Reason > > > 172.31.255.14 INACTIVE DOWN 0 3.1 > > > > > > OER master in special monitor mode > > > > > > Global Settings: > > > max-range-utilization percent 80 recv 80 > > > rsvp post-dial-delay 0 signaling-retries 1 > > > mode route metric bgp local-pref 5000 > > > mode route metric static tag 5000 > > > trace probe delay 1000 > > > logging > > > exit holddown time 60 secs, time remaining 0 > > > > > > Default Policy Settings: > > > backoff 150 150 150 > > > delay relative 50 > > > holddown 300 > > > periodic 150 > > > probe frequency 56 > > > number of jitter probe packets 100 > > > mode route control > > > mode monitor fast > > > mode select-exit good > > > loss relative 10 > > > jitter threshold 20 > > > mos threshold 3.60 percent 30 > > > unreachable relative 50 > > > resolve utilization priority 13 variance 20 > > > > > > Learn Settings: > > > current state : DISABLED > > > time remaining in current state : 0 seconds > > > throughput > > > no delay > > > inside bgp > > > monitor-period 5 > > > periodic-interval 5 > > > aggregation-type prefix-length 24 > > > prefixes 200 appls 200 > > > expire after time 30 > > > > > > > > > show pfr master policy: > > > HT-CoreRT(config-pfr-mc)#do s pfr mas pol > > > Default Policy Settings: > > > backoff 150 150 150 > > > delay relative 50 > > > holddown 300 > > > periodic 150 > > > probe frequency 56 > > > number of jitter probe packets 100 > > > mode route control > > > mode monitor fast > > > mode select-exit good > > > loss relative 10 > > > jitter threshold 20 > > > mos threshold 3.60 percent 30 > > > unreachable relative 50 > > > resolve utilization priority 13 variance 20 > > > oer-map PFR_BGP 10 > > > sequence no. 8444249301975040, provider id 1, provider priority 30 > > > host priority 0, policy priority 10, Session id 0 > > > match oer learn inside > > > backoff 150 150 150 > > > delay relative 50 > > > holddown 300 > > > periodic 150 > > > probe frequency 56 > > > number of jitter probe packets 100 > > > *mode route control > > > *mode monitor passive > > > mode select-exit good > > > loss relative 10 > > > jitter threshold 20 > > > mos threshold 3.60 percent 30 > > > unreachable relative 50 > > > next-hop not set > > > forwarding interface not set > > > *resolve utilization priority 1 variance 10 > > > > > > Best Regards, > > > *Mohammad Moghaddas* > > > _______________________________________________ > > > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos > :: > > > > > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
