I found this, what could be the cause? show pfr mas traffic-class performance inside
Traffic-class: (inside) Destination Prefix : x.x.64.0/18 Source Prefix : N/A Destination Port : N/A Source Port : N/A DSCP : N Protocol : N/A Application Name: : N/A General: Control State : Not Controlled Traffic-class status : DISABLED due to unknown reason Current Exit : BR Unknown interface Unknown, Tie breaker was None Time on current exit : 0d 0:0:0 Time remaining in current state : 0 seconds Traffic-class type : Learned Improper config : None Last Out-of-Policy event: No Out-of-Policy Event Average Passive Performance Current Exit: (Average for last 5 minutes) Unreachable : 0% -- Threshold: 50% Delay : 0% -- Threshold: 50% Loss : 0% -- Threshold: 10% Egress BW : 0 kbps Ingress BW : 0 kbps Time since last update : 0d 0:0:0 ..... Best Regards, *Mohammad Moghaddas* On Fri, Feb 14, 2014 at 11:29 AM, Mohammad Moghaddas <[email protected] > wrote: > Moataz, > > thanks for sharing the link, but I've gone through it and did the steps > exactly as mentioned there. > > Best Regards, > *Mohammad Moghaddas* > > > On Fri, Feb 14, 2014 at 11:24 AM, Moataz <[email protected]> wrote: > >> Hello Mohamed >> >> did you check this document >> >> >> http://www.cisco.com/c/en/us/td/docs/ios/pfr/configuration/guide/15_1/pfr_15_1_book/pfr-bgp-inbound.html#wp1058755 >> >> Regards, >> Moataz Tolba >> ------------------------------ >> *From:* Mohammad Moghaddas <[email protected]> >> *To:* Tony Singh <[email protected]> >> *Cc:* CCIE_RS OnlineStudyList <[email protected]> >> *Sent:* Friday, 14 February 2014, 9:48 >> >> *Subject:* Re: [OSL | CCIE_RS] OT: PFR Internet Inbound/Outbound LB >> >> Dear Tony, >> >> thanks for responding. >> The cause of DOWN status is because I've pasted the info after shutting >> PFR >> down. >> All the traffic is pure internet (all the exits), and as I mentioned >> before, using PBR customers are routed through different exits, but when >> one exit become unavailable, EEM changes the configuration (ip sla+track). >> So there was no need to separate them in different VRFs. >> There is no ip sla responder, the tcp-connect probe are checking google, >> yahoo, etc on port 80 from different exits. >> Inbound Internet optimization is the most important part for me. I know >> that PFR should prepend the AS-PATH to change the entrance, but it is not >> behaving so. Is is only doing STATIC routes which affects Outbound >> traffic. >> I should note that I've tried removing the PBR and also route-maps >> assigned >> to Exit BGP peers, but nothing changed. I think my first post has more >> complete info for you than this one. >> I've "no shut" pfr and you find the relative info below: >> >> show pfr master: >> OER state: ENABLED and ACTIVE >> Conn Status: SUCCESS, PORT: 3949 >> Version: 3.1 >> Number of Border routers: 1 >> Number of Exits: 5 >> Number of monitored prefixes: 290 (max 5000) >> Max prefixes: total 5000 learn 2500 >> Prefix count: total 290, learn 290, cfg 0 >> PBR Requirements met >> Nbar Status: Inactive >> >> Border Status UP/DOWN AuthFail Version DOWN Reason >> 172.31.255.14 ACTIVE UP 00:07:31 0 3.1 >> >> OER master in special monitor mode >> ...... >> >> ! >> >> show pfr border active-p >> ..... >> Type Target TPort Source Interface Att >> Comps >> DSCP >> echo 213.79.125.122 N 188.75.64.21 PO8/1/0 1 >> 1 >> 0 >> echo 213.79.125.122 N 188.75.64.21 Tu108 1 >> 0 >> 0 >> echo 213.79.125.122 N 188.75.64.21 Tu101 1 >> 1 >> 0 >> echo 213.79.125.122 N 188.75.64.21 Gi8/0/0 1 >> 1 >> 0 >> echo 213.79.125.122 N 188.75.64.21 Tu105 1 >> 1 >> 0 >> ...... >> ! >> >> show pfr master traffi >> .... >> >> -------------------------------------------------------------------------------- >> 37.32.34.0/24 N N N N N N >> >> # INPOLICY @5 172.31.255.14 PO8/1/0 >> STATIC >> U U 0 0 10420 10557 11 >> 9 >> 13 11 0 0 N N N >> N >> >> 94.101.185.0/24 N N N N N N >> >> # INPOLICY @21 172.31.255.14 Gi8/0/0 >> STATIC >> U U 0 0 4077 5430 17 >> 15 >> 12 13 0 0 N N N >> N >> >> 94.201.94.128/30 N N N N N N >> >> # DEFAULT* @25 172.31.255.14 Tu105 >> U >> 313 313 0 0 102311 96658 57 >> 0 >> U U 1000000 1000000 N N N >> N >> >> 176.9.63.104/30 N N N N N N >> >> # INPOLICY @42 172.31.255.14 PO8/1/0 >> STATIC >> U U 0 0 0 0 0 >> 0 >> 132 132 0 0 N N N >> N >> 178.32.55.52/30 N N N N N N >> >> # HOLDDOWN @155 172.31.255.14 Gi8/0/0 >> STATIC >> U U 0 0 0 0 1 >> 1 >> 131 131 0 0 N N N >> N >> ..... >> ! >> >> show pfr master traffi inside >> .... >> >> -------------------------------------------------------------------------------- >> x.x.64.0/18 N N N N N N >> >> DEFAULT* 0 U >> U >> >> x.x.112.0/23 N N N N N N >> >> DEFAULT* 0 U >> U >> >> x.x.114.0/23 N N N N N N >> >> DEFAULT* 0 U >> U >> >> x.x.76.0/23 N N N N N N >> >> DEFAULT* 0 U >> U >> >> >> Best Regards, >> *Mohammad Moghaddas* >> >> >> >> On Fri, Feb 14, 2014 at 1:13 AM, Tony Singh <[email protected]> >> wrote: >> >> > >> > Border Status UP/DOWN AuthFail Version DOWN >> > Reason >> > 172.31.255.14 INACTIVE DOWN 0 3.1 >> > >> > That's not good for a start, second why are your customer routes in the >> > same routing table sounds like you have no security policies tut tut >> > >> > can you post >> > >> > show pfr master >> > show pfr master traffic-class >> > sh run | s key-chain >> > >> > On both BR's >> > >> > Is the GRE tunnel up/up between the BR's >> > >> > The major 3. number must match between your MC and BR the minor .1 on MC >> > must be greater or equal to the BR's minor version >> > >> > For echo probe you don't need ip sla responder for the other tcp-connect >> > operations you do on the remote side >> > >> > -- >> > BR >> > >> > Tony >> > >> > Sent from my iPad >> > >> > > On 13 Feb 2014, at 13:45, Mohammad Moghaddas <[email protected]> >> > wrote: >> > > >> > > Hi. >> > > >> > > I hope you are all doing well, and I'm sorry for posting such a long >> OT. >> > > Straight to the issue, we have one 7609S which its IOS is 15.1(3)S. I >> > > should note that this an ISP environment and this router has 15 >> private >> > IX >> > > peers, and 5 Exit links. >> > > I've configured the router being MC and BR the same time, 1 Internal >> > > interface, and 5 External interface. >> > > Each exit link has specific customers, we have separated each link's >> > > customers using ACL. When customer's TX traffic reaches the Internal >> > > interface, they are routed using PBR (default next-hop) to their >> specific >> > > exit link. Also these ACLs are referenced in a route-map assigned to >> each >> > > exit BGP peer, so we only advertise the customers to their specific >> exit >> > > BGP peer. >> > > We have categorized our BGP peers in 3 template peer-policy. >> > > >> > > *The issue is that, I see PFR configuring /30 STATIC routes to exit >> links >> > > (it should be /24), and much more important for me, no inbound >> > optimization >> > > is happening.* >> > > >> > > Below you will find some partial logging plus the configurations. >> > > And I'm again sorry for such long post. >> > > >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30 >> , >> > > Couldn't find the best exit >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 85.133.140.168/30 >> , >> > > Couldn't choose exit in prefix timeout >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Range Entrance OOP BR >> 172.31.255.14, >> > i/f >> > > Tu108, percent 100. Other BR 172.31.255.14, i/f Gi8/0/0 percent 15 >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Load Entrance OOP BR 172.31.255.14, >> > i/f >> > > Tu108, load 33000 policy 31350 >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Entrance 172.31.255.14 intf Tu108 >> OOP, >> > > Tx BW 24, Rx BW 33000, Tx Load 0, Rx Load 100 >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, >> > > Couldn't find the best exit >> > > Feb 13 16:41:43: %OER_MC-5-NOTICE: Uncontrol Prefix 220.98.114.8/30, >> > > Couldn't choose exit in prefix timeout >> > > Feb 13 16:41:46: %OER_MC-5-NOTICE: Uncontrol Prefix 217.169.166.40/30 >> , >> > > Couldn't choose exit in prefix timeout >> > > Feb 13 16:41:48: %OER_MC-5-NOTICE: Route changed Prefix >> 188.253.53.96/30 >> > , >> > > BR 172.31.255.14, i/f Gi8/0/0, Reason Utilization, OOP Reason Timer >> > Expired >> > > >> > > route-map CHNG_GW permit 10 >> > > description ***CUST1 through EXIT1*** >> > > match ip address CUST1 >> > > set ip default next-hop 10.30.148.169 >> > > route-map CHNG_GW permit 11 >> > > description ****CUST2 through EXIT2**** >> > > match ip address CUST2 >> > > set ip default next-hop 172.16.108.2 >> > > route-map CHNG_GW permit 12 >> > > description ****CUST3 through EXIT3**** >> > > match ip address CUST3 >> > > set ip default next-hop 172.16.101.2 >> > > route-map CHNG_GW permit 13 >> > > description ****CUST4 through EXIT2**** >> > > match ip address CUST4 >> > > >> > > !! All other customers are routed using the PRIMARY default route. !! >> > > >> > > ip route 0.0.0.0 0.0.0.0 192.168.64.1 name PRIMARY >> > > ip route 0.0.0.0 0.0.0.0 10.30.148.169 5 name PFR >> > > ip route 0.0.0.0 0.0.0.0 172.16.101.2 6 name PFR >> > > ip route 0.0.0.0 0.0.0.0 172.16.105.2 7 name PFR >> > > ip route 0.0.0.0 0.0.0.0 172.16.108.2 8 name PFR >> > > >> > > template peer-policy CUST_BGP >> > > route-map BGP_CUST_NO-OUT out >> > > default-originate >> > > soft-reconfiguration inbound >> > > send-community both >> > > exit-peer-policy >> > > ! >> > > template peer-policy BW_UPLINKS >> > > prefix-list ISP_IX-in in >> > > next-hop-self all >> > > soft-reconfiguration inbound >> > > send-community both >> > > exit-peer-policy >> > > ! >> > > template peer-policy IX >> > > route-map IX_BGP-OUT out >> > > prefix-list ISP_IX-in in >> > > next-hop-self all >> > > soft-reconfiguration inbound >> > > send-community both >> > > >> > > pfr master >> > > policy-rules PFR_BGP >> > > max-range-utilization percent 80 >> > > logging >> > > ! >> > > border 172.31.255.14 key-chain OER >> > > interface GigabitEthernet8/0/0 external >> > > max-xmit-utilization percentage 95 >> > > maximum utilization receive percentage 95 >> > > interface Tunnel101 external >> > > max-xmit-utilization percentage 95 >> > > maximum utilization receive percentage 95 >> > > interface Tunnel108 external >> > > max-xmit-utilization percentage 95 >> > > maximum utilization receive percentage 95 >> > > interface Tunnel105 external >> > > max-xmit-utilization percentage 95 >> > > maximum utilization receive percentage 95 >> > > interface POS8/1/0 external >> > > max-xmit-utilization percentage 95 >> > > maximum utilization receive percentage 95 >> > > interface GigabitEthernet5/1 internal >> > > ! >> > > learn >> > > throughput >> > > inside bgp >> > > periodic-interval 0 >> > > monitor-period 1 >> > > prefixes 200 applications 200 >> > > expire after time 30 >> > > max range receive percent 80 >> > > backoff 150 150 >> > > mode route control >> > > mode monitor fast >> > > periodic 150 >> > > no resolve delay >> > > no resolve range >> > > ! >> > > active-probe tcp-conn 216.239.32.20 target-port 80 >> > > active-probe tcp-conn 216.239.32.20 target-port 443 >> > > active-probe echo 4.2.2.4 >> > > active-probe echo 8.8.8.8 >> > > active-probe tcp-conn 173.194.34.53 target-port 443 >> > > active-probe tcp-conn 46.228.47.114 target-port 80 >> > > active-probe echo 4.2.2.1 >> > > active-probe echo 8.8.4.4 >> > > active-probe echo 4.2.2.2 >> > > pfr border >> > > local Loopback17231255 >> > > master 172.31.255.14 key-chain OER >> > > active-probe address source interface GigabitEthernet5/1 >> > > pfr-map PFR_BGP 10 >> > > match pfr learn inside >> > > set mode route control >> > > set mode monitor passive >> > > set resolve utilization priority 1 variance 10 >> > > no set resolve delay >> > > no set resolve range >> > > >> > > show pfr master: >> > > OER state: ENABLED and INACTIVE >> > > Conn Status: SUCCESS, PORT: 3949 >> > > Version: 3.1 >> > > Number of Border routers: 1 >> > > Number of Exits: 5 >> > > Number of monitored prefixes: 0 (max 5000) >> > > Max prefixes: total 5000 learn 2500 >> > > Prefix count: total 0, learn 0, cfg 0 >> > > PBR Requirements met >> > > Nbar Status: Inactive >> > > >> > > Border Status UP/DOWN AuthFail Version DOWN >> > Reason >> > > 172.31.255.14 INACTIVE DOWN 0 3.1 >> > > >> > > OER master in special monitor mode >> > > >> > > Global Settings: >> > > max-range-utilization percent 80 recv 80 >> > > rsvp post-dial-delay 0 signaling-retries 1 >> > > mode route metric bgp local-pref 5000 >> > > mode route metric static tag 5000 >> > > trace probe delay 1000 >> > > logging >> > > exit holddown time 60 secs, time remaining 0 >> > > >> > > Default Policy Settings: >> > > backoff 150 150 150 >> > > delay relative 50 >> > > holddown 300 >> > > periodic 150 >> > > probe frequency 56 >> > > number of jitter probe packets 100 >> > > mode route control >> > > mode monitor fast >> > > mode select-exit good >> > > loss relative 10 >> > > jitter threshold 20 >> > > mos threshold 3.60 percent 30 >> > > unreachable relative 50 >> > > resolve utilization priority 13 variance 20 >> > > >> > > Learn Settings: >> > > current state : DISABLED >> > > time remaining in current state : 0 seconds >> > > throughput >> > > no delay >> > > inside bgp >> > > monitor-period 5 >> > > periodic-interval 5 >> > > aggregation-type prefix-length 24 >> > > prefixes 200 appls 200 >> > > expire after time 30 >> > > >> > > >> > > show pfr master policy: >> > > HT-CoreRT(config-pfr-mc)#do s pfr mas pol >> > > Default Policy Settings: >> > > backoff 150 150 150 >> > > delay relative 50 >> > > holddown 300 >> > > periodic 150 >> > > probe frequency 56 >> > > number of jitter probe packets 100 >> > > mode route control >> > > mode monitor fast >> > > mode select-exit good >> > > loss relative 10 >> > > jitter threshold 20 >> > > mos threshold 3.60 percent 30 >> > > unreachable relative 50 >> > > resolve utilization priority 13 variance 20 >> > > oer-map PFR_BGP 10 >> > > sequence no. 8444249301975040, provider id 1, provider priority 30 >> > > host priority 0, policy priority 10, Session id 0 >> > > match oer learn inside >> > > backoff 150 150 150 >> > > delay relative 50 >> > > holddown 300 >> > > periodic 150 >> > > probe frequency 56 >> > > number of jitter probe packets 100 >> > > *mode route control >> > > *mode monitor passive >> > > mode select-exit good >> > > loss relative 10 >> > > jitter threshold 20 >> > > mos threshold 3.60 percent 30 >> > > unreachable relative 50 >> > > next-hop not set >> > > forwarding interface not set >> > > *resolve utilization priority 1 variance 10 >> > > >> > > Best Regards, >> > > *Mohammad Moghaddas* >> > > _______________________________________________ >> > > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos >> :: >> > > >> > > iPexpert on YouTube: www.youtube.com/ipexpertinc >> > >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc >> >> >> > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
