• Full utilization of expensive network resources
Efficient distribution of traffic based upon load Traffic optimized based upon circuit $ cost profiles Minimization of underutilized expensive WAN paths
• Avoidance of network brownouts and soft
errors
Hot spots, congestion, delay, suboptimal performance
• Responsiveness to critical application
performance requirements
Time/delay sensitive: voice, video, etc Loss sensitive: video, circuit emulation Data center traffic: SAN extension, Internet ISP load balancing Transactional traffic: e-commerce transactions, automated B2B, ERP
Automatic integration for Routing and Instrumentation provide better service levels The PfR policy can: minimize cost, efficiently distribute traffic load, and/or select the optimum performing path for applications
Central Site
BR1 BR2
MC
• Dynamically route around blackholes and
brownout conditions in the Enterprise WAN or Internet
• Makes adaptive routing adjustments based on
MPLS-VPN
High SLA
Internet
DMVPN
real-time performance metrics
Response time, packet loss, jitter, mean opinion score (MOS), availability, traffic load, and $ cost policies
MC/BR MC/BR MC/BR
• The Decision Maker: Master Controller (MC)
Cisco IOS software feature Apply policy, verification, reporting Standalone or collocated with BR No routing protocol required No packet forwarding/ inspection required
Central Site
BR1 BR2 MC
• Route/Application Control
MC commands BRs to learn traffic classes Instruct BR to monitor the performance Verify the Performance If not performing, make a policy decision and instruct the BRs to enforce a new route
• Learning • Performance Monitoring
Using Netflow
BR1 BR2
• PfR has to determine the traffic classes from the traffic flowing through the border
routers • Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes • Automatically learning or manual configuration
Policies • Utilization: <75% • Delay: < 110 ms variance 20 • Jitter: < 50 ms
Serial1
89%
100
30
Serial2
50%
113
30
Serial3
60%
119
25
Serial2 and serial3 are considered because 113 and 119 are below 132 (which is 120% of 110). Even though serial3 has slightly higher delay it is still chosen as best exit because jitter is lower and has no variance configured.
Dual IP-VPN Routing is BGP or static Dedicated MC or MC/BR combo Load-balancing based on external interfaces load (delay unused) • PfR Solution used Learn throughput to get prefixes Measurement: monitor both Policies: range/utilization
DMVPN over Internet. Select optimum performing path for applications
Central Site
BR1 BR2
MC
• Use PfR traffic class based routing
Use PfR traffic class based routing to route voice and video traffic over MPLS and route data traffic over the public WAN If the utilization on DMVPN is > 80% then excess non-critical traffic is moved to MPLS if there is enough BW to accommodate
MPLS-VPN
High SLA
Internet
VPN
• Critical Traffic
Monitor mode fast If moderate level traffic loss is noticed in MPLS path (>=5%), all traffic is routed to the Public WAN Delay threshold is configured as 300 msec Jitter threshold is configured as 30 ms
MC/BR MC/BR
Configuration Details
Master Controller • Vast majority of configuration is on MC router • Identify border routers by IP address, authentication key, and their interfaces • Configure learning parameters • Many other optional settings – traffic types, policy thresholds, timers, out-ofpolicy actions, active probes, etc Border Router • Identify MC by IP address and configure authentication key • Identify local interface for MC peering (like BGP update-source)
Basic PFR Requirements
• One MC, at least one BR (can co-exist on same router), max of 10 BR’s • CEF must be enabled • At least two External interfaces; one Internal interface • If more than one BR, “internal” interfaces must be directly connected • Each BR must be in the traffic forwarding path; MC doesn’t have to be • Equal-cost “Parent Routes” must be present Destination Prefix: 10.1.1.0/24 MC / BR
ext int ext ext
Basic PFR Deployment Options
Decide which prefixes or traffic classes are “interesting” – the default is all traffic; ACL’s can be used to get very granular Decide which “mode” to use – observe is the default, and will generate syslog messages when traffic is out-of-policy (OOP). Control mode allows the MC to tell the BR’s how to reroute OOP traffic so that they are back in-policy Decide which method of performance measurement to use: • Passive monitoring uses only NetFlow data (NetFlow collection is automated) • Active monitoring uses automated IP SLA streams • Both is an option, and uses… both Decide policy requirements – can include packet loss, delay, link utilization, jitter, etc. Policies can overlap, so each must be configured with a priority and “range” of acceptable metrics