Performance Routing (PfR)

PACUG 3/2012
Clayton Daffron Systems Engineer Cisco Systems

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Changing Landscape How it Works PfR Use Cases Configuration Details Lab Demo

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

 Applications are moving to

Cloud-based services traffic

Public DC

SaaS/Public Internet

Increasing Video (real-time)

Hosting Provider DC

Visibility for all applications will

be critical
Traffic management and control

Service Provider DC

@
Branch Office

of the flows is necessary to guarantee performance

Increased usage of Ethernet

Private DC

connectivity

HQ / Main Site

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

 Full utilization of expensive network resources

Efficient distribution of traffic based upon load Traffic optimized based upon circuit $ cost profiles Minimization of underutilized expensive WAN paths

Avoidance of network brownouts and soft

errors
Hot spots, congestion, delay, suboptimal performance

Responsiveness to critical application

performance requirements
Time/delay sensitive: voice, video, etc Loss sensitive: video, circuit emulation Data center traffic: SAN extension, Internet ISP load balancing Transactional traffic: e-commerce transactions, automated B2B, ERP

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

 Enhances traditional routing by factoring in

performance visibility into path selection

Automatic integration for Routing and Instrumentation provide better service levels The PfR policy can: minimize cost, efficiently distribute traffic load, and/or select the optimum performing path for applications

Central Site
BR1 BR2

MC

Dynamically route around blackholes and

brownout conditions in the Enterprise WAN or Internet

Makes adaptive routing adjustments based on

MPLS-VPN
High SLA

Internet
DMVPN

real-time performance metrics

Response time, packet loss, jitter, mean opinion score (MOS), availability, traffic load, and $ cost policies
MC/BR MC/BR MC/BR

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Network Capabilities to Support Application (Data/Voice/Video) Delivery

Identification and Classification

Automatic application recognition Application Context awareness

Network Management

Plan, configure, monitor, troubleshoot Sessions, endpoints and service infrastructure SLA measurements

Baseline

Provision

Monitoring and Instrumentation

Capacity planning Visibility into network and application behavior Dynamic troubleshooting

Optimization

IT Resources
Network Adjustments Optimize Control

Control

Application acceleration, offload Reduce WAN traffic, application latency

Prioritize business-critical traffic Meets established business policies and priorities

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Performance Routing Policy Engine

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

PfR Policy Engine, Continued

Learn Applications: MC tells BR to learn interesting applications, called Traffic Classes: This could be destination prefix with or without port, dscp, source prefix or even application using NBAR. This profiling process can be entirely automatic based on the top talkers (using Netflow) or configured manually. Measure Application performance (Collects traffic class statistics for learned applications): Monitor Modes: Passive, Active, Both, Fast, Special (Cat6K) Netflow for UDP (bandwidth) and TCP flows (availability, delay, bandwidth, loss) IP SLA for TCP and UDP flows (Availability, delay, loss, jitter, MOS). Apply Policy: Use measured application data to determine whether managed traffic-class is out of policy (OOP) and if an alternate path can meet the policy requirements Enforce (re-route traffic): Prefix Control: Inject BGP or Static routes Application Control: Dynamic Route-map/PBR for traffic classes defined by ACLs, NBAR, unsupported routing protocols (OSPF, ISIS) or, BRs running a mix of routing protocols. Verify that the new route match the policy.
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

 The Decision Maker: Master Controller (MC)

Cisco IOS software feature Apply policy, verification, reporting Standalone or collocated with BR No routing protocol required No packet forwarding/ inspection required
Central Site
BR1 BR2 MC

The Forwarding Path: Border Router (BR)

Cisco IOS software feature Learn, measure, enforcement NetFlow collector Probe source (IP SLA client)
MC/BR

MPLS-VPN
High SLA

Internet
VPN

MC/BR MC/BR

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

MC

Route/Application Control
MC commands BRs to learn traffic classes Instruct BR to monitor the performance Verify the Performance If not performing, make a policy decision and instruct the BRs to enforce a new route

Learning Performance Monitoring

Using Netflow
BR1 BR2

Using IP SLA Probes And much more in the future

Enforcement using Routing protocols or PBR

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

12

Type Destination Prefix (Mandatory) ACL Application (Optional) 10.0.0.0/8 20.1.1.0/24

Example

10.1.1.0/24 dscp ef 10.1.1.0/24 dst-port 50 10.1.1.0/24 telnet 20.1.0.0/16 ssh 10.1.1.0/24 nbar RTP 20.1.1.0/24 nbar citrix

Well-Known

NBAR

PfR has to determine the traffic classes from the traffic flowing through the border

routers Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes Automatically learning or manual configuration

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

Passive
Reachability Egress BW Delay Loss

Active
Reachability Jitter Delay Loss

Ingress BW

MOS

PfR Netflow Monitoring Flows Need not be symmetrical

PfR enables IP SLA feature Probes sourced from BR ICMP probes learned or configured TCP, UDP, JITTER need ip sla responder

Hybrid Modes

Both
Passive to measure performance Active probing as needed It is the default
2011 Cisco and/or its affiliates. All rights reserved.

Fast
Active probes on all path all the time Passive to measure BW only

Active Throughput
Passive to measure BW only Active probing on current exit
Cisco Confidential 14

 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

MC

Trac Flow Based on the RIB

Trac loss Delay increase

MC/BR

10.1.1.0/24 Site #1

BR

10.2.2.0/24 Site #2

EF Trac Flow Based on PfR Policies

PfR optimizes performance of traffic-class and optimizes the usage of the links. Choose the best path for the application If the performance of traffic-class does not meet the requirement then trafficclass is deemed Out of Policy. If the link usage does not meet the requirement then link is deemed Out of Policy.
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Link

Utilization

Delay (ms) Priority 1

Jitter (ms) Priority 2

Policies Utilization: <75% Delay: < 110 ms variance 20 Jitter: < 50 ms

Serial1

89%

100

30

Serial2

50%

113

30

Serial3

60%

119

25

Serial2 and serial3 are considered because 113 and 119 are below 132 (which is 120% of 110). Even though serial3 has slightly higher delay it is still chosen as best exit because jitter is lower and has no variance configured.

Serial4

40%

150

20

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

IM

Web

Email

Cisco 7200 and now Cisco ASR1k

are typical BR/MC with BR terminating WAN connections BGP routing

BRs must be iBGP peers Default routing or Partial routes or Full routes

Central Site
BR1 BR2

MC

Internet ISP1

Internet
ISP2

PfR can actively manage the top 20k Prefixes

concurrently (with Cisco 7200-NPE-G2 or ASR1000)

12.4T/15.0.1M IOS-XE 3.3.0 Entrance optimization

Internet ISP3

Internet
ISP4

Customers differ on policy priority Learn prefixes by throughput and delay

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

 Requirements: basic load Balancing on

external interfaces

Dual IP-VPN Routing is BGP or static Dedicated MC or MC/BR combo Load-balancing based on external interfaces load (delay unused) PfR Solution used Learn throughput to get prefixes Measurement: monitor both Policies: range/utilization

Central Site
BR1 BR2

MC

SP1 IP-VPN

SP2 IP-VPN

MC/BR MC/BR MC/BR

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

20

 Primary MPLS VPN and secondary using

DMVPN over Internet. Select optimum performing path for applications

Central Site
BR1 BR2

MC

Use PfR traffic class based routing

Use PfR traffic class based routing to route voice and video traffic over MPLS and route data traffic over the public WAN If the utilization on DMVPN is > 80% then excess non-critical traffic is moved to MPLS if there is enough BW to accommodate

MPLS-VPN
High SLA

Internet
VPN

Critical Traffic
Monitor mode fast If moderate level traffic loss is noticed in MPLS path (>=5%), all traffic is routed to the Public WAN Delay threshold is configured as 300 msec Jitter threshold is configured as 30 ms
MC/BR MC/BR

MC/BR

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

Cisco ASR 1000

BR in IOS-XE 2.6.1

Cisco 6500*
12.2(33)SXH (limited support)

Cisco 7600 MC in IOS-XE 3.3.0

12.2(33)SRB (Limited support)

Cisco 3900 Cisco 2900 Cisco 1900 Cisco 1800

12.4, 12.4T, 15M/T
2011 Cisco and/or its affiliates. All rights reserved.

Cisco 7200-NPE-G2
12.4, 12.4T 15M/T

Cisco 3800
12.4, 12.4T 15M/T

Cisco 2800
12.4, 12.4T 15M/T

Cisco Confidential

22

New Cisco ISR G2 Simplified Feature Sets

New ISR-G2 1900, 2900, 3900 A single IOS Universal Image for all ISR

Classic Cisco IOS Software Feature Sets

Existing ISR 1800, 2800, 3800, 7200

Generation 2 ISR Platforms

PfR is within the DATA package.
PfR

ASR 1000 Series

Universal image NPEK9 or UK9 Use Advanced IP Services (AIS/AISK9) or Advanced

Enterprise Services (AES/AESK9) Technology package license

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

Configuration Details
Master Controller Vast majority of configuration is on MC router Identify border routers by IP address, authentication key, and their interfaces Configure learning parameters Many other optional settings traffic types, policy thresholds, timers, out-ofpolicy actions, active probes, etc Border Router Identify MC by IP address and configure authentication key Identify local interface for MC peering (like BGP update-source)

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

Basic PFR Requirements

One MC, at least one BR (can co-exist on same router), max of 10 BRs CEF must be enabled At least two External interfaces; one Internal interface If more than one BR, internal interfaces must be directly connected Each BR must be in the traffic forwarding path; MC doesnt have to be Equal-cost Parent Routes must be present Destination Prefix: 10.1.1.0/24 MC / BR
ext int ext ext

BR 0.0.0.0/0
int

10.1.0.0/16
ext

MC / BR
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Basic PFR Deployment Options

Decide which prefixes or traffic classes are interesting the default is all traffic; ACLs can be used to get very granular Decide which mode to use observe is the default, and will generate syslog messages when traffic is out-of-policy (OOP). Control mode allows the MC to tell the BRs how to reroute OOP traffic so that they are back in-policy Decide which method of performance measurement to use: Passive monitoring uses only NetFlow data (NetFlow collection is automated) Active monitoring uses automated IP SLA streams Both is an option, and uses both Decide policy requirements can include packet loss, delay, link utilization, jitter, etc. Policies can overlap, so each must be configured with a priority and range of acceptable metrics

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26

 Docwiki Performance Routing Home

Technology Overview, Solution Guides, Troubleshooting Guides, FAQ http://docwiki.cisco.com/wiki/PfR:Home Performance Routing Technology Overview http://docwiki.cisco.com/wiki/PfR:Technology_Overview Performance Routing Solution Guides http://docwiki.cisco.com/wiki/PfR:Solutions Performance Routing Troubleshooting Guide http://docwiki.cisco.com/wiki/PfR:Troubleshooting

Configuration
Understanding Performance Routing
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-understand.html

Basic Configuration
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html

Advanced Configuration
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

27

PFR Lab
Two PFR instances Branch and Campus Branch Site VOIP ncy h e t a L dt Low Bandwi Low Campus Site

Branch MC/ BR T1

Campus BR 10.254.4.4 tunnel0

4G

High High Latenc y Ban dwid Data th

10.254.44.44

Campus MC/ BR

Traffic Class: VOIP Dest: 10.254.4.4 DSCP=46

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28