oer
OER outbound
07/11/10 16:14
OER can be used to manipulate outbound traffic too. Let’s check it.
This is the topology used.
R1 R2 R3 --> OSPF peers, network 10.0.123.0/24
R2 R3 --> BGP AS 100
R4 --> BGP AS400 peering with R2 and R4
R4 advertises prefix 4.4.4.4/32 via BGP to R2 and R3
We want R1 R2 R3 to use a connection to R4 based on reachability of tcp connection to 4.4.4.4 port 9999.
IP, IGP and BGP configurations are straightforward so let’s move to OER configuration.
We need a key for OER:
key chain OER
key 1
key-string CISCO
There are the commands to establish OER sessions between routers. R1 is MasterController , R2 and R3 are Borders:
R1#sh run | s oer master
oer master
logging
!
border 2.2.2.2 key-chain OER
interface FastEthernet0/0 internal
interface Serial0/0 external
!
border 3.3.3.3 key-chain OER
interface Serial0/0 external
interface FastEthernet0/0 internal
On R2 and R3:
oer border
logging
local Loopback0
master 1.1.1.1 key-chain OER
active-probe address source interface Serial0/0
We want to monitor prefix 4.4.4.4/32 so we need a prefix-list and a oer-map:
R1#sh ip prefix-list
ip prefix-list R4: 1 entries
seq 5 permit 4.4.4.4/32
R1#sh run | s oer-map
oer-map R4 10
! the prefix is matched by the prefix-list shown above
match traffic-class prefix-list R4
! this is the probe to monitor the prefix
set active-probe tcp-conn 4.4.4.4 target-port 9999
set probe frequency 4
On R4 we need a ip sla responder to answer the connections for oer border routers:
ip sla responder tcp-connect ipaddress 4.4.4.4 port 9999
On R4 we can debug connections to and from TCP 4.4.4.4 port 9999 to check when oer does the probes:
R4#sh access-list 100
Extended IP access list 100
10 permit tcp any host 4.4.4.4 eq 9999 (8496 matches)
20 permit tcp host 4.4.4.4 eq 9999 any (6084 matches)
Enable the debug:
deb ip packet 100
Now let’s enable OER on R1, these are the commands:
oer master
policy-rules R4
learn
periodic-interval 0
monitor-period 1
unreachable threshold 1
holddown 90
backoff 90 90
mode route control
mode monitor fast
mode select-exit good
OER now learns the prefix defined on oer-map and checks the active probe.
After some initial tests (remember, oer is slow) oer should choose a in-policy prefix like this:
R1#sh oer master prefix
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
Prefix State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
4.4.4.4/32 INPOLICY @0 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
21 20 0 0 0 0
N N
Let’s check BGP on borders:
R2#sh ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 60
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
2
400
10.0.24.4 from 10.0.24.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, best
R3#sh ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 60
Paths: (2 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Advertised to update-groups:
1
400
2.2.2.2 (metric 2) from 2.2.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 5000, valid, internal, best
400
10.0.34.4 from 10.0.34.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external
As we can see by the output, on R3 the local preference of prefix 4.4.4.4 with next hop 2.2.2.2 is set to 5000. This is the way oer influences the traffic to exit form AS100 to AS400 using the link on R2.
Now let’s check if the active probe works: on R4 s0/0 we filter traffic directed to ip 4.4.4.4. tcp port 9999:
deny tcp any host 4.4.4.4 eq 9999
permit ip any any
R1#sh oer master prefix
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
Prefix State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
4.4.4.4/32 INPOLICY @0 3.3.3.3 Se0/0 BGP
U U 0 0 0 0
19 18 0 0 0 0
N N
R1#sh oer master prefix
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
Prefix State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
4.4.4.4/32 HOLDDOWN @81 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
16 16 0 0 0 0
N N
And after 90 seconds the profile goes INPOLICY towards R2:
--------------------------------------------------------------------------------
4.4.4.4/32 INPOLICY @0 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
15 17 0 0 0 0
N N
Now let’s move the acl to R4 s0/0 and check what happens:
*Mar 1 02:57:42.315: OER MC PFX 4.4.4.4/32: Prefix timeout, state DEFAULT*
*Mar 1 02:57:42.327: OER MC PFX 4.4.4.4/32: PDP choose exit, prefix state = DEFAULT*, 0
*Mar 1 02:57:42.331: OER MC PFX 4.4.4.4/32: BR 3.3.3.3, Exit Se0/0, allowed unreachable 0, limit 1
*Mar 1 02:57:42.331: OER MC PFX 4.4.4.4/32: Best exit is 3.3.3.3 Se0/0, based on unreachable
*Mar 1 02:57:42.331: OER MC PFX 4.4.4.4/32: Check ACT REL delay: delay 8, policy 50%, notify FALSE
*Mar 1 02:57:42.331: OER MC PFX 4.4.4.4/32: Check ACT ABS unreachable: unreachable 0, policy 1, notify FALSE
*Mar 1 02:57:42.331: OER MC PFX 4.4.4.4/32: Start FWD on new exit, br = 3.3.3.3, i/f = Se0/0, nexthop 0.0.0.0, seq 371, proto 4, exact TRUE
We wait for the 90 seconds hold-down:
4.4.4.4/32 HOLDDOWN @90 3.3.3.3 Se0/0 BGP
U U 0 0 0 0
U U 0 0 0 0
N N
And now the prefix 4.4.4.4 is inpoilcy for border 3.3.3.3:
*Mar 1 02:59:18.707: OER MC PFX 4.4.4.4/32: PDP choose exit, prefix state = INPOLICY, 9
*Mar 1 02:59:18.707: OER MC PFX 4.4.4.4/32: Check ACT REL delay: delay 22, policy 50%, notify FALSE
*Mar 1 02:59:18.707: OER MC PFX 4.4.4.4/32: PDP choose exit, prefix state = INPOLICY, 0
*Mar 1 02:59:18.707: OER MC PFX 4.4.4.4/32: BR 3.3.3.3, Exit Se0/0, allowed unreachable 0, limit 1
*Mar 1 02:59:18.707: OER MC PFX 4.4.4.4/32: Best exit is 3.3.3.3 Se0/0, based on unreachable
R1#sh oer master prefix
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
Prefix State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
4.4.4.4/32 INPOLICY @0 3.3.3.3 Se0/0 BGP
U U 0 0 0 0
14 16 0 0 0 0
N N
Well done!
HTH
OER inbound
07/11/10 11:24
OER is a topic that should be simple in the CCIE R&S Lab. I’m trying to figure out what kind of tasks I can expect, inbound optimization can be one, so let’s lab it!
Topology used for the lab:
R1 is OER Master Controller, advertising a prefix 1.1.1.1/32.
R2 is a OER Border with two exit interfaces, s0/0 and s0/1.
R3 and R4 are on AS200, with R4 sending traffic to 1.1.1.1.
Task: since R2 interface s0/1 is receiving lot of traffic, OER should influence AS200 to use s0/0.
INITIAL CONFIGURATION
To make the traffic simulation faster and easier, both serial interfaces of R2 apply the command “load-interval 30” and on s0/1 “band 1”.
R1 IS THE MASTER CONTROLLER
R1#sh run | s oer master
oer master
!
border 2.2.2.2 key-chain OER
interface FastEthernet0/0 internal
interface Serial0/1 external
maximum utilization receive percentage 2
interface Serial0/0 external
maximum utilization receive percentage 2
!
learn
throughput
inside bgp
periodic-interval 1
monitor-period 1
aggregation-type bgp
no max range receive
mode route control
R2 IS BORDER
R2#sh run | s oer border
oer border
local Loopback0
master 1.1.1.1 key-chain OER
1) INITIAL STATUS
All traffic from R4 in AS200 to 1.1.1.1 comes from interface s0/1 on R2.
verify that R4 reaches 1.1.1.1 from it’s s0/0 interface:
R4#sh ip bgp
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 10.0.24.2 0 100 i
r>i3.3.3.3/32 3.3.3.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
2) TRAFFIC SIMULATION
A ping from R4 to 1.1.1.1:
R4# ping 1.1.1.1 so lo0 re 10000 timeout 2
Load on that interface gets high so the prefix goes to a holddown state:
R1#sh oer master prefix inside
OER Prefix Statistics:
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN 158 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 43 45
3) OER POLICY APPLIED
OER prepends a prefix towards R4 to make AS200 prefer path through R2 s0/0:
R4#sh ip bgp
BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
* 10.0.24.2 0 100 100 i
r>i3.3.3.3/32 3.3.3.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
Now all traffic from R4 in AS200 to prefix 1.1.1.1 comes from R2 s0/0, passing through R3.
4) REVERT THE POLICY
Now we set bandwidth on R2 s0/0 to 1k and s0/1 to 2Mbps. Next we generate some traffic from R4 to 1.1.1.1
R4# ping 1.1.1.1 so lo0 re 100000 timeout 2
Load on R2 s0/0:
R2#sh inte s0/0
Serial0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 10.0.23.2/24
MTU 1500 bytes, BW 1 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 255/255
R2 interface s0/1 is idle:
R2#sh inte s0/1
Serial0/1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 10.0.24.2/24
MTU 1500 bytes, BW 2000000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
We expect to see prefix 1.1.1.1 with R2 intf s0/0 go OOP and OER stop prepending as path towards R4. Let’s check if it works:
BEFORE
R1#sh oer master prefix inside
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 INPOLICY 0 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
N N N N 3 4
THE THE PREFIX GOES TO HOLDDOWN STATE
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN* 278 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
N N N N 41 39
AS PATH PREPEND ON R4 IS NO MORE ACTIVE
(I check it on R3 since R4 has the ping active)
R3#sh ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 4.4.4.4 0 100 0 100 i
*> 10.0.23.2 0 100 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
r>i4.4.4.4/32 4.4.4.4 0 100 0 i
R1 CHOSES R2 s0/1 AS BETTER INGRESS INTERFACE
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN* 149 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 54 51
AFTER A WHILE PREFIX 1.1.1.1 IS INPOLICY AGAIN
There’s no need to OER to do anything since all traffic from AS200 arrives from R2 s0/1 because of BGp routing decision.
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 INPOLICY* 0 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 80 81
HTH
Topology used for the lab:
R1 is OER Master Controller, advertising a prefix 1.1.1.1/32.
R2 is a OER Border with two exit interfaces, s0/0 and s0/1.
R3 and R4 are on AS200, with R4 sending traffic to 1.1.1.1.
Task: since R2 interface s0/1 is receiving lot of traffic, OER should influence AS200 to use s0/0.
INITIAL CONFIGURATION
To make the traffic simulation faster and easier, both serial interfaces of R2 apply the command “load-interval 30” and on s0/1 “band 1”.
R1 IS THE MASTER CONTROLLER
R1#sh run | s oer master
oer master
!
border 2.2.2.2 key-chain OER
interface FastEthernet0/0 internal
interface Serial0/1 external
maximum utilization receive percentage 2
interface Serial0/0 external
maximum utilization receive percentage 2
!
learn
throughput
inside bgp
periodic-interval 1
monitor-period 1
aggregation-type bgp
no max range receive
mode route control
R2 IS BORDER
R2#sh run | s oer border
oer border
local Loopback0
master 1.1.1.1 key-chain OER
1) INITIAL STATUS
All traffic from R4 in AS200 to 1.1.1.1 comes from interface s0/1 on R2.
verify that R4 reaches 1.1.1.1 from it’s s0/0 interface:
R4#sh ip bgp
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 10.0.24.2 0 100 i
r>i3.3.3.3/32 3.3.3.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
2) TRAFFIC SIMULATION
A ping from R4 to 1.1.1.1:
R4# ping 1.1.1.1 so lo0 re 10000 timeout 2
Load on that interface gets high so the prefix goes to a holddown state:
R1#sh oer master prefix inside
OER Prefix Statistics:
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN 158 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 43 45
3) OER POLICY APPLIED
OER prepends a prefix towards R4 to make AS200 prefer path through R2 s0/0:
R4#sh ip bgp
BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
* 10.0.24.2 0 100 100 i
r>i3.3.3.3/32 3.3.3.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
Now all traffic from R4 in AS200 to prefix 1.1.1.1 comes from R2 s0/0, passing through R3.
4) REVERT THE POLICY
Now we set bandwidth on R2 s0/0 to 1k and s0/1 to 2Mbps. Next we generate some traffic from R4 to 1.1.1.1
R4# ping 1.1.1.1 so lo0 re 100000 timeout 2
Load on R2 s0/0:
R2#sh inte s0/0
Serial0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 10.0.23.2/24
MTU 1500 bytes, BW 1 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 255/255
R2 interface s0/1 is idle:
R2#sh inte s0/1
Serial0/1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 10.0.24.2/24
MTU 1500 bytes, BW 2000000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
We expect to see prefix 1.1.1.1 with R2 intf s0/0 go OOP and OER stop prepending as path towards R4. Let’s check if it works:
BEFORE
R1#sh oer master prefix inside
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 INPOLICY 0 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
N N N N 3 4
THE THE PREFIX GOES TO HOLDDOWN STATE
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN* 278 2.2.2.2 Se0/0 BGP
U U 0 0 0 0
N N N N 41 39
AS PATH PREPEND ON R4 IS NO MORE ACTIVE
(I check it on R3 since R4 has the ping active)
R3#sh ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 4.4.4.4 0 100 0 100 i
*> 10.0.23.2 0 100 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
r>i4.4.4.4/32 4.4.4.4 0 100 0 i
R1 CHOSES R2 s0/1 AS BETTER INGRESS INTERFACE
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 HOLDDOWN* 149 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 54 51
AFTER A WHILE PREFIX 1.1.1.1 IS INPOLICY AGAIN
There’s no need to OER to do anything since all traffic from AS200 arrives from R2 s0/1 because of BGp routing decision.
Prefix (inside) State Time Curr BR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos
ActSDly ActLDly ActSUn ActLUn EBw IBw
--------------------------------------------------------------------------------
1.1.1.1/32 INPOLICY* 0 2.2.2.2 Se0/1 BGP
U U 0 0 0 0
N N N N 80 81
HTH