Documente Academic
Documente Profesional
Documente Cultură
Cisco IOS Optimized Edge Routing (OER) provides automatic route optimization and load distribution for multiple ISP and WAN connections. Cisco IOS OER is an integrated Cisco IOS solution that allows you to monitor IP traffic flows and then define policies and rules based on prefix performance, link load distribution, link cost, and traffic type. Cisco IOS OER provides active and passive monitoring systems, dynamic failure detection, and automatic path correction. Deploying Cisco IOS OER enables intelligent load distribution and optimal route selection in an enterprise network.
Feature History for Optimized Edge Routing
Modification This feature was introduced. Support for the following features was integrated into Cisco IOS Release 12.3(11)T:
Port and Protocol Based Prefix Learning allows you to configure a master controller to learn prefixes based on the protocol type and TCP or UDP port number. VPN IPSec/GRE Tunnel Optimization introduces the capability to configure IPSec/GRE tunnel interfaces as OER managed exit links. Only network based IPSec VPNs are supported.
12.3(14)T
Support for the following feature was integrated into Cisco IOS Release 12.3(14)T:
OER Support for Cost-Based Optimization and Traceroute Reporting introduces the capability to configure exit link policies based monetary cost and the capability to configure traceroute probes to determine prefix characteristics on a hop-by-hop basis.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Contents
Prerequisites for Cisco IOS Optimized Edge Routing, page 2 Restrictions for Cisco IOS Optimized Edge Routing, page 2 Information About Cisco IOS Optimized Edge Routing, page 3 How to Configure Cisco IOS Optimized Edge Routing, page 23 Configuration Examples for Cisco IOS Optimized Edge Routing, page 90 Additional References, page 102 Command Reference, page 104
Cisco Express Forwarding (CEF) must be enabled on all participating routers. Cisco IOS OER can be deployed on a single router. The router must have at least two egress interfaces that can carry outbound traffic and can be configured as OER managed exit links. These interfaces should connect to an ISP or be WAN connections (Frame-Relay, ATM, etc) at the edge of the enterprise network. The master controller should be deployed close to the border routers to minimize the communication response time between these devices. All border routers must be reachable by the master controller. The border routers should be close to each other in terms of hops and throughput. Routing protocol peering must be established in your network or static routing must be configured before Cisco IOS OER is deployed. If you have configured internal BGP (iBGP) on the border routers, iBGP peering must be established and consistently applied throughout your network. If an IGP is deployed in your network, static route redistribution must be configured with the redistribute static command. Interior Gateway Protocol (IGP) or static routing should also be applied consistently throughout an OER managed network; the border router should have a consistent view of the network.
Cisco IOS OER does not influence or control inter-domain routing or interfaces that are not under OER control, and Cisco IOS OER does not influence asymmetrical routing. Cisco IOS OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported. Cisco IOS OER can be configured to monitor and control outbound traffic only. Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported. When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the Routing Information Base (RIB), cannot be an address from the same subnet as the next hop on the other border router.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Interfaces that are configured to be under OER control can also carry multicast traffic. However, if the source of the multicast traffic comes from outside of the OER managed network and inbound multicast traffic is carried over OER managed exit links, the source multicast address should be excluded from OER control. Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported. Token Ring interfaces are not supported by Cisco IOS OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.
Cisco IOS Optimized Edge Routing Overview, page 3 Cisco IOS OER Network Components, page 5 Cisco IOS OER Managed Network, page 8 Cisco IOS OER Prefix Learning, page 9 Cisco IOS OER Monitoring, page 11 Cisco IOS OER Modes of Operation, page 13 Cisco IOS OER Routing Control, page 14 Cisco IOS OER Policy Configuration, page 16 VPN IPSec/GRE Tunnel Interface Optimization, page 21 Cisco IOS OER Logging and Reporting, page 22 Cisco IOS OER Deployment Configurations, page 22
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
packet loss, path availability, and traffic load distribution. Deploying Cisco IOS OER allows you to optimize network performance and link load utilization while minimizing bandwidth costs and reducing operational expenses.
Enterprise/Content Provider
Cisco IOS OER monitors and controls outbound traffic on the three border routers (BRs). It measures the packet response time and path availability from the egress interfaces on BR1, BR2 and BR3. Changes to exit link performance on the border routers are detected on a per-prefix basis. If the performance of a prefix falls below default or user-defined policy parameters, routing is altered locally in the enterprise network to optimize performance and to route around failure conditions that occur outside of the enterprise network. For example, an interface failure or network misconfiguration in the SP D network can cause outbound traffic that is carried over the BR2 exit interface to become congested or fail to reach the customer access network. Traditional routing mechanisms cannot anticipate or resolve these types of problem without intervention by the network operator. Cisco IOS OER can detect failure conditions and alter routing inside of the network to compensate.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Figure 2 shows a Cisco IOS OER managed enterprise network of a content provider. This figure shows that delay measurements are collected for monitored prefixes on the border routers. These statistics are collected by the border routers an then transmitted to the master controller.
Figure 2 Cisco IOS OER Optimizes for Performance
BR1 Master Master Controller Controller BR2 eBGP CR2 SLA B Server(s) BR3 iBGP and/or EIGRP, IS-IS, OSPF, RIP SLA C SP F
117770
SLA A SP A SP B
SP C
SP D
SP E 250ms
Client(s)
Content Consumer
Enterprise/Content Provider
For example, if a performance policy is defined that sets the delay threshold for a group of prefixes to less than or equal to 200 milliseconds (ms), as shown in Figure 2. Prefixes with a slower round-trip response time (or longer delay) will be considered to be out-of-policy. Routing is locally altered to bring the prefix to an in-policy state. In Figure 2, out-of-policy prefixes that use exit links on BR3 will be moved to BR1. The master controller monitors prefixes and exit links on the border routers. This allows the master controller to measure performance and detect failure conditions that occur outside of the network. When the master controller detects a performance change that brings a prefix out of policy, the master controller sends commands to the border routers to dynamically alter routing inside of the enterprise network to bring prefix performance back within default or user-defined policy. If all prefixes and exit links are in policy, the master controller continues to monitor the network and does not take any action.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
user-defined policies to alter routing to optimize prefixes and exit links. OER administration and control is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller does not need to be in the traffic forwarding path, but it must be reachable by the border routers. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Note
We recommend that the master controller is deployed as close as possible to the border routers to reduce communication response time.
External interfaces are configured as OER managed exit links to forward traffic. The physical external interface is enabled on the border router. The external interface is configured as an OER external interface on the master controller. The master controller actively monitors prefix and exit link performance on these interfaces. Each border router must have at least one external interface, and a minimum of two external interfaces are required in an OER managed network. Internal interfaces are used for only passive performance monitoring with NetFlow. No explicit NetFlow configuration is required. The internal interface is an active border router interface that connects to the internal network. The internal interface is configured as an OER internal l interface on the master controller. At least one internal interface must be configured on each border router. Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router. The local interface is identified as the source interface for communication with the master controller.
Tip
If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface. The following interface types can be configured as external and internal interfaces:
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Fast Ethernet Gigabit Ethernet HSSI Null POS Serial Tunnel VLAN
Note
VLAN interfaces can be configured only as internal interfaces. The following interface types can be configured as local interfaces:
Async BVI CDMA-Ix CTunnel Dialer Ethernet Group-Async Lex Loopback MFR Multilink Null Serial Tunnel Vif Virtual-PPP Virtual-Template Virtual-TokenRing
Note
A Virtual-TokenRing interface can be configured as a local interface. However, Token Ring interfaces are not supported and cannot be configured as external, internal, or local interfaces.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Exit link BR1 Statistics Master Controller Commands Border router ISP-B SLA B Statistics
117771
ISP-A SLA A
BR2
External interfaces are used to forward outbound traffic from the network and are used as the source for active monitoring. Internal interfaces are used for OER communication and used for passive monitoring. At least one external and one internal interface must be configured on each border router. At least two external interfaces are required in an OER managed network. A local interface is configured on the border router for communication with the master controller.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
the internal network. The preferred route alters default routing behavior so that out of policy prefixes are moved from over utilized exit links to under utilized exit links to bring prefixes and exit links in-policy, and thus optimizing the overall performance of the enterprise network.
An exact prefix (/32) A specific prefix length and any subset (for example, a /24 under a /16) A specific prefix and all more specific routes (le 32) All prefixes (0.0.0.0/0)
Traffic is excluded or included by configuring permit or deny statements in the IP prefix list.
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
For best performance, you should apply the most commonly referenced prefix lists and deny prefix lists to the lowest (or first) OER map sequences.
Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning
Port and Protocol Based Prefix Learning was introduced in Cisco IOS Release 12.3(11)T. This feature allows you to configure the master controller to learn traffic based on the protocol number or the source or destination port number, carried by TCP or UDP traffic. This feature provides a very granular filter that can be used to further optimize prefixes learned based on throughput and delay. Port and protocol based prefix learning allows you to optimize or exclude traffic streams for a specific protocol or the TCP port, UDP port, or range of port numbers. Traffic can be optimized for a specific application or protocol. Uninteresting traffic can be excluded, allowing you to focus router system resources, and reduce unnecessary CPU and memory utilization. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, the range of port numbers can be specified. Port and protocol prefix based learning is configured with the protocol command in OER Top Talker and Delay learning configuration mode. For a list of IANA assigned port numbers, refer to the following document:
http://www.iana.org/assignments/port-numbers http://www.iana.org/assignments/protocol-numbers
For a list of IANA assigned protocol numbers, refer to the following document:
Note
Over aggressive policy settings can cause a prefix or exit link to remain in the out-of-policy state.
10
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Note
OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported. Passive monitoring statistics are gathered and stored in a prefix history buffer that can hold a minimum of 60 minutes of information depending on whether the traffic flow is continuos. Cisco IOS OER uses this information to determine if the prefix is in policy based on the default or user-defined policies.
11
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Note
For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
Active Probe Types
Cisco IOS OER uses ICMP Echo probes, by default, when an active probe is automatically generated. The following types of active probes can be configured: ICMP EchoA ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity. TCP ConnectionA TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23. UDP EchoA UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number.
12
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address. If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and not restarted until a valid primary IP address is configured.
13
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
ISP interfaces BGP/Static Redistribution BR1 Master Controller Commands Border router ISP-B SLA B BGP/Static Redistribution BR2
117772
ISP-A SLA A
14
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
The border routers are enterprise edge routers. Routing protocol peering or static routing is established between the border routers and internal peers. The border routers advertise a default route to internal peers through BGP peering, static routing, or route redistribution into an Interior Gateway Protocol (IGP). The master controller alters default routing behavior in the OER managed network by sending control commands to the border routers to inject a preferred route into the internal network. When the master controller determines the best exit for a prefix, it sends a route control command to the border router with the best exit. The border router searches for a parent route for the monitored prefix. The BGP routing table is searched first and then the static routing table. This can be a default route for the monitored prefix. If a parent route is found that includes the prefix (the prefix may be equivalent or less specific) and points to the desired exit link by either the route to its nexthop or by a direct reference to the interface, a preferred route is injected into the internal network from the border router. OER injects the preferred route where the first parent is found. The preferred route can be an injected BGP route or an injected static route. The preferred route is learned by internal peers, which in turn recalculate their routing tables causing the monitored prefix to be moved to the preferred exit link. The preferred route is only advertised to the internal network and is not advertised to external peers.
Cisco IOS OER Routing: Border Router Peering with the Internal Network
The master controller alters default routing behavior in the OER managed network by injecting preferred routes into the routing tables of the border routers. The border routers peer with other routers in the internal network through BGP peering, BGP or static route redistribution into an IGP, or static routing. The border routers advertise the preferred route to internal peers. The border routers should be close to each other in terms of hops and throughput and should have a consistent view of the network; routing should be configured consistently across all border routers. The master controller verifies that a monitored prefix has a parent route with a valid next hop before it commands the border routers to alter routing. The border router will not inject a route where one does not already exist. This behavior is designed to prevent traffic from being blackholed because of an invalid next hop.
Note
When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on another border router.
Note
If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.
15
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Note
The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.
Cisco IOS OER Routing: Static Routing and Static Route Redistribution
Static routing or static route redistribution can be configured in the internal network. OER alters routing these types of network by injecting temporary static routes. The temporary static route replaces the parent static route. OER will in not inject a temporary static route where a parent static route does not exist. OER applies a default tag value of 5000 to identify the injected static route. In the case of the network where only static routing is configured, no redistribution configuration is required. In the case of a network where an IGP is deployed and BGP is not run on the border routers, static routes to border router exit interfaces must be configured, and these static routes must be redistributed into the IGP.
16
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Note
Fixed rateThis method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The monetary cost of the exit link is entered with the fee keyword.
17
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Tier-Based Billing
Tier-based with burstingThis method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The monetary cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword. The specific details of tier-based with bursting billing models vary by ISP. However, most ISPs use some variation of the following algorithm to calculate what an enterprise should pay in a tiered billing plan:
1. 2. 3. 4. 5. 6.
Gather periodic measurements of egress and ingress traffic carried on the Enterprise connection to the ISP network and aggregate the measurements to generate a rollup value for a rollup period. Generate one or more rollup values per billing period. Rank the rollup values for the billing period into a stack from the largest value to the smallest. Discard the top 5% of the rollup values from the stack to accommodate bursting. Apply the highest remaining rollup value in the stack to a tiered structure to determine a tier associated with the rollup value. Charge the customer based on a set cost associated with the determined tier.
Note
A billing policy must be configured and applied to prefixes in order for the master controller to perform cost-based optimization.
Cost Optimization Algorithm
At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:
Initial Period
The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.
Middle Period
The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards. Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.
18
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Last Period
The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.
Tip
When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
19
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Cisco IOS OER Policy Configuration: Applying Policies with an OER Map
The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes defined in an IP prefix list or to select learned prefixes policies that pass a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route map, and the OER map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route map at this point. There are two important distinctions:
Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence. An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the OER map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the oer-map with the lowest sequence number.
An OER map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for learned prefixes based on delay or based on throughput. The OER map applies the configuration of the set clause after a successful match occurs. Anther set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts. Policies applied by an OER map take effect after the current policy or operational timer expires. The OER map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command. Policies that are applied by an OER map do not override global policies and user-defined policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. These policies are only applied to prefixes that pass OER map match criteria.
Policy-Rules Configuration
The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps.
20
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Note
Central office
OER master
Providers
Internet
Frame Relay
Remote offices
This enhancement allows you to configure two-way VPN optimization. A master controller and border router process are enabled on each side of the VPN. Each site maintains a separate master controller database. VPN routes can be dynamically learned through the tunnel interfaces or can be configured. Prefix and exit link policies are configured for VPN prefixes through standard Cisco IOS OER configuration.
127263
21
Cisco IOS Optimized Edge Routing Configuration Information About Cisco IOS Optimized Edge Routing
Configuration A shows a network with two edge routers configured as border routers. The border router that peers with ISP2 is also configured to run a master controller process. This configuration is suitable for a small network with multiple edge routers that each provide an exit link to a separate external network. Configuration B shows two border routers and an master controller, each running on a separate router. This configuration is suitable for small, medium, and large networks. In this configuration, the master controller process is run on a separate Cisco router. This router performs no routing or forwarding functions. Although, routing and forwarding functions are not prohibited. Configuration C shows a single router that is configured to run a master controller and border router process. This configuration is suitable for a small network with a single router, such as a remote office or home network.
Cisco IOS OER Deployment Scenarios
Figure 6
Config A
BRs ISP1 MC
Config B
BRs
Config C
ISP1 ISP1
ISP2 MC/BR
ISP2
ISP2
22
116661
MC/BR
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
In each deployment scenario, a single master controller is deployed. The master controller does not need to be in the traffic forwarding path but must be reachable by the border routers. A master controller process can be enabled on router that is also configured to run a border router process.The master controller can support up to 10 border routers and up to 20 OER managed external interfaces. At least one border router process and two exit interfaces are required in an OER managed network.
Note
A Cisco router that is configured to run both a master controller and border router process will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation. See the following document for more information: Cisco Optimized Edge Routing CPU and Memory Performance Tests
Minimum Master Controller Configuration, page 24 (required) Minimum Border Router Configuration, page 29 (required) Configuring Prefix Learning, page 33 (optional) Manually Selecting Prefixes for Monitoring, page 36 (optional) Configuring Active Probing, page 38 (optional) Configuring the Source Address of an Active Probe, page 41 (optional) Configuring Traceroute Reporting, page 43 (optional) Configuring Prefix and Exit Link Policies, page 45 (optional) Configuring Cost-Based Optimization, page 50 (optional) Configuring Resolve Policies, page 52 (optional) Configuring Cisco IOS OER Modes of Operation, page 54 (optional) Configuring OER Policies with an OER Map, page 56 (optional) Configuring Policy Rules for OER Maps, page 63 (optional) Configuring iBGP Peering on the Border Routers, page 64 (optional) Configuring BGP Redistribution into an IGP on the Border Routers, page 67 (optional) Configuring Static Route Redistribution on the Border Routers, page 70 (optional) Configuring Static Route Redistribution into EIGRP, page 73 (optional) Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels, page 76 (optional) Verifying Cisco IOS OER Configuration, page 84 (optional) Using Cisco IOS OER Clear Commands, page 87 (optional) Using Cisco IOS OER Debug Commands, page 88 (optional)
Specific example configurations for each procedure follow each configuration table. Proceed to the Configuration Examples for Cisco IOS Optimized Edge Routing section to see more complex example deployment configurations.
23
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Communication is established between the master controller and the border router. The communication session is protected by key-chain authentication. Border routers are specified for OER control. Internal and external border router interfaces are specified. Passive monitoring is enabled (by default). Prefix learning based on outbound packet throughput is enabled. Route control mode monitoring is enabled.
Master Controller
OER administration is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller is not required to be in the traffic forwarding path but should be deployed near the border routers to minimize communication response time. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
24
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Communication between the master controller and the border router is protected by key-chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the Managing Authentication Keys section of the Cisco IOS IP Configuration Guide, Release 12.3.
Restrictions
Token Ring Interfaces are not Supported
Token Ring interfaces are not supported by OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal key chain name-of-chain key key-id key-string text exit exit oer master port port-number
10. logging 11. border ip-address [key-chain key-chain-name] 12. interface type number external 13. interface type number internal 14. exit 15. keepalive timer 16. mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference |
25
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
Example:
Router(config)# key chain OER
Key-chain authentication protects the communication session between the master controller and the border router. The key ID and key string must match in order for communication to be established. The key ID must match the key ID configured on the border router.
Step 4
key key-id
Example:
Router(config-keychain)# key 1
Step 5
key-string text
Example:
Router(config-keychain-key)# key-string CISCO
The authentication string must match the authentication string configured on the border router. Any encryption level can be configured.
Step 6
exit
Exits key chain key configuration mode, and enters key chain configuration mode.
Example:
Router(config-keychain-key)# exit
Step 7
exit
Exits key chain configuration mode, and enters Global configuration mode.
Example:
Router(config-keychain)# exit
Step 8
Enters OER master controller configuration mode to configure a router as a master controller.
Example:
Router(config)# oer master
A master controller and border router process can be enabled on the same router. For example, in a network that has a single router with two exit links to different service providers.
Step 9
port port-number
(Optional) Configures a dynamic port for communication between the master controller and border router.
Communication cannot be established until the same port number has been configured on both the master controller and the border router.
26
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Note
Example:
Router(config-oer-mc)# port 65534
Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.
Step 10
logging
Enables syslog event logging for a master controller or border router process.
Example:
Router(config-oer-mc)# logging
Step 11
Enters OER managed border router configuration mode to establish communication with a border router.
Example:
Router(config-oer-mc)# border 10.100.1.1 key-chain OER
An IP address is configured to identify the border router. At least one border router must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller. The value for the key-chain-name argument must match the key-chain name configured in Step 3. The key-chain keyword and argument must be entered when a border router is initially configured. However, this keyword is optional when reconfiguring an existing border router.
Note
Step 12
Example:
Router(config-oer-mc-br)# interface Ethernet 0/0 external
External interfaces are used to forward traffic and for active monitoring. A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 external interfaces can be controlled by single master controller. Configuring an interface as external also enters OER Border Exit configuration mode. In this mode you can configure maximum link utilization or cost-based optimization for the interface. Entering the interface command without the external or internal keyword, places the router in Global configuration mode and not OER Border Exit configuration mode. The no form of this command should be applied carefully so that active interfaces are not removed from the router configuration.
Tip
Note
27
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 13
interface type number internal
Example:
Router(config-oer-mc-br)# interface Ethernet 0/1 internal
Internal interfaces are used for passive monitoring only. Internal interfaces do not forward traffic. At least one internal interface must be configured on each border router.
Step 14
exit
Exits OER managed border router configuration mode, and enters OER master controller configuration mode.
Example:
Router(config-oer-mc-br)# exit
Step 15
keepalive timer
Example:
Router(config-oer-mc)# keepalive 10
(Optional) Configures the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received.
Step 16
mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
Configures route monitoring or route control on an OER master controller. The route keyword is used to enable control mode or observe mode.
Example:
Router(config-oer-mc)# mode route control
In control mode, the master controller analyzes monitored prefixes and implements changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes.
Step 17
learn
Enters OER Top Talker and Top Delay learning configuration mode to enable prefix learning.
Example:
Router(config-oer-mc)# learn
Step 18
throughput
Configures OER to learn the top prefixes based on the highest outbound throughput.
Example:
Router(config-oer-mc-learn)# throughput
The master controller uses the list of Top Talker prefixes to select the exit with the highest throughput when the periodic timer expires or immediately if a prefix becomes unreachable.
Step 19
end
Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.
Example:
Router(config-oer-mc-learn)# end
28
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Examples
The following configuration example, starting in Global configuration mode, shows the minimum configuration required to configure a master controller process to control an OER managed network: A key-chain configuration named OER is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
The master controller is configured to communicate with the 10.100.1.1 and 10.200.2.2 border routers. The keep alive interval is set to 10 seconds. Route control mode is enabled. Internal and external OER controlled border router interfaces are defined.
Router(config)# oer master Router(config-oer-mc)# keepalive 10 Router(config-oer-mc)# mode route control Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc-br)# exit Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc)# exit
What to Do Next
Border routers must be configured to complete the minimum configuration of the OER managed network. Proceed to the next section to see instructions for configuring the border routers.
Communication is established between the border router and master controller. The communication session is protected by key-chain authentication. A local interface is configured as the source for communication with the master controller. External interfaces are configured as OER managed exit links.
Border Router
The border router is an enterprise edge router with one or more exit links to an ISP or other participating network.
29
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process.
Interface Configuration
Each border router must have at least one external interface that is used to connect to an ISP or is used as an external WAN link. A minimum of two are required in an OER managed network. Each border router must have at least one internal interface. Internal interfaces are used for only passive performance monitoring with NetFlow. Internal interfaces are not used to forward traffic. Each border router must have at least one local interface. Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router.
Tip
If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
Restrictions
Internet Exchange Point over Broadcast Media
Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
30
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal key chain name-of-chain key key-id key-string text exit exit oer border port port-number
10. local type number 11. master ip-address key-chain key-chain-name 12. end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
Example:
Router(config)# key chain OER
Key-chain authentication protects the communication session between the both the master controller and the border router. The key ID and key string must match in order for communication to be established. The key ID must match the key ID configured on the master controller.
Step 4
key key-id
Example:
Router(config-keychain)# key 1
Step 5
key-string text
Example:
Router(config-keychain-key)# key-string CISCO
The authentication string must match the authentication string configured on the master controller. Any level of encryption can be configured.
Step 6
exit
Exits key chain key configuration mode, and enters key chain configuration mode.
Example:
Router(config-keychain-key)# exit
31
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 7
exit
Purpose Exits key chain configuration mode, and enters Global configuration mode.
Example:
Router(config-keychain)# exit
Step 8
Enters OER border router configuration mode to configure a router as a border router.
Example:
Router(config)# oer border
The border router must be in the forwarding path and contain at least one external and internal interface.
Step 9
port port-number
(Optional) Configures a dynamic port for communication between an OER master controller and border router.
Example:
Router(config-oer-br)# port 65535
Communication cannot be established until the same port number has been configured on both the border router and the master controller. Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.
Note
Step 10
Identifies a local interface on an OER border router as the source for communication with an OER master controller.
Tip
Example:
Router(config-oer-br)# local Ethernet 0/1
A local interface must be defined. A loopback should be configured when a single router is configured to run both a master controller and border router process.
Step 11
Enters OER managed border router configuration mode to establish communication with a master controller.
Example:
Router(config-oer-br)# master 192.168.1.1 key-chain OER
An IP address is used to identify the master controller. The value for the key-chain-name argument must match the key-chain name configured in Step 3.
Step 12
end
Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.
Example:
Router(config-oer-br)# end
Examples
The following configuration example, starting in Global configuration mode, shows the minimum required configuration to enable a border router: The key-chain configuration is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
32
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
The key-chain OER is applied to protect communication. An interface is identified to the master controller as the local source interface for OER communication.
Router(config)# oer border Router(config-oer-br)# local Ethernet 0/1 Router(config-oer-br)# master 192.168.1.1 key-chain OER Router(config-oer-br)# end
What to Do Next
Prefix learning based on the highest outbound throughput was enabled in the Minimum Master Controller Configuration section. Proceed to the next section to see more information about configuring and customizing prefix learning on the master controller.
Prefix learning based on highest outbound throughput or lowest delay time Port and protocol based prefix learning Prefix learning period timers and intervals Maximum number of prefixes that can be learned
Defaults
The following defaults are applied when a prefix learning is enabled:
Aggregation is performed based on a /24 prefix length Up to five host addresses are learned for active monitoring when a prefix is aggregated The top 100 traffic flows are learned The learning period is five minutes The interval between prefix learning periods is 120 minutes
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
enable configure terminal oer master learn aggregation-type bgp | non-bgp | prefix-length prefix-mask delay monitor-period minutes periodic-interval minutes
33
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
9.
10. protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range 11. throughput 12. exit
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Example:
Router(config)# oer master
Enters OER master controller configuration mode to configure a Cisco router as a master controller and to configure master controller policy and timer settings. Enters OER Top Talker and Top Delay learning configuration mode to configure prefix learning policies and timers. (Optional) Configures a master controller to aggregate learned prefixes based on traffic flow type.
Step 4
learn
Example:
Router(config-oer-mc)# learn
Step 5
Example:
Router(config-oer-mc-learn)# aggregation-type bgp
The bgp keyword configures prefix aggregation based on entries in the BGP routing table. This keyword is used if iBGP peering is enabled in the internal network. The non-bgp keyword configures learned prefix aggregation based on static routes. Entries in the BGP routing table are ignored when this keyword is entered. The prefix-length keyword configures aggregation based on the specified prefix length. The range of values that can be configured for this argument is a prefix mask from 1 to 32. The example configures BGP prefix aggregation.
Step 6
delay
(Optional) Enables prefix learning based on the lowest delay time (round-trip response time).
When this command is enabled, the master controller learn prefixes based on the lowest delay time. The master controller measures the delay for monitored prefixes when this command is enabled.
34
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Example:
Router(config-oer-mc-learn)# delay
The master controller uses the list of Top Delay prefixes to select the prefixes with the lowest delay time. The example configures a master controller to learn top prefixes based on the lowest delay.
Step 7
monitor-period minutes
Sets the time period that an OER master controller learns traffic flows.
Example:
Router(config-oer-mc-learn)# monitor-period 10
The length of time between monitoring periods is configured with the periodic-interval command. The number of prefixes that are learned is configured with the prefixes command. The example sets the length of each monitoring period to 10 minutes. The length of time of the learning period is configured with the monitor-period command. The number of prefixes that are learned is configured with the prefixes command. The example sets the time interval between monitoring periods to 20 minutes.
Step 8
periodic-interval minutes
Example:
Router(config-oer-mc-learn)# periodic-interval 20
Step 9
prefixes number
Sets the number of prefixes that the master controller will learn during the monitoring period.
Example:
Router(config-oer-mc-learn)# prefixes 200
The length of time of the learning period is configured with the monitor-period command. The length of time between monitoring periods is configured with the periodic-interval command. The example configures a master controller to learn 200 prefixes during each monitoring period.
Step 10
protocol protocol-number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
Configures the master controller to learn prefixes based on a protocol number, TCP or UDP port number, or a range of port numbers.
Filtering based on a specific protocol is configured with the protocol-number argument. TCP or UDP based filtering is enabled by configuring the tcp or udp argument. Port based filtering is enabled by configuring the port keyword. Port number ranges can be filtered based on greater-than or equal-to and less-than or equal-to filtering, or can be filtered by specifying a starting and ending port numbers with the range keyword. Prefix destination or source based filtering is enabled by configuring the dst or src keywords.
35
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
The example configures a master controller to learn EIGRP prefixes during each monitoring period.
Example:
Router(config-oer-mc-learn)# protocol 88
Step 11
throughput
Configures the master controller to learn the top prefixes based on the highest outbound throughput.
Example:
Router(config-oer-mc-learn)# throughput
When this command is enabled, the master controller will learn the top prefixes across all border routers according to the highest outbound throughput. The example configures a master controller to learn the top prefixes based on highest outbound throughput.
Step 12
exit
Exits OER Top Talker and Top Delay learning and configuration mode, and enters global configuration mode.
Example:
Router(config-oer-mc)# exit
What to Do Next
This section shows how to configure a master controller to automatically learn prefixes to monitor. Prefixes can also be manually selected for monitoring. Proceed to the next section to see information about manually importing prefixes.
An exact prefix (/32) A specific prefix length and any subset (for example, a /24 under a /16) A specific prefix and all more specific routes (le 32) All prefixes (0.0.0.0/0)
36
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
enable configure terminal ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value] oer-map map-name sequence-number match ip address prefix-list name end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value]
Example:
Router(config)# ip prefix-list PREFIXES seq 20 permit 192.168.1.0/24
A master controller can monitor and control an exact prefix of any length including the default route. The master controller acts only on the configured prefix. A master controller can monitor and control an inclusive prefix using the le 32 option. The master controller acts on the configured prefix and forces any more specific prefixes in the RIB to use the same exit. This option should not be needed in typical deployments, and should be applied carefully. The example creates an IP prefix list for OER to monitor and control the exact prefix, 192.168.1.0/24
Note
Step 4
oer-map map-name sequence-number
OER map operation is similar to that of route-maps. Only a single match clause can be configured for each oer-map sequence.
37
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Common and deny sequences should be applied to lowest oer-map sequence for best performance. The example creates an oer-map named IMPORT.
Example:
Router(config)# oer-map IMPORT 10
Step 5
Creates a prefix list match clause entry in an oer-map to apply OER policies.
Example:
Router(config-oer-map)# match ip address prefix-list PREFIXES
This command supports IP prefix lists only. The example configures the prefix list PREFIXES.
Step 6
end
Example:
Router(config-oer-map)# end
Examples
The following example creates an oer-map named PREFIXES that matches traffic defined in the IP prefix lists named EXCLUDE and IMPORT. The prefix-list named EXCLUDE defines a deny sequence for all prefixes or host routes in the 192.168.0.0/16 subnet. The master controller will exclude these prefixes from the master controller database. The prefix-list named IMPORT defines a permit sequence to manually import the exact prefix 10.4.9.0/24.
Router(config)# ip prefix-list seq 10 EXCLUDE deny 192.168.0.0/16 le 32 Router(config)# ip prefix-list seq 10 IMPORT permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map PREFIXES 10 Router(config-oer-map)# match ip address prefix-list EXCLUDE Router(config-oer-map)# exit Router(config)# oer-map PREFIXES 20 Router(config-oer-map)# match ip address prefix-list IMPORT Router(config-oer-map)# end
Tip
Notice that the deny prefix list is configured with the lowest oer-map sequence number. For best performance, all deny sequences should be configured in same prefix list and applied to the lowest oer-map sequence.
What to Do Next
Proceed to the next section to see information about configuring active probing.
38
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Defaults
The following defaults are applied when a active monitoring is enabled:
The border router collects up to five host addresses from the prefix for active probing when a prefix is learned or aggregated. Active probes are sent once per minute. ICMP probes are used to actively monitor learned prefixes.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
enable configure terminal oer master mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}} active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number} end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Example:
Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.
39
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 4
mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
The monitor keyword is used to configure active and/or passive monitoring. The example enables both active and passive monitoring.
Example:
Router(config-oer-mc)# mode monitor both
Step 5
active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
Example:
Router(config-oer-mc)# active-probe echo 10.5.5.55
Active probing measures delay and jitter of the target prefix more accurately than is possible with only passive monitoring. Active Probing requires you to configure a specific host or target address. Active probes are sourced from an OER managed external interfaces. This external interface may or may not be the preferred route for an optimized prefix. A remote responder with the corresponding port number must be configured on the target device when configuring an UDP echo probe or when configuring a TCP connection probe that is configured with a port number other than 23. The remote responder is configured with the ip sla monitor responder Global configuration command.
Step 6
end
Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Example:
Router(config)# end
Note
Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
Examples
ICMP Echo Example
The following example configures an active probe using an ICMP echo (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.
Router(config-oer-mc)# active-probe echo 10.4.9.1
The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.
Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23
40
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
The following example configures an active probe using UDP echo messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.
Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001
The following example configures an remote responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.
Border-Router(config)# ip sla monitor responder type udpEcho port 1001
The following example configures an remote responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured for TCP active probes that do not use the TCP well-known port number 23.
Border-Router(config)# ip sla monitor responder type tcpConnect port 49152
Note
A remote responder is required for TCP connection probes only when a port other than 23 is configured.
What to Do Next
If you need to configure a specific interface as the source for active monitoring, proceed to the next section for more information.
Defaults
The source IP address is used from the default OER external interface that transmits the active probe when this command is not enabled or if the no form is entered. If the interface is not configured with an IP address, the active probe will not be generated. If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address. If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and not restarted until a valid primary IP address is configured.
SUMMARY STEPS
1. 2.
41
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
3. 4. 5.
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer border
Enters OER border router configuration mode to configure a router as a border router.
Example:
Router(config)# oer border
Step 4
Example:
Router(config-oer-br)# active-probe address source interface FastEthernet 0/0
Step 5
end
Exits OER border router configuration mode, and enters Privileged EXEC mode.
Example:
Router(config-oer-br)# end
Example
The following example, starting in Global configuration mode, configures FastEthernet 0/0 as the active-probe source interface.
Router(config)# oer border Router(config-oer-br)# active-probe address source interface FastEthernet 0/0 Router(config-oer-br)# end
What to Do Next
Traceroute reporting can be enable to gather hop-by-hop delay, loss, reachability statistics. Proceed to the next section for more information.
42
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Defaults
When traceroute reporting is enabled, the default time interval between traceroute probes is 1000 milliseconds.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal oer master traceroute probe-delay milliseconds exit oer-map map-name sequence-number match oer learn delay | throughput set traceroute reporting [policy {delay | loss | unreachable}] end traceroute [exit-id | border-address | current] [now]]]
10. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy |
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Example:
Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.
43
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 4
traceroute probe-delay milliseconds
Example:
Router(config-oer-mc)# traceroute probe-delay 1000
Step 5
exit
Exits OER master controller configuration mode, and enters Global configuration mode.
Example:
Step 6
oer-map map-name sequence-number
Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
Example:
Router(config)# oer-map TRACE 10
Only one match clause can be configured for each oer-map sequence. The example creates and OER map named TRACEROUTE.
Step 7
Example:
Router(config-oer-map)# match oer learn delay
Can be configured to learn prefixes based on lowest delay or highest outbound throughput. Only a single match clause can be configured for each oer-map sequence. The example creates a match clause entry that matches traffic learned based on lowest delay. Monitored prefixes must be included in an OER map. These can be learned or manually selected prefixes. Entering this command with no keywords enables continuous monitoring. Entering this command the policy keyword enables policy-based trace route reporting.
Step 8
Example:
Router(config-oer-map)# set traceroute reporting
Step 9
end
Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Example:
Router(config-oer-map)# end
Step 10
show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
An on-demand traceroute probe is initiated by entering the current and now keywords. The current keyword displays the results of the most recent traceroute probe for the current exit. Traceroute probe results can be displayed for the specified border router exit by entering the exit-id or border-address keyword.
44
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
The example initiates an on-demand traceroute probe for the 10.5.5.55 prefix.
Example:
Router# show oer master prefix 10.5.5.5 traceroute now
Example
The following example, starting in Global configuration mode, configures continuous traceroute reporting for prefix learned based on delay:
Router(config)# oer master Router(config-oer-mc)# traceroute probe-delay 10000 Router(config-oer-mc)# exit Router(config)# oer-map TRACE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set traceroute reporting Router(config-oer-map)# end
The following example, starting in Privileged EXEC mode, initiates an on-demand traceroute probe for the 10.5.5.5 prefix:
Router# show oer master prefix 10.5.5.55 traceroute current now Path for Prefix: 10.5.5.0/24 Target: 10.5.5.5 Exit ID: 2, Border: 10.1.1.3 External Interface: Et1/0 Status: DONE, How Recent: 00:00:08 minutes old Hop Host Time(ms) BGP 1 10.1.4.2 8 0 2 10.1.3.2 8 300 3 10.5.5.5 20 50
What to Do Next
In the Minimum Master Controller Configuration section prefix learning based on highest outbound throughput is configured and only default prefix and exit link policies are enabled, using global settings. Proceed to the next section to configure and customize global prefix and exit link policies.
Prefix Policies
A prefix policy is a set of rules that govern the performance characteristics for a network address. The network address can be a single end point within a network or an entire subnet. A prefix is defined as any network number with a prefix mask applied to it. The performance characteristics that are managed by a prefix policy are reachability, delay, and packet loss.
45
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Note
Tip
When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
Note
Over aggressive settings can keep an exit link or prefix in an out-of-policy state.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal oer master backoff min-timer max-timer [step-timer] delay relative percentage | threshold maximum holddown timer loss relative average | threshold maximum max-range-utilization percent maximum periodic timer
46
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Example:
Router(config)# oer master
Step 4
Sets the backoff timer to adjust the time period for prefix policy decisions.
Example:
Router(config-oer-mc)# backoff 400 4000 400
The min-timer argument is used to set the minimum transition period in seconds. The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached.
Step 5
Example:
Router(config-oer-mc)# delay relative 800
The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The threshold keyword is used to configure the absolute maximum delay period in milliseconds. If the configured delay threshold is exceeded, then the prefix is out-of-policy. The example sets a delay threshold of 80 percent based on a relative average.
Step 6
holddown timer
Configures the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
OER does not implement policy changes while a prefix is in the holddown state. When the holddown timer expires, OER will select the best exit based on performance and policy configuration.
47
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
An an immediate route change will be triggered if the current exit for a prefix becomes unreachable. The example sets the prefix route dampening timer to 600 seconds.
Example:
Router(config-oer-mc)# holddown 600
Step 7
Sets the relative or maximum packet loss limit that OER will permit for an exit link.
Example:
Router(config-oer-mc)# loss relative 200
The relative keyword sets a relative percentage of packet loss based on a comparison of short-term and long-term packet loss percentages. The threshold keyword sets the absolute packet loss based on packets per million. The example configures the master controller to search for a new exit link when the relative percentage of packet loss is equal to or greater than 20 percent.
Step 8
Sets the maximum utilization range for all OER managed exit links for load distribution.
Example:
Router(config-oer-mc)# max-range-utilization 80
OER will equalizes traffic across all exit links by moving prefixes from over utilized or out-of-policy exits to in-policy exits. If exit link utilization is equal to or greater than the configured or default maximum utilization value, OER will select an optimal exit link to bring the affected prefixes back into policy. The example sets the maximum utilization range for OER managed exit links to 80 percent:
Step 9
periodic timer
Configures OER to periodically select the best exit link when the periodic timer expires.
Example:
Router(config-oer-mc)# periodic 300
When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links. The mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires. The example sets the periodic timer to 300 seconds. When the timer expires OER will select either the best exit or the first in-policy exit. Specifies the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm). If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.
Step 10
48
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Example:
Router(config-oer-mc)# unreachable relative 100
The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm. The example configures OER to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent.
Examples
Loss Policy Example
The following example configures the master controller to move prefixes to an in-policy exit link when the relative percentage of packet loss is equal to or greater than 20 percent:
Router(config-oer-mc)# loss relative 200
The following example sets the absolute delay threshold to 100 milliseconds:
Router(config-oer-mc)# delay threshold 100
The following example adjusts the period of time that the master controller holds prefixes during transition states and the period time that the prefix must use an exit before a new exit can be selected. The backoff command sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds. The holddown command sets the prefix route dampening timer to 10 minutes.
Router(config-oer-mc)# backoff 400 4000 400 Router(config-oer-mc)# holddown 600
The following example configures the master controller to evaluate OER managed exit links every 5 minutes and then move out-of-policy prefixes to the first in-policy exit.
Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good
The following examples configures the master controller to set the maximum utilization range for OER managed exit links to 40 percent:
Router(config-oer-mc)# max-range-utilization 40
What to Do Next
To configure exit link policies based on the monetary cost of the exit links in your network, proceed to the next section for more information.
49
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
enable configure terminal oer master border ip-address [key-chain key-chain-name] interface type number external cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]} end
7.
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Example:
Router(config)# oer master
Step 4
Enters OER managed border router configuration mode to establish communication with a border router.
Note
Example:
Router(config-oer-mc)# border 10.100.1.1 key-chain OER
The key-chain keyword is required only for initial border router configuration.
Step 5
Enters OER Border Exit configuration mode to configure a border router interface as an external interface.
Example:
Router(config-oer-mc-br)# interface Ethernet 0/0 external
50
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 6
cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]
Cost-based optimization supports fixed or tier based billing, inbound and outbound cost measurements, and very granular sampling. The calc keyword is used to configure how the fee is calculated. You can configure the master controller to combine ingress and egress samples, to first add and then combine, or to analyze ingress and egress samples separately. The discard keyword is used to configure the number of samples that are removed for bursty link usage. It is specified as a percentage or as an absolute value. If a sampling rollup is configured, the discard values also applies to the rollup. If the daily keyword is entered, samples are analyzed and discarded on a daily basis. At the end of the billing cycle, monthly sustained usage is calculated by averaging daily sustained utilization. The end keyword is used to configure the last day of the billing cycle. Entering the offset keyword allows you to adjust the end of the cycle to compensate for an service provider in a different zone. The fixed keyword is configured when the service provider bills for network access over the specified exit link at a flat rate. The fee keyword is optionally used to specify the exit link cost. The nickname keyword is used to apply label that identifies the service provider. The sampling keyword is used to configure the time intervals at which link utilization samples are gathered. By default, the link is sampled every five minutes. The rollup keyword is used to reduce the number of samples by aggregating them. All samples collected during the rollup period are averaged to calculate rollup utilization. The minimum number that can be entered for the rollup period must be equal to or greater than the number that is entered for the sampling period. The first example configures fee calculation based on combined ingress and egress samples. The second example sets 30 as the billing end date, and applies a three hour offset. The third example configures a tiered fee of 1000 at 100 percent utilization, a tiered fee of 900 at 90 percent utilization, and a tiered fee of 800 at 80 percent utilization.
Example:
Router(config-oer-mc-br-if)# cost-minimization calc combined
Example:
Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180
Example:
Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000 Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900 Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800
Note
51
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 7
end
Purpose Exits OER border exit configuration mode, and enters Privileged EXEC mode.
Example:
Router(config-oer-mc-br-if)# end
Examples
The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.
Router(config)# oer master Router(config-oer-mc)# border 10.5.5.55 key-chain key Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br-if)# cost-minimization nickname ISP1 Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180 Router(config-oer-mc-br-if)# cost-minimization calc separate Router(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60 Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000 Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900 Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800 Router(config-oer-mc-br-if)# exit
What to Do Next
To set the priority for multiple overlapping policies, proceed to the next section.
SUMMARY STEPS
1. 2.
52
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
3. 4. 5.
oer master resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage} end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Example:
Router(config)# oer master
Step 4
resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
Example:
Router(config-oer-mc)# resolve cost priority 1 Router(config-oer-mc)# resolve loss priority 2 variance 10 Router(config-oer-mc)# resolve delay priority 3 variance 20
This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision. The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to a policy. Setting the number 10 assigns the lowest priority. Each policy must be assigned a different priority number. The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. The example sets the priority for cost policies to 1, the priority for loss policies to 2 with a 10 percent variance, the priority for delay policies to 3 with a 20 percent variance. Variance cannot be configured for range or cost policies
Note
53
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 5
end
Purpose Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Example:
Router(config-oer-mc)# end
Examples
Resolve with Variance Policy Example.
The following example configures a resolve policy that sets delay to the highest priority, followed by loss, and then utilization. The delay policy is configured to allow a 20 percent variance., the loss policy is configured to allow a 30 percent variance, and the utilization policy is configured to allow a 10 percent variance.
Router(config-oer-mc)# resolve delay priority 1 variance 20 Router(config-oer-mc)# resolve loss priority 2 variance 30 Router(config-oer-mc)# resolve utilization priority 3 variance 10
What to Do Next
Observe mode monitoring was enabled in the Minimum Master Controller Configuration section. Proceed to the next section to see information about configuring and customizing the Cisco IOS OER mode of operation.
Observe Mode
Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.
Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.
Note
Route redistribution is required when control mode is enabled on the master controller.
54
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
SUMMARY STEPS
1. 2. 3. 4.
enable configure terminal oer master mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Example:
Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies. Configures route monitoring or route control on an OER master controller.
Step 4
mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
Example:
Router(config-oer-mc)# mode monitor both
The monitor keyword is used to configure active and/or passive monitoring. The first example enables both active and passive monitoring. The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example enable OER control mode.
Example:
Router(config-oer-mc)# mode route control
Example:
Router(config-oer-mc)# mode select-exit best
55
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered and the first in-policy exit when the good keyword is entered. The third example configures the master controller to select the best available exit for monitored prefixes.
Examples
The following example enables both active and passive monitoring, control mode, and sets the master controller to evaluate and select the first in-policy exit every 5 minutes. (The monitored prefix is moved only if the prefix is out-of-policy.) Active and passive monitoring is enabled with the mode monitor both command. Route control is enabled with the mode route control command. The time period between the exit selection process is configured with the periodic command. The selection of the first in-policy exit is configured with the mode select-exit good command.
Router(config)# oer master Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good
What to Do Next
Proceed to the next section to see information about configuring OER policies with an oer-map.
Note
Policies applied in an OER map do not override global policies. These policies are only applied to prefixes that match the oer-map match criteria.
Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence.
56
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the oer-map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the OER map with the lowest sequence number.
IP Prefix Lists
Cisco IOS OER supports three IP prefix configuration options for importing prefixes. The master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16). IP prefix list permit and deny statements are supported by Cisco IOS OER. An IP prefix list with a deny statement can be used to exclude a prefix or prefix length. Any prefix length can be specified for a deny IP prefix list.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value] oer-map {map-name} [sequence-number] match ip address {access-list name | prefix-list nam} match oer learn {delay | throughput} set backoff {min-timer max-timer} [step-timer] set delay {relative percentage | threshold maximum} set holddown {timer}
10. set loss {relative average | threshold maximum} 11. set periodic {timer} 12. set resolve {cost priority value | delay priority value variance percentage | loss priority value
variance percentage | range priority value | utilization priority value variance percentage}
13. set unreachable {relative average | threshold maximum}
57
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
IP prefix lists are used to manual select prefixes for monitoring by the master controller. A master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16). A prefix range can also be selected using the le keyword with a 32 bit prefix length. The prefixes specified in the IP prefix list are imported into the oer-map with the match ip address (OER) command. The example creates an IP prefix list that permits prefixes from the 10.4.9.0/24 subnet.
Example:
Router(config)# ip prefix-list OER seq 10 permit 10.4.9.0/24
Step 4
oer-map map-name sequence-number
Enters oer-map configuration mode to configure an OER map to apply policies to selected IP prefixes.
Example:
Router(config)# oer-map THROUGHPUT 10
Only one match clause can be configured for each oer-map sequence. Deny sequences must be defined in an IP prefix list and then applied with the match ip address (OER) command. The example creates an oer-map named THROUGHPUT.
Step 5
match ip address prefix-list prefix-list-name
Creates a prefix list match clause entry in an OER map to apply OER policies.
Example:
Router(config-oer-map)# match ip address prefix-list OER
This command supports IP prefix lists only. Only a single match clause can be configured for each OER map sequence. The example configures the prefix list named OER as match criteria in an OER map.
58
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 6
match oer learn delay | throughput
Purpose Creates a match clause entry in an OER map to match OER learned prefixes.
Example:
Router(config-oer-map)# match oer learn delay
Prefixes can be configured to learn prefixes based on lowest delay or highest outbound throughput. Only a single match clause can be configured for each OER map sequence. The example creates a match clause entry that matches traffic learned based on lowest delay.
Step 7
Creates a set clause entry to configure the backoff timer to adjust the time period for prefix policy decisions.
Example:
Router(config-oer-map)# set backoff 400 4000 400
The min-timer argument is used to set the minimum transition period in seconds. The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached. The example creates a set clause to configure the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds for traffic that is matched in the same oer-map sequence. The delay threshold can be configured as a relative percentage or as an absolute value for match criteria. The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The threshold keyword is used to configure the absolute maximum delay period in milliseconds. The example creates a set clause that sets the absolute maximum delay threshold to 2000 milliseconds for traffic that is matched in the same oer-map sequence.
Step 8
Example:
Router(config-oer-map)# set delay threshold 2000
Step 9
Creates a set clause entry to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
The prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. OER does not implement policy changes while a prefix is in the holddown state.
59
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Example:
Router(config-oer-map)# set holddown 400
The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes. An immediate route change will be triggered if the current exit for a prefix becomes unreachable. The example creates a set clause that sets the holddown timer to 400 seconds for traffic that is matched in the same oer-map sequence.
Step 10
Example:
Router(config-oer-map)# set loss relative 200
Creates a set clause entry to configure the relative or maximum packet loss limit that the master controller will permit for an exit link.
This command is used to configure an oer-map to configure the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy. The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss. The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost. The example creates a set clause that configures the relative percentage of acceptable packet loss to less than 20 percent for traffic that is matched in the same oer-map sequence.
Step 11
set mode {monitor {active | both | passive} | route {control | observe}| select-exit {best | good}}
Creates a set clause entry to configure monitoring, control, or exit selection settings for matched traffic.
Example:
Router(config-oer-map)# set mode monitor both
The monitor keyword is used to configured active and/or passive monitoring. The first example creates a set clause that enables both active and passive monitoring. The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example creates a set clause that enables OER control mode.
Example:
Router(config-oer-map)# set mode route control
60
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
Example:
Router(config-oer-map)# set mode select-exit best
The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered or the first in-policy exit when the good keyword is entered. The third example creates a set clause that configures the master controller to select the best available exit for matched prefixes.
Step 12
Creates a set clause entry to configure the time period for the periodic timer.
Example:
Router(config-oer-map)# set periodic 300
When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links. The set mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires. The example creates a set clause that configures the periodic timer to 300 seconds for traffic that is matched in the same OER map sequence.
Step 13
set resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
Creates a set clause entry to configure policy priority or resolve policy conflicts.
Example:
Router(config-oer-map)# set resolve delay priority 1 variance 10
This command is used to set priority for a policy type when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision. The priority keyword is used to specify the priority value. Configuring the number 1 assigns the highest priority to a policy. Configuring the number 10 assigns the lowest priority. Each policy must be assigned a different priority number. The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. Variance cannot be configured for range policies. The example creates set clause that configures the priority for delay policies to 1 for traffic learned based on highest outbound throughput. The variance is configured to allow a 10 percent difference in delay statistics before a prefix is determined to be out-of-policy.
61
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 14
set unreachable relative average | threshold maximum
Purpose Creates a set clause entry to configure the maximum number of unreachable hosts.
Example:
Router(config-oer-map)# set unreachable relative 100
This command is used to specify the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million, that a master controller will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy and searches for an alternate exit link. The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm. The example creates a set clause entry that configures the master controller to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent for traffic learned based on highest delay.
Examples
Imported Prefix Policy Example
The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This OER map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map SELECT_EXIT 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode select-exit good Router(config-oer-map)# set resolve utilization priority 1 variance 10
The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:
Router(config)# oer-map THROUGHPUT 20 Router(config-oer-map)# match oer learn throughput Router(config-oer-map)# set loss relative 10
62
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
What to do Next
An OER map configuration can also be applied in OER master controller configuration mode. Proceed to the next section to see more information.
Prerequisites
At least one oer-map must be configured before you can enable policy-rule support.
SUMMARY STEPS
1. 2. 3. 4. 5.
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Example:
Router(config)# oer master
Step 4
policy-rules map-name
Applies a configuration from an OER map to a master controller configuration in OER master controller configuration mode.
Reentering this command with a new oer-map name will immediately overwrite the previous configuration. This behavior is designed to allow you to quickly select and switch between predefined OER maps.
63
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Purpose
The example applies the configuration from the OER map named RED.
Example:
Router(config-oer-mc)# policy-rules RED
Step 5
end
Exits OER master controller configuration mode, and enters privileged EXEC mode.
Example:
Router(config-oer-mc)# end
Examples
The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the OER map configuration named BLUE under OER master controller mode:
Router(config-oer-map)# oer-map BLUE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set loss relative 900 Router(config-oer-map)# exit Router(config)# oer master Router(config-oer-mc)# policy-rules BLUE Router(config-oer-mc)# exit
What to Do Next
If iBGP peering is enabled in the internal network, proceed to the next section to see information about configuring iBGP redistribution from the border routers.
OER uses the BGP local preference attribute to set the preference for injected BGP prefixes. If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.
Injected Routes are not Advertised to External Networks
All OER injected routes remain local to an Autonomous System. The no-export community is automatically applied to inject routes to ensure that are not advertised to external networks.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
64
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
eBGP Peerings
The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.
Prerequisites
Peering must be Consistently Applied
Routing protocol peering must be established in your network and consistently applied to the border routers; the border routers should have a consistent view of the network.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
enable configure terminal router bgp as-number address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast] neighbor ip-address | peer-group-name remote-as as-number neighbor ip-address | peer-group-name activate neighbor ip-address | peer-group-name send-community [both | extended | standard] end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
Example:
Router(config)# router bgp 65534
Step 4
address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast]
Example:
Router(config-router)# address-family ipv4 unicast
65
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 5
neighbor ip-address | peer-group-name remote-as as-neighbor
Purpose Establishes BGP peering with the specified neighbor or border router.
Example:
Router(config-router)# neighbor 10.100.1.3 remote-as 65534
Step 6
Example:
Router(config-router)# neighbor 10.100.1.3 activate
Step 7
Configures the BGP routing process to send the BGP communities attribute to the specified neighbor.
Example:
Router(config-router)# neighbor 10.100.1.3 send-community standard
Each iBGP peer must be configured to send the standard BGP communities attribute.
Step 8
end
Example:
Router(config-router)# end
Examples
The following example, starting in Global configuration mode, establishes peering between two routers in autonomous system 65534. This example also configures the two routers to exchange the standard BGP communities attribute:
Border Router Configuration
Router(config)# router bgp 65534 Router(config-router)# neighbor 10.100.1.3 remote-as 65534 Router(config-router)# address-family ipv4 Router(config-router-af)# neighbor 10.100.1.3 activate Router(config-router-af)# neighbor 10.100.1.3 send-community standard
What to Do Next
If BGP is configured on the border routers and another IGP is deployed in the internal network, proceed to the next section to see information about configuring redistribution from BGP into the IGP. If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the Configuring Static Route Redistribution on the Border Routers section.
66
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
When redistributing BGP into any IGP, be sure to use IP prefix-list and route-map statements to limit the number of prefixes that are redistributed. Redistributing full BGP routing tables into an IGP can have a serious detrimental effect on IGP network operation.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value] route-map map-tag [permit | deny] [sequence-number] match ip address prefix-list prefix-list-name router bgp as-number bgp redistribute-internal exit router {eigrp as-number | is-is [area-tag] | ospf process-id | rip}
67
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
Any prefix length can be specified. The first longest match is processed in the IP prefix list. The examples creates a prefix list named PREFIXES. The first sequence permits the 10.200.2.0/24 subnet. The second sequence denies all other prefixes.
Example:
Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24
Example:
Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0
Step 4
Example:
Router(config)# route-map BGP permit 10
Step 5
Creates a prefix list match clause entry in a route-map to redistribute BGP prefixes.
Example:
Router(config-oer-map)# match ip address prefix-list PREFIXES
The example configures the prefix list named PREFIXES as match criteria in for the route-map.
Step 6
exit
Example:
Router(config-route-map)# exit
Step 7
Example:
Router(config)# router bgp 65534
Step 8
bgp redistribute-internal
Example:
Router(config-router)# bgp redistribute-internal
68
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 9
exit
Purpose Exits router configuration mode, and enters global configuration mode.
Example:
Router(config-router)# exit
Step 10
Example:
Router(config)# router ospf 1
Step 11
Example:
Router(config-router)# redistribute static route-map BGP subnets
The example configures the IGP to accept the redistributed BGP routes that pass through the route map. In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.
Note
Step 12
end
Example:
Router(config-router)# end
Examples
The following example, starting in Global configuration mode, configures the border router to redistribute BGP routes into the internal network and configures the IGP (OSPF) to accept redistributed BGP routes.
Border Router Configuration
Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24 Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0 Router(config)# ! Router(config)# route-map BGP permit 10 Router(config-route-map)# match ip address prefix-list PREFIXES Router(config-route-map)# exit Router(config)# router bgp 65534 Router(config-router)# bgp redistribute-internal
What to Do Next
If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the next section.
69
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP. If you use the tag value of 5000 for another routing function, you should use a different tag value for that function, or you can change the default static tag values by configuring the mode command in OER master controller configuration mode.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Static Routing without IGP Redistribution
If static routing is configured in your network and no IGP is deployed, OER will inject temporary static routes as necessary. No redistribution or other specific network configuration is required.
Supported Interior Gateway Protocols
Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) Intermediate System-to-Intermediate System (IS-IS) Routing Information Protocol (RIP)
Cisco IOS OER supports static route redistribution into EIGRP. However, it is configured differently. Proceed to the Configuring Static Route Redistribution into EIGRP section for more information.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. 2. 3.
enable configure terminal ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
70
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
4. 5. 6. 7. 8. 9.
route-map map-tag [permit | deny] [sequence-number] match tag tag-value [...tag-value] set metric metric-value exit router {is-is area-tag | ospf process-id | rip} redistribute static [metric metric-value] [route-map map-tag]
10. end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
Example:
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0
A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized.
Step 4
Example:
Router(config)# route-map STATIC permit 10
Step 5
Redistribute routes in the routing table that match the specified tag value.
Example:
Router(config-route-map)# match tag 5000
5000 must be configured for this tag value unless you have configured a different value with the mode command.
Step 6
Sets the metric value for prefixes that pass through the route map.
Example:
Router(config-route-map)# set metric -10
A metric value that is less than 1 must be configured in order for the OER injected static route to be preferred by default routing. The example set the metric value for the OER injected routes to -10.
71
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 7
exit
Purpose Exits route-map configuration mode, and enters global configuration mode.
Example:
Router(config-route-map)# exit
Step 8
Enters router configuration mode, and creates a routing process for the specified routing protocol.
Example:
Router(config)# router rip
Step 9
Example:
Router(config-router)# redistribute static route-map STATIC
The example configures the IGP to redistribute static routes injected from the REDISTRIBUTE_STATIC route map. In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.
Note
Step 10
end
Example:
Router(config-router)# end
Examples
The following example, starting in global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running RIP. The match tag command is match OER injected temporary static routes. The set metric command is used to set the preference of the injected static.
Border Router Configuration
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router rip Router(config-router)# network 192.168.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# redistribute static route-map STATIC
What to Do Next
If EIGRP is deployed in the internal network and BGP is not configured on the border routers, proceed to the next section for more information.
72
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP.
Parent Route Must Exist
Before injecting the temporary static route, the master controller verifies that a parent static route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop, as installed in the RIB, to an external network on each border router cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag] route-map map-tag [permit | deny] [sequence-number] match tag tag-value [...tag-value] exit router eigrp as-number no auto-summary network ip-address [wildcard-mask]
10. redistribute static [metric metric-value] [route-map map-tag] 11. distribute-list {acl-number | acl-name | prefix-list-name} out [interface-name | routing-process |
as-number]
12. end
73
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
Example:
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10
A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized. Under EIGRP, a tag is applied to the static route. The tag is then filtered through a route map.
Step 4
Example:
Router(config)# route-map BLUE deny 10
Two route map sequences are configured. One sequence is configured for static route redistribution and one to filter prefixes on egress interfaces.
Step 5
Redistribute routes in the routing table that match the specified tag value.
Example:
Router(config-route-map)# match tag 10
The first example matches the static route tag, and the second example matches the default OER tag value applied to injected temporary static routes.
Example:
Router(config-route-map)# match tag 5000
Step 6
exit
Example:
Router(config-route-map)# exit
Step 7
Example:
Router(config)# router eigrp 1
Step 8
no auto-summary
Example:
Router(config-router)# no auto-summary
74
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 9
network ip-address [wildcard-mask]
Example:
Router(config-router)# network 192.168.0.0 0.0.255.255
The network state must cover any interfaces and prefixes that need to be optimized for the internal network.
Step 10
The example configures the EIGRP to redistribute static routes that filter through the route map.
Example:
Router(config-router)# redistribute static route-map RED
Step 11
Example:
Router(config-router)# distribute-list
Step 12
end
Example:
Router(config-router)# end
Examples
The following example, starting in Global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running EIGRP:
Border Router Configuration
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 tag 10 Router(config)# ! Router(config)# route-map RED deny 20 Router(config-route-map)# match tag 10 Router(config-route-map)# exit Router(config)# route-map RED permit 30 Router(config-route-map)# exit Router(config)# route-map BLUE permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# exit Router(config)# route-map BLUE permit 20 Router(config-route-map)# exit Router(config)# route eigrp 1 Router(config-router)# no auto-summary Router(config-router)# redistribute static route-map RED Router(config-router)# network 10.0.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# network 192.168.0.0 Router(config-router)# distribute-list route-map BLUE out Ethernet 0 Router(config-router)# distribute-list route-map BLUE out Ethernet 1
75
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels
VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over GRE tunnel interfaces and protected with IPSec. Both GRE and multipoint GRE tunnels are supported. This task shows a sample IPSec VPN configuration example. In this example, the IPSec VPN is configured on the border router, and the tunnel interface is configured as an OER managed interface on the master controller. The following tasks are completed:
An IKE policy is defined A transforms set is configured A crypto profile is defined A crypto map is defined A GRE tunnel is configured Tunnel interfaces are configured as an OER managed external interfaces
Routing Prefixes that are Protected with IPSec over GRE Tunnels
The IPSec to GRE model allows a service provider to provide VPN services over the IP backbone. Both the central and remote VPN clients terminate per the IPSec-to-IPSec model. Prefixes are encapsulated using generic route encapsulation (GRE) tunnels. The GRE packet is protected by IPSec. The encapsulated prefixes are forwarded from the central VPN site to a customer headend router that is the other endpoint for GRE. The IPSec protected GRE packets provide secure connectivity across the IP backbone of the service provider network. For more information about configuring IPSec over GRE tunnels, refer to the Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs) published at the following URL: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
Prerequisites
76
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Routing protocol peering or static routing is configured in the OER managed network. Standard Cisco OER border router and master controller configuration is completed.
Restrictions
Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable configure terminal crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes} crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3] [transform4] mode transport [require] | tunnel exit crypto map map-name seq-num [ipsec-manual] set peer host-name | ip-address set transform-set transform-set-name [transform-set-name2...transform-set-name6]
10. match address [access-list-id | name] 11. exit 12. crypto map map-name local-address interface-id 13. crypto ipsec profile name 14. set transform-set transform-set-name [transform-set-name2...transform-set-name6] 15. exit 16. crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name}
[no-xauth]
17. crypto isakmp keepalive seconds [retries] [periodic | on-demand] 18. crypto isakmp policy priority 19. encryption {des | 3des | aes | aes 192 | aes 256} 20. authentication {rsa-sig | rsa-encr | pre-share} 21. exit 22. interface type number [name-tag] 23. ip address ip-address mask [secondary] 24. crypto map map-name [redundancy standby-name]
77
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
25. exit 26. interface type number [name-tag] 27. ip address ip-address mask [secondary] 28. bandwidth kbps | inherit [kbps] 29. tunnel source {ip-address | interface-type interface-number} 30. tunnel destination {host-name | ip-address} 31. tunnel protection ipsec profile name [shared] 32.
33. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] 34. access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit}
protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]
35. end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
Sets global lifetime values used when negotiating IPSec security associations.
Example:
Router(config)# crypto ipsec security-association lifetime kilobytes 530000000
The first example sets volume of traffic, in kilobytes, that can pass between IPSec peers for this security association. The second example sets the expiration timer, in seconds, for this security association.
Step 4
Enters crypto transform configuration mode to create or modify a transform setan acceptable combination of security protocols and algorithms.
Example:
Router(config)# crypto ipsec transform-set VPN_1 esp-des esp-3des esp-sha-hmac
The example specifies 56-bit DES, 168-bit DES, or SHA for authentication.
Step 5
Example:
Router(cfg-crypto-trans)# mode transport
The example sets the mode to transport. The default mode is tunnel. Under tunnel mode, the entire packet is protected. Under transport mode, only the payload is protected. Encapsulation is performed by GRE.
78
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 6
exit
Purpose Exits crypto transform configuration mode, and enters global configuration mode.
Example:
Router(cfg-crypto-trans)# exit
Step 7
Example:
Router(config)# crypto map TUNNEL 10 ipsec-isakmp
The example create a crypto map named TUNNEL, and configures IKE to establish the security association.
Step 8
Example:
Router(config-crypto-map)# set peer 10.4.9.81
Step 9
Specifies which transform sets can be used with the crypto map entry.
Example:
Router(config-crypto-map)# set transform-set VPN_1
Step 10
Specifies an extended access list to define IPSec peers for the crypto map entry.
Example:
Router(config-crypto-map)# match address 100
Step 11
exit
Exits crypto map configuration mode, and enters global configuration mode.
Example:
Router(config-crypto-map)# exit
Step 12
Example:
Router(config)# crypto map TUNNEL local-address FastEthernet 0/0
The example attaches the crypto map named TUNNEL to interface FastEthernet 0/0.
Step 13
crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name} [no-xauth]
Example:
Router(config)# crypto isakmp key 0 CISCO address 10.4.9.81 no-xauth
The example configures encryption level 0, and configures the router to not prompt the IPSec peer for extended authentication. However, any encryption level or authentication level can be specified.
Step 14
Allows the gateway to send dead peer detection (DPD) messages to the peer.
Example:
Router(config)# crypto isakmp keepalive 10
79
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 15
crypto isakmp policy priority
Purpose Define an Internet Key Exchange (IKE) policy, and enters ISAKMP policy configuration mode.
Example:
Router(config)# crypto isakmp policy 1
Step 16
Example:
Router(config-isakmp)# encryption 3des
Step 17
Example:
Router(config-isakmp)# authentication pre-share
Step 18
exit
Exits ISAKMP policy configuration mode, and enters global configuration mode.
Example:
Router(config-isakmp)# exit
Step 19
Defines the IPSec parameters that are to be used for IPSec encryption between two IPSec routers, and enters IPsec profile configuration mode.
Example:
Router(config)# crypto ipsec profile OER
Step 20
Specifies which transform sets can be used with the crypto map entry.
Example:
Router(ipsec-profile)# set transform-set VPN_1
The example specifies transform set named VPN_1. VPN_1 was configured in Step 4.
Step 21
exit
Exits IPsec profile configuration mode, and enters global configuration mode.
Example:
Router(ipsec-profile)# exit
Step 22
Example:
Router(config)# interface FastEthernet0/0
Step 23
Example:
Router(config-if) 255.255.255.0 ip address 10.4.9.14
Step 24
Example:
Router(config-if)# crypto map TUNNEL
The example specifies the crypto map named TUNNEL that was defined in Step 7.
80
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 25
exit
Purpose Exits interface configuration mode, and enters global configuration mode.
Example:
Router(config-if)# exit
Step 26
Example:
Router(config)# interface Tunnel0
Step 27
Example:
Router(config-if) 255.255.0.0 ip address 10.100.2.1
Step 28
Sets and communicates the current bandwidth value for an interface to higher-level protocols.
Example:
Router(config-if)# bandwidth 500 Router(config-if)# bandwidth inherit
Step 29
The source interface in the example was defined in Step 22. The interface name or IP address can be specified.
Example:
Router(config-if)# tunnel source 10.4.9.14
Step 30
Example:
Router(config-if)# tunnel destination 10.4.9.81
The IP address of the physical interface where the remote tunnel end point is attached is configured in this step. The IPSec profile named OER that is configured in the example was defined in Step 19.
Step 31
Example:
Router(config-if)# tunnel protection ipsec profile OER
Step 32
exit
Example:
Router(config-if)# exit
Step 33
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]
An extended access list is defined to permit only the GRE hosts. The access list in this example is referenced in the match address statement in Step 10.
Example:
Router(config)# access-list 100 permit gre host 10.4.9.14 host 10.4.9.81
81
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 34
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name] [permanent] [tag tag]
Example:
Router(config)# ip route 10.2.2.2 255.255.255.255 Tunnel0
Step 35
end
Example:
Router(config)# end
Examples
The following example, starting in global configuration mode, configures an IPSec/GRE tunnel on a border router. This example shows the configuration of one tunnel. Two tunnels must be configured in the OER managed network to enable the VPN IPSec/GRE Tunnel Optimization feature.
crypto ipsec security-association lifetime kilobytes 530000000 crypto ipsec security-association lifetime second 14400 crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit ! crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 ! crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address FastEthernet 0/0 ! crypto isakmp key 0 CISCO address 10.4.9.81 no-xauth crypto isakmp keepalive 10 crypto isakmp policy 1 encryption 3des authentication pre-share exit ! interface FastEthernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit !
82
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
ip route 10.100.2.2 255.255.255.255 Tunnel0 ! access-list 100 permit gre host 10.4.9.14 host 10.4.9.81 ! end
What to Do Next
Tunnel interfaces must be configured as OER managed external interfaces to complete this configuration task. Proceed to the next step table.
SUMMARY STEPS
1. 2. 3. 4. 5.
enable configure terminal oer master border ip-address key-chain key-chain-name interface type number external
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Step 3
Enters OER master controller configuration mode to configure a router as a master controller.
Example:
Router(config)# oer master
Step 4
Enters OER managed border router configuration mode to establish communication with a border router.
Example:
Router(config-oer-mc)# border 10.10.10.1 key-chain OER
An IP address is configured to identify the border router. A minimum of two border routers must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller.
83
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 5
interface type number external
Example:
Router(config-oer-mc-br)# interface Tunnel0 external
Serial and Ethernet interfaces are supported. External interfaces are used to forward traffic and for active monitoring. A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 interfaces can be controlled by single master controller. The example configures a GRE tunnel interface as an OER managed external interface.
Step 6
end
Exits OER managed border router configuration mode, and enters privileged EXEC mode.
Example:
Router(config-oer-mc-br)# end
Examples
The following example completes the configuration of VPN support on a master controller. Tunnel0 and Tunnel1 interfaces on the border router are configured as an OER managed external interfaces:
oer master border 10.10.10.1 key-chain OER interface Tunnel0 external interface Tunnel1 external end
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
enable show oer border show oer border active-probes show oer border passive cache {learned | prefix} show oer border passive prefixes show oer border routes bgp | static show oer master show oer master active-probes
84
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
9.
10. show oer master cost-minimization {billing-history | border ip-address [interface] | nickname 11. show oer master policy [sequence-number] [policy-name] | [default] 12. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy |
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
Displays information about a border router connection and OER controlled interfaces.
Example:
Router# show oer border
The output displays information about the border router and master controller connection status and border router interfaces.
Step 3
Displays connection status and information about active probes on a border router.
Example:
Router# show oer border active-probes
This command displays target active-probe assignment for a given prefix and the current probing status including the border router or border routers that are executing the active probes.
Step 4
Displays passive measurement information collected by NetFlow for monitored prefixes and traffic flows.
This command displays real-time prefix information collected from the border router through NetFlow passive monitoring. Entering the learned keyword displays learned prefixes. A maximum of 5 host addresses and 5 ports are collected for each prefix. The output will also show the throughput in bytes and the delay in milliseconds. Entering the prefix keyword displays the metrics captured for monitored prefixes. This information includes the number of packets and bytes per packet, the delay, the number of delay samples, the amount of packet loss, the number of unreachable flows, and the interfaces through which traffic flows travel. The output of this command displays prefixes monitored by NetFlow on the border router. The prefixes displayed in the output are sent from the master controller.
Step 5
Example:
Router# show oer border passive cache learned
Step 6
Example:
Router# show oer border passive prefixes
85
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 7
show oer border routes bgp | static
Example:
Router# show oer border routes bgp
This command is used to display information about OER controlled routes on a border router. You can display information about BGP routes or static routes. The output of this command displays information about the status of the master controller, border routers and OER controlled interfaces as well as default and user-defined policy settings.
Step 8
Example:
Router# show oer master
Step 9
Displays connection and status information about active probes on a master controller.
Example:
Router# show oer master active-probes
This command is used to display the current state of active probing. The output displays the probe type, status, and destination. The output of this command shows the status of all border router connections or a single border router connection. The output can be filtered to display information about a specific border router or interface, to display billing information, or to display information about the specified service provider.
Step 10
Example:
Router# show oer master border
Step 11
show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}
Example:
Router# show oer master cost-minimization border 10.1.1.1 Ethernet 0/0
Step 12
Example:
Router# show oer master policy
The output of this command displays global policy and policies configured with an oer-map.
Step 13
show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
Example:
Router# show oer master prefix
Step 14
Example:
Router# show oer master prefix-list list-name
86
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
SUMMARY STEPS
1. 2. 3. 4. 5.
enable clear oer border * clear oer master * clear oer master border * | ip-address clear oer master prefix * | prefix | learned
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
Example:
Router# clear oer border *
The border router and master controller will automatically reestablish communication after this command is entered.
Step 3
Resets a master controller process and all active border router connections.
Example:
Router# clear master *
The master controller will restart all default and user-defined processes and reestablish communication with active border routers after this command is entered.
Step 4
Resets an active border router connection or all connections with a master controller.
Example:
Router# clear oer master border *
Step 5
Example:
Router# clear oer master prefix *
87
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Caution
Debug commands can generate a substantial amount of output and use significant system resources. Debug commands should be used only as necessary for troubleshooting and should be used with caution in production networks.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
enable debug oer border debug oer border active-probe debug oer cc [detail] debug oer master border ip-address debug oer master collector [active-probes [detail [trace]]] | [netflow] debug oer master exit [detail] debug oer master learn debug oer master prefix [prefix] [detail]
10. debug oer master prefix-list list-name [detail] 11. debug oer master process
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Router> enable
Step 2
Example:
Router# debug oer border
This command is used to display debugging information about the OER border process, controlled routes and monitored prefixes.
Step 3
Displays debugging information for active probes configured on the local border router.
Example:
Router# debug oer border active-probe
88
Cisco IOS Optimized Edge Routing Configuration How to Configure Cisco IOS Optimized Edge Routing
Command or Action
Step 4
debug oer cc [detail]
Purpose Displays OER communication control debugging information for master controller and border router communication.
Example:
Router# debug oer cc
This command is used to display messages exchanged between the master controller and the border router. These messages include control commands, configuration commands, and monitoring information.
Step 5
Example:
Router# debug oer master border
The output displays information related to the events or updates from one or more border routers.
Step 6
Example:
Router# debug oer master collector
Step 7
Example:
Router# debug oer master exit
Step 8
Example:
Router# debug oer master learn
Step 9
Example:
Router# debug oer master prefix
Step 10
Example:
Router# debug oer master prefix-list
Step 11
Example:
Router# debug oer master process
89
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
Master Controller and Two Border Routers Deployment: Example, page 90 Master Controller and Border Router Deployed on a Single Router: Example, page 93 Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example, page 95
AS1
BR1
OER MC
iBGP
Internet
Enterprise network
The master controller performs no routing functions. BGP is deployed on the border routers and internal peers in the OER managed network. Each border router has an eBGP peering session with a different ISP. The eBGP peers (ISP border routers) are reachable through connected routes. Injected prefixes are advertised the internal network through standard iBGP peering.
OER MC Configuration
The following example, starting in Global configuration mode, shows the master controller configuration. Both active and passive monitoring is configured. Route control mode is enabled. The master controller is configured to analyze and move out of policy prefixes to first in-policy exit when the periodic timer expires. Automatic prefix learning is enabled. The master controller is configured to
90
127264
BR2
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
learn prefixes with the highest outbound throughput, the monitoring period is set to10 minutes, the number of prefixes learned during each monitoring period is set to 500, and the interval between monitoring periods is set to 20 minutes. The master controller is configured to aggregate BGP prefixes.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config)# oer master Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 1/1 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# mode select-exit good Router(config-oer-mc)# learn Router(config-oer-mc-learn)# throughput Router(config-oer-mc-learn)# monitor-period 10 Router(config-oer-mc-learn)# periodic-interval 20 Router(config-oer-mc-learn)# prefixes 500 Router(config-oer-mc-learn)# aggregation-type bgp Router(config-oer-mc-learn)# end
BR 1 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR1. EBGP peering is established with ISP 1 (192.168.1.1 AS2). Standard community exchange and iBGP peering is established with BR2 (10.200.2.2) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.1.1 remote-as 2 Router(config-router)# neighbor 10.200.2.2 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.1.1 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standard Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate
91
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
BR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR2. EBGP peering is established with ISP 2 (192.168.2.2 AS1). Standard community exchange and iBGP peering is established with BR2 (10.100.1.1) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.2.2 remote-as 3 Router(config-router)# neighbor 10.100.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community Router(config-router-af)# end
92
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
BR2
BR2 is configured as a border router. The internal network is running OSPF. Each border router peers with a different ISP. A static routes to the egress interface is configured on each border router. The static routes are then redistributed into OSPF. Injected prefixes are advertised through static route redistribution.
93
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Serial 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Ethernet 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# max-range-utilization percent 80 Router(config-oer-mc)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 0/0 Router(config)# ! Router(config)# route-map STATIC Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.0.0.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end
BR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration of BR 2. This router is configured to run only a border router process.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-border)# master 10.100.1.1 key-chain OER Router(config-oer-border)# local Ethernet3/3 Router(config-oer-border)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 2/2 Router(config)# ! Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.255.255.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end
94
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
OER Master Options BR1 SLA A F-VR1 BR2 F-VR2 Server(s) iBGP and/or EIGRP, OSPF, etc. Enterprise/VPN Head-end BR3 SLA C SP F Server(s) BR2 Transit Service Providers VPN Branches
126266
OER master
Two GRE tunnels are configured between each remote site and the central site. VPN prefixes are encapsulated in GRE tunnels. The GRE tunnels are protected by IPSec encryption. The examples in this section show the configuration for the central VPN site, VPN A, and VPN B.
95
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
! mode route control mode monitor both exit ! ip prefix VPN A permit <ip address> oer-map VPNA match ip address prefix-list VPNB set delay 800 set mode select-exit good exit ! ip prefix VPNB permit <ip address> oer-map VPNB match ip address prefix-list VPNC set delay 400 set loss relative 100 set resolve loss priority 1 variance 10 set mode select-exit best end
96
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
crypto isakmp policy 1 encryption 3des authentication pre-share exit ! interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit
97
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
encryption 3des authentication pre-share exit ! interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end
Note
The local border router process is enabled. Because the border router and master controller process is enabled on the same router, a loopback interface (192.168.0.1) is configured as the local interface.
oer border local Loopback0 master 192.168.0.1 key-chain BR1 ! oer master learn delay mode route control delay threshold 100 loss relative 200 periodic 300
98
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
mode select-exit good resolve loss priority 1 variance 20 resolve delay priority 2 variance 10 ! border 192.168.0.1 key-chain BR1 interface Serial0/0 internal interface Tunnel0 external interface Tunnel0 external exit ! crypto ipsec security-association lifetime kilobytes 530000000 crypto ipsec security-association lifetime second 14400 crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit ! crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 ! crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0 ! crypto isakmp key 0 CISCO address 10.4.9.81 no-xauth crypto isakmp keepalive 10 crypto isakmp policy 1 encryption 3des authentication pre-share exit ! interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit !
Note
A single tunnel configuration is show in this example. Two tunnels are required to configure VPN optimization.
99
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
VPN B Configuration: BR 1
The following example, starting in Global configuration mode, shows the configuration for BR 1:
key chain OER key 1 key-string CISCO ! oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER ! route-map REDISTRIBUTE_STATIC match tag 5000 set metric -10 exit ! router rip network 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATIC end ! crypto ipsec security-association lifetime kilobytes 530000000 crypto ipsec security-association lifetime second 14400 crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit ! crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 ! crypto ipsec profile OER
100
Cisco IOS Optimized Edge Routing Configuration Configuration Examples for Cisco IOS Optimized Edge Routing
set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0 ! crypto isakmp key 0 CISCO address 10.4.9.82 no-xauth crypto isakmp keepalive 10 crypto isakmp policy 1 encryption 3des authentication pre-share exit ! interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end
VPN B Configuration: BR 2
The following example, starting in Global configuration mode, shows the configuration for BR 2:
key chain OER key 1 key-string CISCO ! oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER exit ! route-map REDISTRIBUTE_STATIC match tag 5000 set metric -10 exit ! router rip network 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATIC exit ! crypto ipsec security-association lifetime kilobytes 530000000 crypto ipsec security-association lifetime second 14400 crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit ! crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 ! crypto ipsec profile OER set transform-set VPN_1
101
exit crypto map TUNNEL local-address Ethernet 0/0 ! crypto isakmp key 0 CISCO address 10.4.9.82 no-xauth crypto isakmp keepalive 10 crypto isakmp policy 1 encryption 3des authentication pre-share exit ! interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit ! interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end
Additional References
The following sections provide references related to Cisco IOS Optimized Edge Routing:
Related Documents
Related Topic Routing Protocol Commands Routing Protocol Configuration Tasks NetFlow IP SLAs System Logging Document Title
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3T Cisco IOS IP Configuration Guide, Release 12.3 Cisco IOS Switching Services Configuration Guide, Release 12.3 Cisco IOS IP SLA Configuration Guide Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3
102
Standards
Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. MIBs Link To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.
Technical Assistance
Description Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Link http://www.cisco.com/public/support/tac/home.shtml
103
Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3(14)T command reference publications. The commands in section are organized by configuration mode.
Global configuration commands
oer oer-map
active-probe backoff border default (OER) delay holddown keepalive (OER) learn logging loss max-range-utilization mode periodic (OER) policy-rules resolve shutdown (OER) unreachable
interface (OER)
cost-minimization max-xmit-utilization
104
active-probe address source local (OER) logging master port (OER) shutdown (OER)
match ip address (OER) match oer learn set backoff set delay set holddown set loss set mode set periodic set resolve set unreachable
clear commands
clear oer border * clear oer master * clear oer master border clear oer master prefix
debug commands
debug oer border debug oer border active-probe debug oer border learn debug oer border routes debug oer cc debug oer master border debug oer master collector debug oer master exit debug oer master learn debug oer master prefix
105
show commands
show oer border show oer border active-probes show oer border passive cache show oer border passive prefixes show oer border routes show oer master show oer master active-probes show oer master border show oer master cost-minimization show oer master policy show oer master prefix
106
oer
To enable a Cisco IOS Optimized Edge Routing (OER) process and configure a router as an OER border router or as an OER master controller, use the oer command in Global configuration mode. To disable a border router or master controller process and delete the OER configuration from the running-config file, use the no form of this command. oer border | master no oer border | master
Syntax Description
border master
Designates a router as a border router and enters OER border router configuration mode. Designates a router as a master controller and enters OER master controller configuration mode.
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The oer command is entered on a router to create a border router or master controller process to enable Cisco IOS Optimized Edge Routing (OER), which allows you to enable automatic outbound route control and load distribution for multihomed and enterprise networks. Configuring OER allows you to monitor IP traffic flows and then define policies and rules based on link performance and link load distribution to alter routing and improve network performance. An OER managed network consists of the following two components: Master ControllerThe master controller is a single router that coordinates all OER functions within an OER managed network. The master controller monitors outbound traffic flows using active or passive monitoring and then applies default and user-defined policies to alter routing to optimize prefixes and exit links. Most OER administration is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller is not required to be in the traffic forwarding path. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces. Border Router The border router is an enterprise edge router with one or more exit links to an ISP or other participating network. The border router participates in prefix monitoring and route optimization by reporting prefix and exit link information to the master controller and then enforcing policy changes received from the master controller. Policy changes are enforced by injected a preferred route into the network. The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process (for example, in a small network where all exit interfaces are managed on a single router).
107
Enabling a Border Router and Master Controller Process on the Same Router
A Cisco router can be configured to perform in dual operation and run a master controller process and border router process on the same router. However, this router will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation.
Disabling a Border Router or a Master Controller
To disable a master controller or border router and completely remove the process configuration from the running-config file, use the no form of this command in Global configuration mode. To temporarily disable a master controller or border router process, use the shutdown command in OER master controller or OER border router configuration mode. Entering the shutdown command stops an active master controller or border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Enabling Cisco IOS OER for Load Distribution
When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
Examples
The following example designates a router as a master controller and enters OER master configuration mode:
Router(config)# oer master
The following is an example of the minimum required configuration on a master controller to create an OER managed network: A key-chain configuration named OER is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
The master controller is configured to communicate with the 10.4.9.6 border router in OER master controller configuration mode. The communications port number is specified. The key-chain OER is applied to protect communication. Internal and external OER controlled border router interfaces are defined.
Router(config)# oer master Router(config-oer-mc)# port 65535 Router(config-oer-mc)# border 10.4.9.6 key-chain OER Router(config-oer-mc-br)# interface FastEthernet0/0 external Router(config-oer-mc-br)# interface FastEthernet0/1 internal Router(config-oer-mc-br)# exit
The following example designates a router as a border router and enters OER border router configuration mode:
Router(config)# oer border
108
The following is an example of the minimum required configuration to configure a border router in an OER managed network: The key-chain configuration is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
The communications port number is specified. The key-chain OER is applied to protect communication. An interface is identified as the local source interface to the master controller.
Router(config)# oer border Router(config-oer-br)# port 65535 Router(config-oer-br)# local FastEthernet0/0 Router(config-oer-br)# master 10.4.9.4 key-chain OER Router(config-oer-br)# end
Related Commands
Command active-probe active-probe address source backoff border default (OER) delay holddown keepalive (OER)
Description Configures an active probe for a target prefix. Configures an interface on a border router as the active-probe source. Sets the backoff timer to adjust the time period for prefix policy decisions. Enters OER managed border router configuration mode to configure a border router. Sets set an OER configuration command or all commands in a configuration mode to use default values. Configures prefix delay parameters. Configures the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. Configures the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received. Enters OER Top Talker and Top Delay learning configuration mode to configure OER to learn prefixes. Specifies the time interval for load calculation for the specified interface. Identifies a local interface on an OER border router as the source for communication with an OER master controller. Enables syslog event logging for an OER master controller or an OER border router process Sets the relative or maximum packet loss limit that OER will permit for an exit link. Establishes communication with a master controller. Sets the maximum utilization range for all OER managed exit links. Configures route monitoring or route control on an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes. Configures OER to periodically select the best exit.
learn load-interval local (OER) logging loss master max-range-utilization mode oer-map periodic (OER)
109
Description Configures a dynamic port for communication between an OER master controller and border router. Sets policy priority or resolves policy conflicts. Stops or starts an OER master controller or an OER border router process. Sets the maximum number of unreachable hosts.
110
active-probe
To configure an active probe for a target prefix, use the active-probe command in OER master configuration mode. To disable the active probe, use the no form of this command. active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number} no active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
Syntax Description
Specifies the target IP address of a prefix to actively monitor using ICMP echo (ping) messages. Specifies the target IP address of a prefix to actively monitor using TCP connection messages. The port number must be specified using the target-port keyword. If a number other than well-known port number 23 is specified, a remote responder with the corresponding port number must be configured on the target device with the ip sla monitor responder Global configuration command. Specifies the target IP address of the prefix to actively monitor using UDP echo messages. The port number must be specified using the target-port keyword, and a remote responder must be configured on the target device with the ip sla monitor responder Global configuration command. Specifies the destination port number for the active probe.
udp-echo ip-address
target-port number
Note
The ip sla monitor responder command was introduced in Cisco IOS Release 12.3(14)T. This command replaces the rtr responder command.
Defaults
Command Modes
Command History
Modification This command was introduced. The ip sla monitor responder command replaced the rtr responder command.
Usage Guidelines
The active-probe command is entered on a master controller. This command is used to optionally configure a master controller to command a border router to transmit active probes to a target IP address or prefix. The active probe is used to measure the jitter and delay (round-trip response time) of the target prefix to determine the performance of the current exit and to
111
detect if the prefix is out-of-policy. The border router collects these performance statistics from the active probe and transmits this information to the master controller, which uses this information to optimize the prefix and to select the best available exit based on default and user-defined policies. The performance information is applied to the most specific optimized prefix, which includes the active probe host address. If the prefix is optimized and currently using the best in-policy exit link, the master controller does not take any action. Active Probing requires you to configure a specific host or target address. The target address can have an Optimized Prefix Policy (OPP) or can be learned by OER through the NetFlow or Top Talker and Delay learning functionality. Active probes must be sent out of an OER managed external interface, which may or may not be the preferred route for an Optimized Prefix (OP). OER can be configured to use the following three types of active probes: ICMP EchoA ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity. TCP ConnectionA TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23. UDP EchoA UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number. OER uses Cisco IOS IP Service Level Agreements (SLAs), a standard feature in Cisco IOS software, to command a border router to transmit an active probe to the target address. No explicit IP SLAs configuration is required on the master controller or the border router. Support for IP SLAs is enabled by default when the OER process is created. However, a remote responder must be enabled on the target device when configuring an active probe using UDP echo messages or when configuring an active probe using TCP connection messages that are configured to use a port other than the TCP well-known port number 23. The remote responder is enabled by configuring the ip sla monitor responder Global configuration command on the target device.
Note
For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
Examples
The following example configures an active probe using an ICMP reply (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.
Router(config-oer-mc)# active-probe echo 10.4.9.1
The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.
Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23
The following example configures an active probe using UDP messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.
Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001
112
The following example configures a remote responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.
Border-Router(config)# ip sla monitor type udpEcho port 1001
The following example configures a remote responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured only for TCP active probes that use a port number other than well-known port number 23.
Border-Router(config)# ip sla monitor responder type tcpConnect port 2002
Related Commands
Command active-probe address source debug oer border debug oer master collector oer ip sla monitor responder show oer border active-probes show oer master active-probes
Description Configures an interface on a border router as the active-probe source. Displays general OER border router debugging information. Displays data collection debugging information for OER monitored prefixes. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enables an IP SLAs Responder for general IP SLAs operations. Displays connection and status information about active probes on an OER border router. Displays connection and status information about active probes on an OER master controller.
113
backoff
To set the backoff timer to adjust the time period for prefix policy decisions, use the backoff command in OER master controller configuration mode. To set the backoff timer to the default value, use the no form of this command. backoff min-timer max-timer [step-timer] no backoff
Syntax Description
min-timer
Sets the minimum value for the back-off timer. The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 300 seconds. Sets the maximum value for the back-off timer. The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 3000 seconds. (Optional) Sets the time period value for the step timer. The step timer is used to add time to the out-of-policy waiting period each time the back-off timer expires and OER is unable to find an in-policy exit.The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 300 seconds.
max-timer
step-timer
Defaults
OER uses the following default values if this command is not configured or if the no form of this command is entered: min-timer: 300 seconds max-timer: 3000 seconds step-timer: 300 seconds
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The backoff command is entered on an OER master controller. This command is used to adjust the transition period that the master controller holds an out-of-policy prefix. The master controller uses the prefix transition period to hold the out-of-policy prefix before moving the prefix to an in-policy state by selecting an in-policy exit. This command is configured with a minimum and maximum timer value and can be configured with an optional step timer. The min-timer argument is used to set the minimum transition period in seconds. If the current prefix is in-policy when this timer expires, no change is made and the minimum timer is reset to the default or configured value. If the current prefix is out-of-policy, OER will move the prefix to an in-policy and reset the minimum timer to the default or configured value.
114
The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. If all OER controlled prefixes are in an out-of-policy state and the value from the max-timer argument expires, OER will select the best available exit and reset the minimum timer to the default or configured value. The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached. If the maximum timer expires and all OER managed exits are out-of-policy, OER will install the best available exit and reset the minimum timer. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds:
Router(config-oer-mc)# backoff 400 4000 400
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an oer-map to set the backoff timer to adjust the time period for prefix policy decisions.
115
border
To enter OER managed border router configuration mode to establish communication with an OER border router, use the border command in OER master controller configuration mode. To disable communication with the specified border router, use the no form of this command. border ip-address [key-chain key-name] no border ip-address
Syntax Description
Specifies the IP address of the border router. (Optional) Specifies the key used to authenticate communication between the border router and the master controller. The authentication key must be specified during the initial configuration to establish communication but is not required to enter OER managed border router configuration mode.
Defaults
Border key-chain configuration is required during initial configuration. Once configured, the key-chain keyword is optional. OER observe mode passive monitoring is enabled by default when communication is established between an OER border router and master controller.
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The border command is entered on a master controller. This command is used to establish communication between a master controller and border router. Communication is established between the master controller and border router processes to allow the master controller to monitor and control prefixes and exit links. Communication must also be established on the border router with the master OER border configuration command. At least one border router must be configured to enable OER. A maximum of ten border routers can be configured to communicate with a single master controller. The IP address that is used to specify the border router must be assigned to a local interface on the border router and must be reachable by the master controller. Communication between the master controller and the border router is protected by key chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the Managing Authentication Keys section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4.
116
When the border command is entered, the router enters OER managed border router configuration mode. Local interfaces must be defined as internal or as external with the interface (OER) OER managed border router configuration command. A single OER master controller can support up to 20 interfaces.
Enabling a Border Router and Master Controller Process on the Same Router
A Cisco router can be configured to perform in dual operation and run a master controller process and border router process on the same router. However, this router will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation.
Examples
The following example defines a key chain named MASTER in Global configuration mode and then configures a master controller to communicate with the 10.4.9.6 border router. The master controller authenticates the border router using the defined key CISCO.
Router(config)# key chain MASTER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer master Router(config-oer-mc)# port 65535 Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.4.9.6 key-chain MASTER Router(config-oer-mc-br)# interface FastEthernet0/0 external Router(config-oer-mc-br)# interface FastEthernet0/1 internal Router(config-oer-mc-br)# exit
Related Commands
Command interface (OER) key key-string (authentication) key chain (IP) keepalive (OER)
Description Configures a border router interface as an OER-controlled external or internal interface. Identifies an authentication key on a key chain. Specifies the authentication string for a key. Enables authentication for routing protocols. Configures the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received. Establishes communication with an OER master controller. Enables an OER process and configures a router as an OER border router or as an OER master controller.
master oer
117
default (OER)
To set an OER configuration command or all commands in a configuration mode to use default values, use the default command in OER border router, OER managed border router, or OER master controller configuration mode. This command does not have a no form. default command-name
Syntax Description
command-name
Defaults
Sets configurable variables to the default value for the specified command or all commands in the specified configuration mode.
Command Modes
Global oer-map OER border router OER managed border router OER master controller
Command History
Release 12.3(8)T
Examples
The following example returns the backoff OER master controller configuration command to the default state:
Router(config-oer-mc)# default backoff
The following example returns all commands under the OER Top Talker and Top Delay learning configuration mode to their default states:
Router(config-oer-mc)# default learn
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
118
holddown
To configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use the holddown command in OER master controller configuration mode. To return the prefix route dampening timer to the default value, use the no form of this command. holddown timer no holddown
Syntax Description
timer
Specifies the prefix route dampening time period. The range for this argument is from 300 to 65535 seconds. The default value is 300 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300 seconds
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The holddown command is entered on a master controller. This command is used to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes. OER does not implement policy changes while a prefix is in the holddown state. A prefix will remain in a holddown state for the default or configured time period. When the holddown timer expires, OER will select the best exit based on performance and policy configuration. However, an immediate route change will be triggered if the current exit for a prefix becomes unreachable. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Examples
The following example sets the prefix route dampening timer to 600 seconds:
Router(config-oer-mc)# holddown 600
119
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an oer-map to set the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
120
keepalive (OER)
To configure the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received, use the keepalive command in OER master controller configuration mode. To return the keepalive timer to the default time interval, use the no form of this command. keepalive [timer] no keepalive
Syntax Description
timer
(Optional) Sets the keepalive time interval. The configurable range for this argument is from 0 to 1000 seconds. The default time interval is 5 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 5 seconds
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The keepalive command is entered on a master controller. The OER master controller sends keepalive packets to border routers to maintain master controller to border router connectivity. If no keepalive packets are received from a border router after the keepalive timer expires, the master controller will not maintain the connection.
Examples
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
121
learn
To enter OER Top Talker and Top Delay learning configuration mode to configure OER to learn prefixes, use the learn command in OER master controller configuration mode. To disable prefix learning, use the no form of this command. learn no learn
Syntax Description
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The learn command is entered on a master controller and is used to enter OER Top Talker and Top Delay learning configuration mode to configure a master controller to learn and optimize prefixes based on the highest throughput or the highest delay. Under the Top Talker and Delay learning configuration mode, you can configure prefix learning based on delay and throughput statistics. You can configure the length of the prefix learning period, the interval between prefix learning periods, the number of prefixes to learn, and the prefix learning based on protocol.
Examples
The following example enters OER Top Talker and Top Delay learning and configuration mode:
Router(config-oer-mc)# learn
Related Commands
Description Configures an OER master controller to aggregate learned prefixes based on traffic flow type. Configures OER to learn prefixes based on the lowest delay. Creates a match clause entry in an oer-map to match OER learned prefixes. Sets the time period that an OER master controller learns traffic flows. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets the time interval between prefix learning periods.
122
Description Configures an OER master controller to learn Top prefixes based on the protocol type or number Configures OER to learn the top prefixes based on the highest outbound throughput.
123
logging
To enable syslog event logging for an OER master controller or an OER border router process, use the logging command in OER master controller or OER border configuration mode. To disable OER event logging, use the no form of this command. logging no logging
Syntax Description
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The logging command is entered on a master controller or border router. System logging is enabled and configured in Cisco IOS software under Global configuration mode. The logging command in OER master controller or OER border router configuration mode is used only to enable or disable system logging under OER. OER system logging supports the following message types: Error MessagesThese messages indicate OER operational failures and communication problems that can impact normal OER operation. Debug MessagesThese messages are used to monitor detailed OER operations to diagnose operational or software problems. Notification MessagesThese messages indicate that OER is performing a normal operation. Warning MessagesThese messages indicate that OER is functioning properly but an event outside of OER may be impacting normal OER operation. To modify system, terminal, destination, and other system global logging parameters, use the logging commands in Global configuration mode. For more information about global system logging configuration, refer to the Troubleshooting and Fault Management section of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3.
Examples
124
Related Commands
Command clear logging clear logging xml logging buffered logging buffered xml logging console logging facility logging history logging history size logging host logging monitor logging monitor xml logging on logging synchronous
Description Clears messages from the logging buffer. Clears all messages from the XML-specific system message logging (syslog) buffer. Enables standard system message logging (syslog) to a local buffer and sets the severity level and buffer size for the logging buffer. Enables system message logging (syslog) and sends XML-formatted logging messages to the XML-specific system buffer. Limits messages logged to the console based on severity. Configures the syslog facility in which error messages are sent. Limits syslog messages sent to the routers history table and the SNMP network management station based on severity. Sets the maximum number of syslog messages that can be stored in the routers syslog history table. Logs messages to a syslog server host. Limits messages logged to the terminal lines (monitors) based on severity. Applies XML formatting to messages logged to the monitor connections. Globally controls (enables or disables) system message logging. Synchronizes unsolicited messages and debug output with solicited Cisco IOS software output and prompts for a specific console port line, auxiliary port line, or vty. Limits messages sent to the syslog servers based on severity level. Enables an OER process and configures a router as an OER border router or as an OER master controller. Displays the state of logging (syslog). Displays information about the system logging history table. Displays the state of XML-formatted system message logging, followed by the contents of the XML-specific buffer.
logging trap oer show logging show logging history show logging xml
125
loss
To set the relative or maximum packet loss limit that OER will permit for an exit link, use the loss command in OER master controller configuration mode. To return the packet loss limit to the default value, use the no form of this command. loss relative average | threshold maximum no loss
Syntax Description
relative average
Sets a relative percentage of packet loss based on a comparison of short-term and long-term packet loss percentages. The range of values that can be configured for this argument is a number from 1 to 1000. Each increment represents one tenth of a percent. Sets absolute packet loss based on packets per million. The range of values that can be configured for this argument is from 1 to 1000000 packets.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative average: 100 (10 percent packet loss)
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The loss command is used to specify the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link. The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss. The short-term measurement reflects the percentage of packet loss within a 5 minute time period. The long-term measurement reflects the percentage of packet loss within a 60 minute period. The following formula is used to calculate this value: Relative packet loss = ((short-term loss - long-term loss) / long-term loss) * 100 The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if long-term packet loss is 200 packets per million (PPM) and short-term packet loss is 300 PPM, the relative loss percentage is 50 percent. The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.
126
Examples
The following example configures the master controller to search for a new exit link if the difference between long and short term measurements (relative packet loss) is greater than 20 percent:
Router(config-oer-mc)# loss relative 200
The following example configures OER to search for a new exit link when 20,000 packets have been lost:
Router(config-oer-mc)# loss threshold 20000
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets policy priority or resolves policy conflicts. Configures an oer-map to set the relative or maximum packet loss limit that OER will permit for an exit link.
127
max prefix
To set the maximum number of prefixes that the master controller will monitor or learn, use the max prefix command in OER master controller configuration mode. To return the master controller to default behavior, use the no form of this command. max prefix total number [learn number] no max prefix total
Syntax Description
total number
Sets the total number of prefixes that the master controller monitor. The range of values that can be entered for this argument is a number from 1 to 5000. (Optional) Sets the total number of prefixes that the master controller will learn. The range of values that can be entered for this argument is a number from 1 to 2500.
learn number
Command Default
OER uses the following default value if this command is not configured or if the no form of this command is entered: total number: 5000 learn number: 2500
Command Modes
Command History
Release 12.3(14)T
Usage Guidelines
The max prefix command is entered on a master controller. This command is used to limit the number of prefix that a master controller will monitor and learn to reduce memory and system resource consumption. For more information about memory and system resource consumption, see the following document:
Note
If you configure a lower value for the total keyword than the learn keyword, the value for the total keyword will also set the maximum number of prefixes that a master controller will learn.
Examples
The following example configures OER to monitor a maximum of 3000 prefixes and to learn a maximum of 1500 prefixes:
Router(config)# oer master Router(config-oer-mc)# max prefix total 3000 learn 1500
128
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
129
max-range-utilization
To set the maximum utilization range for all OER managed exit links, use the max-range-utilization command in OER master controller configuration mode. To return the maximum utilization range to the default value, use the no form of this command. max-range-utilization percent maximum no max-range-utilization
Syntax Description
percent maximum
Sets the maximum percentage of exit link utilization. The range for this argument is from 1 to 100 percent.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: percent maximum: 20
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The max-range-utilization command is configured on a master controller. This command is used to set maximum link utilization on external interfaces on OER border routers. OER uses the maximum utilization range to determine if exit links are in-policy. OER will equalize outbound traffic across all exit links by moving prefixes from over utilized or out-of-policy exits to in-policy exits. If exit link utilization is equal to or greater than the configured or default maximum utilization value, OER will select an optimal exit link to bring the affected prefixes back into policy.
Examples
The following example sets the maximum utilization range for OER managed exit links to 80 percent:
Router(config-oer-mc)# max-range-utilization 80
Related Commands
Description Configures maximum utilization on a single OER managed exit link. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets policy priority or resolves policy conflicts.
130
mode
To configure route monitoring or route control on an OER master controller, use the mode command in OER master controller configuration mode. To return the OER master controller to the default monitoring state, use the no form of this command. mode monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value | observe} | select-exit {best | good} no mode monitor | route {control | metric {bgp | static} | observe} | select-exit
Syntax Description
monitor active both passive route control metric bgp local-pref preference static tag value observe select-exit best good
Enables the configuration of OER monitoring settings. Enables active monitoring. Enables both active and passive monitoring. Enables passive monitoring. Enables the configuration of OER route control policy settings. Enables automatic route control. Enables the configuration of route control based on the BGP local-preference or for specific static routes. Sets the BGP local preference for OER controlled routes. The value for the preference argument is a number from 1 to 65535. Applies a tag to a static route under OER control. The value for the value argument is a number from 1 to 65535. Configures OER to passively monitor and report without making any changes. Enables the exit selection based on performance or policy Configures OER to select the best available exit based on performance or policy. Configures OER to select the first exit that is in-policy.
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered: Monitoring: Both active and passive monitoring is enabled. Route control: Observe mode route control is enabled. Exit Selection: The first in-policy exit is selected.
Command Modes
Command History
Release 12.3(8)T
131
Usage Guidelines
The mode command is entered on a master controller. This command is used to enable and configure control mode and observe mode settings and is used to configure passive monitoring and active monitoring. A prefix can be both passively and actively monitored.
Observe Mode
Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.
Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.
Passive Monitoring
The master controller passively monitors IP prefixes and TCP traffic flows. Passive monitoring is configured on the master controller. Monitoring statistics are gathered on the border routers and then reported back to the master controller. OER uses NetFlow to collect and aggregate passive monitoring statistics on a per prefix basis. No explicit NetFlow configuration is required. NetFlow support is enabled by default when passive monitoring is enabled. OER uses passive monitoring to measure the following information: DelayOER measures the average delay of TCP flows for a prefix. Delay is the measurement of the time between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement. Packet LossOER measures packet loss by tracking TCP sequence numbers for each TCP flow. OER estimates packet loss by tracking the highest TCP sequence number. If a subsequent packet is received with a lower sequence number, OER increments the packet loss counter. ReachabilityOER measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement. ThroughputOER measures outbound throughput for optimized prefixes. Throughput is measured in bits per second (bps).
Note
OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported.
Active Monitoring
OER uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows OER to be configured to send active probes to target IP addresses to measure the jitter and delay to determine if a prefix is out-of-policy and to determine if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. The master controller uses this information to optimize the prefix and select the best available exit based on default and user-defined policies. The active-probe command is used to create an active probe.
132
The master controller can be configured to select a new exit for an out-of-policy prefix based on performance or policy. You can configure the master controller to select the first in-policy exit by entering the good keyword, or you can configure the master controller to select the best exit with the best keyword.
Examples
The following example configures the master controller to select the first in-policy exit:
Router(config-oer-mc)# mode select-exit good
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets policy priority or resolves policy conflicts. Configures an oer-map to configure route monitoring, route control, or exit selection for matched traffic.
133
periodic (OER)
To configure OER to periodically select the best exit link, use the periodic command in OER master controller configuration mode. To disable periodic exit selection, use the no form of this command. periodic timer no periodic
Syntax Description
timer
Sets the length of time for the periodic timer. The value for the timer argument is from 180 to 7200 seconds.
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The periodic command is entered on a master controller. This command is used to configure the master controller to evaluate and then make policy decisions for OER managed exit links. When the periodic timer expires, the master controller evaluates current exit links based on default or user-defined policies. If all exit links are in-policy, no changes are made. If an exit link is out-of-policy, the affected prefixes are moved to an in-policy exit link. If all exit links are out-of-policy, the master controller will move out-of-policy prefixes to the best available exit links. In control mode, the master controller can be configured to select the first in-policy exit, when this timer expires, by configuring the mode select-exit good command or can be configured to select the best available in-policy exit by configuring the mode select-exit best command. The periodic timer is reset to the default or configured value each time the timer expires. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example sets the periodic timer to 300 seconds. When the timer expires OER will select either the best exit or the first in-policy exit.
Router(config-oer-mc)# periodic 300
134
Related Commands
Description Configures route monitoring or route control on an OER master controller. Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an oer-map to set the time period for the periodic timer.
135
policy-rules
To apply a configuration from an oer-map to a master controller configuration, use the policy-rules command in OER master controller configuration mode. To remove a configuration applied by the policy-rules command, use the no form of this command. policy-rules map-name no policy-rules
Syntax Description
map-name
Defaults
Command Modes
Command History
Release 12.3(11)T
Usage Guidelines
The policy-rules command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps. The policy-rules command is entered on a master controller. This command is used to apply the configuration from an oer-map to a master controller configuration in OER master controller configuration mode. Reentering this command with a new oer-map name will immediately overwrite the previous configuration. This behavior is designed to allow you to quickly select and switch between predefined oer-maps.
Examples
The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the oer-map configuration named BLUE under OER master controller mode:
Router(config)# oer-map BLUE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set loss relative 900 Router(config-oer-map)# exit Router(config)# oer master Router(config-oer-mc)# policy-rules BLUE Router(config-oer-mc)# end
136
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
137
resolve
To set the priority of a policy when multiple overlapping policies are configured, use the resolve command in OER master controller configuration mode. To disable the policy priority configuration, use the no form of this command. resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage} no resolve {cost | delay | loss | range | utilization}
Syntax Description
Specifies policy priority settings for cost optimization. Specifies policy priority settings for packet delay. Specifies policy priority settings for packet loss. Specifies policy priority settings for range. Specifies policy priority settings for exit link utilization. Sets the priority of the policy. The configurable range for this argument is from 1 to 10. Setting the number 1 has the highest priority, and setting the number 10 has the lowest priority. Sets the allowable variance for the policy. The configurable range of this argument is from 1 to 100 percent.
variance percentage
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered: unreachable: highest priority delay: 11 utilization: 12
Note
An unreachable prefix will always have the highest priority regardless of any other settings. This is designed behavior and cannot be overridden, as an unreachable prefix indicates an interruption in a traffic flow.
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The resolve command is entered on a master controller. This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.
138
The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to a policy. Setting the number 10 sets the lowest priority. Each policy must be assigned a different priority number. If you try to assign the same priority number to 2 different policy types, an error message will be printed in the console. By default, delay has a priority value of 11 and utilization has a priority value of 12. These values can be overridden by specifying a value from 1 to 10. The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal.
Note
Examples
The following example sets the priority for delay policies to 1 and sets the allowable variance percentage to 20 percent:
Router(config-oer-mc)# resolve delay priority 1 variance 20
The following example sets the priority for loss policies to 2 and sets the allowable variance percentage to 30 percent
Router(config-oer-mc)# resolve loss priority 2 variance 30
The following example sets the priority for link utilization policies to 4 and sets the allowable variance percentage to 10 percent:
Router(config-oer-mc)# resolve utilization priority 4 variance 10
Related Commands
Description Configures OER to learn prefixes based on the lowest delay. Sets the relative or maximum packet loss limit that OER will permit for an exit link. Configures route monitoring or route control on an OER master controller. Sets the maximum utilization range for all OER managed exit links Configures maximum utilization on a single OER managed exit link. Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master policy Displays user-defined and default policy settings on an OER master controller.
139
shutdown (OER)
To stop an OER master controller or OER border router process without removing the OER process configuration, use the shutdown command in OER master controller or OER border router configuration mode. To start a stopped OER process, use the no form of this command. shutdown no shutdown
Syntax Description
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The shutdown command is entered on a master controller or border router. Entering the shutdown command stops an active master controller or border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled. To disable a master controller or border router and completely remove the process configuration from the running-config file, use the no oer master or no oer border command in Global configuration mode.
Examples
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
140
traceroute probe-delay
To set the time interval between traceroute probe cycles, use the traceroute command in OER master controller configuration mode. To set the interval between probes to the default value, use the no form of this command. traceroute probe-delay milliseconds no traceroute probe-delay milliseconds
Syntax Description
milliseconds
Configures the time interval, in milliseconds, between traceroute probes. The configurable range for this argument is a number from 0 to 65535.
Defaults
The following value is used when this command is not configured or the no form is entered: milliseconds: 1000
Command Modes
Command History
Release 12.3(14)T
Usage Guidelines
The traceroute probe-delay command is entered on a master controller. This command is used to set the delay interval between traceroute probes. Continuous and policy based traceroute reporting is configured with the set traceroute reporting oer-map configuration mode command. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode. On-demand traceroute probes are triggered by entering the show oer master prefix command with the current and now keywords.
Examples
The following example, starting in Global configuration mode, the delay interval between traceroute probes to 10000 milliseconds:
Router(config)# oer master Router(config-oer-mc)# traceroute probe-delay 10000
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an OER map to enable traceroute reporting. Displays the status of monitored prefixes.
141
unreachable
To set the maximum number of unreachable hosts, use the unreachable command in OER master controller configuration mode. To return the maximum number of unreachable hosts to the default value, use the no form of this command. unreachable relative average | threshold maximum no unreachable
Syntax Description
relative average
Sets a relative percentage of unreachable hosts based on a comparison of short-term and long-term percentages. The range of values that can be configured for this argument is a number from 1 to a 1000. Each increment represents one tenth of a percent. Sets the absolute maximum number of unreachable hosts based on flows per million. The range of values that can be configured for this argument is from 1 to 1000000 hosts.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative average: 50 (5 percent unreachable hosts)
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The unreachable command entered on a master controller. This command is used to specify the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm), that OER will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link. The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the percentage of hosts that are unreachable within a 5 minute time period. The long-term measurement reflects the percentage of unreachable hosts within a 60 minute period. The following formula is used to calculate this value: Relative percentage of unreachable hosts = ((short-term percentage - long-term percentage) / long-term percentage) * 100 The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if 10 hosts are unreachable during the long-term measurement and 12 hosts are unreachable during short-term measurement, the relative percentage of unreachable hosts is 20 percent.
142
The threshold keyword is used to configure the absolute maximum number of unreachable hosts. The maximum value is based on the actual number of hosts that are unreachable based on fpm.
Examples
The following example configures the master controller to search for a new exit link when the difference between long and short term measurements (relative percentage) is greater than 10 percent:
Router(config-oer-mc)# unreachable relative 100
The following example configures OER to search for a new exit link when 10,000 hosts are unreachable:
Router(config-oer-mc)# unreachable threshold 10000
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
143
interface (OER)
To configure a border router interface as an OER managed external or internal interface, use the interface command in OER managed border router configuration mode. To remove an interface from OER control, use the no form of this command. interface type number external | internal no interface type number external | internal
Syntax Description
Specifies the type of interface. Specifies the interface or subinterface number. Configures an interface as external. External interfaces are used for active monitoring and traffic forwarding. Entering the external keyword also enters OER Border Exit configuration mode. Configures an interface as internal. Internal interfaces are used for passive monitoring with NetFlow.
internal
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The interface command is entered on a master controller. This command is used to configure external and internal interfaces on border routers to be under OER control. External interfaces are configured as OER managed exit links to forward traffic. External interfaces are used by the master controller to actively monitor prefix and link performance. Internal interfaces are used for only passive performance monitoring with NetFlow. At least one external and one internal interface must be configured on each border router to allow NetFlow to monitor inbound and outbound traffic. At least two external interfaces are required in an OER managed network. You can configure a maximum of 20 external interfaces for a single master controller in an OER managed network. Configuring an interface as external enters OER Border Exit configuration mode. Under OER Border Exit configuration mode you can configure maximum link utilization on a per interface basis with the max-xmit-utilization command.
Note
Entering the interface command without the external or internal keyword, places the router in Global configuration mode and not OER Border Exit configuration mode. The no form of this command should be applied carefully so that active interfaces are not removed from the router configuration.
144
Examples
The following example configures one internal interface and two external interfaces on a border router:
Router(config-oer-mc)# border 10.4.9.6 Router(config-oer-mc-br)# interface FastEthernet0/1 internal Router(config-oer-mc-br)# interface FastEthernet0/0 external Router(config-oer-mc-br)# interface Serial 1/0 external
Related Commands
Description Enters OER managed border router configuration mode to establish communication with an OER border router. Identifies a local interface on an OER border router as the source for communication with an OER master controller. Configures maximum utilization on a single OER managed exit link. Enables an OER process and configures a router as an OER border router or as an OER master controller.
145
cost-minimization
To configure cost-based optimization policies on a master controller, use the cost-minimization command in OER border exit configuration mode. To disable a cost-based optimization policy, use the no form of this command. cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]} no cost-minimization {calc | discard | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname | sampling period | summer-time | tier percentage}
Syntax Description
calc combined separate sum discard daily absolute number percent percentage end day-of-month day offset hh:mm fixed fee cost nickname name sampling period minutes rollup minutes
Specifies how the fee is calculated. Specifies billing based on combined egress and ingress rollup samples. Specifies billing based on separate egress and ingress rollup samples. Specifies billing based on egress and ingress rollup samples that are added and then combined. Specifies how often rollup samples are discarded. (Optional) Specifies a daily rather than monthly rollup period. Specifies an absolute number of rollup samples to be discarded. The value that can be entered for the number argument is a number from 1 to 1440. Specifies a percentage of roll up samples to be discarded. The value that can be entered for the percentage argument is a number from 1 to 99. Specifies the end billing date. (Optional) Specifies an offset, allowing you to compensate for time zone differences. Specifies a non-usage based fixed fee. (Optional) Specifies the cost for the fixed fee. Specifies a nickname for the cost structure. Specifies the sampling period in minutes. The value that can be entered for the minutes argument is a number from 1 to 1440. (Optional) Specifies that samples are rolled up. The value that can be entered for the minutes argument is a number from 1 to 1440. The minimum number that can be entered must be equal to or greater than the number that is entered for the sampling period. Specifies the start and end of summer time. The start period is entered in the week, day, month, hh:mm format. The end period is entered in the week, day, month, hh:mm format. (Optional) Specifies an offset in minutes. The value that can be entered for the offset argument is a number from 1 to 1440. Specifies the top cost tier. Specifies the percentage of capacity for the top cost tier. Specifies the fee associated with the top cost tier.
146
Command Default
Command Modes
Command History
Release 12.3(14)T
Usage Guidelines
The cost-minimization command is configured on a master controller. Cost-based optimization allows you to configure link policies based on the ISP financial cost of each exit link in your network. This feature allows you to configure the master controller send traffic over exit links that provide the most cost-effectively bandwidth utilization, while still maintaining the desired performance characteristics.
Fixed Rate Billing
Fixed rateThis method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The financial cost of the exit link is entered with the fee keyword.
Tier-Based Billing
Tier-based with burstingThis method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The financial cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword.
Cost Optimization Algorithm
At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:
Initial Period
The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.
147
Middle Period
The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards. Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.
Last Period
The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.
Examples
The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.
Router(config)# oer master Router(config-oer-mc)# border 10.5.5.55 key-chain key Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br-if)# cost-minimization nickname ISP1 Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180 Router(config-oer-mc-br-if)# cost-minimization calc separate Router(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60 Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000 Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900 Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800 Router(config-oer-mc-br-if)# exit
Related Commands
Command debug oer master cost-minimization oer show oer master cost-minimization
Description Displays debugging information for cost-based optimization policies. Enables an OER process and configures a router as an OER border router or as an OER master controller. Displays the status of cost-based optimization policies.
148
max-xmit-utilization
To configure the maximum utilization on a single OER managed exit link, use the max-xmit-utilization command in OER Border Exit configuration mode. To set maximum utilization to the default value, use the no form of this command. max-xmit-utilization {absolute kbps | percentage value} no max-xmit-utilization
Syntax Description
absolute kbps
Specifies the absolute maximum exit link utilization in kilobytes per second (kbps). The configurable range for this argument is a number from 1 to 1000000000 kbps. Specifies the percentage of exit link utilization. The configurable range for this argument is from 1 to 100 percent of link utilization.
percentage value
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: percentage value: 75 (75 percent link utilization)
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The max-xmit-utilization command is entered on a master controller and allows you to configure the maximum percentage of outbound traffic that can be transmitted over an OER managed exit interface. This command is configured on a per exit link basis and cannot be configured on OER internal interfaces; internal interfaces are not used to forward traffic.
Examples
The following example sets the maximum exit link utilization to 1000000 kbps on FastEthernet interface 0/0:
Router(config-oer-mc-br)# interface FastEthernet0/0 external Router(config-oer-mc-br-if)# max-xmit-utilization absolute 1000000
The following example sets the maximum percentage of exit utilization to 80 percent on Serial interface 1/0:
Router(config-oer-mc-br)# interface Serial 1/0 external Router(config-oer-mc-br-if)# max-xmit-utilization percentage
149
Related Commands
Description Configures a border router interface as an OER managed external or internal interface. Sets the maximum utilization range for all OER managed exit links. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets policy priority or resolves policy conflicts.
150
aggregation-type
To configure an OER master controller to aggregate learned prefixes based on traffic flow type, use the aggregation-type command in OER Top Talker and Top Delay learning configuration mode. To set learned prefix aggregation to the default type, use the no form of this command. aggregation-type bgp | non-bgp | prefix-length prefix-mask no aggregation-type
Syntax Description
bgp non-bgp
Configures learned prefix aggregation based on the BGP routing table. Configures learned prefix aggregation based on any other protocol. Prefixes specified with this keyword can be learned only if they are not in the BGP routing table. Configures aggregation based on the specified prefix length. The range of values that can be configured for this argument is a prefix mask from 1 to 32.
prefix-length prefix-mask
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: prefix-length prefix-mask: 24
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The aggregation-type command is entered on a master controller. This command is used to configure OER to aggregate learned prefixes based on the traffic flow type. BGP prefixes or non-BGP prefixes can be aggregated, and traffic flows can be aggregated based on prefix length. Entering the bgp keyword configures learned prefix aggregation based on prefix entries in the BGP routing table. This keyword is used if internal BGP (iBGP) peering is enabled in the OER managed network. Entering the non-bgp keyword configures learned prefix aggregation based on any other routing protocol. Prefix entries that are present in the BGP routing table are ignored when this keyword is entered.
Examples
151
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Enables an OER process and configures a router as an OER border router or as an OER master controller.
152
delay
To configure prefix delay parameters, use the delay command in OER master controller mode or OER Top Talker and Top Delay learning configuration mode. To disable prefix learning based on lowest delay, use the no form of this command. delay relative percentage | threshold maximum no delay
Syntax Description
relative percentage
Sets a relative delay policy based on a comparison of short-term and long-term delay percentages. The range of values that can be configured for this argument is a number from 1 to 1000. Each increment represents one tenth of a percent. Sets the absolute maximum delay time. The range of values that can be configured for this argument is from 1 to 10000 milliseconds.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative percentage: 500 (50 percent)
OER Top Talker and Top Delay learning mode
Command Modes
OER master controller OER Top Talker and Top Delay learning
Command History
Release 12.3(8)T
Usage Guidelines
The delay command is entered on an OER master controller in OER master controller configuration mode or OER Top Talker and Top Delay learning configuration mode.
Configuring in OER master controller mode
The delay command entered in OER master controller configuration mode to set the delay threshold as a relative percentage or as an absolute value. If the configured delay threshold is exceeded, then the prefix is out-of-policy. The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the delay percentage within a 5 minute time period. The long-term measurement reflects the delay percentage within a 60 minute period. The following formula is used to calculate this value:
153
Relative delay measurement = ((short-term measurement- long-term measurement) / long-term measurement) * 100 The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the delay percentage is determined to be out-of-policy. For example, if the long-term delay measurement 100 milliseconds and the short-term delay measurement is 120 milliseconds, the relative delay percentage is 20 percent. The threshold keyword is used to configure the absolute maximum delay period in milliseconds.
Configuring in OER Top Talker and Top Delay learning mode
The delay command entered in OER Top Talker and Top Delay learning configuration mode to enable prefix learning based on the lowest delay time. Under OER Top Talker and Top Delay learning configuration mode the master controller creates a list of Top Delay prefixes based on the lowest delay time. This command is used to configure an OER master controller to learn prefixes based on the lowest delay time. OER measures the delay for optimized prefixes (OPs) when this command is enabled. The master controller uses the list of Top Delay prefixes to select the best exit when the periodic timer expires or when a prefix goes out-of-policy.
Examples
The following example configures a master controller to learn top prefixes based on the lowest delay:
Router(config-oer-mc)# learn Router(config-oer-mc-learn)# delay
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets policy priority or resolves policy conflicts. Configures an oer-map to configure OER to learn prefixes based on the lowest delay.
154
monitor-period
To set the time period that an OER master controller learns traffic flows, use the monitor-period command in OER Top Talker and Top Delay learning configuration mode. To return the monitoring period to the default time period, use the no form of this command. monitor-period minutes no monitor-period
Syntax Description
minutes
Sets the prefix learning period in minutes. The range that can be configured for this argument is from 1 to 1440 minutes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: minutes: 5 (5 minutes)
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The monitor-period command is configured on a master controller. This command is used to adjust the length of time that a master controller learns traffic flows on border routers. The length of time between monitoring periods is configured with the periodic-interval command. The number of prefixes that are learned is configured with the prefixes command.
Examples
The following example sets the OER monitoring period to 10 minutes on a master controller:
Router(config-oer-mc-learn)# monitor-period 10
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets the time interval between prefix learning periods. Sets the number of prefixes that OER will learn during a monitoring period.
155
periodic-interval
To set the time interval between prefix learning periods, use the periodic-interval command in OER Top Talker and Top Delay learning configuration mode. To set the time interval between prefix learning periods to the default value, use the no form of this command. periodic-interval minutes no periodic-interval
Syntax Description
minutes
Sets the time interval between prefix learning periods in minutes. The range that can be configured for this argument is from 1 to 1440 minutes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: minutes: 120
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The periodic-interval command is configured on a master controller. This command is used to adjust the length of time between traffic flow monitoring periods. The length of time of the learning period is configured with the monitor-period command. The number of prefixes that are monitored is configured with the prefixes command.
Examples
The following example sets the length of time between OER monitoring periods to 20 minutes on a master controller:
Router(config-oer-mc-learn)# periodic-interval 20
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Sets the time period that an OER master controller learns traffic flows. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets the number of prefixes that OER will learn during a monitoring period.
156
prefixes
To set the number of prefixes that OER will learn during a monitoring period, use the prefixes command in OER Top Talker and Top Delay learning configuration mode. To return the number of prefixes to the default value, use the no form of this command. prefixes number no prefixes
Syntax Description
number
Sets the number of prefixes that a master controller will learn during a monitoring period. The range of this argument is from 1 to 2500 prefixes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: number: 100
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The prefixes command is configured on a master controller. This command is used to set the number of prefixes that a master controller will learn during a monitoring period. The length of time of the learning period is configured with the monitor-period command. The length of time between monitoring periods is configured with the periodic-interval command.
Examples
The following example configures a master controller to learn 200 prefixes during a monitoring period:
Router(config-oer-mc-learn)# prefixes 200
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Sets the time period that an OER master controller learns traffic flows. Enables an OER process and configures a router as an OER border router or as an OER master controller. Sets the time interval between prefix learning periods.
157
protocol (OER)
To configure an OER master controller to learn prefixes based on a protocol number or a range of port numbers, use the protocol command in OER Top Talker and Top Delay learning configuration mode. To disable port-based prefix learning, use the no form of this command. protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src] no protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
Syntax Description
Configures prefix learning based on a specific protocol number. The configurable range for this argument is a number from 1 to 65535. Configures prefix learning based on the TCP protocol. Configures prefix learning based on the UDP protocol. Specifies the port number for prefix learning based on protocol. The configurable range for port-number argument is a number from 1 to 255. Specifies all port numbers greater than the number specified with the port-number argument. Specifies all port numbers less than the number specified with the port-number argument. Specifies a range of port numbers. The first number in the range is specified with the lower-number argument. The last number in the range is specified with the upper-number argument. The configurable range for this argument is a number from 1 to 65535. The configurable range for this argument is a number from 1 to 65535. Configures prefix learning based on the destination port number. Configures prefix learning based on the source port number.
Defaults
Command Modes
Command History
Release 12.3(11)T
Usage Guidelines
The protocol command is configured on a master controller. This command is used to configure prefix learning based on the specified protocol. This command provides a very granular level of control over prefix learning. Configuring this command allows you to configure the master controller to learn prefixes
158
based on the specified protocol and the specified port number. allowing you to include or exclude traffic based on the port number. allowing you to specific target an application based on the source or destination port number. Port-based prefix learning allows you to include or exclude traffic streams for a specific protocol or the TCP or UDP port and port range. Traffic can be optimized for a specific application or protocol, or exclude uninteresting traffic, allowing you to focus system resources, thus saving CPU cycles and reducing the amount of memory that is required to monitor prefixes. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, a range of port numbers can be specified. For a list of IANA assigned port numbers, refer to the following document:
http://www.iana.org/assignments/port-numbers http://www.iana.org/assignments/protocol-numbers
For a list of IANA assigned protocol numbers, refer to the following document:
Examples
The following example configures a master controller to learn EIGRP prefixes during the monitoring period:
Router(config-oer-mc-learn)# protocol 88
Related Commands
Command learn
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn.
159
throughput
To configure OER to learn the top prefixes based on the highest outbound throughput, use the throughput command in OER Top Talker and Top Delay learning configuration mode. To disable learning based on outbound throughput, use the no form of this command. throughput no throughput
Syntax Description
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The throughput command is entered on a master controller. The master controller creates a list of Top Talker prefixes based on the highest outbound throughput. This command is used to configure a master controller to learn prefixes based on the highest outbound packet throughput. When this command is enabled, OER will learn the top prefixes across all border routers according to the highest outbound throughput. The master controller uses the list of Top Talker prefixes to select the exit with the highest throughput when the periodic rotation expires or when a prefix goes out-of-policy.
Examples
The following example configures a master controller to learn the top prefixes based on highest outbound throughput:
Router(config-oer-mc-learn)# throughput
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn. Enables an OER process and configures a router as an OER border router or as an OER master controller.
160
Syntax Description
type number
Command Default
The source IP address is used from the default OER external interface that transmits the active probe.
Command Modes
Command History
Release 12.4(2)T
Usage Guidelines
The active-probe address source command allows you to specify the source interface, from which active probes are transmitted. When this command is configured, the primary IP address of the specified interface is used as the active probe source. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface. If the interface is not configured with an IP address, the active probe will not be generated. If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address. If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and is not restarted until a valid primary IP address is configured.
Note
For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
Examples
The following example configures the FastEthernet 0/0 interface as the active probe source:
Router(config)# oer border Router(config-oer-border)# active-probe address source FastEthernet 0/0
161
Related Commands
Description Configures an active probe for a target prefix. Enables an OER process and configures a router as an OER border router or as an OER master controller.
162
local (OER)
To identify a local interface on an OER border router as the source for communication with an OER master controller, use the local command in OER border router configuration mode. To remove the interface from the OER border router configuration and disable border router to master controller communication, use the no form of this command. local type number no local type number
Syntax Description
type number
Defaults
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The local command is configured on an OER border router. This command is used to specify the source interface IP address that will be used for communication between a border router and master controller. The IP address that is configured for the local interface must also be configured on the master controller with the border OER master controller configuration command and the interface (OER) OER managed border router configuration command. The no form of this command cannot be entered while the border router process is active. The border router process must first be stopped with the shutdown (OER) command. If you stop the border router process to deconfigure the local interface with the no form of this command, you must configure another local interface before the border router process will reestablish communication with the master controller.
Examples
The following example configures the FastEthernet 0/0 interface as a local interface:
Router(config)# oer border Router(config-oer-br)# local FastEthernet0/0
163
Related Commands
Description Enters OER managed border router configuration mode to establish communication with an OER border router. Configures a border router interface as an OER managed external or internal interface. Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures a dynamic port for communication between an OER master controller and border router.
164
master
To establish communication with a master controller, use the master command in OER border router configuration mode. To disable communication with the specified master controller, use the no form of this command. master ip-address key-chain key-name no master ip-address key-chain key-name
Syntax Description
Specifies the IP address of the master controller. Specifies the key-chain to authenticate with the master controller.
Defaults
OER observe mode passive monitoring is enabled when communication is established between a master controller and border router.
Command Modes
Command History
Release 12.3(8)T
Usage Guidelines
The master command is entered on a border router. This command is used to establish communication between an OER border router and master controller. Communication is established between the border router process and the master controller process to allow the master controller to monitor and control OER exit links. OER communication must also be established on the master controller with the border OER master controller configuration command. At least one border router must be configured to enable OER. A maximum of ten border routers can be configured to communicate with a single master controller. The IP address that is used to specify the border router must be assigned to a local interface on the border router and must be reachable by the master controller. Communication between the master controller and the border router is protected by key-chain authentication. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the Managing Authentication Keys section of the Cisco IOS IP Configuration Guide, Release 12.3. When the border command is entered, the router enters OER managed border router configuration mode. Local interfaces must be defined as internal or external with the interface (OER) OER managed border router configuration command. A single OER master controller can support up to 20 interfaces.
165
Examples
The following example defines a key-chain named MASTER in Global configuration mode and then configures a master controller to communicate with the 10.4.9.6 border router. The master controller authenticates the border router based on the defined key CISCO.
Router(config)# key chain MASTER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer master Router(config-oer-mc)# port 49152 Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.4.9.6 key-chain MASTER Router(config-oer-mc-br)# interface FastEthernet0/0 external Router(config-oer-mc-br)# interface FastEthernet0/1 internal Router(config-oer-mc-br)# exit
Related Commands
Description Enters OER managed border router configuration mode to establish communication with an OER border router. Enables an OER process and configures a router as an OER border router or as an OER master controller.
166
port (OER)
To optionally configure a dynamic port number for communication between an OER master controller and border router, use the port command in OER master controller or OER border router configuration mode. To close the port and disable communication, use the no form of this command. port [port-number] no port
Syntax Description
port-number
(Optional) Specifies the port number. The configurable range for this argument is a number from 1 to 65535.
Defaults
Port 3949 is used for OER communication unless a dynamic port number is configured on both the master controller and the border router. Port configuration is not shown in the running-config file when port 3949 is used.
Command Modes
Command History
Modification This command was introduced. Port 3949 was registered with IANA for OER communication. Manual port configuration is not required as of Cisco IOS Release 12.3(11)T.
Usage Guidelines
Communication between a master controller and border router is automatically carried over port 3949 when connectivity is established. Port 3949 is registered with IANA for OER communication. Manual port number configuration is only required if you are running Cisco IOS Release 12.3(8)T or if you need to configure OER communication to use a dynamic port number. The port command is entered on a master controller or a border router. This command is used to specify a dynamic port number to be used for border router and the master controller communication. The same port number must be configured on both the master controller and border router. Closing the port by entering the no form of this command disables communication between the master controller and the border router.
Examples
The following example opens port 49152 for master controller communication with a border router:
Router(config-oer-mc)# port 49152
The following example opens port 49152 for border router communication with a master controller:
Router(config-oer-br)# port 49152
167
The following example closes the default or user-defined port and disables communication between a master controller and border router:
Router(config-oer-mc)# no port
Related Commands
Description Enters OER managed border router configuration mode to establish communication with an OER border router. Enables an OER process and configures a router as an OER border router or as an OER master controller. Identifies a local interface on an OER border router as the source for communication with an OER master controller.
168
oer-map
To enter oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes, use the oer-map command in Global configuration mode. To delete the oer-map, use the no form of this command. oer-map map-name sequence-number no oer-map map-name
Syntax Description
map-name sequence-number
Specifies the name or tag for the oer-map. (Optional) Specifies the sequence number for the oer-map entry. The configurable range for this argument is from 1 to 65535.
Defaults
Command Modes
Global configuration
Command History
Release 12.3(8)T
Usage Guidelines
The oer-map command is configured on a master controller. The operation of an oer-map is similar to the operation of a route-map. An oer-map is designed to select IP prefixes or to select OER learn policies using a match clause and then to apply OER policy configurations using a set clause. The oer-map is configured with a sequence number like a route-map, and the oer-map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route-map at this point. There are two important distinctions:
Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single oer-map sequence. An oer-map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the oer-map with the match ip address (OER) command.
Tips
Deny prefixes should be combined in a single prefix list and applied to the oer-map with the lowest sequence number. An oer-map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for prefixes learned based on delay or based on throughput.
169
The oer-map applies the configuration of the set clause after a successful match occurs. An oer set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts. See the Related Commands section of this command reference page for a complete list of OER set clauses. Policies that are applied by an oer-map do not override global policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. Policies are overridden on a per-prefix list basis. If a policy type is not explicitly configured in an oer-map, the default or configured values will apply. Policies applied by an oer-map take effect after the current policy or operational timer expires. The oer-map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command.
Examples
The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This oer-map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map SELECT_EXIT 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode select-exit good Router(config-oer-map)# set resolve utilization priority 1 variance 10
The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:
Router(config)# oer-map THROUGHPUT 20 Router(config-oer-map)# match oer learn throughput Router(config-oer-map)# set loss relative 10
Related Commands
Description Creates an entry in a prefix list. Enables the generation of sequence numbers for entries in a prefix list.
match ip address (OER) Creates a prefix list match clause entry in an oer-map to apply OER policy settings. match oer learn oer set backoff set delay set holddown Creates a match clause entry in an oer-map to match OER learned prefixes. Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an oer-map to set the backoff timer to adjust the time period for prefix policy decisions. Configures an oer-map to configure OER to learn prefixes based on the lowest delay. Configures an oer-map to set the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
170
Command set loss set mode set periodic set resolve set unreachable show oer master policy
Description Configures an oer-map to set the relative or maximum packet loss limit that OER will permit for an exit link. Configures an oer-map to configure route monitoring, route control, or exit selection for matched traffic. Configures an oer-map to set the time period for the periodic timer. Configures an oer-map to set policy priority and resolve policy conflicts. Configures an oer-map to set the maximum number of unreachable hosts Displays configured and default policy settings on an OER master controller.
171
Syntax Description
name
Defaults
Command Modes
oer-map
Command History
Release 12.3(8)T
Usage Guidelines
The match ip address (OER) command is entered on a master controller in oer-map configuration mode. This command is used to configure a prefix list as a match criteria in an oer-map. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix list is created with the ip prefix-list command. Only one match clause can be configured for each oer-map sequence.
Examples
The following example creates a prefix list named CUSTOMER. The prefix list specifies the 10.4.9.0/24 subnet. The match ip address (OER) command configures the prefix list as match criteria for the oer-map:
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map SELECT_EXIT 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode select-exit good
Related Commands
Description Creates an entry in a prefix list. Adds a text description. Enables the generation of sequence numbers for entries in a prefix list.
172
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
173
Syntax Description
delay throughput
Specifies prefixes learned based on highest delay. Specifies prefixes learned based on highest throughput.
Defaults
Command Modes
oer-map
Command History
Release 12.3(8)T
Usage Guidelines
The match oer learn command is entered on a master controller in oer-map configuration mode. OER can be configured to learn prefixes based on delay or based on throughput. This command is used to configure OER learned prefixes as match criteria in an oer-map. Only one match clause can be configured for each oer-map sequence.
Examples
The following example creates an oer-map named DELAY that matches traffic learned based on delay. The set clause applies a route control policy that configures OER to actively control this traffic:
Router(config)# oer-map DELAY 20 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set mode route control
Related Commands
Description Enters OER Top Talker and Top Delay learning configuration mode to configure OER to learn prefixes. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
174
set backoff
To configure an oer-map to set the backoff timer to adjust the time period for prefix policy decisions, use the set backoff command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set backoff min-timer max-timer [step-timer] no set backoff
Syntax Description
min-timer
Sets the minimum value for the back-off timer. The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 300 seconds. Sets the maximum value for the back-off timer. The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 3000 seconds. (Optional) Sets the time period value for the step timer. The step timer is used to add time to the out-of-policy waiting period each time the back-off timer expires and OER is unable to find an in-policy exit.The configurable time period for this argument is from 180 to 7200 seconds. The default timer value is 300 seconds.
max-timer
step-timer
Defaults
OER uses the following default values if this command is not configured or if the no form of this command is entered: min-timer: 300 seconds max-timer: 3000 seconds step-timer: 300 seconds
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set backoff command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the transition period that the master controller holds an out-of-policy prefix. The master controller uses a backoff timer to schedule the prefix transition period in which OER holds the out-of-policy prefix before moving the prefix to an in-policy state by selecting an in-policy exit. This command is configured with a minimum and maximum timer value and can be configured with an optional step timer. Minimum TimerThe min-timer argument is used to set the minimum transition period in seconds. If the current prefix is in-policy when this timer expires, no change is made and the minimum timer is reset to the default or configured value. If the current prefix is out-of-policy, OER will move the prefix to an in-policy and reset the minimum timer to the default or configured value.
175
Maximum TimerThe max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. If all OER controlled prefixes are in an out-of-policy state and the value from the max-timer argument expires, OER will select the best available exit and reset the minimum timer to the default or configured value. Step TimerThe step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached. If the maximum timer expires and all OER managed exits are out-of-policy, OER will install the best available exit and reset the minimum timer. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example creates an oer-map named BACKOFF that sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map BACKOFF 70 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set backoff 400 4000 400
Related Commands
Description Sets the backoff timer to adjust the time period for prefix policy decisions. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
176
set delay
To configure an oer-map to configure OER to set the delay threshold, use the set delay command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set delay {relative percentage | threshold maximum} no set delay
Syntax Description
relative percentage
Sets a relative delay policy based on a comparison of short-term and long-term delay percentages. The range of values that can be configured for this argument is a number from 1 to 1000. Each increment represents one tenth of a percent. Sets the absolute maximum delay time. The range of values that can be configured for this argument is from 1 to 10000 milliseconds.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative percentage: 500 (50 percent)
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set delay command is entered on a master controller in oer-map configuration mode. This command is configured in an oer-map to set the delay threshold as a relative percentage or as an absolute value for match criteria. The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the delay percentage within a 5 minute time period. The long-term measurement reflects the delay percentage within a 60 minute period. The following formula is used to calculate this value: Relative delay measurement = ((short-term measurement- long-term measurement) / long-term measurement) * 100 The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the delay percentage is determined to be out-of-policy. For example, if long-term delay measurement 100 milliseconds and short-term delay measurement is 120 milliseconds, the relative delay percentage is 20 percent. The threshold keyword is used to configure the absolute maximum delay period in milliseconds. In case of threshold, if the measured delay of the prefix is higher than the configured delay threshold then the prefix is out-of-policy. In case of percentage, if the short term delay of the prefix is more than long term delay by the percentage value configured then the prefix is out-of-policy.
177
Examples
The following example creates an oer-map named DELAY that sets the absolute maximum delay threshold to 2000 milliseconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map DELAY 80 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set delay threshold 2000
Related Commands
Description Configures configure prefix delay parameters. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
178
set holddown
To configure an oer-map to set the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use the set holddown command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set holddown timer no set holddown
Syntax Description
timer
Sets the prefix route dampening time period. The range for this argument is from 300 to 65535 seconds. The default value is 300 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300 seconds
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set holddown command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the prefix route dampening timer for match criteria. This command is used to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes. OER does not implement policy changes while a prefix is in the holddown state. A prefix will remain in a holddown state for the default or configured time period. When the holddown timer expires, OER will select the best exit based on performance and policy configuration. However, an immediate route change will be triggered if the current exit for a prefix becomes unreachable. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Examples
The following example creates an oer-map named HOLDDOWN that sets the holddown timer to 400 seconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map HOLDDOWN 90 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set holddown 400
179
Related Commands
Description Configures the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
180
set loss
To configure an oer-map to set the relative or maximum packet loss limit that OER will permit for an exit link, use the set loss command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set loss {relative average | threshold maximum} no set loss
Syntax Description
relative average
Sets a relative percentage of packet loss based on a comparison of short-term and long-term packet loss percentages. The range of values that can be configured for this argument is a number from 1 to 1000. Each increment represents one tenth of a percent. Sets absolute packet loss based on packets per million. The range of values that can be configured for this argument is from 1 to 1000000 packets.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative average: 100 (10 percent packet loss)
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set loss command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link. The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss. The short-term measurement reflects the percentage of packet loss within a 5 minute time period. The long-term measurement reflects the percentage of packet loss within a 60 minute period. The following formula is used to calculate this value: Relative packet loss = ((short-term loss - long-term loss) / long-term loss) * 100 The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if long-term packet loss is 200 packets per million (PPM) and short-term packet loss is 300 PPM, the relative loss percentage is 50 percent.
181
The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.
Examples
The following example creates an oer-map named LOSS that sets the relative percentage of acceptable packet loss for traffic from the prefix list named CUSTOMER to a 20 percent relative percentage. If the packet loss on the current exit link exceeds 20 percent, the master controller will search for a new exit.
Router(config)# oer-map LOSS 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set loss relative 200
Related Commands
Description Sets the relative or maximum packet loss limit that OER will permit for an exit link. Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
182
set mode
To configure an oer-map to configure route monitoring, route control, or exit selection for matched traffic, use the set mode command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set mode {monitor {active | both | passive} | route {control | observe}| select-exit {best | good}} no set mode {monitor | route {control | observe}| select-exit}
Syntax Description
monitor active both passive route control observe select-exit best good
Enables the configuration of OER monitoring settings. Enables active monitoring. Enables both active and passive monitoring. Enables passive monitoring. Enables the configuration of OER route control policy settings. Enables automatic route control. Configures OER to passively monitor and report without making any changes. Enables the exit selection based on performance or policy Configures OER to select the best available exit based on performance or policy. Configures OER to select the first exit that is in-policy.
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered: monitor both (Both active and passive monitoring is enabled.) route observe (Observe mode route control is enabled.)
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set mode command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to enable and configure control mode and observe mode settings, passive monitoring and active monitoring, and exit link selection for traffic that is configured as match criteria.
183
Examples
The following example creates an oer-map named OBSERVE that configures OER to observe and report but not control traffic from the prefix list named CUSTOMER:
Router(config)# oer-map OBSERVE 80 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode route observe
Related Commands
Description Configures route monitoring or route control on an OER master controller Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
184
set periodic
To configure an oer-map to set the time period for the periodic timer, use the set periodic command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set periodic timer no set periodic
Syntax Description
timer
Sets the length of time for the periodic timer. The value for the timer argument is from 180 to 7200 seconds.
Defaults
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set periodic command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to configure OER to periodically select the best exit based on the periodic timer value for traffic that is configured as match criteria in an oer-map. When this timer expires, OER will automatically select the best exit, regardless if the current exit is in or out-of-policy. The periodic timer is reset when the new exit is selected.
Examples
The following example creates an oer-map named PERIODIC that sets the periodic timer to 300 seconds for traffic from the prefix list named CUSTOMER. When the timer expires OER will select the best exit.
Router(config)# oer-map PERIODIC 80 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set periodic 300
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes. Configures OER to periodically select the best exit.
185
set resolve
To configure an oer-map to set policy priority for overlapping policies, use the set resolve command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set resolve{cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage} no set resolve {cost | delay | loss | range | utilization}
Syntax Description
Specifies policy priority settings for cost optimization. Specifies policy priority settings for packet delay. Specifies policy priority settings for packet loss. Specifies policy priority settings for range. Specifies policy priority settings for exit link utilization. Sets the priority of the policy. The configurable range for this argument is from 1 to 10. Setting the number 1 has the highest priority, and setting the number 10 has the lowest priority. Sets the allowable variance for the policy. The configurable range of this argument is from 1 to 100 percent.
variance percentage
Defaults
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set resolve command is entered on a master controller in oer-map configuration mode. This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision. The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to the policy. Setting the number 10 sets the lowest priority. Each policy must be assigned a different priority number. If you try to assign the same priority number to 2 different policy types, an error message will be printed in the console. The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that delay values from 80 to 89 percent will be considered equal.
186
Note
Examples
The following example creates an oer-map named RESOLVE that sets the priority for delay policies to 1 for traffic learned based on highest outbound throughput. The variance is set to allow a 10 percent difference in delay statistics be for a prefix is determined to be out-of-policy.
Router(config)# oer-map RESOLVE 10 Router(config-oer-map)# match oer learn throughput Router(config-oer-map)# set resolve delay priority 1 variance 10
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes. Sets policy priority or resolves policy conflicts.
187
Syntax Description
(Optional) Configures policy-based traceroute reporting. (Optional) Configures traceroute reporting based on delay policies. (Optional) Configures traceroute reporting based on packet loss policies. (Optional) Configures traceroute reporting based on reachability policies.
Defaults
Command Modes
oer-map configuration
Command History
Release 12.3(14)T
Usage Guidelines
The set traceroute reporting command is entered on a master controller in oer-map configuration mode. This command is used to enable continuos and policy-based trace route probing. Trace route probing allows you to monitor prefix performance on a hop-by-hop basis. Delay, loss, and reachability measurements are gathered for each hop from the probe source to the target prefix. The following types of traceroute reporting are configured with this command: ContinuousA traceroute probe is triggered for each new probe cycle. Entering this command without any keywords enables continuous reporting. The probe is sourced from the current exit of the prefix. Policy basedA traceroute probe is triggered automatically when a prefix goes into an out-of-policy state. Entering this command with the policy keyword enables policy based traceroute reporting. Policy based traceroute probes are configured individually for delay, loss, and reachability policies. The monitored prefix is sourced from a match clause in an oer-map. Policy based traceroute reporting stops when the prefix returns to an in-policy state. The show oer master prefix command is used to display traceroute probe results. An on-demand traceroute probe can be initiated when entering the show oer master prefix command with the current and now keywords. The set traceroute reporting command does not need to be configured to initiate an on-demand traceroute probe.
188
Examples
The following example, starting in Global configuration mode, enables continuous traceroute probing for prefixes that are learned based on delay:
Router(config)# oer-map TRACE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set traceroute reporting
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes. Sets the time interval between traceroute probe cycles. Displays the status of monitored prefixes.
189
set unreachable
To configure an oer-map to set the maximum number of unreachable hosts, use the set unreachable command in oer-map configuration mode. To delete the set clause entry, use the no form of this command. set unreachable {relative average | threshold maximum} no set unreachable
Syntax Description
relative average
Sets a relative percentage of unreachable hosts based on a comparison of short-term and long-term percentages. The range of values that can be configured for this argument is a number from 1 to a 1000. Each increment represents one tenth of a percent. Sets the absolute maximum number of unreachable hosts based on flows per million. The range of values that can be configured for this argument is from 1 to 1000000 hosts.
threshold maximum
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered: relative average: 50 (5 percent unreachable hosts)
Command Modes
oer-map configuration
Command History
Release 12.3(8)T
Usage Guidelines
The set unreachable command is entered on a master controller in oer-map configuration mode. This command is used to set the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm), that a master controller will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or default value, the master controller determines that the exit link is out-of-policy and searches for an alternate exit link. The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the percentage of hosts that are unreachable within a 5 minute time period. The long-term measurement reflects the percentage of unreachable hosts within a 60 minute period. The following formula is used to calculate this value: Relative percentage of unreachable hosts = ((short-term percentage - long-term percentage) / long-term percentage) * 100
190
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if 10 hosts are unreachable during the long-term measurement and 12 hosts are unreachable during short-term measurement, the relative percentage of unreachable hosts is 20 percent. The threshold keyword is used to configure the absolute maximum number of unreachable hosts. The maximum value is based on the actual number of hosts that are unreachable based on fpm.
Examples
The following example creates an oer-map named UNREACHABLE that configures the master controller to search for a new exit link when the difference between long and short term measurements (relative percentage) is greater than 10 percent for traffic learned based on highest delay:
Router(config)# oer-map UNREACHABLE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set unreachable relative 100
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
191
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The clear oer border * command is entered on a border router. The border router and master controller will automatically reestablish communication after this command is entered.
Examples
The following example resets a connection between a border router and a master controller:
Router(config)# clear oer border *
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
192
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The clear oer master * command is entered on a master controller. The master controller will restart all configured and default processes and reestablish communication with active border routers after this command is entered.
Examples
The following example resets the master controller process and all active border router connections:
Router(config)# clear oer master *
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
193
Cisco IOS Optimized Edge Routing Configuration clear oer master border
Syntax Description
* ip-address
Specifies all active border router connections. Specifies a single border router connection.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
Examples
The following example resets all border router connections to the master controller:
Router(config)# clear oer master border *
The following example resets a single border router connection to the master controller:
Router(config)# clear oer master border 10.4.9.6
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
194
Cisco IOS Optimized Edge Routing Configuration clear oer master prefix
Syntax Description
* prefix learned
Clears all prefixes. Clears a single prefix or prefix range. The prefix address and mask are entered with this argument. Clears all learned prefixes.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
Examples
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
195
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer border command is entered on a border router. This command is used to display debugging information about the OER border process, controlled routes and monitored prefixes.
Examples
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
196
Cisco IOS Optimized Edge Routing Configuration debug oer border active-probe
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer border active-probe command is entered on a master controller. This command is used to display the status and results of active probes that are configured on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border active-probe *May 4 23:47:45.633: OER BR ACTIVE PROBE: Attempting to retrieve Probe Statistics. probeType = echo, probeTarget = 10.1.5.1, probeTargetPort = 0 probeSource = Default, probeSourcePort = 0, probeNextHop = Default probeIfIndex = 13 *May 4 23:47:45.633: OER BR ACTIVE PROBE: Completed retrieving Probe Statistics. probeType = echo, probeTarget = 10.1.5.1, probeTargetPort = 0 probeSource = Default, probeSourcePort = 0, probeNextHop = 10.30.30.2 probeIfIndex = 13, SAA index = 15 *May 4 23:47:45.633: OER BR ACTIVE PROBE: Completions 11, Sum of rtt 172, Max rtt 36, Min rtt 12 *May 4 23:47:45.693: OER BR ACTIVE PROBE: Attempting to retrieve Probe Statistics. probeType = echo, probeTarget = 10.1.4.1, probeTargetPort = 0 probeSource = Default, probeSourcePort = 0, probeNextHop = Default probeIfIndex = 13 *May 4 23:47:45.693: OER BR ACTIVE PROBE: Completed retrieving Probe Statistics. probeType = echo, probeTarget = 10.1.4.1, probeTargetPort = 0 probeSource = Default, probeSourcePort = 0, probeNextHop = 10.30.30.2 probeIfIndex = 13, SAA index = 14
197
Cisco IOS Optimized Edge Routing Configuration debug oer border active-probe
Field OER BR ACTIVE PROBE: Statistics probeType probeTarget probeTargetPort probeSource probeSourcePort probeNextHop probeIfIndex SAA index
Description Indicates debugging information for OER active probes on a border router. The heading for OER active probe statistics. The active probe type. The active probe types that can be displayed are ICMP, TCP, and UDP. The target IP address of the active probe. The target port of the active probe. The source IP address of the active probe. Default is displayed for a locally generated active probe. The source port of the active probe. The next hop for the active probe. The active probe source interface index. The IP SLAs collection index number.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
198
Cisco IOS Optimized Edge Routing Configuration debug oer border learn
Syntax Description
top number
(Optional) Displays debugging information about the top delay or top throughput prefixes. The number of top delay or throughput prefixes can be specified. The range of prefixes that can be specified is a number from 1 to 65535.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer border learn command is entered on a border router. This command is used to display debugging information about prefixes learned on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border learn *May 4 22:51:31.971: OER BR LEARN: Reporting prefix 1: 10.1.5.0, throughput 201 *May 4 22:51:31.971: OER BR LEARN: Reporting 1 throughput learned prefixes *May 4 22:51:31.971: OER BR LEARN: State change, new STOPPED, old STARTED, reaon Stop Learn
Description Indicates debugging information for the OER border router learning process.
199
Cisco IOS Optimized Edge Routing Configuration debug oer border learn
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
200
Cisco IOS Optimized Edge Routing Configuration debug oer border routes
Syntax Description
bgp static
Displays debugging information for only BGP routes. Displays debugging information for only static routes.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer border routes command is entered on a border router. This command is used to display the debugging information about OER controlled or monitored routes on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border routes *May *May *May *May 4 4 4 4 22:35:53.239: 22:35:53.239: 22:35:53.239: 22:35:53.239: OER OER OER OER BGP: BGP: BGP: BGP: Control exact prefix 10.1.5.0/24 Walking the BGP table for 10.1.5.0/24 Path for 10.1.5.0/24 is now under OER control Setting prefix 10.1.5.0/24 as OER net#
Description Indicates debugging information for OER controlled BGP routes. Indicates debugging information for OER controlled Static routes. (Not displayed in the example output.)
201
Cisco IOS Optimized Edge Routing Configuration debug oer border routes
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
202
Cisco IOS Optimized Edge Routing Configuration debug oer border traceroute reporting
Syntax Description
detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(14)T
Usage Guidelines
The debug oer border traceroute reporting command is entered on a border router. This command is used to display the debugging information about traceroute probes sourced on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border traceroute reporting May 19 03:46:23.807: OER BR TRACE(det): Received start message: msg1 458776, msg2 1677787648, if index 19, host addr 100.1.2.1, flags 1, max ttl 30, protocol 17, probe delay 0 May 19 03:46:26.811: OER BR TRACE(det): Result msg1 458776, msg2 1677787648 num hops 30 sent May 19 03:47:20.919: OER BR TRACE(det): Received start message: msg1 524312, msg2 1677787648, if index 2, host addr 100.1.2.1, flags 1, max ttl 30, protocol 17, probe delay 0 May 19 03:47:23.923: OER BR TRACE(det): Result msg1 524312, msg2 1677787648 num hops 3 sent
203
Cisco IOS Optimized Edge Routing Configuration debug oer border traceroute reporting
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
204
debug oer cc
To display OER communication control debugging information for master controller and border router communication, use the debug oer cc command in privileged EXEC mode. To stop the display of OER debugging information, use the no form of this command. debug oer cc [detail] no debug oer cc [detail]
Syntax Description
detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer cc command can be entered on a master controller on a border router. This command is used to display messages exchanged between the master controller and the border router. These messages include control commands, configuration commands, and monitoring information. Enabling this command will cause very detailed output to be displayed and can utilize a considerable amount of system resources. This command should be enabled with caution in a production network.
Examples
The following example enables the display of OER communication control debugging messages:
Router# debug oer cc *May 4 23:03:22.527: OER CC: ipflow prefix reset received: 10.1.5.0/24
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
205
Cisco IOS Optimized Edge Routing Configuration debug oer master border
Syntax Description
ip-address
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer master border command is entered on a master controller. The output displays information related to the events or updates from one or more border routers.
Examples
The following example shows the status of 2 border routers. Both routers are up and operating normally.
Router# debug oer master border OER Master Border Router debugging is on Router# 1d05h: OER MC BR 10.4.9.7: BR I/F update, status 0, rx bw 100000, time, tx ld 0, rx ld 0, rx rate tx bytes 5016033 1d05h: OER MC BR 10.4.9.7: BR I/F update, status 0, rx bw 100000, time, tx ld 0, rx ld 0, rx rate x bytes 1028907 1d05h: OER MC BR 10.4.9.6: BR I/F update, status 0, rx bw 100000, time, tx ld 0, rx ld 0, rx rate x bytes 1027912 1d05h: OER MC BR 10.4.9.6: BR I/F update, status 0, rx bw 100000, time, tx ld 0, rx ld 0, rx rate tx bytes 5013993
UP, line 1 index 1, tx bw 10000 0 rx bytes 3496553, tx rate 0, UP, line 1 index 2, tx bw 10000 0 rx bytes 710149, tx rate 0, t UP, line 1 index 2, tx bw 10000 0 rx bytes 743298, tx rate 0, t UP, line 1 index 1, tx bw 10000 0 rx bytes 3491383, tx rate 0,
206
Cisco IOS Optimized Edge Routing Configuration debug oer master border
Description Indicates debugging information for a border router process. The ip-address identifies the border router.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
207
Cisco IOS Optimized Edge Routing Configuration debug oer master collector
Syntax Description
(Optional) Displays aggregate active probe results for a given prefix on all border routers that are executing the active probe. (Optional) Displays the active probe results from each target for a given prefix on all border routers that are executing the active probe. (Optional) Displays aggregate active probe results and historical statistics for a given prefix on all border routers that are executing the active probe. (Optional) Displays information about the passive (NetFlow) measurements received by the master controller for prefixes monitored from the border router.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer master collector command is entered on a master controller. The output displays data collection information for monitored prefixes.
Examples
The following example displays aggregate active probe results for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes *May 4 22:34:58.221: OER MC APC: Probe Statistics Gathered for prefix 10.1.0.0/16 on all exits,notifying the PDP *May 4 22:34:58.221: OER MC APC: Summary Exit Data (pfx 10.1.0.0/16, bdr 10.2.2.2, if 13, nxtHop Default):savg delay 13, lavg delay 14, sinits 25, scompletes 25 *May 4 22:34:58.221: OER MC APC: Summary Prefix Data: (pfx 10.1.0.0/16) sloss 0, lloss 0, sunreach 25, lunreach 25, savg raw delay 15, lavg raw delay 15, sinits 6561, scompletes 6536, linits 6561, lcompletes 6536 *May 4 22:34:58.221: OER MC APC: Active OOP check done
208
Cisco IOS Optimized Edge Routing Configuration debug oer master collector
Description Indicates debugging information for active probes from the r OER master collector.
The following example displays aggregate active probe results from each target for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes detail *May 4 22:36:21.945: OER MC APC: Rtrv Probe Stats: BR 10.2.2.2, Type echo, Tgt 10.1.1.1,TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13 *May 4 22:36:22.001: OER MC APC: Remote stats received: BR 10.2.2.2, Type echo, Tgt 10.15.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13 *May 4 22:36:22.313: OER MC APC: Perf data point (pfx 10.1.0.0/16, bdr 10.2.2.2, if 13, xtHop Default): avg delay 20, loss 0, unreach 0, initiations 2, completions 2, delay sum40, ldelay max 20, ldelay min 12 *May 4 22:36:22.313: OER MC APC: Perf data point (pfx 10.1.0.0/16, bdr 10.2.2.2, if 13, xtHop Default): avg delay 20, loss 0, unreach 0, initiations 2, completions 2, delay sum40, ldelay max 20, ldelay min 12 *May 4 22:36:22.313: OER MC APC: Probe Statistics Gathered for prefix 10.1.0.0/16 on al exits, notifying the PDP *May 4 22:36:22.313: OER MC APC: Active OOP check donee
Description Indicates debugging information for active probes from the r OER master collector.
The following example displays aggregate active probe results and historical statistics from each target for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes detail trace *May 4 22:40:33.845: OER MC APC: Rtrv Probe Stats: BR 10.2.2.2, Type echo, Tgt 10.1.5.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13 *May 4 22:40:33.885: OER MC APC: Remote stats received: BR 10.2.2.2, Type echo, Tgt 10.1.5.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13 *May 4 22:40:34.197: OER MC APC: Remote stats received: BR 10.2.2.2, Type echo, Tgt 10.1.2.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13 *May 4 22:40:34.197: OER MC APC: Updating Probe (Type echo Tgt 10.1.2.1 TgtPt 0) Total Completes 1306, Total Attempts 1318 *May 4 22:40:34.197: OER MC APC: All stats gathered for pfx 10.1.0.0/16 Accumulating Stats *May 4 22:40:34.197: OER MC APC: Updating Curr Exit Ref (pfx 10.1.0.0/16, bdr 10.2.2.2, if 13, nxtHop Default) savg delay 17, lavg delay 14, savg loss 0, lavg loss 0, savg unreach 0, lavg unreach 0 *May 4 22:40:34.197: OER MC APC: Probe Statistics Gathered for prefix 10.1.0.0/16 on all exits, notifying the PDP *May 4 22:40:34.197: OER MC APC: Active OOP check done
209
Cisco IOS Optimized Edge Routing Configuration debug oer master collector
Description Indicates debugging information for active probes from the r OER master collector.
The following example displays passive monitoring results for the 10.1.5.0/24 prefix:
Router# debug oer master collector netflow *May 4 22:31:45.739: OER MC NFC: Rcvd egress update from BR 10.1.1.2 prefix 10.1.5.0/24 Interval 75688 delay_sum 0 samples 0 bytes 20362 pkts 505 flows 359 pktloss 1 unreach 0 *May 4 22:31:45.739: OER MC NFC: Updating exit_ref; BR 10.1.1.2 i/f Et1/0, s_avg_delay 655, l_avg_delay 655, s_avg_pkt_loss 328, l_avg_pkt_loss 328, s_avg_flow_unreach 513, l_avg_flow_unreach 513 *May 4 22:32:07.007: OER MC NFC: Rcvd ingress update from BR 10.1.1.3 prefix 10.1.5.0/24 Interval 75172 delay_sum 42328 samples 77 bytes 22040 pkts 551 flows 310 pktloss 0 unreach 0
Description Indicates debugging information for the OER master collector from passive monitoring (NetFlow).
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
210
Cisco IOS Optimized Edge Routing Configuration debug oer master cost-minimization
Syntax Description
detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(14)T
Usage Guidelines
The debug oer master cost-minimization command is entered on a master controller. The output displays debugging information for cost-minimization policies.
Examples
The following example displays detailed cost optimization policy debug information:
Router# debug oer master cost-minimization detail OER Master cost-minimization Detail debugging is on *May 14 00:38:48.839: OER MC COST: Momentary target utilization for exit 10.1.1.2 i/f Ethernet1/0 nickname ISP1 is 7500 kbps, time_left 52889 secs, cumulative 16 kb, rollup period 84000 secs, rollup target 6000 kbps, bw_capacity 10000 kbps *May 14 00:38:48.839: OER MC COST: Cost OOP check for border 10.1.1.2, current util: 0 target util: 7500 kbps *May 14 00:39:00.199: OER MC COST: ISP1 calc separate rollup ended at 55 ingress Kbps *May 14 00:39:00.199: OER MC COST: ISP1 calc separate rollup ended at 55 egress bytes *May 14 00:39:00.199: OER MC COST: Target utilization for nickname ISP1 set to 6000, rollups elapsed 4, rollups left 24 *May 14 00:39:00.271: OER MC COST: Momentary target utilization for exit 10.1.1.2 i/f Ethernet1/0 nickname ISP1 is 7500 kbps, time_left 52878 secs, cumulative 0 kb, rollup period 84000 secs, rollup target 6000 kbps, bw_capacity 10000 kbps *May 14 00:39:00.271: OER MC COST: Cost OOP check for border 10.1.1.2, current util: 0 target util: 7500 kbps
211
Cisco IOS Optimized Edge Routing Configuration debug oer master cost-minimization
Description Indicates debugging information for cost-based optimization on the master controller.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
212
Cisco IOS Optimized Edge Routing Configuration debug oer master exit
Syntax Description
detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer master exit command is entered on a master controller. This command is used to display debugging information for master controller exit selection processes.
Examples
The following example shows output form the debug oer master exit command, entered with the detail keyword:
Router# debug oer master exit detail *May *May *May *May *May check *May check *May check 4 4 4 4 4 11:26:51.539: 11:26:52.195: 11:26:55.515: 11:29:14.987: 11:29:35.467: OER OER OER OER OER MC MC MC MC MC EXIT: EXIT: EXIT: EXIT: EXIT: 10.1.1.1, intf Fa4/0 INPOLICY 10.2.2.3, intf Se2/0 INPOLICY 10.1.1.2, intf Se5/0 INPOLICY 7 kbps should be moved from 10.1.1.1, intf Fa4/0 10.1.1.1, intf Fa4/0 in holddown state so skip OOP
4 11:29:35.831: OER MC EXIT: 10.2.2.3, intf Se2/0 in holddown state so skip OOP 4 11:29:39.455: OER MC EXIT: 10.1.1.2, intf Se5/0 in holddown state so skip OOP
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
213
Cisco IOS Optimized Edge Routing Configuration debug oer master learn
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer master learn command is entered on a master controller. This command is used to display debugging information for master controller learning events.
Examples
The following example shows output from the debug oer master learn command. The output an shows OER Top Talker debug events. The master controller is enabling prefix learning for new border router process:
Router# debug oer master learn 06:13:43: OER MC LEARN: Enable type 3, state 0 06:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason TT start 06:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason TT start request 06:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason T T start request 06:14:13: OER MC LEARN: TTC Retry timer expired 06:14:13: OER MC LEARN: OER TTC: State change, new STARTED, old RETRY, reason At least one BR started 06:14:13: %OER_MC-5-NOTICE: Prefix Learning STARTED 06:14:13: OER MC LEARN: MC received BR TT status as enabled 06:14:13: OER MC LEARN: MC received BR TT status as enabled 06:19:14: OER MC LEARN: OER TTC: State change, new WRITING DATA, old STARTED, re ason Updating DB 06:19:14: OER MC LEARN: OER TTC: State change, new SLEEP, old WRITING DATA, reas on Sleep state
214
Cisco IOS Optimized Edge Routing Configuration debug oer master learn
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
215
Cisco IOS Optimized Edge Routing Configuration debug oer master prefix
Syntax Description
prefix detail
Specifies a single prefix or prefix range. The prefix address and mask are entered with this argument. Displays detailed OER prefix processing information.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The debug oer master prefix command is entered on a master controller. This command displays debugging information related to prefix monitoring and processing.
Examples
The following example shows output from the debug oer master prefix command. The output an shows the master controller searching for the target of an active probe after the target has become unreachable.
Router# debug oer master prefix OER Master Prefix debugging is on 06:01:28: OER MC PFX 10.4.9.0/24: left assigned and running 06:01:38: OER MC PFX 10.4.9.0/24: 06:02:59: OER MC PFX 10.4.9.0/24: left assigned and running 06:03:08: OER MC PFX 10.4.9.0/24: 06:04:29: OER MC PFX 10.4.9.0/24: left assigned and running 06:04:39: OER MC PFX 10.4.9.0/24: 06:05:59: OER MC PFX 10.4.9.0/24: left assigned and running 06:06:09: OER MC PFX 10.4.9.0/24: APC last target deleted for prefix, no targets APC Attempting to probe all exits APC last target deleted for prefix, no targets APC Attempting to probe all exits APC last target deleted for prefix, no targets APC Attempting to probe all exits APC last target deleted for prefix, no targets APC Attempting to probe all exits
216
Cisco IOS Optimized Edge Routing Configuration debug oer master prefix
Table 14
Description Indicates debugging information for OER monitored prefixes. The ip-address identifies the prefix.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
217
Cisco IOS Optimized Edge Routing Configuration debug oer master prefix-list
Syntax Description
list-name detail
Specifies a single prefix or prefix range. The prefix address and mask are entered with this argument. (Optional) Displays detailed OER prefix-list processing information.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(11)T
Usage Guidelines
The debug oer master prefix-list command is entered on a master controller. This command displays debugging information related to prefix-list processing.
Examples
The following example shows output from the debug oer master prefix-list command.
Router# debug oer master prefix-list 23:02:16.283: OER 23:02:16.283: OER 23:02:16.283: OER TRUE 23:02:16.283: OER 23:02:16.283: OER 23:02:16.283: OER 50%, notify TRUE 23:02:16.283: OER 23:02:16.283: OER 23:02:16.283: OER MC PFX 10.1.5.0/24: Check PASS REL loss: loss 0, policy 10%, notify TRUE MC PFX 10.1.5.0/24: Passive REL loss in-policy MC PFX 10.1.5.0/24: Check PASS REL delay: delay 124, policy 50%, notify MC PFX 10.1.5.0/24: Passive REL delay in policy MC PFX 10.1.5.0/24: Prefix not OOP MC PFX 10.1.5.0/24: Check PASS REL unreachable: unreachable 0, policy MC PFX 10.1.5.0/24: Passive REL unreachable in-policy MC PFX 10.1.5.0/24: Check PASS REL loss: loss 0, policy 10%, notify TRUE MC PFX 10.1.5.0/24: Passive REL loss in policy
218
Cisco IOS Optimized Edge Routing Configuration debug oer master prefix-list
Table 15
Description Indicates debugging information for OER monitored prefixes. The ip-address identifies the prefix.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
219
Cisco IOS Optimized Edge Routing Configuration debug oer master process
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
Examples
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
220
Cisco IOS Optimized Edge Routing Configuration debug oer master traceroute reporting
Syntax Description
detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(14)T
Usage Guidelines
The debug oer master traceroute reporting command is entered on a master controller. This command is used to display traceroute events on a master controller.
Examples
221
Cisco IOS Optimized Edge Routing Configuration debug oer master traceroute reporting
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
222
Syntax Description
Defaults
Command Modes
privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer border command is entered on an OER border router. The output displays information about the border router and master controller connection status and border router interfaces.
Examples
Field OER BR MC
Description Displays the IP address and the status of the local border router (ACTIVE or DISABLED) Displays the IP address of the master controller, the connection status (UP or DOWN), the length of time that connection with master controller has been active, and the number of authentication failures that have occurred between the border router and master controller.
223
Table 18
Field Exits
Description Displays OER managed exit interfaces on the border router. This field displays the interface type, number, and OER status (EXTERNAL or INTERNAL). Displays the number of authentication failures. Displays the connection status. This field displays SUCCESS or FAILED. Displays the TCP port number used to communicate with the master controller.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
224
Cisco IOS Optimized Edge Routing Configuration show oer border active-probes
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer border active-probes command is entered on a border router. This command displays target active-probe assignment for a given prefix and the current probing status including the border router or border routers that are executing the active probes.
Examples
The following example shows three active probes each configured for a different prefix. The target port, source IP address, and exit interface is displayed in the output.
Router# show oer border active-probes OER Border active-probes Type = Probe Type Target = Target IP Address TPort = Target Port Source = Send From Source IP Address Interface = Exit interface Att = Number of Attempts Comps = Number of completions N - Not applicable Type udp-echo tcp-conn echo Target 10.4.5.1 10.4.7.1 10.4.9.1 TPort 80 33 N Source 10.0.0.1 10.0.0.1 10.0.0.1 Interface Et1/0 Et1/0 Et1/0 Att 1 1 2 Comps 0 0 2
225
Cisco IOS Optimized Edge Routing Configuration show oer border active-probes
Description The active probe type. The target IP address. The target port. The source IP address. The OER managed exit interface. The number of attempts. The number successfully completed attempts.
Related Commands
Description Configures active probes to monitor an OER controlled prefixes. Enables an OER process and configures a router as an OER border router or as an OER master controller.
226
Cisco IOS Optimized Edge Routing Configuration show oer border passive cache
Syntax Description
learned prefix
Displays information about learned prefixes. Displays the metrics, associated interfaces and routing information for prefixes monitored by OER.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer border passive cache command is entered on a border router. This command displays real-time prefix information collected from the border router through NetFlow passive monitoring. Entering the learned keyword displays learned prefixes. A maximum of 5 host addresses and 5 ports are collected for each prefix. The output will also show the throughput in bytes and the delay in milliseconds. Entering the prefix keyword displays the metrics captured for monitored prefixes. This information includes the number of packets and bytes per packet, the delay, the number of delay samples, the amount of packet loss, the number of unreachable flows, and the interfaces that the flow travels through.
Examples
The following example displays passive monitoring information about learned prefixes:
Router# show oer border passive cache learned OER Learn Cache: State is enabled Measurement type: throughput, Duration: 2 min Aggregation type: prefix-length, Prefix length: 24 4096 oer-flows per chunk, 22 chunks allocated, 32 max chunks, 1 allocated records, 90111 free records, 8913408 bytes allocated Prefix Host1 dport1 10.1.5.0 10.1.5.2 1024 Mask Pkts Host2 dport2 /24 17K 10.1.5.3 80 B/Pk Delay Samples Active Host3 Host4 dport3 dport4 46 300 2 45.1 0.0.0.0 0.0.0.0 0 0
227
Cisco IOS Optimized Edge Routing Configuration show oer border passive cache
Field State is... Measurement type Duration: Aggregation type ... oer-flows per chunk ... chunks allocated ... allocated records Prefix Mask Pkts B/Pk Delay Samples Active
Description Displays OER prefix learning status. The output displays enabled or disabled. Displays how the prefix is learned, either throughput or delay. Displays the duration of the learning period in minutes. Displays the aggregation type. The output displays BGP, non-BGP, or prefix-length. Displays number of flow records per memory chunk. Number of memory chunks allocated. Number of records currently allocated in the learn cache. IP address and port of the learned prefix. The prefix length as specified in a prefix mask. The number of packets and bytes per packet. The number of delay samples that NetFlow has collected. The time for which the flow has been active.
The following example displays the metrics captured for monitored prefixes:
Router# show oer border passive cache prefix OER Passive Prefix Cache, State: enabled, 278544 bytes 1 active, 4095 inactive, 2 added 82 ager polls, 0 flow alloc failures Active flows timeout in 1 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 17416 bytes 2 active, 1022 inactive, 4 added, 2 added to flow 0 alloc failures, 0 force free 1 chunk, 2 chunks added
Prefix
NextHop Src If Dst If Flows Pkts B/Pk Active sDly #Dly PktLos #UnRch -----------------------------------------------------------------------------10.1.5.0/24 10.1.2.2 Et0/0 Et1/0 381 527 40 65.5 300 2 10 1
Field OER Passive Prefix Cache State: IP Sub Flow Cache... Prefix
Description Displays the state of the monitored prefix aggregation cache. The output displays enabled or disabled. NetFlow specific sub-flow allocation information. IP address of the learned prefix.
228
Cisco IOS Optimized Edge Routing Configuration show oer border passive cache
Table 21
Field NextHop Src If Dst If Flows Pkts B/Pk Active sDly #Dly PktLos #UnRch
Description Next hop of the learned prefix. The source interface. The destination interface. The number of flows associated with the prefix. The number of packets and bytes per packet. The time for which the flow has been active. The sum of all the delay measurements captured for the prefix. The number of delay measurements made for this prefix. The amount of packet loss for the prefix. The number of unreachable flows for the prefix.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
229
Cisco IOS Optimized Edge Routing Configuration show oer border passive prefixes
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer border passive prefix command is entered on a border router. The output of this command displays prefixes monitored by NetFlow on the border router. The prefixes displayed in the output are monitored by the master controller.
Examples
Description IP address of the learned prefix. The prefix length as specified in a prefix mask. Type of prefix being monitored which can be exact or non-exact.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
230
Cisco IOS Optimized Edge Routing Configuration show oer border routes
Syntax Description
bgp static
Displays information for OER controlled routes that are learned from BGP. Displays information for OER controlled static routes.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer border routes command is entered on a border router. This command is used to display information about OER controlled routes on a border router. You can display information about BGP or static routes.
Examples
Description Indicates the monitored prefix is currently under OER control Indicates the monitored prefix is controlled by a different border router.
231
Cisco IOS Optimized Edge Routing Configuration show oer border routes
Table 23
Description Indicates that an exact prefix indicates is controlled, but more specific routes are not. Indicates that the prefix and all more specific routes are under OER control. Indicates that the prefix is injected into the into the BGP routing table. If a less specific prefix exists in the BGP table and OER has a more specific prefix configured, then BGP will inject the new prefix and OER will flag it as I-Injected. Indicates that the prefix and all more specific prefixes are under the control of another border router, and, therefore this prefix is excluded. (Not shown in the example output) Indicates that the prefix is injected, and this prefix and all more specific prefixes are under OER control. Indicates that the specific prefix is injected and under OER control. Indicates that the prefix and all more specific prefixes are under OER control. Indicates that the specific prefix is under OER control. The IP address and prefix mask. The next hop of the prefix. Type of OER control. The BGP local preference value. The weight of the route. The BGP path type.
XN
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
232
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Modification This command was introduced. The protocol field was added to the output of this command under the Learn Settings heading. The trace probe delay field was added to the output of this command under the Global Settings heading.
Usage Guidelines
The show oer master command is entered on a master controller. The output of this command displays information about the status of the OER managed network; this includes information about the master controller, the border routers, OER managed interfaces, and default and user-defined policy settings.
Examples
The following example displays the status of an OER managed network on a master controller:
Router# show oer master OER state: ENABLED and ACTIVE Conn Status: SUCCESS, PORT: 3949 Number of Border routers: 2 Number of Exits: 2 Number of monitored prefixes: 10 (max 5000) Border 10.4.9.7 10.4.9.6 Status ACTIVE ACTIVE UP/DOWN UP UP AuthFail 0 0
02:54:40 02:54:40
Global Settings: max-range-utilization percent 20 mode route metric bgp local-pref 5000 mode route metric static tag 5000 trace probe delay 1000 logging Default Policy Settings: backoff 300 3000 300
233
delay relative 50 holddown 300 periodic 0 mode route control mode monitor both mode select-exit best loss relative 10 unreachable relative 50 resolve delay priority 11 variance 20 resolve utilization priority 12 variance 20 Learn Settings: current state : SLEEP time remaining in current state : 4567 seconds throughput delay no protocol monitor-period 10 periodic-interval 20 aggregation-type bgp prefixes 100 expire after time 720
Description Indicates the status of the master controller. The state will be either Enabled or Disabled. Indicates the state of the connection between the master controller and the border router. The state is displayed as SUCCESS to indicate as successful connection. The state is displayed as CLOSED if there is no connection. Displays the port number that is used for communication between the master controller and the border router. Displays the number of border router that peer with the master controller. Displays the number of exit interfaces under OER control. Displays the number prefixes that are actively or passively monitored. Displays the IP address of the border router. Indicates the status of the border router. This field displays either ACTIVE or INACTIVE. Displays the connection status. The output displays DOWN or UP. UP is followed by the length of time that the connection has been in this state. Displays the number of authentication failures between the master controller and the border router. Displays the configuration of global OER master controller settings.
PORT: Number of Border routers: Number of Exits: Number of monitored prefixes: Border Status UP/DOWN
234
Table 24
Description Displays default OER master controller policy settings. Display OER learning settings.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
235
Cisco IOS Optimized Edge Routing Configuration show oer master active-probes
Syntax Description
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer master active-probes command is entered on a master controller. This command is used to display the status of active probes. The output from this command displays the active probe type and destination, the border router that is the source of the active probe, the target prefixes that are used for active probing, and wether the probe was learned or configured.
Examples
The following example shows the status of configured and running active probes:
Router# show oer master active-probes OER Master Controller active-probes Border = Border Router running this Probe State = Un/Assigned to a Prefix Prefix = Probe is assigned to this Prefix Type = Probe Type Target = Target Address TPort = Target Port How = Was the probe Learned or Configured N - Not applicable
The following Probes exist: State Assigned Assigned Assigned Assigned Assigned Assigned Prefix 10.1.1.1/32 10.1.4.0/24 10.1.2.0/24 10.1.4.0/24 10.1.3.0/24 10.1.2.0/24 Type echo echo echo udp-echo echo tcp-conn Target 10.1.1.1 10.1.4.1 10.1.2.1 10.1.4.1 10.1.3.1 10.1.2.1 TPort How N Lrnd N Lrnd N Lrnd 65534 Cfgd N Cfgd 23 Cfgd
236
Cisco IOS Optimized Edge Routing Configuration show oer master active-probes
TPort 65534 23
Field The following Probes exist: State: Prefix Type Target TPort How The following Probes are running: Border
Description Displays the status of configured active probes Displays the status of the active probe. The output displays Assigned or Unassigned. Displays the prefix and prefix mask of the target active probe. Displays the type of active probe. The output displays tcp-conn, echo, or udp-echo. Displays the target IP address for the active probe. Displays the target port for the active probe. Displays how the active probe was created. The output will indicate the probe is configured or learned. Displays the status of active probes that are running. Displays the IP address of the border router.
Related Commands
Description Configures active probes to monitor an OER controlled prefixes. Enables an OER process and configures a router as an OER border router or as an OER master controller.
237
Cisco IOS Optimized Edge Routing Configuration show oer master border
Syntax Description
ip-address detail
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer master border command is entered on a master controller. The output of this command shows the status of connections with border routers.
Examples
The following example displays the status of border router connections with a master controller:
Router# show oer master border Border 10.4.9.7 10.4.9.6 Status UP/DOWN INACTIVE DOWN ACTIVE UP AuthFail 0 0
00:42:31
Description Displays the IP address of the border router. Displays the status of the border router. The output displays ACTIVE or INACTIVE. Displays the connection status and the length of time that the connection has been up. The output displays DOWN or UP. The up time is displayed in weeks, days, hours, minutes, and seconds. Displays the number of authentication failures between the master controller and the border router.
AuthFail
238
Cisco IOS Optimized Edge Routing Configuration show oer master border
The following example displays detail information about border router connections with a master controller:
Router# show oer master border detail Border 10.4.9.7 Fa0/0 Fa0/1 Status INACTIVE EXTERNAL INTERNAL UP/DOWN DOWN Unverified Unverified AuthFail 0
External Capacity Max BW BW Used Tx Load Status Interface (kbps) (kbps) (kbps) (%) --------------------------- ------- ------------------------------------------------------------------------------------Border Status UP/DOWN AuthFail 10.4.9.6 ACTIVE UP 00:42:50 0 Fa0/1 INTERNAL UP Fa0/0 EXTERNAL UP External Interface --------Fa0/0 Capacity (kbps) -------100000 Max BW (kbps) -----75000 BW Used Tx Load Status (kbps) (%) ------- ------- -----0 0 UP
Description Displays the IP address of the border router. Displays the status of the border router. The output displays ACTIVE or INACTIVE. Displays the connection status and the length of time that the connection has been up. The output displays DOWN or UP. The up time is displayed in weeks, days, hours, minutes, and seconds. Displays the number of authentication failures between the master controller and the border router. Displays the external OER controlled interface. Displays the capacity of the interface kilobytes per second. Displays the maximum usable bandwidth in kilobytes per second as configured on the interface. Displays the amount of bandwidth in use in kilobytes per second. Displays the percentage of interface utilization. Displays the status of the link.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
239
Cisco IOS Optimized Edge Routing Configuration show oer master cost-minimization
Syntax Description
Deploys the billing history Displays information for a single border router. (Optional) Displays information for only the specified interface. Displays information for the service provider. A nickname must be configured before output will be displayed.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer master cost-minimization command is entered on a master controller. The output of this command shows the status the status of cost-based policies.
Examples
The following example displays the billing history for cost policies:
Router# show oer master cost-minimization billing-history Billing History for the past three months
No cost min on 10.1.1.3 ispname on 10.1.1.2 Mon1 Nickname ---------ispname SustUtil Cost
--------------------NA---
--------------------NA---
--------------------NA---
---------Total Cost
-----------------0
-----------------0
-----------------0
240
Cisco IOS Optimized Edge Routing Configuration show oer master cost-minimization
Description The nickname assigned to the service provider. The sustained utilization of the exit link. The financial cost of the link. The total financial cost for the month.
The following example displays cost optimization information for only Ethernet 1/0:
Router# show oer master cost-minimization border 10.1.1.2 Ethernet1/0 Nickname : ispname Border: 10.1.1.2 Interface: Et1/0
Calc type : Combined Start Date: 20 Fee : Tier Based Tier1 : 100, fee: 10000 Tier2 : 90, fee: 9000 Period Discard : Sampling 22, Rollup 1400 : Type Percentage, Value 22
Current Rollup Information: MomentaryTgtUtil: StartingRollupTgt: CurrentRollupTgt: 7500 Kbps 7500 Kbps 7500 Kbps CumRxBytes: CumTxBytes: TimeRemain: 38669 39572 09:11:01
: 0
: 0
Description Nickname of the service provider. IP address of the border router. Interface for which the cost policy is configured.
241
Cisco IOS Optimized Edge Routing Configuration show oer master cost-minimization
Table 29
Field Calc Type Start Date Fee Period Discard Rollup Information Current Rollup Information Rollup utilization
Description Displays the configured billing method. Displays the starting date of the billing period. Displays the billing type (fixed or tiered), and the billing configuration. Displays the sampling and rollup configuration. Displays the discard configuration, type and value. Displays rollup statistics. Displays rollup statistics for the current sampling cycle. Displays rollup utilization statistics in kilobytes per second.
The following example displays cost optimization information for the specified service provider:
Router# show oer master cost-minimization nickname ISP1 Nickname : Calc type : Start Date: Fee : ISP1 Border: 10.1.1.2 Combined 20 Tier Based Tier1 : 100, fee: 10000 Tier2 : 90, fee: 9000 : Sampling 22, Rollup 1400 : Type Percentage, Value 22 Interface: Et1/0
Period Discard
Left 36
Collected 0
Current Rollup Information: MomentaryTgtUtil: 7500 Kbps StartingRollupTgt: 7500 Kbps CurrentRollupTgt: 7500 Kbps
Description Nickname of the service provider. IP address of the border router. Interface for which the cost policy is configured. Displays the configured billing method. Displays the starting date of the billing period. Displays the billing type (fixed or tiered), and the billing configuration.
242
Cisco IOS Optimized Edge Routing Configuration show oer master cost-minimization
Table 30
Field Period Discard Rollup Information Current Rollup Information Rollup utilization
Description Displays the sampling and rollup configuration. Displays the discard configuration, type and value. Displays rollup statistics. Displays rollup statistics for the current sampling cycle. Displays rollup utilization statistics in kilobytes per second.
Related Commands
Description Configures cost-based optimization policies on a master controller. Displays debugging information for cost-based optimization policies. Enables an OER process and configures a router as an OER border router or as an OER master controller.
243
Cisco IOS Optimized Edge Routing Configuration show oer master policy
Syntax Description
Displays only the specified oer-map sequence. Displays only the specified oer-map name. Displays only default policy information.
Defaults
Command Modes
Privileged EXEC
Command History
Release 12.3(8)T
Usage Guidelines
The show oer master policy command is entered on a master controller. The output of this command displays default policy and policies configured with an oer-map. The * character is displayed next to policy settings that override default settings.
Examples
The following example displays default policy and policies configured in an oer-map named CUSTOMER:
Router# show oer master policy Default Policy Settings: backoff 300 3000 300 delay relative 50 holddown 300 periodic 0 mode route control mode monitor both mode select-exit best loss relative 10 unreachable relative 50 resolve delay priority 11 variance 20 resolve utilization priority 12 variance 20 oer-map CUSTOMER 10 match ip prefix-lists: NAME backoff 300 3000 300 delay relative 50 holddown 300 periodic 0 mode route control mode monitor both
244
Cisco IOS Optimized Edge Routing Configuration show oer master policy
mode select-exit best loss relative 10 unreachable relative 50 *resolve utilization priority 1 variance 10 *resolve delay priority 11 variance 20 oer-map CUSTOMER 20 match ip prefix-lists: match oer learn delay backoff 300 3000 300 delay relative 50 holddown 300 periodic 0 *mode route control mode monitor both mode select-exit best loss relative 10 unreachable relative 50 resolve delay priority 11 variance 20 resolve utilization priority 12 variance 20 * Overrides Default Policy Setting
Description Displays OER default configuration settings under this heading. Displays the oer-map name and sequence number. The policy setting applied in the oer-map are displayed under this heading.
Related Commands
Command oer
Description Enables an OER process and configures a router as an OER border router or as an OER master controller.
245
Cisco IOS Optimized Edge Routing Configuration show oer master prefix
Syntax Description
detail learned delay throughput prefix policy traceroute exit-id border-address current now
(Optional) Displays detailed prefix information about the specified prefix or all prefixes. (Optional) Displays information about learned prefixes. (Optional) Displays information about learned prefixes based on delay. (Optional) Displays information about learned prefixes based on throughput. (Optional) Specifies the prefix, entered as an IP address and bit length mask. (Optional) Displays policy information for the specified prefix. (Optional) Displays path information from traceroute probes. (Optional) Displays path information based on the OER assigned exit ID. (Optional) Display path information sourced from the specified border router. (Optional) Displays traceroute probe statistics from the most recent traceroute probe. (Optional) Initiates a new traceroute probe and displays the statistics that are returned.
Defaults
Command Modes
Privileged EXEC
Command History
Modification This command was introduced. Support for traceroute reporting was added.
Usage Guidelines
The show oer master prefix command is entered on a master controller. This command is used to display the status of monitored prefixes. The output from this command includes information about the source border router, current exit interface, prefix delay, and egress and ingress interface bandwidth. The output can be filtered to display information for only a single prefix, learned prefixes, and prefixes learned based on delay or throughput.
246
Cisco IOS Optimized Edge Routing Configuration show oer master prefix
The traceroute keyword is used to display traceroute probe results. The output generated by this keyword provides hop by hop statistics to the probe target network. The output can be filtered to display information for only the exit ID (OER assigns an ID number to each exit interface) or the specified border router. The current keyword displays traceroute probe results from the most recent trace route probe. The now keyword initiates a new traceroute probe and displays the results.
Examples
Description IP address and prefix length. Status of the prefix. Border router from which these statistic were gathered. Current exit link interface on the border router. Delay in milliseconds. Egress bandwidth. Ingress bandwidth.
Most recent data per exit Border Interface *10.2.1.1 Et1/0 10.2.1.2 Et2/0 10.3.1.2 Et3/0
PasSDly 181 0 0
PasLDly 181 0 0
Latest Active Stats on Current Exit: Type Target TPort Attem Comps echo 10.1.1.1 N 2 2 echo 10.1.1.2 N 2 2 echo 10.1.1.3 N 2 2
Prefix performance history records Current index 2, S_avg interval(min) 5, L_avg interval(min) 60 Age Border Interface OOP/RteChg Reasons
247
Cisco IOS Optimized Edge Routing Configuration show oer master prefix
Ebytes
Ibytes
Pkts
Flows
Field Prefix State Time Remaining Policy Most recent data per exit Latest Active Stats on Current Exit
Description IP address and prefix length. Status of the prefix. Time remaining in the current prefix learning cycle. The state that the prefix is in. Possible values are Default, In-policy, Out-of-policy, Choose, and Holddown. Border router exit link statistics for the specified prefix. The asterich indicates the exit that is being used. Active probe statistics. This field includes information about the probe type, target IP address, port number, and delay statistics. The type of active probe. Possible types are ICMP echo, TCP connect, or UDP echo. The example uses default ICMP echo probes (default TCP), so no port number is displayed. Displays border router historical statistics. These statistics are updated about once a minute and stored for 1 hour.
Type
248
Cisco IOS Optimized Edge Routing Configuration show oer master prefix
Table 34
Field Path for Prefix Target Exit ID Status How Recent Hop Host Time BGP
Description Specified IP address and prefix length. Traceroute probe target OER assigned exit ID. Status of the traceroute probe. Time since last traceroute probe. Hop number of the entry. IP address of the entry. Time, in milliseconds, for the entry. BGP autonomous system number for the entry.
Related Commands
Description Enables an OER process and configures a router as an OER border router or as an OER master controller. Configures an OER map to enable traceroute reporting. Sets the time interval between traceroute probe cycles.
249
Cisco IOS Optimized Edge Routing Configuration show oer master prefix
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R)
250