Table Of Contents
Cisco IOS Optimized Edge Routing Configuration
Prerequisites for Cisco IOS Optimized Edge Routing
Restrictions for Cisco IOS Optimized Edge Routing
Information About Cisco IOS Optimized Edge Routing
Cisco IOS Optimized Edge Routing Overview
Cisco IOS OER: A Typical Deployment
Cisco IOS OER: Optimizes for Performance
Cisco IOS OER Network Components
Cisco IOS OER Network Components: Master Controller
Cisco IOS OER Network Components: Border Router
Cisco IOS OER Network Components: Interfaces
Cisco IOS OER Managed Network: Central Policy Database
Cisco IOS OER Managed Network: Policy Enforcement Point
Cisco IOS OER Prefix Learning: Automatic Prefix Learning
Cisco IOS OER Prefix Learning: Manually Selecting Prefixes
Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning
Cisco IOS OER Prefix Learning: Prefix Transition States
Cisco IOS OER Monitoring: Passive Monitoring
Cisco IOS OER Monitoring: Active Monitoring
Cisco IOS OER Monitoring: Active Probe Source Address
Cisco IOS OER Monitoring: Combined Monitoring
Cisco IOS OER Monitoring: Traceroute Reporting
Cisco IOS OER Modes of Operation
Cisco IOS OER Modes of Operation: Observe Mode
Cisco IOS OER Modes of Operation: Control Mode
Cisco IOS OER Routing: Border Router Peering with the Internal Network
Cisco IOS OER Routing: BGP Peering
Cisco IOS OER Routing: BGP Redistribution into an IGP
Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute
Cisco IOS OER Routing: Static Routing and Static Route Redistribution
Cisco IOS OER Routing: Injecting Split Prefixes
Cisco IOS OER Policy Configuration
Cisco IOS OER Policy Configuration: Prefix Policies
Cisco IOS OER Policy Configuration: Exit Link Policies
Cisco IOS OER Policy Configuration: Cost-Based Optimization
Cisco IOS OER Policy Configuration: Optimal Exit Link Selection
Cisco IOS OER Policy Configuration: Load Distribution
Cisco IOS OER Policy Configuration: Global Policies
Cisco IOS OER Policy Configuration: Applying Policies with an OER Map
Cisco IOS OER Policy Configuration: Resolving Policies
VPN IPSec/GRE Tunnel Interface Optimization
Cisco IOS OER Logging and Reporting
Cisco IOS OER Deployment Configurations
How to Configure Cisco IOS Optimized Edge Routing
Minimum Master Controller Configuration
Disabling a Master Controller Process
Minimum Border Router Configuration
Disabling a Border Router Process
Manually Selecting Prefixes for Monitoring
Active Probing over eBGP Peerings
Configuring the Source Address of an Active Probe
Configuring Traceroute Reporting
Configuring Prefix and Exit Link Policies
Adjusting Cisco IOS OER Timers
Configuring Cost-Based Optimization
Setting Variance for Resolve Policies
Configuring Cisco IOS OER Modes of Operation
Configuring OER Policies with an OER Map
Configuring Policy Rules for OER Maps
Configuring iBGP Peering on the Border Routers
Configuring BGP Redistribution into an IGP on the Border Routers
Configuring Static Route Redistribution on the Border Routers
Configuring Static Route Redistribution into EIGRP
Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels
Routing Prefixes that are Protected with IPSec over GRE Tunnels
GRE Tunnel Interfaces are Configured as OER Managed Exit Links
Master Controller Configuration
Verifying Cisco IOS OER Configuration
Using Cisco IOS OER Clear Commands
Using Cisco IOS OER Debug Commands
Configuration Examples for Cisco IOS Optimized Edge Routing
Master Controller and Two Border Routers Deployment: Example
Master Controller and Border Router Deployed on a Single Router: Example
BR 1 Configuration: Master/Border with Load Distribution
Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example
Central VPN Configuration: OER Master
Central VPN Configuration: BR1
Central VPN Configuration: BR 2
Central VPN Configuration: Internal Peers
VPN B Configuration: OER Master
VPN B Configuration: Internal Peers
debug oer border traceroute reporting
debug oer master cost-minimization
debug oer master traceroute reporting
show oer border passive prefixes
show oer master cost-minimization
Cisco IOS Optimized Edge Routing Configuration
Cisco IOS Optimized Edge Routing (OER) provides automatic route optimization and load distribution for multiple ISP and WAN connections. Cisco IOS OER is an integrated Cisco IOS solution that allows you to monitor IP traffic flows and then define policies and rules based on prefix performance, link load distribution, link cost, and traffic type. Cisco IOS OER provides active and passive monitoring systems, dynamic failure detection, and automatic path correction. Deploying Cisco IOS OER enables intelligent load distribution and optimal route selection in an enterprise network.
Feature History for Optimized Edge Routing
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for Cisco IOS Optimized Edge Routing
•
•
•
•
Prerequisites for Cisco IOS Optimized Edge Routing
•
•
•
•
If you have configured internal BGP (iBGP) on the border routers, iBGP peering must be established and consistently applied throughout your network.
If an IGP is deployed in your network, static route redistribution must be configured with the redistribute static command. Interior Gateway Protocol (IGP) or static routing should also be applied consistently throughout an OER managed network; the border router should have a consistent view of the network.
Restrictions for Cisco IOS Optimized Edge Routing
•
•
•
•
•
•
•
•
Information About Cisco IOS Optimized Edge Routing
To configure Cisco IOS Optimized Edge Routing (OER), you should understand the following concepts:
•
•
•
•
•
•
•
•
•
•
Cisco IOS Optimized Edge Routing Overview
Enterprise networks use multiple ISP or WAN connections for reliability and load distribution. Existing reliability mechanisms depend on link state or route removal on the border router to select a better exit link for a prefix or set of prefixes. Multiple connections protect enterprise networks from catastrophic failures but do not protect the network from "brown outs" or soft failures that occur due to network congestion. Existing mechanisms can respond to catastrophic failures at the first indication of a problem. However, black outs and brown outs can go undetected and often require the network operator to take action to resolve the problem. When a packet is transmitted between external networks (nationally or globally), the packet spends the vast majority its life cycle on the WAN segments of the network. Optimizing WAN route selection in the enterprise network provides the end-user with the greatest performance improvement, even better than LAN speed improvements in the local network.
Cisco IOS OER is implemented in Cisco IOS software as an integrated part of Cisco core routing functionality. Deploying Cisco IOS OER enables intelligent network traffic load distribution and dynamic failure detection for data paths at the wide-area network (WAN) edge. While other routing mechanisms can provide both load distribution and failure mitigation, Cisco IOS OER is unique in that it can make routing adjustments based on criteria other than static routing metrics, such as response time, packet loss, path availability, and traffic load distribution. Deploying Cisco IOS OER allows you to optimize network performance and link load utilization while minimizing bandwidth costs and reducing operational expenses.
Cisco IOS OER: A Typical Deployment
Figure 1 shows a Cisco IOS OER managed enterprise network of a content provider. The enterprise network has three exit interfaces that are used to deliver content to customer access networks. The content provider has a separate service level agreement (SLA) with a different ISP for each exit link. The customer access network has two edge routers that connect to the Internet. Traffic is carried between the enterprise network and the customer access network over six service provider (SP) networks.
Figure 1 A Typical Cisco IOS Optimized Edge Routing Deployment
Cisco IOS OER monitors and controls outbound traffic on the three border routers (BRs). It measures the packet response time and path availability from the egress interfaces on BR1, BR2 and BR3. Changes to exit link performance on the border routers are detected on a per-prefix basis. If the performance of a prefix falls below default or user-defined policy parameters, routing is altered locally in the enterprise network to optimize performance and to route around failure conditions that occur outside of the enterprise network. For example, an interface failure or network misconfiguration in the SP D network can cause outbound traffic that is carried over the BR2 exit interface to become congested or fail to reach the customer access network. Traditional routing mechanisms cannot anticipate or resolve these types of problem without intervention by the network operator. Cisco IOS OER can detect failure conditions and alter routing inside of the network to compensate.
Cisco IOS OER: Optimizes for Performance
Traditional routing mechanisms rely upon reachability information to make routing decisions but cannot enforce performance policies. Cisco IOS OER optimizes routing to improve performance in the enterprise network. Prefix policies are defined to control the performance of a single prefix or a prefix range. You can configure Cisco IOS OER to monitor and control the performance of a single host route or routes from an entire network. Exit link policies are defined to control the performance of exit interfaces in an OER managed network. Performance policies can be defined for a single exit link or all exit links in the OER managed network.
Figure 2 shows a Cisco IOS OER managed enterprise network of a content provider. This figure shows that delay measurements are collected for monitored prefixes on the border routers. These statistics are collected by the border routers an then transmitted to the master controller.
Figure 2 Cisco IOS OER Optimizes for Performance
For example, if a performance policy is defined that sets the delay threshold for a group of prefixes to less than or equal to 200 milliseconds (ms), as shown in Figure 2. Prefixes with a slower round-trip response time (or longer delay) will be considered to be out-of-policy. Routing is locally altered to bring the prefix to an in-policy state. In Figure 2, out-of-policy prefixes that use exit links on BR3 will be moved to BR1.
The master controller monitors prefixes and exit links on the border routers. This allows the master controller to measure performance and detect failure conditions that occur outside of the network. When the master controller detects a performance change that brings a prefix out of policy, the master controller sends commands to the border routers to dynamically alter routing inside of the enterprise network to bring prefix performance back within default or user-defined policy. If all prefixes and exit links are in policy, the master controller continues to monitor the network and does not take any action.
Cisco IOS OER Network Components
Cisco IOS OER is configured on Cisco routers though standard Cisco IOS CLI configuration. An OER deployment has two primary components — a master controller and one or more border routers. The master controller is the intelligent decision maker, while the border routers are enterprise edge routers with exit interfaces that are used to access the Internet or used as WAN exit links.
Cisco IOS OER Network Components: Master Controller
The master controller is a single router that coordinates all OER functions within an OER managed network. A Cisco router can be configured to run a stand-alone master controller process or can also be configured to perform other functions, such as routing or running a border router process. The master controller maintains communication and authenticates the sessions with the border routers. The master controller monitors outbound traffic flows using active or passive monitoring and then applies default or user-defined policies to alter routing to optimize prefixes and exit links. OER administration and control is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller does not need to be in the traffic forwarding path, but it must be reachable by the border routers. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Note
Cisco IOS OER Network Components: Border Router
The border router is an enterprise edge router with one or more exit links to an ISP or other participating network. The border router is where all policy decisions and changes to routing in the network are enforced. The border router participates in prefix monitoring and route optimization by reporting prefix and exit link measurements to the master controller and then by enforcing policy changes received from the master controller. The border router enforces policy changes by injecting a preferred route to alter routing in the network. The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process.
Cisco IOS OER Network Components: Interfaces
An OER managed network must have at least two external interfaces that are used to forward traffic to the external network (WAN or ISP) and at least one internal interface that is used for passive monitoring. There are three interface configurations required to deploy OER:
•
•
•
Tip
The following interface types can be configured as external and internal interfaces:
•
•
•
•
•
•
•
•
•
•
•
•
Note
The following interface types can be configured as local interfaces:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note
Cisco IOS OER Managed Network
Figure 3 shows an OER managed network. This network contains a master controller and two border routers. OER communication between the master controller and the border routers is carried separately from routing protocol traffic. This communication is protected by MD5 authentication. Each border router has an external interface that is connected to a different ISP or WAN link to a remote site and a local and an internal interface that are reachable by the master controller.
Figure 3 Cisco IOS OER Managed Network
External interfaces are used to forward outbound traffic from the network and are used as the source for active monitoring. Internal interfaces are used for OER communication and used for passive monitoring. At least one external and one internal interface must be configured on each border router. At least two external interfaces are required in an OER managed network. A local interface is configured on the border router for communication with the master controller.
Cisco IOS OER Managed Network: Central Policy Database
The master controller continuously monitors the network. The master controller maintains a central policy database where it stores collected statistical information. The master controller compares long-term and short-term measurements. The long-term measurements are collected every 60 minutes. Short term measurements are collected every five minutes. The master controller analyzes these statistics to determine which routes have the lowest delay, highest outbound throughput, relative or absolute packet loss, relative or absolute link cost, and prefix reachability to analyze and optimize the performance of monitored prefixes and to distribute the load from over-utilized exit links to under-utilized exit links.
Cisco IOS OER Managed Network: Policy Enforcement Point
The border router is the policy enforcement point. Default or user-defined policies are configured on the master controller to set the performance level for prefixes and exit links. The master controller automatically alters routing in the OER managed network, as necessary, by sending control commands to the border routers to inject a preferred route. The preferred route is advertised or redistributed through the internal network. The preferred route alters default routing behavior so that out of policy prefixes are moved from over utilized exit links to under utilized exit links to bring prefixes and exit links in-policy, and thus optimizing the overall performance of the enterprise network.
Cisco IOS OER Prefix Learning
To enable Cisco IOS OER in your network prefixes must be identified to monitor and optimize. A Cisco router configured as a master controller will learn and monitor up to 2500 prefixes by default and can configured to learn and monitor up to 5000 prefixes with the max prefix total command in OER master controller configuration mode. Prefixes can be learned automatically or can manually selected.
Cisco IOS OER Prefix Learning: Automatic Prefix Learning
The master controller can be configured, using Top Talker functionality, to learn prefixes automatically based on highest outbound throughput or lowest delay time. Throughput learning measures prefixes that generate the highest outbound traffic volume. Throughput prefixes are sorted from highest to lowest. Delay learning measures prefixes with the lowest round-trip response time (RTT). Delay prefixes are sorted from the lowest to the highest delay time.
Automatic prefix learning is configured in OER Top Talker and Delay learning configuration mode. The learn command is used to enter this mode from OER master controller configuration mode. When automatic prefix learning is enabled, prefixes and their delay and/or throughput characteristics are learned, and this is information is stored in the central policy database. Prefixes are learned for 5 minutes by default. The master controller analyzes these statistics and implements policy decisions as necessary.
Prefixes are learned on the border routers through passive monitoring. Prefix learning is configured on the master controller. The border routers monitor all incoming and outgoing traffic flows. The top 100 flows are learned by default, and up to 5000 flows can be learned.
Learned prefixes can be aggregated based the prefix type, BGP or non-BGP (static routes), or the prefix length. Traffic flows are aggregated using a /24 prefix length by default. Prefix aggregation can be configured to include any subset or superset of a major network, including a single host route (/32). For each aggregated prefix, up to five host addresses are selected to use as active probe targets. Prefix aggregation is configured with the aggregation-type command in OER Top Talker and Delay learning configuration mode.
Cisco IOS OER Prefix Learning: Manually Selecting Prefixes
A prefix or range of prefixes can be selected for monitoring by configuring an IP prefix list. The IP prefix list is then imported into the master controller database by configuring a match clause in an OER map. IP prefix-lists are configured with the ip prefix-list command and OER maps are configured with the oer-map command in global configuration mode.
The following IP prefix list configuration options are supported:
•
•
•
•
Traffic is excluded or included by configuring permit or deny statements in the IP prefix list.
For best performance, you should apply the most commonly referenced prefix lists and deny prefix lists to the lowest (or first) OER map sequences.
Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning
Port and Protocol Based Prefix Learning was introduced in Cisco IOS Release 12.3(11)T. This feature allows you to configure the master controller to learn traffic based on the protocol number or the source or destination port number, carried by TCP or UDP traffic. This feature provides a very granular filter that can be used to further optimize prefixes learned based on throughput and delay.
Port and protocol based prefix learning allows you to optimize or exclude traffic streams for a specific protocol or the TCP port, UDP port, or range of port numbers. Traffic can be optimized for a specific application or protocol. Uninteresting traffic can be excluded, allowing you to focus router system resources, and reduce unnecessary CPU and memory utilization. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, the range of port numbers can be specified. Port and protocol prefix based learning is configured with the protocol command in OER Top Talker and Delay learning configuration mode.
For a list of IANA assigned port numbers, refer to the following document:
•
For a list of IANA assigned protocol numbers, refer to the following document:
•
Cisco IOS OER Prefix Learning: Prefix Transition States
Monitored prefixes pass through the following states when imported into the central policy database or when a default or user-defined policy is applied:
Default—A prefix is placed in this state when it is not under OER control. All routing decisions for the prefix are controlled by existing metrics determined by the default routing protocol. Prefixes are placed in the default state when they are initially added to the central policy database. A prefix will transition into and out of the default state depending on policy configuration and performance measurements.
In-Policy—A prefix is placed in this state when the status of the prefix exit conforms to default or user-defined policies. No changes are made when a prefix is in the in-policy state. The master controller continues to monitor the prefix and will take no action until the policy configuration or performance measurements change.
Out-of-Policy—A prefix is placed in this state when the prefix exit does not conform to default or user-defined policies. The master controller will use active probing and/or passive monitoring to find a better exit for the prefix, while the prefix is in this state. If all exit links are out-of-policy, the master controller will select the best available exit.
Choose—A prefix is placed in this state by the master controller during exit link selection. The prefix remains in the choose state until it is moved to the new exit.
Holddown—A prefix is placed in this state when the master controller moves a prefix to a new exit. No policy changes are applied to a prefix in the holddown state. The holddown state is designed to isolate the prefix during the transition period to prevent the prefix from causing instability due to rapid state changes (flapping).
Note
Cisco IOS OER Monitoring
Cisco IOS OER monitors prefix performance over OER managed exit links to ensure that OER controlled prefixes and exit links conform to policy parameters. Prefixes are passively monitored with integrated NetFlow functionality and are actively monitored with integrated IP Service Level Agreements (IP SLAs) functionality. No explicit NetFlow or IP SLAs configuration is required. Support for these features are enabled automatically as necessary.
The master controller can be configured to monitor learned and manually selected prefixes. The border routers collect passive monitoring and active monitoring statistics and then transmit this information to the master controller. The master controller analyzes the collected information. If all monitored prefixes and exit links are in policy, no changes are made and the master controller continues to monitor the network. If a monitored prefix or exit link is out of policy, the master controller makes a policy decision and sends a control command to the border router to alter routing in the OER managed network to move the prefix to a better exit to bring the prefix or exit in policy.
Cisco IOS OER Monitoring: Passive Monitoring
Cisco IOS OER uses NetFlow, an integrated technology in Cisco IOS software, to collect and aggregate passive monitoring statistics on a per prefix basis. Passive monitoring is enabled by default when an OER managed network is created. Netflow is a flow-based monitoring and accounting system. NetFlow support is enabled by default on the border routers when passive monitoring is enabled.
Passive monitoring uses only existing traffic; additional traffic is not generated. Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. If traffic does not go over an external interface of a border router, no data is reported to the master controller.
The master controller uses passive monitoring to measure the following information:
Delay—The master controller measures the average delay of TCP flows for a given prefix. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement.
Packet loss—The master controller measures packet loss by tracking TCP sequence numbers for each TCP flow. OER estimates packet loss by tracking the highest TCP sequence number. If a subsequent packet is received with a lower sequence number, OER increments the packet loss counter. Packet loss is measured in flows per million (fpm).
Reachability—The master controller measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement.
Throughput—The master controller measures prefixes that generate the highest outbound traffic volume or throughput. Throughput is measured on external interfaces in bits per second (bps).
Note
Passive monitoring statistics are gathered and stored in a prefix history buffer that can hold a minimum of 60 minutes of information depending on whether the traffic flow is continuos. Cisco IOS OER uses this information to determine if the prefix is in policy based on the default or user-defined policies.
Cisco IOS OER Monitoring: Active Monitoring
Active monitoring uses IP Service Level Agreements (IP SLAs), an integrated technology in Cisco IOS software, to analyze and measure the performance of TCP and UDP traffic. Active monitoring generates traffic in a continuous, reliable, and predictable manner. This allows the master controller to measure delay and jitter to determine prefix performance characteristics more accurately than is possible with only passive monitoring.
Active monitoring is enabled with the mode command in OER master controller configuration mode. When active monitoring is enabled, the master controller commands the border routers to send active probes to a target IP address. The border router collects and transmits the probe results to master controller to analyze.
Active probes are automatically generated when a prefix is learned or aggregated. The border router collects up to five host addresses from the prefix for active probing. Active probes can be configured for specific host or target address. Active probes are configured with the active-probe command in OER master controller configuration mode. The active probe is sourced from the border router and transmitted through an external interface (the external interface may or may not be the preferred route for an optimized prefix). Active probes are sent once per minute. ICMP probes are used by default.
Note
Active Probe Types
Cisco IOS OER uses ICMP Echo probes, by default, when an active probe is automatically generated. The following types of active probes can be configured:
ICMP Echo—A ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
TCP Connection—A TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23.
UDP Echo—A UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number.
Cisco IOS OER Monitoring: Active Probe Source Address
The Active Probe Source Address feature was introduced in Cisco IOS Release 12.4(2)T. By default, active probes use the source IP address of the OER external interface that transmits the probe. The active probe source address feature is configured on the border router. This feature allows you to specify the source address of the active probe with the active-probe address source OER border router configuration command. When this command is configured, the primary IP address of the specified interface is used as the active probe source. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface. If the interface is not configured with an IP address, the active probe will not be generated. If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address. If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and not restarted until a valid primary IP address is configured.
Cisco IOS OER Monitoring: Combined Monitoring
Cisco IOS OER can also be configured to combine both active and passive monitoring in order to generate a more complete picture of traffic flows within the network. Combined monitoring is enabled by default. Combined monitoring is configured with the mode monitor both command in OER master controller configuration mode.
Cisco IOS OER Monitoring: Traceroute Reporting
The OER Support for Traceroute Reporting feature was introduced in Cisco IOS Release 12.3(14)T. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit. This feature allows you to monitor prefix performance on a hop-by-hop basis. Delay, loss, and reachability measurements are gathered for each hop from the probe source to the target prefix.
Traceroute reporting is enabled with the set traceroute reporting oer-map configuration mode command. Learned or specific prefixes are selected for traceroute reporting by configuring a match clause in an OER map. When traceroute reporting is enabled, traceroute probes gather delay, loss, and reachability statistic for a given prefix. Specific traceroute probes can also be configured to gather these statistics individually only for prefixes that are in the out-of-policy state. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode.
Traceroute probes are configured using the following methods:
Continuous—A traceroute probe is triggered for each new probe cycle. Entering the set traceroute reporting command without any keywords enables continuous reporting. The probe is sourced from the current exit of the prefix.
Policy based—A traceroute probe is triggered automatically when a prefix goes into an out-of-policy state. Policy based traceroute probes are configured individually for delay, loss, and reachability policies. The monitored prefix is sourced from a match clause in an oer-map. Policy based traceroute reporting stops when the prefix returns to an in-policy state.
On demand—A trace route probe is triggered only when the show oer master prefix command is entered for a specific IP address with the current and now keywords. Continuous or policy-based traceroute reporting does not need to be enabled to use this method. Entering this command without any keywords displays the most recent probe results for all exits. Entering this command with the current keyword displays the results for the current exit from the most recent probe.
Cisco IOS OER Modes of Operation
The master controller can be configured to operate in observe mode or control mode.
Cisco IOS OER Modes of Operation: Observe Mode
The master controller can be configured to operate in route observe mode or route control mode. Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before actively deploying it.
Cisco IOS OER Modes of Operation: Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network. Control mode or observe mode monitoring is configured with the mode route command in OER master controller configuration mode.
Cisco IOS OER Routing Control
Figure 4 shows an OER managed network. The master controller alters default routing behavior inside of the OER managed network to optimize prefix and exit link performance. Cisco IOS OER uses a command/response protocol to manage all communication between the border router and the master controller.
Figure 4 Cisco IOS OER Controls Default Routing Behavior
The border routers are enterprise edge routers. Routing protocol peering or static routing is established between the border routers and internal peers. The border routers advertise a default route to internal peers through BGP peering, static routing, or route redistribution into an Interior Gateway Protocol (IGP). The master controller alters default routing behavior in the OER managed network by sending control commands to the border routers to inject a preferred route into the internal network.
When the master controller determines the best exit for a prefix, it sends a route control command to the border router with the best exit. The border router searches for a parent route for the monitored prefix. The BGP routing table is searched first and then the static routing table. This can be a default route for the monitored prefix. If a parent route is found that includes the prefix (the prefix may be equivalent or less specific) and points to the desired exit link by either the route to its nexthop or by a direct reference to the interface, a preferred route is injected into the internal network from the border router. OER injects the preferred route where the first parent is found. The preferred route can be an injected BGP route or an injected static route. The preferred route is learned by internal peers, which in turn recalculate their routing tables causing the monitored prefix to be moved to the preferred exit link. The preferred route is only advertised to the internal network and is not advertised to external peers.
Cisco IOS OER Routing: Border Router Peering with the Internal Network
The master controller alters default routing behavior in the OER managed network by injecting preferred routes into the routing tables of the border routers. The border routers peer with other routers in the internal network through BGP peering, BGP or static route redistribution into an IGP, or static routing. The border routers advertise the preferred route to internal peers.
The border routers should be close to each other in terms of hops and throughput and should have a consistent view of the network; routing should be configured consistently across all border routers. The master controller verifies that a monitored prefix has a parent route with a valid next hop before it commands the border routers to alter routing. The border router will not inject a route where one does not already exist. This behavior is designed to prevent traffic from being blackholed because of an invalid next hop.
Note
Cisco IOS OER Routing: BGP Peering
Standard internal BGP (iBGP) peering can be established between the border routers and other internal peers. External BGP (eBGP) peering or a default route is configured to the ISP. In the iBGP network, OER uses the local preference attribute to set the preference for injected routes. The BGP local preference attribute is a discretionary attribute that is used to apply the degree of preference to a route during the BGP best path selection process. This attribute is exchanged only between iBGP peers and is not advertised outside of the OER managed network or to the eBGP network. The prefix with the highest local preference value is locally advertised as the preferred path to the destination. OER applies a local preference value of 5000 to injected routes by default. A local preference value from 1 to 65535 can be configured.
Note
Note
Cisco IOS OER Routing: BGP Redistribution into an IGP
BGP redistribution can be used if the border routers are configured to run BGP (for ISP peering for example) and the internal peers are configured to run another routing protocol (such as Enhanced Interior Gateway Routing Protocol [EIGRP], Open Shortest Path First [OSPF] or Routing Information Protocol [RIP]). The border routers can advertise a single default route or full routing tables to the internal network. If you use BGP to redistribute more than a default route into an IGP, we recommend that you use IP prefix-list and route-map statements to limit the number of prefixes, as BGP routing tables can be very large.
Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute
OER uses the local-preference attribute to influence routing inside of a BGP network. OER injected BGP routes can redistributed within the network by configuring the match local-preference route-map configuration command. A value of 5000 (or a custom value if configured on the master controller) must be configured when entering this command.
Cisco IOS OER Routing: Static Routing and Static Route Redistribution
Static routing or static route redistribution can be configured in the internal network. OER alters routing these types of network by injecting temporary static routes. The temporary static route replaces the parent static route. OER will in not inject a temporary static route where a parent static route does not exist. OER applies a default tag value of 5000 to identify the injected static route. In the case of the network where only static routing is configured, no redistribution configuration is required. In the case of a network where an IGP is deployed and BGP is not run on the border routers, static routes to border router exit interfaces must be configured, and these static routes must be redistributed into the IGP.
Cisco IOS OER Routing: Injecting Split Prefixes
When configured to control a subset of a larger network, the master controller will add an appropriate route or split prefix to the existing routing table, as necessary. A split prefix is a more specific route that is derived from a less specific parent prefix. For example, if a /24 prefix is configured to be optimized, but only a /16 route is installed to the routing table, the master controller will inject a /24 prefix using the attributes from the /16 prefix. Any subset of the less-specific prefix can be derived, including a single host route. Split prefixes are processed only inside the OER managed network and are not advertised to external networks. If BGP is deployed in the OER managed network, the master controller will inject a more specific BGP route. If BGP is not deployed, the master controller will inject a more specific temporary static route.
Cisco IOS OER Policy Configuration
The master controller optimizes prefixes and exit links to conform to default and user-defined policies. When the performance of a monitored prefix or exit link falls below a policy configuration setting, the master controller optimizes traffic in the internal network to bring either the prefix or exit link into an in-policy state. Global policies are configured in OER master controller configuration mode and OER Top Talker and Top delay learning configuration mode. Policies can also be applied to specific prefixes that pass through a match statement in an OER map in oer-map configuration mode. Global policies override OER map policies.
Cisco IOS OER Policy Configuration: Prefix Policies
A prefix policy is a set of rules that governs performance characteristics for a network address. The network address can be a single host route or an entire network. A prefix is defined as any network number with a prefix mask applied to it. The following performance characteristics are managed by prefix policies:
•
•
•
Note
Cisco IOS OER Policy Configuration: Exit Link Policies
An exit link policy is a set of rules that are applied to OER managed exit links. The performance characteristics that are managed by a link policy are traffic load and exit link utilization. A link policy can define total outbound throughput or total link utilization. Link utilization policies can be defined for a single exit link or all OER managed exit links. The following performance characteristics are managed by link policies:
•
•
•
Cisco IOS OER Policy Configuration: Cost-Based Optimization
The OER Support for Cost-Based Optimization feature was introduced in Cisco IOS Release 12.3(14)T. Cost-based optimization allows you to configure policies based on the monetary cost (ISP Service Level Agreement [SLA]) of each exit link in your network. This feature allows you to configure the master controller send traffic over exit links that provide the most cost-effective bandwidth utilization, while still maintaining the desired performance characteristics. Cost-based optimization is configured with the cost-minimization command in OER border exit configuration mode (under the external interface configuration). Cost-based optimization supports two billing models: fixed rate or tier-based with bursting.
Fixed Rate Billing
Fixed rate—This method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The monetary cost of the exit link is entered with the fee keyword.
Tier-Based Billing
Tier-based with bursting—This method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The monetary cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword.
The specific details of tier-based with bursting billing models vary by ISP. However, most ISPs use some variation of the following algorithm to calculate what an enterprise should pay in a tiered billing plan:
1.
2.
3.
4.
5.
6.
Note
Cost Optimization Algorithm
At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:
•
•
•
Initial Period
The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.
Middle Period
The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards.
Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.
Last Period
The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.
Cisco IOS OER Policy Configuration: Optimal Exit Link Selection
Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).
Cisco IOS OER Policy Configuration: Load Distribution
Cisco IOS OER supports per-prefix load distribution. The master controller measures transmission throughput on OER managed exit interfaces. When exit link utilization causes an exit link to go into an out-of-policy state, monitored prefixes are moved to bring the exit link in-policy and to equalize transmission utilization across all exit links. Load distribution settings are configured with the max-range-utilization command. The master controller sets the maximum range utilization to 20 percent for all OER managed exit links by default. Utilization can be customized for a single link or all exit links. A range policy can be applied to all monitored prefixes or any subset through oer-map or global policy configuration.
Tip
Cisco IOS OER Policy Configuration: Global Policies
Global policies are applied in Top Talker and Delay learning configuration mode. These policies are used to configure a master controller to learn and optimize prefixes based on the highest throughput or the highest delay. Under the Top Talker and Delay learning configuration mode, you can configure prefix learning based on delay and throughput statistics. You can configure the length of the prefix learning period, the interval between prefix learning periods, the number of prefixes to learn, and prefix learning based on port and protocol.
Cisco IOS OER Policy Configuration: Applying Policies with an OER Map
The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes defined in an IP prefix list or to select learned prefixes policies that pass a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route map, and the OER map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route map at this point. There are two important distinctions:
•
•
An OER map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for learned prefixes based on delay or based on throughput.
The OER map applies the configuration of the set clause after a successful match occurs. Anther set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts.
Policies applied by an OER map take effect after the current policy or operational timer expires. The OER map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command. Policies that are applied by an OER map do not override global policies and user-defined policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. These policies are only applied to prefixes that pass OER map match criteria.
Policy-Rules Configuration
The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps.
Cisco IOS OER Policy Configuration: Resolving Policies
When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority.
Configuring Resolve with Variance
When configuring resolve settings, you can also set an allowable variance for the defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal.
Note
VPN IPSec/GRE Tunnel Interface Optimization
Cisco IOS OER support for VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over IPSec/GRE tunnel interfaces. The VPN tunnel interface is configured as OER external interfaces on the master controller. Figure 5 shows a an OER managed network that is configured to optimize VPN traffic. Cisco IOS OER is deployed at the Central Office and Remote Offices.
Figure 5 Cisco IOS OER Network Optimized for VPN Routing
This enhancement allows you to configure two-way VPN optimization. A master controller and border router process are enabled on each side of the VPN. Each site maintains a separate master controller database. VPN routes can be dynamically learned through the tunnel interfaces or can be configured. Prefix and exit link policies are configured for VPN prefixes through standard Cisco IOS OER configuration.
Cisco IOS OER Logging and Reporting
Cisco IOS OER supports standard syslog functions. The notice level of syslog is enabled by default. System logging is enabled and configured in Cisco IOS software under Global configuration mode. The logging command in OER master controller or OER border router configuration mode is used only to enable or disable system logging under OER. OER system logging supports the following message types:
Error Messages—These messages indicate OER operational failures and communication problems that can impact normal OER operation.
Debug Messages—These messages are used to monitor detailed OER operations to diagnose operational or software problems.
Notification Messages—These messages indicate that OER is performing a normal operation.
Warning Messages—These messages indicate that OER is functioning properly but an event outside of OER may be impacting normal OER operation.
To modify system, terminal, destination, and other system global logging parameters, use the logging commands in Global configuration mode. For more information about global system logging configuration, refer to the "Troubleshooting and Fault Management" section of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3.
Cisco IOS OER Deployment Configurations
Cisco IOS OER can be deployed in an enterprise network, remote office network, or small office home office (SOHO) network using one of the following three configurations shown in Figure 6:
•
•
•
Figure 6 Cisco IOS OER Deployment Scenarios
In each deployment scenario, a single master controller is deployed. The master controller does not need to be in the traffic forwarding path but must be reachable by the border routers. A master controller process can be enabled on router that is also configured to run a border router process.The master controller can support up to 10 border routers and up to 20 OER managed external interfaces. At least one border router process and two exit interfaces are required in an OER managed network.
Note
How to Configure Cisco IOS Optimized Edge Routing
This section contains the following procedures:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Specific example configurations for each procedure follow each configuration table. Proceed to the Configuration Examples for Cisco IOS Optimized Edge Routing section to see more complex example deployment configurations.
Minimum Master Controller Configuration
This section describes the minimum required steps to configure a master controller process to manage an OER managed network. In this section, the following tasks are completed:
•
•
•
•
•
•
•
Master Controller
•
•
•
Disabling a Master Controller Process
To disable a master controller and completely remove the process configuration from the running-config file, use the no oer master command in Global configuration mode.
To temporarily disable a master controller, use the shutdown command in OER master controller configuration mode. Entering the shutdown command stops an active master controller process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Manual Port Configuration
Communication between the master controller and border router is automatically carried over port 3949 when connectivity is established. Port 3949 is registered with IANA for OER communication. Support for port 3949 was introduced in Cisco IOS Release 12.3(11)T. Manual port number configuration is only required if you are running Cisco IOS Release 12.3(8)T or if you need to configure OER communication to use a dynamic port number.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
Key Chain Authentication
Communication between the master controller and the border router is protected by key-chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the "Managing Authentication Keys" section of the Cisco IOS IP Configuration Guide, Release 12.3.
Restrictions
Token Ring Interfaces are not Supported
Token Ring interfaces are not supported by OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
DETAILED STEPS
Examples
The following configuration example, starting in Global configuration mode, shows the minimum configuration required to configure a master controller process to control an OER managed network:
A key-chain configuration named OER is defined in Global configuration mode.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitThe master controller is configured to communicate with the 10.100.1.1 and 10.200.2.2 border routers. The keep alive interval is set to 10 seconds. Route control mode is enabled. Internal and external OER controlled border router interfaces are defined.
Router(config)# oer masterRouter(config-oer-mc)# keepalive 10Router(config-oer-mc)# mode route controlRouter(config-oer-mc)# loggingRouter(config-oer-mc)# border 10.100.1.1 key-chain OERRouter(config-oer-mc-br)# interface Ethernet 0/0 externalRouter(config-oer-mc-br)# interface Ethernet 0/1 internalRouter(config-oer-mc-br)# exitRouter(config-oer-mc)# border 10.200.2.2 key-chain OERRouter(config-oer-mc-br)# interface Ethernet 0/0 externalRouter(config-oer-mc-br)# interface Ethernet 0/1 internalRouter(config-oer-mc)# exitAutomatic prefix learning based on highest outbound throughput is enabled.
Router(config-oer-mc)# learnRouter(config-oer-mc-learn)# throughputRouter(config-oer-mc-learn)# endWhat to Do Next
Border routers must be configured to complete the minimum configuration of the OER managed network. Proceed to the next section to see instructions for configuring the border routers.
Minimum Border Router Configuration
This section describes the minimum required steps to configure a border router process. In this section, the following tasks are completed:
•
•
•
•
Border Router
•
•
•
Interface Configuration
•
•
•
Tip
Disabling a Border Router Process
To disable a border router and completely remove the process configuration from the running-config file, use the no oer border command in Global configuration mode.
To temporarily disable a border router process, use the shutdown command in OER border router configuration mode. Entering the shutdown command stops an active border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
Restrictions
Internet Exchange Point over Broadcast Media
Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DETAILED STEPS
Examples
The following configuration example, starting in Global configuration mode, shows the minimum required configuration to enable a border router:
The key-chain configuration is defined in Global configuration mode.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitThe key-chain OER is applied to protect communication. An interface is identified to the master controller as the local source interface for OER communication.
Router(config)# oer borderRouter(config-oer-br)# local Ethernet 0/1Router(config-oer-br)# master 192.168.1.1 key-chain OERRouter(config-oer-br)# endWhat to Do Next
Prefix learning based on the highest outbound throughput was enabled in the "Minimum Master Controller Configuration" section. Proceed to the next section to see more information about configuring and customizing prefix learning on the master controller.
Configuring Prefix Learning
This section describes the commands that are used to configure prefix learning on a master controller in OER Top Talker and Top Delay configuration mode. The learn command is entered in OER master controller configuration mode and is required to enter OER Top Talker and Top Delay configuration mode. All commands described in this section are optional.
The tasks described in this section allow you to configure the following:
•
•
•
•
Defaults
The following defaults are applied when a prefix learning is enabled:
•
•
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DETAILED STEPS
What to Do Next
This section shows how to configure a master controller to automatically learn prefixes to monitor. Prefixes can also be manually selected for monitoring. Proceed to the next section to see information about manually importing prefixes.
Manually Selecting Prefixes for Monitoring
This section describes how to manually select prefixes for monitoring. An IP prefix list is created to define the prefix or prefix range. The prefix list is then imported into the central policy database by configuring a match clause in an OER map. The following IP prefix list configuration options are supported:
•
•
•
•
Manually Excluding Prefixes
An IP prefix list with a deny statement is used to configure the master controller to exclude a prefix or prefix length. Deny prefix list sequences should be applied in the lowest oer-map sequences for best performance.
OER Map Operation
The operation of an OER map is similar to the operation of a route-map. An OER map is configured to select an IP prefix list or OER learn policy using a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route-map, and the OER map with the lowest sequence number is evaluated first.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Examples
The following example creates an oer-map named PREFIXES that matches traffic defined in the IP prefix lists named EXCLUDE and IMPORT. The prefix-list named EXCLUDE defines a deny sequence for all prefixes or host routes in the 192.168.0.0/16 subnet. The master controller will exclude these prefixes from the master controller database. The prefix-list named IMPORT defines a permit sequence to manually import the exact prefix 10.4.9.0/24.
Router(config)# ip prefix-list seq 10 EXCLUDE deny 192.168.0.0/16 le 32Router(config)# ip prefix-list seq 10 IMPORT permit 10.4.9.0/24Router(config)# !Router(config)# oer-map PREFIXES 10Router(config-oer-map)# match ip address prefix-list EXCLUDERouter(config-oer-map)# exitRouter(config)# oer-map PREFIXES 20Router(config-oer-map)# match ip address prefix-list IMPORTRouter(config-oer-map)# end
Tip
What to Do Next
Proceed to the next section to see information about configuring active probing.
Configuring Active Probing
This section describes how to enable active monitoring and how to configure active probing. Active monitoring is enabled with the mode command, and active probing is configured with the active-probe command in OER master controller mode. Active probes are configured with a specific host or target address. Active probes are sourced on the border router. The active probe source external interface may or may not be the preferred route for an optimized prefix.
Active Probing over eBGP Peerings
For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
ICMP Echo Probes
Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
Defaults
The following defaults are applied when a active monitoring is enabled:
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Note
Examples
ICMP Echo Example
The following example configures an active probe using an ICMP echo (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.
Router(config-oer-mc)# active-probe echo 10.4.9.1TCP Connection Example
The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.
Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23UDP Echo Example
The following example configures an active probe using UDP echo messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.
Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001UDP Remote Responder Example
The following example configures an remote responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.
Border-Router(config)# ip sla monitor responder type udpEcho port 1001TCP Remote Responder Example
The following example configures an remote responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured for TCP active probes that do not use the TCP well-known port number 23.
Border-Router(config)# ip sla monitor responder type tcpConnect port 49152
Note
What to Do Next
If you need to configure a specific interface as the source for active monitoring, proceed to the next section for more information.
Configuring the Source Address of an Active Probe
The section describes how to specify the source interface for active probing. The active probe source interface is configured on the border router with the active-probe address source in OER border router configuration mode. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface.
Defaults
•
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Example
The following example, starting in Global configuration mode, configures FastEthernet 0/0 as the active-probe source interface.
Router(config)# oer borderRouter(config-oer-br)# active-probe address source interface FastEthernet 0/0Router(config-oer-br)# end
What to Do Next
Traceroute reporting can be enable to gather hop-by-hop delay, loss, reachability statistics. Proceed to the next section for more information.
Configuring Traceroute Reporting
This section describes how to configure trace route reporting. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit.
Continuous and policy based traceroute reporting is configured with the set traceroute reporting oer-map configuration mode command. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode. On-demand traceroute probes are triggered by entering the show oer master prefix command with the traceroute and now keywords.
Defaults
When traceroute reporting is enabled, the default time interval between traceroute probes is 1000 milliseconds.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Example
The following example, starting in Global configuration mode, configures continuous traceroute reporting for prefix learned based on delay:
Router(config)# oer masterRouter(config-oer-mc)# traceroute probe-delay 10000Router(config-oer-mc)# exitRouter(config)# oer-map TRACE 10Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set traceroute reportingRouter(config-oer-map)# endThe following example, starting in Privileged EXEC mode, initiates an on-demand traceroute probe for the 10.5.5.5 prefix:
Router# show oer master prefix 10.5.5.55 traceroute current nowPath for Prefix: 10.5.5.0/24 Target: 10.5.5.5Exit ID: 2, Border: 10.1.1.3 External Interface: Et1/0Status: DONE, How Recent: 00:00:08 minutes oldHop Host Time(ms) BGP1 10.1.4.2 8 02 10.1.3.2 8 3003 10.5.5.5 20 50
What to Do Next
In the "Minimum Master Controller Configuration" section prefix learning based on highest outbound throughput is configured and only default prefix and exit link policies are enabled, using global settings. Proceed to the next section to configure and customize global prefix and exit link policies.
Configuring Prefix and Exit Link Policies
This section describes commands that are used to configure global prefix and exit link policies in OER master controller configuration mode. The oer master command is required to enter OER master controller configuration mode. All other command listed in this section are optional.
Prefix Policies
A prefix policy is a set of rules that govern the performance characteristics for a network address. The network address can be a single end point within a network or an entire subnet. A prefix is defined as any network number with a prefix mask applied to it. The performance characteristics that are managed by a prefix policy are reachability, delay, and packet loss.
Note
Exit Link Policies
An exit link policy is a set of rules that govern the performance of an OER managed exit link. Prefixes are moved to another exit link to bring an exit link in-policy. The performance characteristics that are managed by a link policy are traffic load distribution, link utilization (range), and link bandwidth monetary cost. An exit link policy can define total outbound throughput or total link utilization.Exit link utilization policies can be defined for a single exit link or all OER managed exit links.
Tip
Adjusting Cisco IOS OER Timers
Configuring a new timer value will immediately replaces the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Examples
Loss Policy Example
The following example configures the master controller to move prefixes to an in-policy exit link when the relative percentage of packet loss is equal to or greater than 20 percent:
Router(config-oer-mc)# loss relative 200Delay Policy Example
The following example sets the absolute delay threshold to 100 milliseconds:
Router(config-oer-mc)# delay threshold 100Prefix Timer Policy Example
The following example adjusts the period of time that the master controller holds prefixes during transition states and the period time that the prefix must use an exit before a new exit can be selected. The backoff command sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds. The holddown command sets the prefix route dampening timer to 10 minutes.
Router(config-oer-mc)# backoff 400 4000 400Router(config-oer-mc)# holddown 600Exit Link Selection Example
The following example configures the master controller to evaluate OER managed exit links every 5 minutes and then move out-of-policy prefixes to the first in-policy exit.
Router(config-oer-mc)# periodic 300Router(config-oer-mc)# mode select-exit goodLoad Distribution Example
The following examples configures the master controller to set the maximum utilization range for OER managed exit links to 40 percent:
Router(config-oer-mc)# max-range-utilization 40What to Do Next
To configure exit link policies based on the monetary cost of the exit links in your network, proceed to the next section for more information.
Configuring Cost-Based Optimization
This section describes how to configure cost-based optimization. Cost-based optimization is configured on a master controller with the cost-minimization command in OER border exit interface configuration mode (under the external interface configuration). Cost-based optimization supports tiered and fixed billing methods.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Examples
The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.
Router(config)# oer masterRouter(config-oer-mc)# border 10.5.5.55 key-chain keyRouter(config-oer-mc-br)# interface Ethernet 0/0 externalRouter(config-oer-mc-br-if)# cost-minimization nickname ISP1Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180Router(config-oer-mc-br-if)# cost-minimization calc separateRouter(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800Router(config-oer-mc-br-if)# exitWhat to Do Next
To set the priority for multiple overlapping policies, proceed to the next section.
Configuring Resolve Policies
When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority. Assigning a priority value to any policy will override the default settings.
Setting Variance for Resolve Policies
When setting resolve settings, you can also set an allowable variance for a user-defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal. Variance cannot be configured for cost or range policies.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
Resolve with Variance Policy Example.
The following example configures a resolve policy that sets delay to the highest priority, followed by loss, and then utilization. The delay policy is configured to allow a 20 percent variance., the loss policy is configured to allow a 30 percent variance, and the utilization policy is configured to allow a 10 percent variance.
Router(config-oer-mc)# resolve delay priority 1 variance 20Router(config-oer-mc)# resolve loss priority 2 variance 30Router(config-oer-mc)# resolve utilization priority 3 variance 10What to Do Next
Observe mode monitoring was enabled in the "Minimum Master Controller Configuration" section. Proceed to the next section to see information about configuring and customizing the Cisco IOS OER mode of operation.
Configuring Cisco IOS OER Modes of Operation
This section describes commands that are used to configure the mode of operation in OER master controller configuration mode. The master controller can be configured to operate in observe mode or control mode. A Cisco IOS OER managed network can be configured to use active and passive monitoring or both active and passive monitoring. The oer master command is required to enter OER master controller configuration mode.
Observe Mode
Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.
Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.
Note
Optimal Exit Link Selection
Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Examples
The following example enables both active and passive monitoring, control mode, and sets the master controller to evaluate and select the first in-policy exit every 5 minutes. (The monitored prefix is moved only if the prefix is out-of-policy.) Active and passive monitoring is enabled with the mode monitor both command. Route control is enabled with the mode route control command. The time period between the exit selection process is configured with the periodic command. The selection of the first in-policy exit is configured with the mode select-exit good command.
Router(config)# oer masterRouter(config-oer-mc)# mode monitor bothRouter(config-oer-mc)# mode route controlRouter(config-oer-mc)# periodic 300Router(config-oer-mc)# mode select-exit goodWhat to Do Next
Proceed to the next section to see information about configuring OER policies with an oer-map.
Configuring OER Policies with an OER Map
This section describes commands that are used to configure policies to be applied to prefixes through an OER Map. The oer-map command is required to enter oer-map 1configuration mode. All other command listed in this section are optional.
Note
OER Map Operation
The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes or to select OER learn policies using a match clause and then to apply OER policy configurations using a set clause. The oer-map is configured with a sequence number like a route-map, and the oer-map with the lowest sequence number is evaluated first. The operation of an OER map differs from a route map at this point. There are two important distinctions:
•
•
IP Prefix Lists
Cisco IOS OER supports three IP prefix configuration options for importing prefixes. The master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16).
IP prefix list permit and deny statements are supported by Cisco IOS OER. An IP prefix list with a deny statement can be used to exclude a prefix or prefix length. Any prefix length can be specified for a deny IP prefix list.
Adjusting OER Timers
An oer-map can be used to configure OER timers for traffic that is defined as match criteria. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
DETAILED STEPS
Examples
Imported Prefix Policy Example
The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This OER map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24Router(config)# !Router(config)# oer-map SELECT_EXIT 10Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set mode select-exit goodRouter(config-oer-map)# set resolve utilization priority 1 variance 10Learned Prefix Policy Example
The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:
Router(config)# oer-map THROUGHPUT 20Router(config-oer-map)# match oer learn throughputRouter(config-oer-map)# set loss relative 10
What to do Next
An OER map configuration can also be applied in OER master controller configuration mode. Proceed to the next section to see more information.
Configuring Policy Rules for OER Maps
The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an OER map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined OER maps.
Prerequisites
At least one oer-map must be configured before you can enable policy-rule support.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the OER map configuration named BLUE under OER master controller mode:
Router(config-oer-map)# oer-map BLUE 10Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set loss relative 900Router(config-oer-map)# exitRouter(config)# oer masterRouter(config-oer-mc)# policy-rules BLUERouter(config-oer-mc)# exitWhat to Do Next
If iBGP peering is enabled in the internal network, proceed to the next section to see information about configuring iBGP redistribution from the border routers.
Configuring iBGP Peering on the Border Routers
The master control implements policy changes by altering default routing behavior in the OER managed network. If iBGP peering is enabled on the border routers, the master controller will inject iBGP routes into routing tables on the border routers. The border routers advertise the preferred route through standard iBGP peering.
BGP Local Preference Attribute
OER uses the BGP local preference attribute to set the preference for injected BGP prefixes. If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.
Injected Routes are not Advertised to External Networks
All OER injected routes remain local to an Autonomous System. The "no-export" community is automatically applied to inject routes to ensure that are not advertised to external networks.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
eBGP Peerings
The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.
Prerequisites
Peering must be Consistently Applied
Routing protocol peering must be established in your network and consistently applied to the border routers; the border routers should have a consistent view of the network.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Examples
The following example, starting in Global configuration mode, establishes peering between two routers in autonomous system 65534. This example also configures the two routers to exchange the standard BGP communities attribute:
Border Router Configuration
Router(config)# router bgp 65534Router(config-router)# neighbor 10.100.1.3 remote-as 65534Router(config-router)# address-family ipv4Router(config-router-af)# neighbor 10.100.1.3 activateRouter(config-router-af)# neighbor 10.100.1.3 send-community standardInternal Border Peer Configuration
Router(config)# router bgp 65534Router(config-router)# neighbor 10.100.1.2 remote-as 65534Router(config-router)# address-family ipv4Router(config-router-af)# neighbor 10.100.1.2 activateRouter(config-router-af)# neighbor 10.100.1.2 send-community standardWhat to Do Next
If BGP is configured on the border routers and another IGP is deployed in the internal network, proceed to the next section to see information about configuring redistribution from BGP into the IGP.
If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the Configuring Static Route Redistribution on the Border Routers section.
Configuring BGP Redistribution into an IGP on the Border Routers
This section describes BGP redistribution into an IGP in the OER managed network. The configuration task table and examples in this section redistribution into OSPF, but EIGRP, IS-IS, or RIP could also be used in this configuration.
Filtering Routes that are Redistributed by BGP into the IGP
When redistributing BGP into any IGP, be sure to use IP prefix-list and route-map statements to limit the number of prefixes that are redistributed. Redistributing full BGP routing tables into an IGP can have a serious detrimental effect on IGP network operation.
Redistributing OER Injected Routes by Matching on the Local-Preference Attribute
OER uses a local-preference value of 5000 (default) to move traffic to the preferred exit point in a BGP network. (This value is configured on the OER master controller.) The match local-preference can be used in place of the ip prefix-list command to redistribute OER injected routes into the IGP. The local-preference value must match the default or configured value on the master controller. Only OER injected routes will be redistributed into the IGP. A branching task for this configuration is included in the task table below. The prefix-list is not required in this configuration.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
or
6.
7.
8.
9.
10.
11.
12.
13.
DETAILED STEPS
Examples
The following example, starting in Global configuration mode, configures the border router to redistribute BGP routes into the internal network and configures the IGP (OSPF) to accept redistributed BGP routes. The first example configures redistribution using prefix lists. The second example configures redistribution using the BGP local-preference attribute. The IGP peer configuration is the same for either configuration.
Border Router Redistribution Configuration Using Prefix Lists
Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0Router(config)# !Router(config)# route-map BGP permit 10Router(config-route-map)# match ip address prefix-list PREFIXESRouter(config-route-map)# exitRouter(config)# router bgp 65534Router(config-router)# bgp redistribute-internalBorder Router Redistribution Configuration Matching on the Local-Preference Attribute
Router(config)# route-map BGP permit 10Router(config-route-map)# match local-preference 5000Router(config-route-map)# exitRouter(config)# router bgp 65534Router(config-router)# bgp redistribute-internalIGP Peer Configuration
Router(config)# router ospf 1Router(config-router)# redistribute bgp 65534 route-map BGP subnetsWhat to Do Next
If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the next section.
Configuring Static Route Redistribution on the Border Routers
This section describes static redistribution into an IGP in an OER managed network.
OER Tags Static Routes
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP. If you use the tag value of 5000 for another routing function, you should use a different tag value for that function, or you can change the default static tag values by configuring the mode command in OER master controller configuration mode.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Static Routing without IGP Redistribution
If static routing is configured in your network and no IGP is deployed, OER will inject temporary static routes as necessary. No redistribution or other specific network configuration is required.
Supported Interior Gateway Protocols
•
•
•
•
EIGRP Static Route Redistribution
Cisco IOS OER supports static route redistribution into EIGRP. However, it is configured differently. Proceed to the Configuring Static Route Redistribution into EIGRP section for more information.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Examples
The following example, starting in global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running RIP. The match tag command is match OER injected temporary static routes. The set metric command is used to set the preference of the injected static.
Border Router Configuration
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1Router(config)# route-map STATIC permit 10Router(config-route-map)# match tag 5000Router(config-route-map)# set metric -10Router(config-route-map)# exitRouter(config)# router ripRouter(config-router)# network 192.168.0.0Router(config-router)# network 172.16.0.0Router(config-router)# redistribute static route-map STATICInternal Border Peer Configuration
Router(config)# route ripRouter(config-router)# network 192.168.0.0Router(config-router)# network 172.16.0.0What to Do Next
If EIGRP is deployed in the internal network and BGP is not configured on the border routers, proceed to the next section for more information.
Configuring Static Route Redistribution into EIGRP
This section describes static route redistribution into EIGRP. Under the EIGRP configuration, a tag is applied to the static route and an a distribute list is configured on all egress interfaces.
OER Tags Static Routes
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP.
Parent Route Must Exist
Before injecting the temporary static route, the master controller verifies that a parent static route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop, as installed in the RIB, to an external network on each border router cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DETAILED STEPS
Examples
The following example, starting in Global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running EIGRP:
Border Router Configuration
Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 tag 10Router(config)# !Router(config)# route-map RED deny 20Router(config-route-map)# match tag 10Router(config-route-map)# exitRouter(config)# route-map RED permit 30Router(config-route-map)# exitRouter(config)# route-map BLUE permit 10Router(config-route-map)# match tag 5000Router(config-route-map)# exitRouter(config)# route-map BLUE permit 20Router(config-route-map)# exitRouter(config)# route eigrp 1Router(config-router)# no auto-summaryRouter(config-router)# redistribute static route-map REDRouter(config-router)# network 10.0.0.0Router(config-router)# network 172.16.0.0Router(config-router)# network 192.168.0.0Router(config-router)# distribute-list route-map BLUE out Ethernet 0Router(config-router)# distribute-list route-map BLUE out Ethernet 1Internal Border Peer Configuration
Router(config)# route eigrp 1Router(config-router)# no auto-summaryRouter(config-router)# network 10.0.0.0Router(config-router)# network 172.16.0.0Router(config-router)# network 192.168.0.0Router(config-router)# endConfiguring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels
VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over GRE tunnel interfaces and protected with IPSec. Both GRE and multipoint GRE tunnels are supported.
This task shows a sample IPSec VPN configuration example. In this example, the IPSec VPN is configured on the border router, and the tunnel interface is configured as an OER managed interface on the master controller. The following tasks are completed:
•
•
•
•
•
•
Routing Prefixes that are Protected with IPSec over GRE Tunnels
The IPSec to GRE model allows a service provider to provide VPN services over the IP backbone. Both the central and remote VPN clients terminate per the IPSec-to-IPSec model. Prefixes are encapsulated using generic route encapsulation (GRE) tunnels. The GRE packet is protected by IPSec. The encapsulated prefixes are forwarded from the central VPN site to a customer headend router that is the other endpoint for GRE. The IPSec protected GRE packets provide secure connectivity across the IP backbone of the service provider network.
For more information about configuring IPSec over GRE tunnels, refer to the Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs) published at the following URL:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
GRE Tunnel Interfaces are Configured as OER Managed Exit Links
GRE tunnel interfaces on the border routers are configured as OER external interfaces on the master controller. At least two external tunnel interfaces must be configured on separate physical interfaces in an OER managed network. These interfaces can be configured on a single border router or multiple border routers. Internal interfaces are configured normally using a physical interface on the border router that is reachable by the master controller.
Prerequisites
•
•
•
Restrictions
•
Border Router Configuration
The GRE tunnel and IPSec protection is configured on the border router. The following configuration steps show the configuration of single tunnel. At least two tunnels must be configured on the border router(s) in an OER managed network. The IPSec configuration must be applied at each tunnel end point (the central and remote site).
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
DETAILED STEPS
Examples
The following example, starting in global configuration mode, configures an IPSec/GRE tunnel on a border router. This example shows the configuration of one tunnel. Two tunnels must be configured in the OER managed network to enable the VPN IPSec/GRE Tunnel Optimization feature.
crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.81set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address FastEthernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface FastEthernet0/0ip address 10.4.9.14 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.1 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.14tunnel destination 10.4.9.81tunnel protection ipsec profile OERexit!ip route 10.100.2.2 255.255.255.255 Tunnel0!access-list 100 permit gre host 10.4.9.14 host 10.4.9.81!endWhat to Do Next
Tunnel interfaces must be configured as OER managed external interfaces to complete this configuration task. Proceed to the next step table.
Master Controller Configuration
The tunnel interfaces are configured as OER managed external interfaces on the master controller. A minimum of two tunnel interfaces must be configured to enable the VPN IPSec/GRE Tunnel Optimization feature.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
The following example completes the configuration of VPN support on a master controller. Tunnel0 and Tunnel1 interfaces on the border router are configured as an OER managed external interfaces:
oer masterborder 10.10.10.1 key-chain OERinterface Tunnel0 externalinterface Tunnel1 externalendVerifying Cisco IOS OER Configuration
This section describes the show commands that can be used to verify the configuration of Cisco IOS OER. All show command described in this section are entered in Privileged EXEC mode. The show oer master commands are entered on a master controller. The show oer border command are entered on a border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DETAILED STEPS
Using Cisco IOS OER Clear Commands
This section describes the clear commands that can be used to clear Cisco IOS OER sessions and counters. All clear command described in this section are entered in Privileged EXEC mode. The clear oer master commands are enter on a master controller. The clear oer border command are entered on a border router.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Using Cisco IOS OER Debug Commands
This section describes the debug commands that can be used to trouble shoot Cisco IOS OER sessions and operations. All debug commands described in this section are entered in Privileged EXEC mode. The debug oer master commands are enter on a master controller. The debug oer border command are entered on a border router.
Caution
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
DETAILED STEPS
Configuration Examples for Cisco IOS Optimized Edge Routing
This section provides the following sample configuration provide example deployment configurations for Cisco IOS OER:
•
•
•
Master Controller and Two Border Routers Deployment: Example
Figure 7 shows an OER managed network with two border router processes and a master controller process deployed separately on Cisco routers.
Figure 7
Master Controller Deployed with Two Border Routers
The master controller performs no routing functions. BGP is deployed on the border routers and internal peers in the OER managed network. Each border router has an eBGP peering session with a different ISP. The eBGP peers (ISP border routers) are reachable through connected routes. Injected prefixes are advertised the internal network through standard iBGP peering.
OER MC Configuration
The following example, starting in Global configuration mode, shows the master controller configuration. Both active and passive monitoring is configured. Route control mode is enabled. The master controller is configured to analyze and move out of policy prefixes to first in-policy exit when the periodic timer expires. Automatic prefix learning is enabled. The master controller is configured to learn prefixes with the highest outbound throughput, the monitoring period is set to10 minutes, the number of prefixes learned during each monitoring period is set to 500, and the interval between monitoring periods is set to 20 minutes. The master controller is configured to aggregate BGP prefixes.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config)# oer masterRouter(config-oer-mc)# border 10.100.1.1 key-chain OERRouter(config-oer-mc-br)# interface Ethernet 0/0 externalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Serial 1/1 internalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# exitRouter(config-oer-mc)# border 10.200.2.2 key-chain OERRouter(config-oer-mc-br)# interface Ethernet 2/2 externalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Serial 3/3 internalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# exitRouter(config-oer-mc)# mode monitor bothRouter(config-oer-mc)# mode route controlRouter(config-oer-mc)# mode select-exit goodRouter(config-oer-mc)# learnRouter(config-oer-mc-learn)# throughputRouter(config-oer-mc-learn)# monitor-period 10Router(config-oer-mc-learn)# periodic-interval 20Router(config-oer-mc-learn)# prefixes 500Router(config-oer-mc-learn)# aggregation-type bgpRouter(config-oer-mc-learn)# endBR 1 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR1. EBGP peering is established with ISP 1 (192.168.1.1 AS2). Standard community exchange and iBGP peering is established with BR2 (10.200.2.2) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer borderRouter(config-oer-br)# master 172.16.1.1 key-chain OERRouter(config-oer-br)# local Serial 1/1Router(config-oer-br)# exitRouter(config)# router bgp 1Router(config-router)# neighbor 192.168.1.1 remote-as 2Router(config-router)# neighbor 10.200.2.2 remote-as 1Router(config-router)# neighbor 10.150.1.1 remote-as 1Router(config-router)# neighbor 10.150.1.2 remote-as 1Router(config-router)# neighbor 10.150.1.3 remote-as 1Router(config-router)# address-family ipv4 unicastRouter(config-router-af)# neighbor 192.168.1.1 activateRouter(config-router-af)# neighbor 10.200.2.2 activateRouter(config-router-af)# neighbor 10.200.2.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.1 activateRouter(config-router-af)# neighbor 10.150.1.1 send-community standardRouter(config-router-af)# neighbor 10.150.1.2 activateRouter(config-router-af)# neighbor 10.150.1.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.3 activateRouter(config-router-af)# neighbor 10.150.1.3 send-community standardRouter(config-router-af)# endBR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR2. EBGP peering is established with ISP 2 (192.168.2.2 AS1). Standard community exchange and iBGP peering is established with BR2 (10.100.1.1) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer borderRouter(config-oer-br)# master 172.16.1.1 key-chain OERRouter(config-oer-br)# local Serial 1/1Router(config-oer-br)# exitRouter(config)# router bgp 1Router(config-router)# neighbor 192.168.2.2 remote-as 3Router(config-router)# neighbor 10.100.1.1 remote-as 1Router(config-router)# neighbor 10.150.1.1 remote-as 1Router(config-router)# neighbor 10.150.1.2 remote-as 1Router(config-router)# neighbor 10.150.1.3 remote-as 1Router(config-router)# address-family ipv4 unicastRouter(config-router-af)# neighbor 192.168.2.2 activateRouter(config-router-af)# neighbor 10.200.2.2 activateRouter(config-router-af)# neighbor 10.200.2.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.1 activateRouter(config-router-af)# neighbor 10.150.1.1 send-community standardRouter(config-router-af)# neighbor 10.150.1.2 activateRouter(config-router-af)# neighbor 10.150.1.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.3 activateRouter(config-router-af)# neighbor 10.150.1.3 send-community standardRouter(config-router-af)# endInternal Peer Configuration
The following example, starting in Global configuration mode, shows the internal peer configuration. Standard full-mesh iBGP peering is established with the BR1 and BR2 and internal peers in autonomous system 1.
Router(config)# router bgp 1Router(config-router)# neighbor 10.100.1.1 remote-as 1Router(config-router)# neighbor 10.200.2.2 remote-as 1Router(config-router)# neighbor 10.150.1.1 remote-as 1Router(config-router)# neighbor 10.150.1.2 remote-as 1Router(config-router)# neighbor 10.150.1.3 remote-as 1Router(config-router)# address-family ipv4 unicastRouter(config-router-af)# neighbor 10.100.1.1 activateRouter(config-router-af)# neighbor 10.100.1.1 send-community standardRouter(config-router-af)# neighbor 10.200.2.2 activateRouter(config-router-af)# neighbor 10.200.2.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.1 activateRouter(config-router-af)# neighbor 10.150.1.1 send-community standardRouter(config-router-af)# neighbor 10.150.1.2 activateRouter(config-router-af)# neighbor 10.150.1.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.3 activateRouter(config-router-af)# neighbor 10.150.1.3 send-community standardRouter(config-router-af)# endMaster Controller and Border Router Deployed on a Single Router: Example
Figure 8 shows an OER managed network with two border routers. BR1 is configured to run a master controller and border router process.
Figure 8 Master Controller and Border Process Deployed on a Single Router
BR2 is configured as a border router. The internal network is running OSPF. Each border router peers with a different ISP. A static routes to the egress interface is configured on each border router. The static routes are then redistributed into OSPF. Injected prefixes are advertised through static route redistribution.
BR 1 Configuration: Master/Border with Load Distribution
The following example, starting in Global configuration mode, shows the configuration of BR 1. This router is configured to run both a master controller and a border router process. BR 1 peers with ISP1. A traffic load distribution policy is configured under the master controller process that is applied to all exit links in the OER managed network.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer borderRouter(config-oer-br)# master 10.100.1.1 key-chain OERRouter(config-oer-br)# local Loopback 0Router(config-oer-br)# exitRouter(config)# oer masterRouter(config-oer-mc)# loggingRouter(config-oer-mc)# border 10.100.1.1 key-chain OERRouter(config-oer-mc-br)# interface Serial 0/0 externalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Ethernet 1/1 internalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# exitRouter(config-oer-mc)# border 10.200.2.2 key-chain OERRouter(config-oer-mc-br)# interface Serial 2/2 externalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Ethernet 3/3 internalRouter(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# exitRouter(config-oer-mc)# max-range-utilization percent 80Router(config-oer-mc)# exitRouter(config)# ip route 0.0.0.0 0.0.0.0 Serial 0/0Router(config)# !Router(config)# route-map STATICRouter(config-route-map)# match tag 5000Router(config-route-map)# set metric -10Router(config-route-map)# exitRouter(config)# router ospf 1Router(config-router)# network 10.0.0.0 0.0.0.255 area 0Router(config-router)# redistribute static route-map STATIC subnetsRouter(config-router)# endBR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration of BR 2. This router is configured to run only a border router process.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer borderRouter(config-oer-border)# master 10.100.1.1 key-chain OERRouter(config-oer-border)# local Ethernet3/3Router(config-oer-border)# exitRouter(config)# ip route 0.0.0.0 0.0.0.0 Serial 2/2Router(config)# !Router(config)# route-map STATIC permit 10Router(config-route-map)# match tag 5000Router(config-route-map)# set metric -10Router(config-route-map)# exitRouter(config)# router ospf 1Router(config-router)# network 10.0.0.0 0.255.255.255 area 0Router(config-router)# redistribute static route-map STATIC subnetsRouter(config-router)# endInternal Peer Configuration
The following example, starting in Global configuration mode, configures an OSPF routing process to establish peering with the border routers and internal peers. No redistribution is configured on the internal peers.
Router(config)# router ospf 1Router(config-router)# network 10.0.0.0 0.255.255.255 area 0Router(config-router)# redistribute static route-map STATIC subnetsRouter(config-router)# endConfiguring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example
Figure 9 shows a central VPN site and two remote VPN sites. VPN Peering is established through the service provider clouds. An OER managed network is configured at each site where Cisco IOS OER configuration is applied independently. Each site has separate master controller and border router process, and each site maintains a separate master controller database.
Figure 9
Two GRE tunnels are configured between each remote site and the central site. VPN prefixes are encapsulated in GRE tunnels. The GRE tunnels are protected by IPSec encryption. The examples in this section show the configuration for the central VPN site, VPN A, and VPN B.
Central VPN Configuration: OER Master
The central VPN site peers with VPN A and VPN B. A separate policy is defined for each site using an OER map. For VPN A prefixes, a delay policy of 80 ms is configured and out-of-policy prefixes are moved to the first in-policy exit. For VPN B prefixes, a delay policy of 40ms and a relative loss policy is configured, and out-of-policy prefixes are moved to the best available exit.
key chain OERkey 1key-string CISCO!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal!mode route controlmode monitor bothexit!ip prefix VPN A permit <ip address>oer-map VPNAmatch ip address prefix-list VPNBset delay 800set mode select-exit goodexit!ip prefix VPNB permit <ip address>oer-map VPNBmatch ip address prefix-list VPNCset delay 400set loss relative 100set resolve loss priority 1 variance 10set mode select-exit bestendCentral VPN Configuration: BR1
The following example, starting in Global configuration mode, shows the configuration for BR 1:
key chain OERkey 1key-string CISCO!oer borderlocal serial 0/1master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit!router eigrp 1network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATICexit!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.81set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface Ethernet0/0ip address 10.4.9.14 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.1 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.14tunnel destination 10.4.9.81tunnel protection ipsec profile OERexitCentral VPN Configuration: BR 2
The following example, starting in Global configuration mode, shows the configuration of BR 2:
key chain OERkey 1key-string CISCO!oer borderlocal Ethernet 0/1master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit!router eigrp 1network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATIC!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.82set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface Ethernet0/0ip address 10.4.9.15 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.2 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.15tunnel destination 10.4.9.82tunnel protection ipsec profile OERendCentral VPN Configuration: Internal Peers
An EIGRP routing process created to establish peering with the border routers and internal peers.
router eigrp 1network 10.50.1.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATICend!VPN A Configuration: MC/BR
The following configuration example, starting in global configuration mode, shows the configuration of VPN A. VPN A is a remote site that is configured for a small office home office (SOHO) client. A single router is deployed. This router peers with service provider B and service provider E. No IGP is deployed at this network, only a static route is configured to the remote tunnel endpoint at the central site. A delay policy, a loss policy, and optimal exit link selection is configured so that traffic is always routed through the ISP with the lowest delay time and lowest packet loss. A resolve policy is configured to configure loss to have the highest priority. Physical interface and internal host peering configuration is not shown in this example.
key chain BR1key 1key-string CISCO!
Note
oer borderlocal Loopback0master 192.168.0.1 key-chain BR1!oer masterlearndelaymode route controldelay threshold 100loss relative 200periodic 300mode select-exit goodresolve loss priority 1 variance 20resolve delay priority 2 variance 10!border 192.168.0.1 key-chain BR1interface Serial0/0 internalinterface Tunnel0 externalinterface Tunnel0 externalexit!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.81set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface Ethernet0/0ip address 10.4.9.14 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.1 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.14tunnel destination 10.4.9.81tunnel protection ipsec profile OERexit!
Note
VPN B Configuration: OER Master
The following example, starting in Global configuration mode, shows the master controller configuration in VPN B. Load distribution and route control mode is enabled. Out-of-policy prefixes are configured to be moved to first in-policy exit.
key chain OERkey 1key-string CISCO!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal!mode route controlmode select-exit goodmax-range utilization!learndelayendVPN B Configuration: BR 1
The following example, starting in Global configuration mode, shows the configuration for BR 1:
key chain OERkey 1key-string CISCO!oer borderlocal Ethernet 0/1master 10.4.9.4 key-chain OER!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit!router ripnetwork 10.600.1.0redistribute static route-map REDISTRIBUTE_STATICend!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.82set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface Ethernet0/0ip address 10.4.9.15 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.2 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.15tunnel destination 10.4.9.82tunnel protection ipsec profile OERendVPN B Configuration: BR 2
The following example, starting in Global configuration mode, shows the configuration for BR 2:
key chain OERkey 1key-string CISCO!oer borderlocal Ethernet 0/1master 10.4.9.4 key-chain OERexit!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit!router ripnetwork 10.600.1.0redistribute static route-map REDISTRIBUTE_STATICexit!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmacmode transportexit!crypto map TUNNEL 10 ipsec-isakmpset peer 10.4.9.82set transform-set VPN_1match address 100!crypto ipsec profile OERset transform-set VPN_1exitcrypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1encryption 3desauthentication pre-shareexit!interface Ethernet0/0ip address 10.4.9.15 255.255.255.0crypto map TUNNELexit!interface Tunnel0ip address 10.100.2.2 255.255.0.0keepalive 30 5bandwidth 500bandwidth inherittunnel mode gre iptunnel source 10.4.9.15tunnel destination 10.4.9.82tunnel protection ipsec profile OERendVPN B Configuration: Internal Peers
A RIP routing process created to establish peering with the border routers and internal peers.
router ripnetwork 10.60.1.0endAdditional References
The following sections provide references related to Cisco IOS Optimized Edge Routing:
Related Documents
Routing Protocol Commands
•
Routing Protocol Configuration Tasks
•
NetFlow
•
IP SLAs
System Logging
•
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.
—
Technical Assistance
Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3(14)T command reference publications. The commands in section are organized by configuration mode.
Global configuration commands
•
OER master controller configuration commands
•
•
OER managed border router configuration commands
OER border exit configuration commands
OER Top Talker and Top Delay learning configuration commands
border router configuration commands
oer-map configuration commands
clear commands
debug commands
•
show commands
•
•
•
•
•
oer
To enable a Cisco IOS Optimized Edge Routing (OER) process and configure a router as an OER border router or as an OER master controller, use the oer command in Global configuration mode. To disable a border router or master controller process and delete the OER configuration from the running-config file, use the no form of this command.
oer border | master
no oer border | master
Syntax Description
border
Designates a router as a border router and enters OER border router configuration mode.
master
Designates a router as a master controller and enters OER master controller configuration mode.
Defaults
Default auto-detection of monitored prefixes is enabled.
Command Modes
Global configuration mode
Command History
Usage Guidelines
The oer command is entered on a router to create a border router or master controller process to enable Cisco IOS Optimized Edge Routing (OER), which allows you to enable automatic outbound route control and load distribution for multihomed and enterprise networks. Configuring OER allows you to monitor IP traffic flows and then define policies and rules based on link performance and link load distribution to alter routing and improve network performance. An OER managed network consists of the following two components:
Master Controller—The master controller is a single router that coordinates all OER functions within an OER managed network. The master controller monitors outbound traffic flows using active or passive monitoring and then applies default and user-defined policies to alter routing to optimize prefixes and exit links. Most OER administration is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller is not required to be in the traffic forwarding path. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Border Router —The border router is an enterprise edge router with one or more exit links to an ISP or other participating network. The border router participates in prefix monitoring and route optimization by reporting prefix and exit link information to the master controller and then enforcing policy changes received from the master controller. Policy changes are enforced by injected a preferred route into the network. The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process (for example, in a small network where all exit interfaces are managed on a single router).
Enabling a Border Router and Master Controller Process on the Same Router
A Cisco router can be configured to perform in dual operation and run a master controller process and border router process on the same router. However, this router will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation.
Disabling a Border Router or a Master Controller
To disable a master controller or border router and completely remove the process configuration from the running-config file, use the no form of this command in Global configuration mode.
To temporarily disable a master controller or border router process, use the shutdown command in OER master controller or OER border router configuration mode. Entering the shutdown command stops an active master controller or border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Enabling Cisco IOS OER for Load Distribution
When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
Examples
Minimum Required OER Master Controller Configuration
The following example designates a router as a master controller and enters OER master configuration mode:
Router(config)# oer masterThe following is an example of the minimum required configuration on a master controller to create an OER managed network:
A key-chain configuration named OER is defined in Global configuration mode.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitThe master controller is configured to communicate with the 10.4.9.6 border router in OER master controller configuration mode. The communications port number is specified. The key-chain OER is applied to protect communication. Internal and external OER controlled border router interfaces are defined.
Router(config)# oer masterRouter(config-oer-mc)# port 65535Router(config-oer-mc)# border 10.4.9.6 key-chain OERRouter(config-oer-mc-br)# interface FastEthernet0/0 externalRouter(config-oer-mc-br)# interface FastEthernet0/1 internalRouter(config-oer-mc-br)# exitRequired OER Border Router Configuration
The following example designates a router as a border router and enters OER border router configuration mode:
Router(config)# oer borderThe following is an example of the minimum required configuration to configure a border router in an OER managed network:
The key-chain configuration is defined in Global configuration mode.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitThe communications port number is specified. The key-chain OER is applied to protect communication. An interface is identified as the local source interface to the master controller.
Router(config)# oer borderRouter(config-oer-br)# port 65535Router(config-oer-br)# local FastEthernet0/0Router(config-oer-br)# master 10.4.9.4 key-chain OERRouter(config-oer-br)# endRelated Commands
active-probe
To configure an active probe for a target prefix, use the active-probe command in OER master configuration mode. To disable the active probe, use the no form of this command.
active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
no active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
Syntax Description
Note
Defaults
No default behavior or values
Command Modes
OER master configuration mode
Command History
12.3(8)T
This command was introduced.
12.3(14)T
The ip sla monitor responder command replaced the rtr responder command.
Usage Guidelines
The active-probe command is entered on a master controller.
This command is used to optionally configure a master controller to command a border router to transmit active probes to a target IP address or prefix. The active probe is used to measure the jitter and delay (round-trip response time) of the target prefix to determine the performance of the current exit and to detect if the prefix is out-of-policy. The border router collects these performance statistics from the active probe and transmits this information to the master controller, which uses this information to optimize the prefix and to select the best available exit based on default and user-defined policies. The performance information is applied to the most specific optimized prefix, which includes the active probe host address. If the prefix is optimized and currently using the best in-policy exit link, the master controller does not take any action.
Active Probing requires you to configure a specific host or target address. The target address can have an Optimized Prefix Policy (OPP) or can be learned by OER through the NetFlow or Top Talker and Delay learning functionality. Active probes must be sent out of an OER managed external interface, which may or may not be the preferred route for an Optimized Prefix (OP). OER can be configured to use the following three types of active probes:
ICMP Echo—A ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
TCP Connection—A TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23.
UDP Echo—A UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number.
OER uses Cisco IOS IP Service Level Agreements (SLAs), a standard feature in Cisco IOS software, to command a border router to transmit an active probe to the target address. No explicit IP SLAs configuration is required on the master controller or the border router. Support for IP SLAs is enabled by default when the OER process is created. However, a remote responder must be enabled on the target device when configuring an active probe using UDP echo messages or when configuring an active probe using TCP connection messages that are configured to use a port other than the TCP well-known port number 23. The remote responder is enabled by configuring the ip sla monitor responder Global configuration command on the target device.
Note
Examples
Active Probe Configuration Examples
The following example configures an active probe using an ICMP reply (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.
Router(config-oer-mc)# active-probe echo 10.4.9.1The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.
Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23The following example configures an active probe using UDP messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.
Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001Remote Responder Configuration Examples
The following example configures a remote responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.
Border-Router(config)# ip sla monitor type udpEcho port 1001The following example configures a remote responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured only for TCP active probes that use a port number other than well-known port number 23.
Border-Router(config)# ip sla monitor responder type tcpConnect port 2002
Related Commands
backoff
To set the backoff timer to adjust the time period for prefix policy decisions, use the backoff command in OER master controller configuration mode. To set the backoff timer to the default value, use the no form of this command.
backoff min-timer max-timer [step-timer]
no backoff
Syntax Description
Defaults
OER uses the following default values if this command is not configured or if the no form of this command is entered:
min-timer: 300 seconds
max-timer: 3000 seconds
step-timer: 300 secondsCommand Modes
OER master controller
Command History
Usage Guidelines
The backoff command is entered on an OER master controller. This command is used to adjust the transition period that the master controller holds an out-of-policy prefix. The master controller uses the prefix transition period to hold the out-of-policy prefix before moving the prefix to an in-policy state by selecting an in-policy exit. This command is configured with a minimum and maximum timer value and can be configured with an optional step timer.
The min-timer argument is used to set the minimum transition period in seconds. If the current prefix is in-policy when this timer expires, no change is made and the minimum timer is reset to the default or configured value. If the current prefix is out-of-policy, OER will move the prefix to an in-policy and reset the minimum timer to the default or configured value.
The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. If all OER controlled prefixes are in an out-of-policy state and the value from the max-timer argument expires, OER will select the best available exit and reset the minimum timer to the default or configured value.
The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached. If the maximum timer expires and all OER managed exits are out-of-policy, OER will install the best available exit and reset the minimum timer.
Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds:
Router(config-oer-mc)# backoff 400 4000 400Related Commands
border
To enter OER managed border router configuration mode to establish communication with an OER border router, use the border command in OER master controller configuration mode. To disable communication with the specified border router, use the no form of this command.
border ip-address [key-chain key-name]
no border ip-address
Syntax Description
Defaults
Border key-chain configuration is required during initial configuration. Once configured, the key-chain keyword is optional.
OER observe mode passive monitoring is enabled by default when communication is established between an OER border router and master controller.
Command Modes
OER master controller
Command History
Usage Guidelines
The border command is entered on a master controller. This command is used to establish communication between a master controller and border router. Communication is established between the master controller and border router processes to allow the master controller to monitor and control prefixes and exit links. Communication must also be established on the border router with the master OER border configuration command.
At least one border router must be configured to enable OER. A maximum of ten border routers can be configured to communicate with a single master controller. The IP address that is used to specify the border router must be assigned to a local interface on the border router and must be reachable by the master controller.
Communication between the master controller and the border router is protected by key chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the "Managing Authentication Keys" section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4.
When the border command is entered, the router enters OER managed border router configuration mode. Local interfaces must be defined as internal or as external with the interface (OER) OER managed border router configuration command. A single OER master controller can support up to 20 interfaces.
Enabling a Border Router and Master Controller Process on the Same Router
A Cisco router can be configured to perform in dual operation and run a master controller process and border router process on the same router. However, this router will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation.
Examples
The following example defines a key chain named MASTER in Global configuration mode and then configures a master controller to communicate with the 10.4.9.6 border router. The master controller authenticates the border router using the defined key CISCO.
Router(config)# key chain MASTERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer masterRouter(config-oer-mc)# port 65535Router(config-oer-mc)# loggingRouter(config-oer-mc)# border 10.4.9.6 key-chain MASTERRouter(config-oer-mc-br)# interface FastEthernet0/0 externalRouter(config-oer-mc-br)# interface FastEthernet0/1 internalRouter(config-oer-mc-br)# exitRelated Commands
default (OER)
To set an OER configuration command or all commands in a configuration mode to use default values, use the default command in OER border router, OER managed border router, or OER master controller configuration mode. This command does not have a no form.
default command-name
Syntax Description
Defaults
Sets configurable variables to the default value for the specified command or all commands in the specified configuration mode.
Command Modes
Global
oer-map
OER border router
OER managed border router
OER master controllerCommand History
Examples
The following example returns the backoff OER master controller configuration command to the default state:
Router(config-oer-mc)# default backoffThe following example returns all commands under the OER Top Talker and Top Delay learning configuration mode to their default states:
Router(config-oer-mc)# default learn
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
holddown
To configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use the holddown command in OER master controller configuration mode. To return the prefix route dampening timer to the default value, use the no form of this command.
holddown timer
no holddown
Syntax Description
timer
Specifies the prefix route dampening time period. The range for this argument is from 300 to 65535 seconds. The default value is 300 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
timer: 300 seconds
Command Modes
OER master controller
Command History
Usage Guidelines
The holddown command is entered on a master controller. This command is used to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes. OER does not implement policy changes while a prefix is in the holddown state. A prefix will remain in a holddown state for the default or configured time period. When the holddown timer expires, OER will select the best exit based on performance and policy configuration. However, an immediate route change will be triggered if the current exit for a prefix becomes unreachable.
Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Examples
The following example sets the prefix route dampening timer to 600 seconds:
Router(config-oer-mc)# holddown 600Related Commands
keepalive (OER)
To configure the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received, use the keepalive command in OER master controller configuration mode. To return the keepalive timer to the default time interval, use the no form of this command.
keepalive [timer]
no keepalive
Syntax Description
timer
(Optional) Sets the keepalive time interval. The configurable range for this argument is from 0 to 1000 seconds. The default time interval is 5 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
timer: 5 seconds
Command Modes
OER master controller
Command History
Usage Guidelines
The keepalive command is entered on a master controller. The OER master controller sends keepalive packets to border routers to maintain master controller to border router connectivity. If no keepalive packets are received from a border router after the keepalive timer expires, the master controller will not maintain the connection.
Examples
The following example sets the keepalive time interval to 10 seconds:
Router(config-oer-mc)# keepalive 10Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
learn
To enter OER Top Talker and Top Delay learning configuration mode to configure OER to learn prefixes, use the learn command in OER master controller configuration mode. To disable prefix learning, use the no form of this command.
learn
no learn
Syntax Description
This command has no keywords or values.
Defaults
No default behavior or values
Command Modes
OER master controller
Command History
Usage Guidelines
The learn command is entered on a master controller and is used to enter OER Top Talker and Top Delay learning configuration mode to configure a master controller to learn and optimize prefixes based on the highest throughput or the highest delay. Under the Top Talker and Delay learning configuration mode, you can configure prefix learning based on delay and throughput statistics. You can configure the length of the prefix learning period, the interval between prefix learning periods, the number of prefixes to learn, and the prefix learning based on protocol.
Examples
The following example enters OER Top Talker and Top Delay learning and configuration mode:
Router(config-oer-mc)# learnRelated Commands
logging
To enable syslog event logging for an OER master controller or an OER border router process, use the logging command in OER master controller or OER border configuration mode. To disable OER event logging, use the no form of this command.
logging
no logging
Syntax Description
This command has no keywords or arguments
Defaults
No default behavior or values
Command Modes
OER border router
OER master controllerCommand History
Usage Guidelines
The logging command is entered on a master controller or border router. System logging is enabled and configured in Cisco IOS software under Global configuration mode. The logging command in OER master controller or OER border router configuration mode is used only to enable or disable system logging under OER. OER system logging supports the following message types:
Error Messages—These messages indicate OER operational failures and communication problems that can impact normal OER operation.
Debug Messages—These messages are used to monitor detailed OER operations to diagnose operational or software problems.
Notification Messages—These messages indicate that OER is performing a normal operation.
Warning Messages—These messages indicate that OER is functioning properly but an event outside of OER may be impacting normal OER operation.
To modify system, terminal, destination, and other system global logging parameters, use the logging commands in Global configuration mode. For more information about global system logging configuration, refer to the "Troubleshooting and Fault Management" section of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3.
Examples
The following example enables OER system logging on a master controller:
Router(config-oer-mc)# loggingThe following example enables OER system logging on a border router:
Router(config-oer-br)# logging
Related Commands
loss
To set the relative or maximum packet loss limit that OER will permit for an exit link, use the loss command in OER master controller configuration mode. To return the packet loss limit to the default value, use the no form of this command.
loss relative average | threshold maximum
no loss
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative average: 100 (10 percent packet loss)
Command Modes
OER master controller
Command History
Usage Guidelines
The loss command is used to specify the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.
The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss. The short-term measurement reflects the percentage of packet loss within a 5 minute time period. The long-term measurement reflects the percentage of packet loss within a 60 minute period. The following formula is used to calculate this value:
Relative packet loss = ((short-term loss - long-term loss) / long-term loss) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if long-term packet loss is 200 packets per million (PPM) and short-term packet loss is 300 PPM, the relative loss percentage is 50 percent.
The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.
Examples
The following example configures the master controller to search for a new exit link if the difference between long and short term measurements (relative packet loss) is greater than 20 percent:
Router(config-oer-mc)# loss relative 200The following example configures OER to search for a new exit link when 20,000 packets have been lost:
Router(config-oer-mc)# loss threshold 20000Related Commands
max prefix
To set the maximum number of prefixes that the master controller will monitor or learn, use the max prefix command in OER master controller configuration mode. To return the master controller to default behavior, use the no form of this command.
max prefix total number [learn number]
no max prefix total
Syntax Description
Command Default
OER uses the following default value if this command is not configured or if the no form of this command is entered:
total number: 5000
learn number: 2500Command Modes
OER master controller configuration
Command History
Usage Guidelines
The max prefix command is entered on a master controller. This command is used to limit the number of prefix that a master controller will monitor and learn to reduce memory and system resource consumption. For more information about memory and system resource consumption, see the following document:
•
Note
Examples
The following example configures OER to monitor a maximum of 3000 prefixes and to learn a maximum of 1500 prefixes:
Router(config)# oer masterRouter(config-oer-mc)# max prefix total 3000 learn 1500Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
max-range-utilization
To set the maximum utilization range for all OER managed exit links, use the max-range-utilization command in OER master controller configuration mode. To return the maximum utilization range to the default value, use the no form of this command.
max-range-utilization percent maximum
no max-range-utilization
Syntax Description
percent maximum
Sets the maximum percentage of exit link utilization. The range for this argument is from 1 to 100 percent.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
percent maximum: 20
Command Modes
OER master controller
Command History
Usage Guidelines
The max-range-utilization command is configured on a master controller. This command is used to set maximum link utilization on external interfaces on OER border routers. OER uses the maximum utilization range to determine if exit links are in-policy. OER will equalize outbound traffic across all exit links by moving prefixes from over utilized or out-of-policy exits to in-policy exits. If exit link utilization is equal to or greater than the configured or default maximum utilization value, OER will select an optimal exit link to bring the affected prefixes back into policy.
Examples
The following example sets the maximum utilization range for OER managed exit links to 80 percent:
Router(config-oer-mc)# max-range-utilization 80Related Commands
mode
To configure route monitoring or route control on an OER master controller, use the mode command in OER master controller configuration mode. To return the OER master controller to the default monitoring state, use the no form of this command.
mode monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value | observe} | select-exit {best | good}
no mode monitor | route {control | metric {bgp | static} | observe} | select-exit
Syntax Description
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered:
Monitoring: Both active and passive monitoring is enabled.
Route control: Observe mode route control is enabled.
Exit Selection: The first in-policy exit is selected.Command Modes
OER master controller
Command History
Usage Guidelines
The mode command is entered on a master controller. This command is used to enable and configure control mode and observe mode settings and is used to configure passive monitoring and active monitoring. A prefix can be both passively and actively monitored.
Observe Mode
Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.
Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.
Passive Monitoring
The master controller passively monitors IP prefixes and TCP traffic flows. Passive monitoring is configured on the master controller. Monitoring statistics are gathered on the border routers and then reported back to the master controller. OER uses NetFlow to collect and aggregate passive monitoring statistics on a per prefix basis. No explicit NetFlow configuration is required. NetFlow support is enabled by default when passive monitoring is enabled. OER uses passive monitoring to measure the following information:
Delay—OER measures the average delay of TCP flows for a prefix. Delay is the measurement of the time between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement.
Packet Loss—OER measures packet loss by tracking TCP sequence numbers for each TCP flow. OER estimates packet loss by tracking the highest TCP sequence number. If a subsequent packet is received with a lower sequence number, OER increments the packet loss counter.
Reachability—OER measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement.
Throughput—OER measures outbound throughput for optimized prefixes. Throughput is measured in bits per second (bps).
Note
Active Monitoring
OER uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows OER to be configured to send active probes to target IP addresses to measure the jitter and delay to determine if a prefix is out-of-policy and to determine if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. The master controller uses this information to optimize the prefix and select the best available exit based on default and user-defined policies. The active-probe command is used to create an active probe.
Optimal Exit Link Selection
The master controller can be configured to select a new exit for an out-of-policy prefix based on performance or policy. You can configure the master controller to select the first in-policy exit by entering the good keyword, or you can configure the master controller to select the best exit with the best keyword.
Examples
The following example enables both active and passive monitoring:
Router(config-oer-mc)# mode monitor bothThe following example enables control mode:
Router(config-oer-mc)# mode route controlThe following example configures the master controller to select the first in-policy exit:
Router(config-oer-mc)# mode select-exit goodRelated Commands
periodic (OER)
To configure OER to periodically select the best exit link, use the periodic command in OER master controller configuration mode. To disable periodic exit selection, use the no form of this command.
periodic timer
no periodic
Syntax Description
timer
Sets the length of time for the periodic timer. The value for the timer argument is from 180 to 7200 seconds.
Defaults
No default behavior or values
Command Modes
OER master controller
Command History
Usage Guidelines
The periodic command is entered on a master controller. This command is used to configure the master controller to evaluate and then make policy decisions for OER managed exit links. When the periodic timer expires, the master controller evaluates current exit links based on default or user-defined policies. If all exit links are in-policy, no changes are made. If an exit link is out-of-policy, the affected prefixes are moved to an in-policy exit link. If all exit links are out-of-policy, the master controller will move out-of-policy prefixes to the best available exit links.
In control mode, the master controller can be configured to select the first in-policy exit, when this timer expires, by configuring the mode select-exit good command or can be configured to select the best available in-policy exit by configuring the mode select-exit best command.
The periodic timer is reset to the default or configured value each time the timer expires. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example sets the periodic timer to 300 seconds. When the timer expires OER will select either the best exit or the first in-policy exit.
Router(config-oer-mc)# periodic 300Related Commands
policy-rules
To apply a configuration from an oer-map to a master controller configuration, use the policy-rules command in OER master controller configuration mode. To remove a configuration applied by the policy-rules command, use the no form of this command.
policy-rules map-name
no policy-rules
Syntax Description
Defaults
No default behavior or values
Command Modes
OER master controller
Command History
Usage Guidelines
The policy-rules command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps.
The policy-rules command is entered on a master controller. This command is used to apply the configuration from an oer-map to a master controller configuration in OER master controller configuration mode.
Reentering this command with a new oer-map name will immediately overwrite the previous configuration. This behavior is designed to allow you to quickly select and switch between predefined oer-maps.
Examples
The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the oer-map configuration named BLUE under OER master controller mode:
Router(config)# oer-map BLUE 10Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set loss relative 900Router(config-oer-map)# exitRouter(config)# oer masterRouter(config-oer-mc)# policy-rules BLUERouter(config-oer-mc)# endRelated Commands
resolve
To set the priority of a policy when multiple overlapping policies are configured, use the resolve command in OER master controller configuration mode. To disable the policy priority configuration, use the no form of this command.
resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
no resolve {cost | delay | loss | range | utilization}
Syntax Description
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered:
unreachable: highest priority
delay: 11
utilization: 12
Note
Command Modes
OER master controller
Command History
Usage Guidelines
The resolve command is entered on a master controller. This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.
The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to a policy. Setting the number 10 sets the lowest priority. Each policy must be assigned a different priority number. If you try to assign the same priority number to 2 different policy types, an error message will be printed in the console. By default, delay has a priority value of 11 and utilization has a priority value of 12. These values can be overridden by specifying a value from 1 to 10.
The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal.
Note
Examples
The following example sets the priority for delay policies to 1 and sets the allowable variance percentage to 20 percent:
Router(config-oer-mc)# resolve delay priority 1 variance 20The following example sets the priority for loss policies to 2 and sets the allowable variance percentage to 30 percent
Router(config-oer-mc)# resolve loss priority 2 variance 30The following example sets the priority for range policies to 3:
Router(config-oer-mc)# resolve range priority 3The following example sets the priority for link utilization policies to 4 and sets the allowable variance percentage to 10 percent:
Router(config-oer-mc)# resolve utilization priority 4 variance 10Related Commands
shutdown (OER)
To stop an OER master controller or OER border router process without removing the OER process configuration, use the shutdown command in OER master controller or OER border router configuration mode. To start a stopped OER process, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
OER master controller
OER border routerCommand History
Usage Guidelines
The shutdown command is entered on a master controller or border router. Entering the shutdown command stops an active master controller or border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled. To disable a master controller or border router and completely remove the process configuration from the running-config file, use the no oer master or no oer border command in Global configuration mode.
Examples
The following example stops an active OER border router session:
Router(config-oer-br)# shutdownThe following example starts an inactive OER master controller session:
Router(config-oer-mc)# no shutdownRelated Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
traceroute probe-delay
To set the time interval between traceroute probe cycles, use the traceroute command in OER master controller configuration mode. To set the interval between probes to the default value, use the no form of this command.
traceroute probe-delay milliseconds
no traceroute probe-delay milliseconds
Syntax Description
milliseconds
Configures the time interval, in milliseconds, between traceroute probes. The configurable range for this argument is a number from 0 to 65535.
Defaults
The following value is used when this command is not configured or the no form is entered:
milliseconds: 1000
Command Modes
OER master controller
Command History
Usage Guidelines
The traceroute probe-delay command is entered on a master controller. This command is used to set the delay interval between traceroute probes.
Continuous and policy based traceroute reporting is configured with the set traceroute reporting oer-map configuration mode command. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode. On-demand traceroute probes are triggered by entering the show oer master prefix command with the current and now keywords.
Examples
The following example, starting in Global configuration mode, the delay interval between traceroute probes to 10000 milliseconds:
Router(config)# oer masterRouter(config-oer-mc)# traceroute probe-delay 10000Related Commands
unreachable
To set the maximum number of unreachable hosts, use the unreachable command in OER master controller configuration mode. To return the maximum number of unreachable hosts to the default value, use the no form of this command.
unreachable relative average | threshold maximum
no unreachable
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative average: 50 (5 percent unreachable hosts)
Command Modes
OER master controller
Command History
Usage Guidelines
The unreachable command entered on a master controller. This command is used to specify the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm), that OER will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.
The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the percentage of hosts that are unreachable within a 5 minute time period. The long-term measurement reflects the percentage of unreachable hosts within a 60 minute period. The following formula is used to calculate this value:
Relative percentage of unreachable hosts = ((short-term percentage - long-term percentage) / long-term percentage) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if 10 hosts are unreachable during the long-term measurement and 12 hosts are unreachable during short-term measurement, the relative percentage of unreachable hosts is 20 percent.
The threshold keyword is used to configure the absolute maximum number of unreachable hosts. The maximum value is based on the actual number of hosts that are unreachable based on fpm.
Examples
The following example configures the master controller to search for a new exit link when the difference between long and short term measurements (relative percentage) is greater than 10 percent:
Router(config-oer-mc)# unreachable relative 100The following example configures OER to search for a new exit link when 10,000 hosts are unreachable:
Router(config-oer-mc)# unreachable threshold 10000Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
interface (OER)
To configure a border router interface as an OER managed external or internal interface, use the interface command in OER managed border router configuration mode. To remove an interface from OER control, use the no form of this command.
interface type number external | internal
no interface type number external | internal
Syntax Description
Defaults
No default behavior or values
Command Modes
OER managed border router
Command History
Usage Guidelines
The interface command is entered on a master controller. This command is used to configure external and internal interfaces on border routers to be under OER control. External interfaces are configured as OER managed exit links to forward traffic. External interfaces are used by the master controller to actively monitor prefix and link performance. Internal interfaces are used for only passive performance monitoring with NetFlow.
At least one external and one internal interface must be configured on each border router to allow NetFlow to monitor inbound and outbound traffic. At least two external interfaces are required in an OER managed network. You can configure a maximum of 20 external interfaces for a single master controller in an OER managed network.
Configuring an interface as external enters OER Border Exit configuration mode. Under OER Border Exit configuration mode you can configure maximum link utilization on a per interface basis with the max-xmit-utilization command.
Note
Examples
The following example configures one internal interface and two external interfaces on a border router:
Router(config-oer-mc)# border 10.4.9.6Router(config-oer-mc-br)# interface FastEthernet0/1 internalRouter(config-oer-mc-br)# interface FastEthernet0/0 externalRouter(config-oer-mc-br)# interface Serial 1/0 externalRelated Commands
cost-minimization
To configure cost-based optimization policies on a master controller, use the cost-minimization command in OER border exit configuration mode. To disable a cost-based optimization policy, use the no form of this command.
cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]}
no cost-minimization {calc | discard | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname | sampling period | summer-time | tier percentage}
Syntax Description
Command Default
No default behavior or values
Command Modes
OER border exit interface
Command History
Usage Guidelines
The cost-minimization command is configured on a master controller. Cost-based optimization allows you to configure link policies based on the ISP financial cost of each exit link in your network. This feature allows you to configure the master controller send traffic over exit links that provide the most cost-effectively bandwidth utilization, while still maintaining the desired performance characteristics.
Fixed Rate Billing
Fixed rate—This method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The financial cost of the exit link is entered with the fee keyword.
Tier-Based Billing
Tier-based with bursting—This method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The financial cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword.
Cost Optimization Algorithm
At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:
•
•
•
Initial Period
The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.
Middle Period
The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards.
Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.
Last Period
The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.
Examples
The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.
Router(config)# oer masterRouter(config-oer-mc)# border 10.5.5.55 key-chain keyRouter(config-oer-mc-br)# interface Ethernet 0/0 externalRouter(config-oer-mc-br-if)# cost-minimization nickname ISP1Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180Router(config-oer-mc-br-if)# cost-minimization calc separateRouter(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800Router(config-oer-mc-br-if)# exitRelated Commands
max-xmit-utilization
To configure the maximum utilization on a single OER managed exit link, use the max-xmit-utilization command in OER Border Exit configuration mode. To set maximum utilization to the default value, use the no form of this command.
max-xmit-utilization {absolute kbps | percentage value}
no max-xmit-utilization
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
percentage value: 75 (75 percent link utilization)
Command Modes
OER border exit interface
Command History
Usage Guidelines
The max-xmit-utilization command is entered on a master controller and allows you to configure the maximum percentage of outbound traffic that can be transmitted over an OER managed exit interface. This command is configured on a per exit link basis and cannot be configured on OER internal interfaces; internal interfaces are not used to forward traffic.
Examples
The following example sets the maximum exit link utilization to 1000000 kbps on FastEthernet interface 0/0:
Router(config-oer-mc-br)# interface FastEthernet0/0 externalRouter(config-oer-mc-br-if)# max-xmit-utilization absolute 1000000The following example sets the maximum percentage of exit utilization to 80 percent on Serial interface 1/0:
Router(config-oer-mc-br)# interface Serial 1/0 externalRouter(config-oer-mc-br-if)# max-xmit-utilization percentageRelated Commands
aggregation-type
To configure an OER master controller to aggregate learned prefixes based on traffic flow type, use the aggregation-type command in OER Top Talker and Top Delay learning configuration mode. To set learned prefix aggregation to the default type, use the no form of this command.
aggregation-type bgp | non-bgp | prefix-length prefix-mask
no aggregation-type
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
prefix-length prefix-mask: 24
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The aggregation-type command is entered on a master controller. This command is used to configure OER to aggregate learned prefixes based on the traffic flow type. BGP prefixes or non-BGP prefixes can be aggregated, and traffic flows can be aggregated based on prefix length.
Entering the bgp keyword configures learned prefix aggregation based on prefix entries in the BGP routing table. This keyword is used if internal BGP (iBGP) peering is enabled in the OER managed network.
Entering the non-bgp keyword configures learned prefix aggregation based on any other routing protocol. Prefix entries that are present in the BGP routing table are ignored when this keyword is entered.
Examples
The following example configures BGP learned prefix aggregation:
Router(config-oer-mc-learn)# aggregation-type bgpRelated Commands
delay
To configure prefix delay parameters, use the delay command in OER master controller mode or OER Top Talker and Top Delay learning configuration mode. To disable prefix learning based on lowest delay, use the no form of this command.
delay relative percentage | threshold maximum
no delay
Syntax Description
Defaults
OER master controller mode
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative percentage: 500 (50 percent)
OER Top Talker and Top Delay learning mode
No default behavior or values
Command Modes
OER master controller
OER Top Talker and Top Delay learningCommand History
Usage Guidelines
The delay command is entered on an OER master controller in OER master controller configuration mode or OER Top Talker and Top Delay learning configuration mode.
Configuring in OER master controller mode
The delay command entered in OER master controller configuration mode to set the delay threshold as a relative percentage or as an absolute value. If the configured delay threshold is exceeded, then the prefix is out-of-policy.
The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the delay percentage within a 5 minute time period. The long-term measurement reflects the delay percentage within a 60 minute period. The following formula is used to calculate this value:
Relative delay measurement = ((short-term measurement- long-term measurement) / long-term measurement) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the delay percentage is determined to be out-of-policy. For example, if the long-term delay measurement 100 milliseconds and the short-term delay measurement is 120 milliseconds, the relative delay percentage is 20 percent.
The threshold keyword is used to configure the absolute maximum delay period in milliseconds.
Configuring in OER Top Talker and Top Delay learning mode
The delay command entered in OER Top Talker and Top Delay learning configuration mode to enable prefix learning based on the lowest delay time. Under OER Top Talker and Top Delay learning configuration mode the master controller creates a list of Top Delay prefixes based on the lowest delay time. This command is used to configure an OER master controller to learn prefixes based on the lowest delay time. OER measures the delay for optimized prefixes (OPs) when this command is enabled. The master controller uses the list of Top Delay prefixes to select the best exit when the periodic timer expires or when a prefix goes out-of-policy.
Examples
OER master controller mode example
The following example sets a 20 percent relative delay percentage:
Router(config-oer-mc)# delay relative 200OER Top Talker and Top Delay learning mode example
The following example configures a master controller to learn top prefixes based on the lowest delay:
Router(config-oer-mc)# learnRouter(config-oer-mc-learn)# delayRelated Commands
monitor-period
To set the time period that an OER master controller learns traffic flows, use the monitor-period command in OER Top Talker and Top Delay learning configuration mode. To return the monitoring period to the default time period, use the no form of this command.
monitor-period minutes
no monitor-period
Syntax Description
minutes
Sets the prefix learning period in minutes. The range that can be configured for this argument is from 1 to 1440 minutes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
minutes: 5 (5 minutes)
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The monitor-period command is configured on a master controller. This command is used to adjust the length of time that a master controller learns traffic flows on border routers. The length of time between monitoring periods is configured with the periodic-interval command. The number of prefixes that are learned is configured with the prefixes command.
Examples
The following example sets the OER monitoring period to 10 minutes on a master controller:
Router(config-oer-mc-learn)# monitor-period 10Related Commands
periodic-interval
To set the time interval between prefix learning periods, use the periodic-interval command in OER Top Talker and Top Delay learning configuration mode. To set the time interval between prefix learning periods to the default value, use the no form of this command.
periodic-interval minutes
no periodic-interval
Syntax Description
minutes
Sets the time interval between prefix learning periods in minutes. The range that can be configured for this argument is from 1 to 1440 minutes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
minutes: 120
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The periodic-interval command is configured on a master controller. This command is used to adjust the length of time between traffic flow monitoring periods. The length of time of the learning period is configured with the monitor-period command. The number of prefixes that are monitored is configured with the prefixes command.
Examples
The following example sets the length of time between OER monitoring periods to 20 minutes on a master controller:
Router(config-oer-mc-learn)# periodic-interval 20Related Commands
prefixes
To set the number of prefixes that OER will learn during a monitoring period, use the prefixes command in OER Top Talker and Top Delay learning configuration mode. To return the number of prefixes to the default value, use the no form of this command.
prefixes number
no prefixes
Syntax Description
number
Sets the number of prefixes that a master controller will learn during a monitoring period. The range of this argument is from 1 to 2500 prefixes.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
number: 100
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The prefixes command is configured on a master controller. This command is used to set the number of prefixes that a master controller will learn during a monitoring period. The length of time of the learning period is configured with the monitor-period command. The length of time between monitoring periods is configured with the periodic-interval command.
Examples
The following example configures a master controller to learn 200 prefixes during a monitoring period:
Router(config-oer-mc-learn)# prefixes 200Related Commands
protocol (OER)
To configure an OER master controller to learn prefixes based on a protocol number or a range of port numbers, use the protocol command in OER Top Talker and Top Delay learning configuration mode. To disable port-based prefix learning, use the no form of this command.
protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
no protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
Syntax Description
Defaults
No default behavior or values
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The protocol command is configured on a master controller. This command is used to configure prefix learning based on the specified protocol. This command provides a very granular level of control over prefix learning. Configuring this command allows you to configure the master controller to learn prefixes based on the specified protocol and the specified port number. allowing you to include or exclude traffic based on the port number. allowing you to specific target an application based on the source or destination port number.
Port-based prefix learning allows you to include or exclude traffic streams for a specific protocol or the TCP or UDP port and port range. Traffic can be optimized for a specific application or protocol, or exclude uninteresting traffic, allowing you to focus system resources, thus saving CPU cycles and reducing the amount of memory that is required to monitor prefixes. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, a range of port numbers can be specified.
For a list of IANA assigned port numbers, refer to the following document:
•
For a list of IANA assigned protocol numbers, refer to the following document:
•
Examples
The following example configures a master controller to learn EIGRP prefixes during the monitoring period:
Router(config-oer-mc-learn)# protocol 88Related Commands
Enters OER Top Talker and Top Delay learning configuration mode to configure prefixes for OER to learn.
throughput
To configure OER to learn the top prefixes based on the highest outbound throughput, use the throughput command in OER Top Talker and Top Delay learning configuration mode. To disable learning based on outbound throughput, use the no form of this command.
throughput
no throughput
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
OER Top Talker and Top Delay learning
Command History
Usage Guidelines
The throughput command is entered on a master controller. The master controller creates a list of Top Talker prefixes based on the highest outbound throughput. This command is used to configure a master controller to learn prefixes based on the highest outbound packet throughput. When this command is enabled, OER will learn the top prefixes across all border routers according to the highest outbound throughput. The master controller uses the list of Top Talker prefixes to select the exit with the highest throughput when the periodic rotation expires or when a prefix goes out-of-policy.
Examples
The following example configures a master controller to learn the top prefixes based on highest outbound throughput:
Router(config-oer-mc-learn)# throughputRelated Commands
active-probe address source
To configure an interface on a border router as the active-probe source, use the active-probe command in OER border router configuration mode. To configure active probing to use a default exit interface, use the no form of this command.
active-probe source address interface type number
no active-probe source address interface
Syntax Description
Command Default
The source IP address is used from the default OER external interface that transmits the active probe.
Command Modes
OER border router
Command History
Usage Guidelines
The active-probe address source command allows you to specify the source interface, from which active probes are transmitted. When this command is configured, the primary IP address of the specified interface is used as the active probe source. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface. If the interface is not configured with an IP address, the active probe will not be generated. If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address. If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and is not restarted until a valid primary IP address is configured.
Note
Examples
The following example configures the FastEthernet 0/0 interface as the active probe source:
Router(config)# oer borderRouter(config-oer-border)# active-probe address source FastEthernet 0/0Related Commands
Configures an active probe for a target prefix.
Enables an OER process and configures a router as an OER border router or as an OER master controller.
local (OER)
To identify a local interface on an OER border router as the source for communication with an OER master controller, use the local command in OER border router configuration mode. To remove the interface from the OER border router configuration and disable border router to master controller communication, use the no form of this command.
local type number
no local type number
Syntax Description
Defaults
No default behavior or values
Command Modes
OER border router
Command History
Usage Guidelines
The local command is configured on an OER border router. This command is used to specify the source interface IP address that will be used for communication between a border router and master controller.
The IP address that is configured for the local interface must also be configured on the master controller with the border OER master controller configuration command and the interface (OER) OER managed border router configuration command.
The no form of this command cannot be entered while the border router process is active. The border router process must first be stopped with the shutdown (OER) command. If you stop the border router process to deconfigure the local interface with the no form of this command, you must configure another local interface before the border router process will reestablish communication with the master controller.
Examples
The following example configures the FastEthernet 0/0 interface as a local interface:
Router(config)# oer borderRouter(config-oer-br)# local FastEthernet0/0Related Commands
master
To establish communication with a master controller, use the master command in OER border router configuration mode. To disable communication with the specified master controller, use the no form of this command.
master ip-address key-chain key-name
no master ip-address key-chain key-name
Syntax Description
ip-address
Specifies the IP address of the master controller.
key-chain key-name
Specifies the key-chain to authenticate with the master controller.
Defaults
OER observe mode passive monitoring is enabled when communication is established between a master controller and border router.
Command Modes
OER border router
Command History
Usage Guidelines
The master command is entered on a border router. This command is used to establish communication between an OER border router and master controller. Communication is established between the border router process and the master controller process to allow the master controller to monitor and control OER exit links. OER communication must also be established on the master controller with the border OER master controller configuration command. At least one border router must be configured to enable OER. A maximum of ten border routers can be configured to communicate with a single master controller. The IP address that is used to specify the border router must be assigned to a local interface on the border router and must be reachable by the master controller.
Communication between the master controller and the border router is protected by key-chain authentication. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the "Managing Authentication Keys" section of the Cisco IOS IP Configuration Guide, Release 12.3.
When the border command is entered, the router enters OER managed border router configuration mode. Local interfaces must be defined as internal or external with the interface (OER) OER managed border router configuration command. A single OER master controller can support up to 20 interfaces.
Examples
The following example defines a key-chain named MASTER in Global configuration mode and then configures a master controller to communicate with the 10.4.9.6 border router. The master controller authenticates the border router based on the defined key CISCO.
Router(config)# key chain MASTERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exitRouter(config-keychain)# exitRouter(config)# oer masterRouter(config-oer-mc)# port 49152Router(config-oer-mc)# loggingRouter(config-oer-mc)# border 10.4.9.6 key-chain MASTERRouter(config-oer-mc-br)# interface FastEthernet0/0 externalRouter(config-oer-mc-br)# interface FastEthernet0/1 internalRouter(config-oer-mc-br)# exitRelated Commands
port (OER)
To optionally configure a dynamic port number for communication between an OER master controller and border router, use the port command in OER master controller or OER border router configuration mode. To close the port and disable communication, use the no form of this command.
port [port-number]
no port
Syntax Description
port-number
(Optional) Specifies the port number. The configurable range for this argument is a number from 1 to 65535.
Defaults
Port 3949 is used for OER communication unless a dynamic port number is configured on both the master controller and the border router. Port configuration is not shown in the running-config file when port 3949 is used.
Command Modes
OER border router
OER master controllerCommand History
Usage Guidelines
Communication between a master controller and border router is automatically carried over port 3949 when connectivity is established. Port 3949 is registered with IANA for OER communication. Manual port number configuration is only required if you are running Cisco IOS Release 12.3(8)T or if you need to configure OER communication to use a dynamic port number.
The port command is entered on a master controller or a border router. This command is used to specify a dynamic port number to be used for border router and the master controller communication. The same port number must be configured on both the master controller and border router. Closing the port by entering the no form of this command disables communication between the master controller and the border router.
Examples
The following example opens port 49152 for master controller communication with a border router:
Router(config-oer-mc)# port 49152The following example opens port 49152 for border router communication with a master controller:
Router(config-oer-br)# port 49152The following example closes the default or user-defined port and disables communication between a master controller and border router:
Router(config-oer-mc)# no portRelated Commands
oer-map
To enter oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes, use the oer-map command in Global configuration mode. To delete the oer-map, use the no form of this command.
oer-map map-name sequence-number
no oer-map map-name
Syntax Description
map-name
Specifies the name or tag for the oer-map.
sequence-number
(Optional) Specifies the sequence number for the oer-map entry. The configurable range for this argument is from 1 to 65535.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
The oer-map command is configured on a master controller. The operation of an oer-map is similar to the operation of a route-map. An oer-map is designed to select IP prefixes or to select OER learn policies using a match clause and then to apply OER policy configurations using a set clause. The oer-map is configured with a sequence number like a route-map, and the oer-map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route-map at this point. There are two important distinctions:
•
•
Tips
An oer-map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for prefixes learned based on delay or based on throughput.
The oer-map applies the configuration of the set clause after a successful match occurs. An oer set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts. See the "Related Commands" section of this command reference page for a complete list of OER set clauses.
Policies that are applied by an oer-map do not override global policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. Policies are overridden on a per-prefix list basis. If a policy type is not explicitly configured in an oer-map, the default or configured values will apply. Policies applied by an oer-map take effect after the current policy or operational timer expires. The oer-map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command.
Examples
The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This oer-map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24Router(config)# !Router(config)# oer-map SELECT_EXIT 10Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set mode select-exit goodRouter(config-oer-map)# set resolve utilization priority 1 variance 10The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:
Router(config)# oer-map THROUGHPUT 20Router(config-oer-map)# match oer learn throughputRouter(config-oer-map)# set loss relative 10Related Commands
match ip address (OER)
To create a prefix list match clause entry in an oer-map to apply OER policy settings, use the match ip address (OER) command in oer-map configuration mode. To delete the match clause entry, use the no form of this command.
match ip address prefix-list name
no match ip address
Syntax Description
Defaults
No default behavior or values
Command Modes
oer-map
Command History
Usage Guidelines
The match ip address (OER) command is entered on a master controller in oer-map configuration mode. This command is used to configure a prefix list as a match criteria in an oer-map. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix list is created with the ip prefix-list command. Only one match clause can be configured for each oer-map sequence.
Examples
The following example creates a prefix list named CUSTOMER. The prefix list specifies the 10.4.9.0/24 subnet. The match ip address (OER) command configures the prefix list as match criteria for the oer-map:
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24Router(config)# !Router(config)# oer-map SELECT_EXIT 10Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set mode select-exit goodRelated Commands
match oer learn
To create a match clause entry in an oer-map to match OER learned prefixes, use the match oer learn command in OER router configuration mode. To delete the match clause entry, use the no form of this command.
match oer learn delay | throughput
no match oer learn delay | throughput
Syntax Description
delay
Specifies prefixes learned based on highest delay.
throughput
Specifies prefixes learned based on highest throughput.
Defaults
No default behavior or values
Command Modes
oer-map
Command History
Usage Guidelines
The match oer learn command is entered on a master controller in oer-map configuration mode. OER can be configured to learn prefixes based on delay or based on throughput. This command is used to configure OER learned prefixes as match criteria in an oer-map. Only one match clause can be configured for each oer-map sequence.
Examples
The following example creates an oer-map named DELAY that matches traffic learned based on delay. The set clause applies a route control policy that configures OER to actively control this traffic:
Router(config)# oer-map DELAY 20Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set mode route controlRelated Commands
set backoff
To configure an oer-map to set the backoff timer to adjust the time period for prefix policy decisions, use the set backoff command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set backoff min-timer max-timer [step-timer]
no set backoff
Syntax Description
Defaults
OER uses the following default values if this command is not configured or if the no form of this command is entered:
min-timer: 300 seconds
max-timer: 3000 seconds
step-timer: 300 secondsCommand Modes
oer-map configuration
Command History
Usage Guidelines
The set backoff command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the transition period that the master controller holds an out-of-policy prefix. The master controller uses a backoff timer to schedule the prefix transition period in which OER holds the out-of-policy prefix before moving the prefix to an in-policy state by selecting an in-policy exit. This command is configured with a minimum and maximum timer value and can be configured with an optional step timer.
Minimum Timer—The min-timer argument is used to set the minimum transition period in seconds. If the current prefix is in-policy when this timer expires, no change is made and the minimum timer is reset to the default or configured value. If the current prefix is out-of-policy, OER will move the prefix to an in-policy and reset the minimum timer to the default or configured value.
Maximum Timer—The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes. If all OER controlled prefixes are in an out-of-policy state and the value from the max-timer argument expires, OER will select the best available exit and reset the minimum timer to the default or configured value.
Step Timer—The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached. If the maximum timer expires and all OER managed exits are out-of-policy, OER will install the best available exit and reset the minimum timer.
Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer value expires.
Examples
The following example creates an oer-map named BACKOFF that sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map BACKOFF 70Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set backoff 400 4000 400Related Commands
set delay
To configure an oer-map to configure OER to set the delay threshold, use the set delay command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set delay {relative percentage | threshold maximum}
no set delay
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative percentage: 500 (50 percent)
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set delay command is entered on a master controller in oer-map configuration mode. This command is configured in an oer-map to set the delay threshold as a relative percentage or as an absolute value for match criteria.
The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the delay percentage within a 5 minute time period. The long-term measurement reflects the delay percentage within a 60 minute period. The following formula is used to calculate this value:
Relative delay measurement = ((short-term measurement- long-term measurement) / long-term measurement) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the delay percentage is determined to be out-of-policy. For example, if long-term delay measurement 100 milliseconds and short-term delay measurement is 120 milliseconds, the relative delay percentage is 20 percent.
The threshold keyword is used to configure the absolute maximum delay period in milliseconds. In case of threshold, if the measured delay of the prefix is higher than the configured delay threshold then the prefix is out-of-policy. In case of percentage, if the short term delay of the prefix is more than long term delay by the percentage value configured then the prefix is out-of-policy.
Examples
The following example creates an oer-map named DELAY that sets the absolute maximum delay threshold to 2000 milliseconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map DELAY 80Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set delay threshold 2000Related Commands
set holddown
To configure an oer-map to set the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use the set holddown command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set holddown timer
no set holddown
Syntax Description
timer
Sets the prefix route dampening time period. The range for this argument is from 300 to 65535 seconds. The default value is 300 seconds.
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
timer: 300 seconds
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set holddown command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the prefix route dampening timer for match criteria. This command is used to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected. The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes. OER does not implement policy changes while a prefix is in the holddown state. A prefix will remain in a holddown state for the default or configured time period. When the holddown timer expires, OER will select the best exit based on performance and policy configuration. However, an immediate route change will be triggered if the current exit for a prefix becomes unreachable.
Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Examples
The following example creates an oer-map named HOLDDOWN that sets the holddown timer to 400 seconds for traffic from the prefix list named CUSTOMER:
Router(config)# oer-map HOLDDOWN 90Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set holddown 400Related Commands
set loss
To configure an oer-map to set the relative or maximum packet loss limit that OER will permit for an exit link, use the set loss command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set loss {relative average | threshold maximum}
no set loss
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative average: 100 (10 percent packet loss)
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set loss command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to set the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.
The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss. The short-term measurement reflects the percentage of packet loss within a 5 minute time period. The long-term measurement reflects the percentage of packet loss within a 60 minute period. The following formula is used to calculate this value:
Relative packet loss = ((short-term loss - long-term loss) / long-term loss) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if long-term packet loss is 200 packets per million (PPM) and short-term packet loss is 300 PPM, the relative loss percentage is 50 percent.
The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.
Examples
The following example creates an oer-map named LOSS that sets the relative percentage of acceptable packet loss for traffic from the prefix list named CUSTOMER to a 20 percent relative percentage. If the packet loss on the current exit link exceeds 20 percent, the master controller will search for a new exit.
Router(config)# oer-map LOSS 10Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set loss relative 200
Related Commands
set mode
To configure an oer-map to configure route monitoring, route control, or exit selection for matched traffic, use the set mode command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set mode {monitor {active | both | passive} | route {control | observe}| select-exit {best | good}}
no set mode {monitor | route {control | observe}| select-exit}
Syntax Description
Defaults
OER uses the following default settings if this command is not configured or if the no form of this command is entered:
monitor both (Both active and passive monitoring is enabled.)
route observe (Observe mode route control is enabled.)Command Modes
oer-map configuration
Command History
Usage Guidelines
The set mode command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to enable and configure control mode and observe mode settings, passive monitoring and active monitoring, and exit link selection for traffic that is configured as match criteria.
Examples
The following example creates an oer-map named OBSERVE that configures OER to observe and report but not control traffic from the prefix list named CUSTOMER:
Router(config)# oer-map OBSERVE 80Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set mode route observeRelated Commands
set periodic
To configure an oer-map to set the time period for the periodic timer, use the set periodic command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set periodic timer
no set periodic
Syntax Description
timer
Sets the length of time for the periodic timer. The value for the timer argument is from 180 to 7200 seconds.
Defaults
No default behavior or values
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set periodic command is entered on a master controller in oer-map configuration mode. This command is used to configure an oer-map to configure OER to periodically select the best exit based on the periodic timer value for traffic that is configured as match criteria in an oer-map. When this timer expires, OER will automatically select the best exit, regardless if the current exit is in or out-of-policy. The periodic timer is reset when the new exit is selected.
Examples
The following example creates an oer-map named PERIODIC that sets the periodic timer to 300 seconds for traffic from the prefix list named CUSTOMER. When the timer expires OER will select the best exit.
Router(config)# oer-map PERIODIC 80Router(config-oer-map)# match ip address prefix-list CUSTOMERRouter(config-oer-map)# set periodic 300Related Commands
set resolve
To configure an oer-map to set policy priority for overlapping policies, use the set resolve command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set resolve{cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
no set resolve {cost | delay | loss | range | utilization}
Syntax Description
Defaults
No default behavior or values
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set resolve command is entered on a master controller in oer-map configuration mode. This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.
The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to the policy. Setting the number 10 sets the lowest priority. Each policy must be assigned a different priority number. If you try to assign the same priority number to 2 different policy types, an error message will be printed in the console.
The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that delay values from 80 to 89 percent will be considered equal.
Note
Examples
The following example creates an oer-map named RESOLVE that sets the priority for delay policies to 1 for traffic learned based on highest outbound throughput. The variance is set to allow a 10 percent difference in delay statistics be for a prefix is determined to be out-of-policy.
Router(config)# oer-map RESOLVE 10Router(config-oer-map)# match oer learn throughputRouter(config-oer-map)# set resolve delay priority 1 variance 10
Related Commands
set traceroute reporting
To configure an OER map to enable traceroute reporting, use the set traceroute reporting command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set traceroute reporting [policy {delay | loss | unreachable}]
no set traceroute reporting [policy {delay | loss | unreachable}]
Syntax Description
Defaults
No default behavior or values
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set traceroute reporting command is entered on a master controller in oer-map configuration mode. This command is used to enable continuos and policy-based trace route probing. Trace route probing allows you to monitor prefix performance on a hop-by-hop basis. Delay, loss, and reachability measurements are gathered for each hop from the probe source to the target prefix.
The following types of traceroute reporting are configured with this command:
Continuous—A traceroute probe is triggered for each new probe cycle. Entering this command without any keywords enables continuous reporting. The probe is sourced from the current exit of the prefix.
Policy based—A traceroute probe is triggered automatically when a prefix goes into an out-of-policy state. Entering this command with the policy keyword enables policy based traceroute reporting. Policy based traceroute probes are configured individually for delay, loss, and reachability policies. The monitored prefix is sourced from a match clause in an oer-map. Policy based traceroute reporting stops when the prefix returns to an in-policy state.
The show oer master prefix command is used to display traceroute probe results. An on-demand traceroute probe can be initiated when entering the show oer master prefix command with the current and now keywords. The set traceroute reporting command does not need to be configured to initiate an on-demand traceroute probe.
Examples
The following example, starting in Global configuration mode, enables continuous traceroute probing for prefixes that are learned based on delay:
Router(config)# oer-map TRACE 10Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set traceroute reportingRelated Commands
set unreachable
To configure an oer-map to set the maximum number of unreachable hosts, use the set unreachable command in oer-map configuration mode. To delete the set clause entry, use the no form of this command.
set unreachable {relative average | threshold maximum}
no set unreachable
Syntax Description
Defaults
OER uses the following default value if this command is not configured or if the no form of this command is entered:
relative average: 50 (5 percent unreachable hosts)
Command Modes
oer-map configuration
Command History
Usage Guidelines
The set unreachable command is entered on a master controller in oer-map configuration mode. This command is used to set the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm), that a master controller will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or default value, the master controller determines that the exit link is out-of-policy and searches for an alternate exit link.
The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements. The short-term measurement reflects the percentage of hosts that are unreachable within a 5 minute time period. The long-term measurement reflects the percentage of unreachable hosts within a 60 minute period. The following formula is used to calculate this value:
Relative percentage of unreachable hosts = ((short-term percentage - long-term percentage) / long-term percentage) * 100
The master controller measures the difference between these two values as a percentage. If the percentage exceeds the user-defined or default value, the exit link is determined to be out-of-policy. For example, if 10 hosts are unreachable during the long-term measurement and 12 hosts are unreachable during short-term measurement, the relative percentage of unreachable hosts is 20 percent.
The threshold keyword is used to configure the absolute maximum number of unreachable hosts. The maximum value is based on the actual number of hosts that are unreachable based on fpm.
Examples
The following example creates an oer-map named UNREACHABLE that configures the master controller to search for a new exit link when the difference between long and short term measurements (relative percentage) is greater than 10 percent for traffic learned based on highest delay:
Router(config)# oer-map UNREACHABLE 10Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set unreachable relative 100
Related Commands
clear oer border *
To reset a connection between a border router and the master controller, use the clear oer border * command in Privileged EXEC configuration mode.
clear oer border *
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The clear oer border * command is entered on a border router. The border router and master controller will automatically reestablish communication after this command is entered.
Examples
The following example resets a connection between a border router and a master controller:
Router(config)# clear oer border *Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
clear oer master *
To reset an OER master controller process and all active border router connections, use the clear oer master * command in Privileged EXEC configuration mode.
clear oer master *
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The clear oer master * command is entered on a master controller. The master controller will restart all configured and default processes and reestablish communication with active border routers after this command is entered.
Examples
The following example resets the master controller process and all active border router connections:
Router(config)# clear oer master *Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
clear oer master border
To reset an active border router connection or all connections with a master controller, use the clear oer master border command in Privileged EXEC configuration mode.
clear oer master border * | ip-address
Syntax Description
*
Specifies all active border router connections.
ip-address
Specifies a single border router connection.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The clear oer master border command is entered on a master controller.
Examples
The following example resets all border router connections to the master controller:
Router(config)# clear oer master border *The following example resets a single border router connection to the master controller:
Router(config)# clear oer master border 10.4.9.6
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
clear oer master prefix
To clear OER controlled prefixes from the master controller database, use the clear oer master prefix command in Privileged EXEC configuration mode.
clear oer master prefix * | prefix | learned
Syntax Description
*
Clears all prefixes.
prefix
Clears a single prefix or prefix range. The prefix address and mask are entered with this argument.
learned
Clears all learned prefixes.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The clear oer master prefix command is entered on a master controller.
Examples
The following example clears all learned prefixes:
Router(config)# clear master prefix learnedRelated Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer border
To display general OER border router debugging information, use the debug oer border command in privileged EXEC mode. To stop the display of OER debugging information, use the no form of this command.
debug oer border
no debug oer border
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer border command is entered on a border router. This command is used to display debugging information about the OER border process, controlled routes and monitored prefixes.
Examples
The following example displays general OER debugging information:
Router# debug oer border*May 4 22:32:33.695: OER BR: Process Message, msg 4, ptr 33272128, value 140*May 4 22:32:34.455: OER BR: Timer event, 0Table 1 describes the significant fields shown in the display.
Table 1 debug oer border Field Descriptions
OER BR:
Indicates debugging information for OER Border process.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer border active-probe
To display debugging information for active probes configured on the local border router, use the debug oer border active-probe command in privileged EXEC mode. To stop the display of debug event information, use the no form of this command.
debug oer border active-probe
no debug oer border active-probe
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer border active-probe command is entered on a master controller. This command is used to display the status and results of active probes that are configured on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border active-probe*May 4 23:47:45.633: OER BR ACTIVE PROBE: Attempting to retrieve ProbeStatistics.probeType = echo, probeTarget = 10.1.5.1, probeTargetPort = 0probeSource = Default, probeSourcePort = 0, probeNextHop = DefaultprobeIfIndex = 13*May 4 23:47:45.633: OER BR ACTIVE PROBE: Completed retrieving ProbeStatistics.probeType = echo, probeTarget = 10.1.5.1, probeTargetPort = 0probeSource = Default, probeSourcePort = 0, probeNextHop = 10.30.30.2probeIfIndex = 13, SAA index = 15*May 4 23:47:45.633: OER BR ACTIVE PROBE: Completions 11, Sum of rtt 172,Max rtt 36, Min rtt 12*May 4 23:47:45.693: OER BR ACTIVE PROBE: Attempting to retrieve ProbeStatistics.probeType = echo, probeTarget = 10.1.4.1, probeTargetPort = 0probeSource = Default, probeSourcePort = 0, probeNextHop = DefaultprobeIfIndex = 13*May 4 23:47:45.693: OER BR ACTIVE PROBE: Completed retrieving ProbeStatistics.probeType = echo, probeTarget = 10.1.4.1, probeTargetPort = 0probeSource = Default, probeSourcePort = 0, probeNextHop = 10.30.30.2probeIfIndex = 13, SAA index = 14Table 2 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer border learn
To display debugging information about learned prefixes on the local border router, use the debug oer border learn command in privileged EXEC mode. To stop the display of debug event information, use the no form of this command.
debug oer border learn [top number]
no debug oer border learn [top number]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer border learn command is entered on a border router. This command is used to display debugging information about prefixes learned on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border learn*May 4 22:51:31.971: OER BR LEARN: Reporting prefix 1: 10.1.5.0, throughput 201*May 4 22:51:31.971: OER BR LEARN: Reporting 1 throughput learned prefixes*May 4 22:51:31.971: OER BR LEARN: State change, new STOPPED, old STARTED, reaon Stop LearnTable 3 describes the significant fields shown in the display.
Table 3 debug oer border learn Field Descriptions
OER BR LEARN:
Indicates debugging information for the OER border router learning process.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer border routes
To display debugging information for OER controlled or monitored routes on the local border router, use the debug oer border routes command in privileged EXEC mode. To stop the display of debug event information, use the no form of this command.
debug oer border routes bgp | static
no debug oer border routes bgp | static
Syntax Description
bgp
Displays debugging information for only BGP routes.
static
Displays debugging information for only static routes.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer border routes command is entered on a border router. This command is used to display the debugging information about OER controlled or monitored routes on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border routes*May 4 22:35:53.239: OER BGP: Control exact prefix 10.1.5.0/24*May 4 22:35:53.239: OER BGP: Walking the BGP table for 10.1.5.0/24*May 4 22:35:53.239: OER BGP: Path for 10.1.5.0/24 is now under OER control*May 4 22:35:53.239: OER BGP: Setting prefix 10.1.5.0/24 as OER net#Table 4 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer border traceroute reporting
To display debugging information for traceroute probes on the local border router, use the debug oer border traceroute reporting command in privileged EXEC mode. To stop the display of debug event information, use the no form of this command.
debug oer border traceroute reporting [detail]
no debug oer border traceroute reporting [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer border traceroute reporting command is entered on a border router. This command is used to display the debugging information about traceroute probes sourced on the local border router.
Examples
The following example enables the display of active-probe debug information on a border router:
Router# debug oer border traceroute reportingMay 19 03:46:23.807: OER BR TRACE(det): Received start message: msg1 458776, msg2 1677787648, if index 19, host addr 100.1.2.1, flags 1, max ttl 30, protocol 17, probe delay 0May 19 03:46:26.811: OER BR TRACE(det): Result msg1 458776, msg2 1677787648 num hops 30 sent May 19 03:47:20.919: OER BR TRACE(det): Received start message: msg1 524312, msg2 1677787648, if index 2, host addr 100.1.2.1, flags 1, max ttl 30, protocol 17, probe delay 0May 19 03:47:23.923: OER BR TRACE(det): Result msg1 524312, msg2 1677787648 num hops 3 sentTable 5 describes the significant fields shown in the display.
Table 5 debug oer border traceroute reporting Field Descriptions
OER BR TRACE:
Indicates border router debugging information for traceroute probes.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer cc
To display OER communication control debugging information for master controller and border router communication, use the debug oer cc command in privileged EXEC mode. To stop the display of OER debugging information, use the no form of this command.
debug oer cc [detail]
no debug oer cc [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer cc command can be entered on a master controller on a border router. This command is used to display messages exchanged between the master controller and the border router. These messages include control commands, configuration commands, and monitoring information. Enabling this command will cause very detailed output to be displayed and can utilize a considerable amount of system resources. This command should be enabled with caution in a production network.
Examples
The following example enables the display of OER communication control debugging messages:
Router# debug oer cc*May 4 23:03:22.527: OER CC: ipflow prefix reset received: 10.1.5.0/24Table 6 describes the significant fields shown in the display.
Table 6 debug oer cc Field Descriptions
OER CC:
Indicates debugging information for OER communication messages.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master border
To display debugging information for OER border router events on an OER master controller, use the debug oer master border command in privileged EXEC mode. To stop border router event debugging, use the no form of this command.
debug oer master border [ip-address]
no debug oer master border
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master border command is entered on a master controller. The output displays information related to the events or updates from one or more border routers.
Examples
The following example shows the status of 2 border routers. Both routers are up and operating normally.
Router# debug oer master borderOER Master Border Router debugging is onRouter#1d05h: OER MC BR 10.4.9.7: BR I/F update, status UP, line 1 index 1, tx bw 100000, rx bw 100000, time, tx ld 0, rx ld 0, rx rate 0 rx bytes 3496553, tx rate 0,tx bytes 50160331d05h: OER MC BR 10.4.9.7: BR I/F update, status UP, line 1 index 2, tx bw 100000, rx bw 100000, time, tx ld 0, rx ld 0, rx rate 0 rx bytes 710149, tx rate 0, tx bytes 10289071d05h: OER MC BR 10.4.9.6: BR I/F update, status UP, line 1 index 2, tx bw 100000, rx bw 100000, time, tx ld 0, rx ld 0, rx rate 0 rx bytes 743298, tx rate 0, tx bytes 10279121d05h: OER MC BR 10.4.9.6: BR I/F update, status UP, line 1 index 1, tx bw 100000, rx bw 100000, time, tx ld 0, rx ld 0, rx rate 0 rx bytes 3491383, tx rate 0,tx bytes 5013993Table 7 describes the significant fields shown in the display.
Table 7 debug oer master border Field Descriptions
OER MC BR ip-address:
Indicates debugging information for a border router process. The ip-address identifies the border router.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master collector
To display data collection debugging information for OER monitored prefixes, use the debug oer master collector command in privileged EXEC mode. To disable the display of this debugging information, use the no form of this command.
debug oer master collector [active-probes [detail [trace]]] | [netflow]
no debug oer master collector [active-probes [detail [trace]]] | [netflow]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master collector command is entered on a master controller. The output displays data collection information for monitored prefixes.
Examples
debug oer master collector active-probes Example
The following example displays aggregate active probe results for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes*May 4 22:34:58.221: OER MC APC: Probe Statistics Gathered for prefix 10.1.0.0/16 on all exits,notifying the PDP*May 4 22:34:58.221: OER MC APC: Summary Exit Data (pfx 10.1.0.0/16, bdr 10.2.2.2, if 13, nxtHop Default):savg delay 13, lavg delay 14, sinits 25, scompletes 25*May 4 22:34:58.221: OER MC APC: Summary Prefix Data: (pfx 10.1.0.0/16) sloss 0, lloss 0, sunreach 25, lunreach 25, savg raw delay 15, lavg raw delay 15, sinits 6561, scompletes 6536, linits 6561, lcompletes 6536*May 4 22:34:58.221: OER MC APC: Active OOP check doneTable 8 describes the significant fields shown in the display.
Table 8 debug oer master collector active-probes Field Descriptions
OER MC APC:
Indicates debugging information for active probes from the r OER master collector.
debug oer master collector active-probes detail Example
The following example displays aggregate active probe results from each target for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes detail*May 4 22:36:21.945: OER MC APC: Rtrv Probe Stats: BR 10.2.2.2, Type echo,Tgt 10.1.1.1,TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13*May 4 22:36:22.001: OER MC APC: Remote stats received: BR 10.2.2.2, Typeecho, Tgt 10.15.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13*May 4 22:36:22.313: OER MC APC: Perf data point (pfx 10.1.0.0/16, bdr10.2.2.2, if 13, xtHop Default): avg delay 20, loss 0, unreach 0,initiations 2, completions 2, delay sum40, ldelay max 20, ldelay min 12*May 4 22:36:22.313: OER MC APC: Perf data point (pfx 10.1.0.0/16, bdr10.2.2.2, if 13, xtHop Default): avg delay 20, loss 0, unreach 0,initiations 2, completions 2, delay sum40, ldelay max 20, ldelay min 12*May 4 22:36:22.313: OER MC APC: Probe Statistics Gathered for prefix10.1.0.0/16 on al exits, notifying the PDP*May 4 22:36:22.313: OER MC APC: Active OOP check doneeTable 9 describes the significant fields shown in the display.
Table 9 debug oer master collector active-probes detail Field Descriptions
OER MC APC:
Indicates debugging information for active probes from the r OER master collector.
debug oer master collector active-probes detail trace Example
The following example displays aggregate active probe results and historical statistics from each target for the 10.1.0.0/16 prefix on all border routers that are configured to execute this active probe:
Router# debug oer master collector active-probes detail trace*May 4 22:40:33.845: OER MC APC: Rtrv Probe Stats: BR 10.2.2.2, Type echo,Tgt 10.1.5.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13*May 4 22:40:33.885: OER MC APC: Remote stats received: BR 10.2.2.2, Typeecho, Tgt 10.1.5.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13*May 4 22:40:34.197: OER MC APC: Remote stats received: BR 10.2.2.2, Typeecho, Tgt 10.1.2.1, TgtPt 0, Src Default, SrcPt 0, NxtHp Default, Ndx 13*May 4 22:40:34.197: OER MC APC: Updating Probe (Type echo Tgt 10.1.2.1TgtPt 0) Total Completes 1306, Total Attempts 1318*May 4 22:40:34.197: OER MC APC: All stats gathered for pfx 10.1.0.0/16Accumulating Stats*May 4 22:40:34.197: OER MC APC: Updating Curr Exit Ref (pfx 10.1.0.0/16,bdr 10.2.2.2, if 13, nxtHop Default) savg delay 17, lavg delay 14, savg loss0, lavg loss 0, savg unreach 0, lavg unreach 0*May 4 22:40:34.197: OER MC APC: Probe Statistics Gathered for prefix10.1.0.0/16 on all exits, notifying the PDP*May 4 22:40:34.197: OER MC APC: Active OOP check doneTable 10 describes the significant fields shown in the display.
Table 10 debug oer master collector active-probes detail trace Field Descriptions
OER MC APC:
Indicates debugging information for active probes from the r OER master collector.
debug oer master collector netflow Example
The following example displays passive monitoring results for the 10.1.5.0/24 prefix:
Router# debug oer master collector netflow*May 4 22:31:45.739: OER MC NFC: Rcvd egress update from BR 10.1.1.2prefix 10.1.5.0/24 Interval 75688 delay_sum 0 samples 0 bytes 20362 pkts 505 flows 359 pktloss 1 unreach 0*May 4 22:31:45.739: OER MC NFC: Updating exit_ref; BR 10.1.1.2 i/f Et1/0, s_avg_delay 655, l_avg_delay 655, s_avg_pkt_loss 328, l_avg_pkt_loss 328, s_avg_flow_unreach 513, l_avg_flow_unreach 513*May 4 22:32:07.007: OER MC NFC: Rcvd ingress update from BR 10.1.1.3prefix 10.1.5.0/24 Interval 75172 delay_sum 42328 samples 77 bytes 22040 pkts 551 flows 310 pktloss 0 unreach 0Table 11 describes the significant fields shown in the display.
Table 11 debug oer master collector netflow Field Descriptions
OER MC NFC:
Indicates debugging information for the OER master collector from passive monitoring (NetFlow).
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master cost-minimization
To display debugging information for cost-based optimization policies, use the debug oer master cost-minimization command in privileged EXEC mode. To disable the display of this debugging information, use the no form of this command.
debug oer master cost-minimization [detail]
no debug oer master cost-minimization [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master cost-minimization command is entered on a master controller. The output displays debugging information for cost-minimization policies.
Examples
The following example displays detailed cost optimization policy debug information:
Router# debug oer master cost-minimization detailOER Master cost-minimization Detail debugging is on*May 14 00:38:48.839: OER MC COST: Momentary target utilization for exit 10.1.1.2 i/f Ethernet1/0 nickname ISP1 is 7500 kbps, time_left 52889 secs, cumulative 16 kb, rollup period 84000 secs, rollup target 6000 kbps, bw_capacity 10000 kbps*May 14 00:38:48.839: OER MC COST: Cost OOP check for border 10.1.1.2, current util: 0 target util: 7500 kbps*May 14 00:39:00.199: OER MC COST: ISP1 calc separate rollup ended at 55 ingress Kbps*May 14 00:39:00.199: OER MC COST: ISP1 calc separate rollup ended at 55 egress bytes*May 14 00:39:00.199: OER MC COST: Target utilization for nickname ISP1 set to 6000, rollups elapsed 4, rollups left 24*May 14 00:39:00.271: OER MC COST: Momentary target utilization for exit 10.1.1.2 i/f Ethernet1/0 nickname ISP1 is 7500 kbps, time_left 52878 secs, cumulative 0 kb, rollup period 84000 secs, rollup target 6000 kbps, bw_capacity 10000 kbps*May 14 00:39:00.271: OER MC COST: Cost OOP check for border 10.1.1.2, current util: 0 target util: 7500 kbpsTable 12 describes the significant fields shown in the display.
Table 12 debug oer master cost-minimization detail Field Descriptions
OER MC COST:
Indicates debugging information for cost-based optimization on the master controller.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master exit
To display debug event information for OER managed exits, use the debug oer master exit command in privileged EXEC mode. To stop the display of debug event information, use the no form of this command.
debug oer master exit [detail]
no debug oer master exit [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master exit command is entered on a master controller. This command is used to display debugging information for master controller exit selection processes.
Examples
The following example shows output form the debug oer master exit command, entered with the detail keyword:
Router# debug oer master exit detail*May 4 11:26:51.539: OER MC EXIT: 10.1.1.1, intf Fa4/0 INPOLICY*May 4 11:26:52.195: OER MC EXIT: 10.2.2.3, intf Se2/0 INPOLICY*May 4 11:26:55.515: OER MC EXIT: 10.1.1.2, intf Se5/0 INPOLICY*May 4 11:29:14.987: OER MC EXIT: 7 kbps should be moved from 10.1.1.1, intf Fa4/0*May 4 11:29:35.467: OER MC EXIT: 10.1.1.1, intf Fa4/0 in holddown state so skip OOP check*May 4 11:29:35.831: OER MC EXIT: 10.2.2.3, intf Se2/0 in holddown state so skip OOP check*May 4 11:29:39.455: OER MC EXIT: 10.1.1.2, intf Se5/0 in holddown state so skip OOP checkRelated Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master learn
To display debug information for OER master controller learning events, use the debug oer master learn command in privileged EXEC mode. To stop the display of debug information, use the no form of this command.
debug oer master learn
no debug oer master learn
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master learn command is entered on a master controller. This command is used to display debugging information for master controller learning events.
Examples
The following example shows output from the debug oer master learn command. The output an shows OER Top Talker debug events. The master controller is enabling prefix learning for new border router process:
Router# debug oer master learn06:13:43: OER MC LEARN: Enable type 3, state 006:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason TT start06:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason TT start request06:13:43: OER MC LEARN: OER TTC: State change, new RETRY, old DISABLED, reason TT start request06:14:13: OER MC LEARN: TTC Retry timer expired06:14:13: OER MC LEARN: OER TTC: State change, new STARTED, old RETRY, reason Atleast one BR started06:14:13: %OER_MC-5-NOTICE: Prefix Learning STARTED06:14:13: OER MC LEARN: MC received BR TT status as enabled06:14:13: OER MC LEARN: MC received BR TT status as enabled06:19:14: OER MC LEARN: OER TTC: State change, new WRITING DATA, old STARTED, reason Updating DB06:19:14: OER MC LEARN: OER TTC: State change, new SLEEP, old WRITING DATA, reason Sleep stateTable 13 describes the significant fields shown in the display.
Table 13 debug oer master learn Field Descriptions
OER MC LEARN:
Indicates OER master controller learning events.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master prefix
To display debug events related to prefix processing on an OER master controller, use the debug oer master prefix command in privileged EXEC mode. To disable the display of debug information, use the no form of this command.
debug oer master prefix [prefix] [detail]
no debug oer master prefix [prefix] [detail]
Syntax Description
prefix
Specifies a single prefix or prefix range. The prefix address and mask are entered with this argument.
detail
Displays detailed OER prefix processing information.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master prefix command is entered on a master controller. This command displays debugging information related to prefix monitoring and processing.
Examples
The following example shows output from the debug oer master prefix command. The output an shows the master controller searching for the target of an active probe after the target has become unreachable.
Router# debug oer master prefixOER Master Prefix debugging is on06:01:28: OER MC PFX 10.4.9.0/24: APC last target deleted for prefix, no targetsleft assigned and running06:01:38: OER MC PFX 10.4.9.0/24: APC Attempting to probe all exits06:02:59: OER MC PFX 10.4.9.0/24: APC last target deleted for prefix, no targetsleft assigned and running06:03:08: OER MC PFX 10.4.9.0/24: APC Attempting to probe all exits06:04:29: OER MC PFX 10.4.9.0/24: APC last target deleted for prefix, no targetsleft assigned and running06:04:39: OER MC PFX 10.4.9.0/24: APC Attempting to probe all exits06:05:59: OER MC PFX 10.4.9.0/24: APC last target deleted for prefix, no targetsleft assigned and running06:06:09: OER MC PFX 10.4.9.0/24: APC Attempting to probe all exitsTable 14 describes the significant fields shown in the display.
Table 14 debug oer master prefix Field Descriptions
OER MC PFX ip-address:
Indicates debugging information for OER monitored prefixes. The ip-address identifies the prefix.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master prefix-list
To display debug events related to prefix-list processing on an OER master controller, use the debug oer master prefix-list command in privileged EXEC mode. To disable the display of debug information, use the no form of this command.
debug oer master prefix-list list-name [detail]
no debug oer master prefix-list list-name
Syntax Description
list-name
Specifies a single prefix or prefix range. The prefix address and mask are entered with this argument.
detail
(Optional) Displays detailed OER prefix-list processing information.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master prefix-list command is entered on a master controller. This command displays debugging information related to prefix-list processing.
Examples
The following example shows output from the debug oer master prefix-list command.
Router# debug oer master prefix-list23:02:16.283: OER MC PFX 10.1.5.0/24: Check PASS REL loss: loss 0, policy 10%, notify TRUE23:02:16.283: OER MC PFX 10.1.5.0/24: Passive REL loss in-policy23:02:16.283: OER MC PFX 10.1.5.0/24: Check PASS REL delay: delay 124, policy 50%, notify TRUE23:02:16.283: OER MC PFX 10.1.5.0/24: Passive REL delay in policy23:02:16.283: OER MC PFX 10.1.5.0/24: Prefix not OOP23:02:16.283: OER MC PFX 10.1.5.0/24: Check PASS REL unreachable: unreachable 0, policy 50%, notify TRUE23:02:16.283: OER MC PFX 10.1.5.0/24: Passive REL unreachable in-policy23:02:16.283: OER MC PFX 10.1.5.0/24: Check PASS REL loss: loss 0, policy 10%, notify TRUE23:02:16.283: OER MC PFX 10.1.5.0/24: Passive REL loss in policyTable 15 describes the significant fields shown in the display.
Table 15 debug oer master prefix-list Field Descriptions
OER MC PFX ip-address:
Indicates debugging information for OER monitored prefixes. The ip-address identifies the prefix.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master process
To display debug information about the OER master controller process, use the debug oer master process command in privileged EXEC mode. To stop displaying debug information, use the no form of this command.
debug oer master process
no debug oer master process
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master process command is entered on a master controller.
Examples
The following sample debug output for a master controller process:
Router# debug oer master process01:12:00: OER MC PROCESS: Main msg type 15, ptr 0, value 0Table 16 describes the significant fields shown in the display.
Table 16 debug oer master process Field Descriptions
OER MC PROCESS:
Indicates a master controller master process debugging message.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
debug oer master traceroute reporting
To display debug information about traceroute probes, use the debug oer master traceroute reporting command in privileged EXEC mode. To stop displaying debug information, use the no form of this command.
debug oer master traceroute reporting [detail]
no debug oer master traceroute reporting [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The debug oer master traceroute reporting command is entered on a master controller. This command is used to display traceroute events on a master controller.
Examples
The following sample debug output for a master controller process:
Router# debug oer master traceroute reporting detail*May 12 18:55:14.239: OER MC TRACE: sent start message msg1 327704, msg2 167838976, if index 2, host add 10.1.5.2, flags 1, max ttl 30, protocl 17*May 12 18:55:16.003: OER MC TRACE: sent start message msg1 393240, msg2 167838976, if index 2, host add 10.1.5.2, flags 1, max ttl 30, protocl 17*May 12 18:55:17.303: OER MC TRACE: Received result: msg_id1 327704, prefix 10.1.5.0/24, hops 4, flags 1*May 12 18:55:19.059: OER MC TRACE: Received result: msg_id1 393240, prefix 10.1.5.0/24, hops 4, flags 1
Table 17 describes the significant fields shown in the display.
Table 17 debug oer master traceroute reporting detail Field Descriptions
OER MC PROCESS:
Indicates master controller debugging information for traceroute probes.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer border
To display information about an OER border router connection and OER controlled interfaces, use the show oer border command in privileged EXEC mode.
show oer border
Syntax Description
This command has no keywords or arguments
Defaults
No default behavior or values
Command Modes
privileged EXEC
Command History
Usage Guidelines
The show oer border command is entered on an OER border router. The output displays information about the border router and master controller connection status and border router interfaces.
Examples
The following example shows the status of a border router:
Router# show oer borderOER BR 10.1.1.3 ACTIVE, MC 10.1.1.1 UP/DOWN: UP 00:57:55,Auth Failures: 0Conn Status: SUCCESS, PORT: 3949ExitsEt0/0 INTERNALEt1/0 EXTERNALTable 18 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer border active-probes
To display connection status and information about active probes on an OER border router, use the show oer border active-probes command in Privileged EXEC mode.
show oer border active-probes
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer border active-probes command is entered on a border router. This command displays target active-probe assignment for a given prefix and the current probing status including the border router or border routers that are executing the active probes.
Examples
The following example shows three active probes each configured for a different prefix. The target port, source IP address, and exit interface is displayed in the output.
Router# show oer border active-probesOER Border active-probesType = Probe TypeTarget = Target IP AddressTPort = Target PortSource = Send From Source IP AddressInterface = Exit interfaceAtt = Number of AttemptsComps = Number of completionsN - Not applicableType Target TPort Source Interface Att Compsudp-echo 10.4.5.1 80 10.0.0.1 Et1/0 1 0tcp-conn 10.4.7.1 33 10.0.0.1 Et1/0 1 0echo 10.4.9.1 N 10.0.0.1 Et1/0 2 2Table 19 describes the significant fields shown in the display.
Related Commands
Configures active probes to monitor an OER controlled prefixes.
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer border passive cache
To display passive measurement information collected by NetFlow for OER monitored prefixes and traffic flows, use the show oer border passive cache command in Privileged EXEC mode.
show oer border passive cache {learned | prefix}
Syntax Description
learned
Displays information about learned prefixes.
prefix
Displays the metrics, associated interfaces and routing information for prefixes monitored by OER.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer border passive cache command is entered on a border router. This command displays real-time prefix information collected from the border router through NetFlow passive monitoring.
Entering the learned keyword displays learned prefixes. A maximum of 5 host addresses and 5 ports are collected for each prefix. The output will also show the throughput in bytes and the delay in milliseconds.
Entering the prefix keyword displays the metrics captured for monitored prefixes. This information includes the number of packets and bytes per packet, the delay, the number of delay samples, the amount of packet loss, the number of unreachable flows, and the interfaces that the flow travels through.
Examples
The following example displays passive monitoring information about learned prefixes:
Router# show oer border passive cache learnedOER Learn Cache:State is enabledMeasurement type: throughput, Duration: 2 minAggregation type: prefix-length, Prefix length: 244096 oer-flows per chunk,22 chunks allocated, 32 max chunks,1 allocated records, 90111 free records, 8913408 bytes allocatedPrefix Mask Pkts B/Pk Delay Samples ActiveHost1 Host2 Host3 Host4 Host5dport1 dport2 dport3 dport4 dport510.1.5.0 /24 17K 46 300 2 45.110.1.5.2 10.1.5.3 0.0.0.0 0.0.0.0 0.0.0.01024 80 0 0 0Table 20 describes the significant fields shown in the display.
The following example displays the metrics captured for monitored prefixes:
Router# show oer border passive cache prefixOER Passive Prefix Cache, State: enabled, 278544 bytes1 active, 4095 inactive, 2 added82 ager polls, 0 flow alloc failuresActive flows timeout in 1 minutesInactive flows timeout in 15 secondsIP Sub Flow Cache, 17416 bytes2 active, 1022 inactive, 4 added, 2 added to flow0 alloc failures, 0 force free1 chunk, 2 chunks addedPrefix NextHop Src If Dst IfFlows Pkts B/Pk Active sDly #Dly PktLos #UnRch------------------------------------------------------------------------------10.1.5.0/24 10.1.2.2 Et0/0 Et1/0381 527 40 65.5 300 2 10 1Table 21 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer border passive prefixes
To display information about passive monitored prefixes, use the show oer border passive prefixes command in Privileged EXEC mode.
show oer border passive prefixes
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer border passive prefix command is entered on a border router. The output of this command displays prefixes monitored by NetFlow on the border router. The prefixes displayed in the output are monitored by the master controller.
Examples
The following example shows a prefix that is passively monitored by NetFlow:
Router# show oer border passive prefixesOER Passive monitored prefixes:Prefix Mask Match Type10.1.5.0 /24 exactTable 22 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer border routes
To display information about OER controlled routes, use the show oer border routes command in Privileged EXEC mode.
show oer border routes {bgp | static}
Syntax Description
bgp
Displays information for OER controlled routes that are learned from BGP.
static
Displays information for OER controlled static routes.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer border routes command is entered on a border router. This command is used to display information about OER controlled routes on a border router. You can display information about BGP or static routes.
Examples
The following example displays BGP learned routes on a border router:
Router# show oer border routes bgpOER BR 10.1.1.2 ACTIVE, MC 10.1.1.3 UP/DOWN: UP 00:10:08,Auth Failures: 0Conn Status: SUCCESS, PORT: 3949BGP table version is 12, local router ID is 10.10.10.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteOER Flags: C - Controlled, X - Excluded, E - Exact, N - Non-exact, I - InjectedNetwork Next Hop OER LocPrf Weight Path*> 10.1.0.0/16 10.40.40.2 CE 0 400 600 iTable 23 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master
To display information about an OER master controller, use the show oer master command in Privileged EXEC mode.
show oer master
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer master command is entered on a master controller. The output of this command displays information about the status of the OER managed network; this includes information about the master controller, the border routers, OER managed interfaces, and default and user-defined policy settings.
Examples
The following example displays the status of an OER managed network on a master controller:
Router# show oer masterOER state: ENABLED and ACTIVEConn Status: SUCCESS, PORT: 3949Number of Border routers: 2Number of Exits: 2Number of monitored prefixes: 10 (max 5000)Border Status UP/DOWN AuthFail10.4.9.7 ACTIVE UP 02:54:40 010.4.9.6 ACTIVE UP 02:54:40 0Global Settings:max-range-utilization percent 20mode route metric bgp local-pref 5000mode route metric static tag 5000trace probe delay 1000loggingDefault Policy Settings:backoff 300 3000 300delay relative 50holddown 300periodic 0mode route controlmode monitor bothmode select-exit bestloss relative 10unreachable relative 50resolve delay priority 11 variance 20resolve utilization priority 12 variance 20Learn Settings:current state : SLEEPtime remaining in current state : 4567 secondsthroughputdelayno protocolmonitor-period 10periodic-interval 20aggregation-type bgpprefixes 100expire after time 720Table 24 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master active-probes
To display connection and status information about active probes on an OER master controller, use the show oer master active-probes command in Privileged EXEC mode.
show oer master active-probes
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer master active-probes command is entered on a master controller. This command is used to display the status of active probes. The output from this command displays the active probe type and destination, the border router that is the source of the active probe, the target prefixes that are used for active probing, and wether the probe was learned or configured.
Examples
The following example shows the status of configured and running active probes:
Router# show oer master active-probesOER Master Controller active-probesBorder = Border Router running this ProbeState = Un/Assigned to a PrefixPrefix = Probe is assigned to this PrefixType = Probe TypeTarget = Target AddressTPort = Target PortHow = Was the probe Learned or ConfiguredN - Not applicableThe following Probes exist:State Prefix Type Target TPort HowAssigned 10.1.1.1/32 echo 10.1.1.1 N LrndAssigned 10.1.4.0/24 echo 10.1.4.1 N LrndAssigned 10.1.2.0/24 echo 10.1.2.1 N LrndAssigned 10.1.4.0/24 udp-echo 10.1.4.1 65534 CfgdAssigned 10.1.3.0/24 echo 10.1.3.1 N CfgdAssigned 10.1.2.0/24 tcp-conn 10.1.2.1 23 CfgdThe following Probes are running:Border State Prefix Type Target TPort192.168.2.3 ACTIVE 10.1.4.0/24 udp-echo 10.1.4.1 65534172.16.1.1 ACTIVE 10.1.2.0/24 tcp-conn 10.1.2.1 23Table 25 describes the significant fields shown in the display.
Related Commands
Configures active probes to monitor an OER controlled prefixes.
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master border
To display the status of connected OER border routers, use the show oer master border command in Privileged EXEC mode.
show oer master border [ip-address] [detail]
Syntax Description
ip-address
Specifies the IP address of a single border router.
detail
Displays detailed information.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer master border command is entered on a master controller. The output of this command shows the status of connections with border routers.
Examples
The following example displays the status of border router connections with a master controller:
Router# show oer master borderBorder Status UP/DOWN AuthFail10.4.9.7 INACTIVE DOWN 010.4.9.6 ACTIVE UP 00:42:31 0Table 26 describes the significant fields shown in the display.
The following example displays detail information about border router connections with a master controller:
Router# show oer master border detailBorder Status UP/DOWN AuthFail10.4.9.7 INACTIVE DOWN 0Fa0/0 EXTERNAL UnverifiedFa0/1 INTERNAL UnverifiedExternal Capacity Max BW BW Used Tx Load StatusInterface (kbps) (kbps) (kbps) (%)--------- -------- ------ ------- ------- --------------------------------------------------------------------------------------Border Status UP/DOWN AuthFail10.4.9.6 ACTIVE UP 00:42:50 0Fa0/1 INTERNAL UPFa0/0 EXTERNAL UPExternal Capacity Max BW BW Used Tx Load StatusInterface (kbps) (kbps) (kbps) (%)--------- -------- ------ ------- ------- ------Fa0/0 100000 75000 0 0 UPTable 27 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master cost-minimization
To display the status of cost-based optimization policies, use the show oer master cost-minimization command in Privileged EXEC mode.
show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer master cost-minimization command is entered on a master controller. The output of this command shows the status the status of cost-based policies.
Examples
The following example displays the billing history for cost policies:
Router# show oer master cost-minimization billing-historyBilling History for the past three monthsNo cost min on 10.1.1.3 Et1/0ispname on 10.1.1.2 Et1/0Mon1 Mon2 Mon3Nickname SustUtil Cost SustUtil Cost SustUtil Cost---------- ------------------ ------------------ ------------------ispname ---NA--- ---NA--- ---NA------------- ------------------ ------------------ ------------------Total Cost 0 0 0Table 28 describes the significant fields shown in the display.
The following example displays cost optimization information for only Ethernet 1/0:
Router# show oer master cost-minimization border 10.1.1.2 Ethernet1/0Nickname : ispname Border: 10.1.1.2 Interface: Et1/0Calc type : CombinedStart Date: 20Fee : Tier BasedTier1 : 100, fee: 10000Tier2 : 90, fee: 9000Period : Sampling 22, Rollup 1400Discard : Type Percentage, Value 22Rollup Information:Total Discard Left Collected60 13 36 0Current Rollup Information:MomentaryTgtUtil: 7500 Kbps CumRxBytes: 38669StartingRollupTgt: 7500 Kbps CumTxBytes: 39572CurrentRollupTgt: 7500 Kbps TimeRemain: 09:11:01Rollup Utilization (Kbps):Egress/Ingress Utilization Rollups (Descending order)1 : 0 2 : 0Table 29 describes the significant fields shown in the display.
The following example displays cost optimization information for the specified service provider:
Router# show oer master cost-minimization nickname ISP1Nickname : ISP1 Border: 10.1.1.2 Interface: Et1/0Calc type : CombinedStart Date: 20Fee : Tier BasedTier1 : 100, fee: 10000Tier2 : 90, fee: 9000Period : Sampling 22, Rollup 1400Discard : Type Percentage, Value 22Rollup Information:Total Discard Left Collected60 13 36 0Current Rollup Information:MomentaryTgtUtil: 7500 Kbps CumRxBytes: 38979StartingRollupTgt: 7500 Kbps CumTxBytes: 39692CurrentRollupTgt: 7500 Kbps TimeRemain: 09:10:49Rollup Utilization (Kbps):Egress/Ingress Utilization Rollups (Descending order)1 : 0 2 : 0Table 30 describes the significant fields shown in the display.
Related Commands
show oer master policy
To display policy settings on an OER master controller, use the show oer master policy command in Privileged EXEC mode.
show oer master policy [sequence-number] [policy-name] | [default]
Syntax Description
sequence-number
Displays only the specified oer-map sequence.
policy-name
Displays only the specified oer-map name.
default
Displays only default policy information.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show oer master policy command is entered on a master controller. The output of this command displays default policy and policies configured with an oer-map. The * character is displayed next to policy settings that override default settings.
Examples
The following example displays default policy and policies configured in an oer-map named CUSTOMER:
Router# show oer master policyDefault Policy Settings:backoff 300 3000 300delay relative 50holddown 300periodic 0mode route controlmode monitor bothmode select-exit bestloss relative 10unreachable relative 50resolve delay priority 11 variance 20resolve utilization priority 12 variance 20oer-map CUSTOMER 10match ip prefix-lists: NAMEbackoff 300 3000 300delay relative 50holddown 300periodic 0mode route controlmode monitor bothmode select-exit bestloss relative 10unreachable relative 50*resolve utilization priority 1 variance 10*resolve delay priority 11 variance 20oer-map CUSTOMER 20match ip prefix-lists:match oer learn delaybackoff 300 3000 300delay relative 50holddown 300periodic 0*mode route controlmode monitor bothmode select-exit bestloss relative 10unreachable relative 50resolve delay priority 11 variance 20resolve utilization priority 12 variance 20* Overrides Default Policy SettingTable 31 describes the significant fields shown in the display.
Related Commands
Enables an OER process and configures a router as an OER border router or as an OER master controller.
show oer master prefix
To display the status of monitored prefixes, use the show oer master prefix command in Privileged EXEC mode.
show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current ] [now]]]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
12.3(8)T
This command was introduced.
12.3(14)T
Support for traceroute reporting was added.
Usage Guidelines
The show oer master prefix command is entered on a master controller. This command is used to display the status of monitored prefixes. The output from this command includes information about the source border router, current exit interface, prefix delay, and egress and ingress interface bandwidth. The output can be filtered to display information for only a single prefix, learned prefixes, and prefixes learned based on delay or throughput.
The traceroute keyword is used to display traceroute probe results. The output generated by this keyword provides hop by hop statistics to the probe target network. The output can be filtered to display information for only the exit ID (OER assigns an ID number to each exit interface) or the specified border router. The current keyword displays traceroute probe results from the most recent trace route probe. The now keyword initiates a new traceroute probe and displays the results.
Examples
The following example shows the status of a monitored prefix:
Router# show oer master prefixOER Prefix Stats:Dly: Delay in msEBw: Egress BandwidthIBw: Ingress BandwidthPrefix State Curr BR CurrI/F Dly EBw IBw----------------------------------------------------------10.1.5.0/24 INPOLICY 10.1.1.2 Et1/0 19 1 1Table 32 describes the significant fields shown in the display.
The following output shows the detailed status of a monitored prefix.
Router# show oer master prefix detailPrefix: 10.1.1.0/26State: DEFAULT* Time Remaining: @7Policy: DefaultMost recent data per exitBorder Interface PasSDly PasLDly ActSDly ActLDly*10.2.1.1 Et1/0 181 181 250 25010.2.1.2 Et2/0 0 0 351 35110.3.1.2 Et3/0 0 0 94 943Latest Active Stats on Current Exit:Type Target TPort Attem Comps DSum Min Max Dlyecho 10.1.1.1 N 2 2 448 208 240 224echo 10.1.1.2 N 2 2 488 228 260 244echo 10.1.1.3 N 2 2 568 268 300 284Prefix performance history recordsCurrent index 2, S_avg interval(min) 5, L_avg interval(min) 60Age Border Interface OOP/RteChg ReasonsPas: DSum Samples DAvg PktLoss Unreach Ebytes Ibytes Pkts FlowsAct: Dsum Attempts DAvg Comps Unreach00:00:03 10.1.1.1 Et1/00 0 0 0 0 0 0 0 01504 6 250 6 0Table 33 describes the significant fields shown in the display.
The following example shows prefix statistics from a traceroute probing:
Router# show oer master prefix 10.1.5.0/24 traceroute* - current exit, + - control more specificEx - Exit ID, Delay in msec--------------------------------------------------------------------------------Path for Prefix: 10.1.5.0/24 Target: 10.1.5.2Exit ID: 2, Border: 10.1.1.3 External Interface: Et1/0Status: DONE, How Recent: 00:00:08 minutes oldHop Host Time(ms) BGP1 10.1.4.2 8 02 10.1.3.2 8 3003 10.1.5.2 20 50--------------------------------------------------------------------------------Exit ID: 1, Border: 10.1.1.2 External Interface: Et1/0Status: DONE, How Recent: 00:00:06 minutes oldHop Host Time(ms) BGP1 0.0.0.0 3012 02 10.1.3.2 12 1003 10.1.5.2 12 50--------------------------------------------------------------------------------Table 34 describes the significant fields shown in the display.
Related Commands
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
