cisco ios optimized edge routing configuration guide, release 12.4
TRANSCRIPT
Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 526-4100
Cisco IOS Optimized Edge Routing Configuration GuideRelease 12.4
Customer Order Number: DOC-7817876=Text Part Number: 78-17876-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco IOS Optimized Edge Routing Configuration Guide© 2005–2006 Cisco Systems, Inc. All rights reserved.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)
iiiCisco IOS Optimized Edge Routing Configuration Guide
C O N T E N T S
About Cisco IOS Software Documentation for Release 12.4 ix
Documentation Objectives ix
Audience ix
Documentation Organization for Cisco IOS Release 12.4 x
Document Conventions xvi
Obtaining Documentation xvii
Cisco.com xvii
Product Documentation DVD xviii
Ordering Documentation xviii
Documentation Feedback xviii
Cisco Product Security Overview xix
Reporting Security Problems in Cisco Products xix
Obtaining Technical Assistance xx
Cisco Technical Support & Documentation Website xx
Submitting a Service Request xx
Definitions of Service Request Severity xxi
Obtaining Additional Publications and Information xxi
Using Cisco IOS Software for Release 12.4 xxiii
Understanding Command Modes xxiii
Getting Help xxiv
Example: How to Find Command Options xxv
Using the no and default Forms of Commands xxviii
Saving Configuration Changes xxviii
Filtering Output from the show and more Commands xxix
Finding Additional Feature Support Information xxix
Cisco IOS Optimized Edge Routing Configuration 1
Contents 2
Prerequisites for Cisco IOS Optimized Edge Routing 2
Restrictions for Cisco IOS Optimized Edge Routing 2
Information About Cisco IOS Optimized Edge Routing 3
Cisco IOS Optimized Edge Routing Overview 4
Cisco IOS OER: A Typical Deployment 4
Contents
ivCisco IOS Optimized Edge Routing Configuration Guide
Cisco IOS OER: Optimizes for Performance 5
Cisco IOS OER Network Components 6
Cisco IOS OER Network Components: Master Controller 6
Cisco IOS OER Network Components: Border Router 6
Cisco IOS OER Network Components: Interfaces 6
Cisco IOS OER Managed Network 8
Cisco IOS OER Managed Network: Central Policy Database 9
Cisco IOS OER Managed Network: Policy Enforcement Point 9
Cisco IOS OER Prefix Learning 9
Cisco IOS OER Prefix Learning: Automatic Prefix Learning 9
Cisco IOS OER Prefix Learning: Manually Selecting Prefixes 10
Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning 10
Cisco IOS OER Prefix Learning: Prefix Transition States 10
Cisco IOS OER Monitoring 11
Cisco IOS OER Monitoring: Passive Monitoring 11
Cisco IOS OER Monitoring: Active Monitoring 12
Cisco IOS OER Monitoring: Combined Monitoring 13
Cisco IOS OER Monitoring: Traceroute Reporting 13
Cisco IOS OER Modes of Operation 13
Cisco IOS OER Modes of Operation: Observe Mode 13
Cisco IOS OER Modes of Operation: Control Mode 14
Cisco IOS OER Routing Control 14
Cisco IOS OER Routing: Border Router Peering with the Internal Network 15
Cisco IOS OER Routing: BGP Peering 15
Cisco IOS OER Routing: BGP Redistribution into an IGP 15
Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute 16
Cisco IOS OER Routing: Static Routing and Static Route Redistribution 16
Cisco IOS OER Routing: Injecting Split Prefixes 16
Cisco IOS OER Policy Configuration 16
Cisco IOS OER Policy Configuration: Prefix Policies 16
Cisco IOS OER Policy Configuration: Exit Link Policies 17
Cisco IOS OER Policy Configuration: Cost-Based Optimization 17
Cisco IOS OER Policy Configuration: Optimal Exit Link Selection 19
Cisco IOS OER Policy Configuration: Load Distribution 19
Cisco IOS OER Policy Configuration: Global Policies 19
Cisco IOS OER Policy Configuration: Applying Policies with an OER Map 19
Cisco IOS OER Policy Configuration: Resolving Policies 20
VPN IPSec/GRE Tunnel Interface Optimization 21
Cisco IOS OER Logging and Reporting 21
Cisco IOS OER Deployment Configurations 22
Contents
vCisco IOS Optimized Edge Routing Configuration Guide
How to Configure Cisco IOS Optimized Edge Routing 23
Minimum Master Controller Configuration 24
Master Controller 24
Disabling a Master Controller Process 24
Manual Port Configuration 24
Prerequisites 24
Restrictions 25
Examples 29
What to Do Next 29
Minimum Border Router Configuration 29
Border Router 29
Interface Configuration 30
Disabling a Border Router Process 30
Prerequisites 30
Restrictions 30
Examples 32
What to Do Next 33
Configuring Prefix Learning 33
Defaults 33
What to Do Next 36
Manually Selecting Prefixes for Monitoring 36
Manually Excluding Prefixes 36
OER Map Operation 37
Examples 38
What to Do Next 38
Configuring Active Probing 38
Active Probing over eBGP Peerings 39
ICMP Echo Probes 39
Defaults 39
Examples 40
What to Do Next 41
Configuring the Source Address of an Active Probe 41
Defaults 41
Example 42
What to Do Next 42
Configuring Traceroute Reporting 42
Defaults 43
Example 45
What to Do Next 45
Configuring Prefix and Exit Link Policies 45
Contents
viCisco IOS Optimized Edge Routing Configuration Guide
Prefix Policies 45
Exit Link Policies 46
Adjusting Cisco IOS OER Timers 46
Examples 49
What to Do Next 49
Configuring Cost-Based Optimization 50
Examples 52
What to Do Next 52
Configuring Resolve Policies 52
Setting Variance for Resolve Policies 52
Examples 54
What to Do Next 54
Configuring Cisco IOS OER Modes of Operation 54
Observe Mode 54
Control Mode 54
Optimal Exit Link Selection 55
Examples 56
What to Do Next 56
Configuring OER Policies with an OER Map 56
OER Map Operation 56
IP Prefix Lists 57
Adjusting OER Timers 57
Examples 62
What to do Next 63
Configuring Policy Rules for OER Maps 63
Prerequisites 63
Examples 64
What to Do Next 64
Configuring iBGP Peering on the Border Routers 64
Prerequisites 65
Examples 66
What to Do Next 66
Configuring BGP Redistribution into an IGP on the Border Routers 67
Prerequisites 67
Restrictions 67
Examples 69
What to Do Next 70
Configuring Static Route Redistribution on the Border Routers 70
Prerequisites 71
Restrictions 71
Contents
viiCisco IOS Optimized Edge Routing Configuration Guide
Examples 73
What to Do Next 73
Configuring Static Route Redistribution into EIGRP 73
Prerequisites 73
Restrictions 74
Examples 76
Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels 76
Routing Prefixes that are Protected with IPSec over GRE Tunnels 77
GRE Tunnel Interfaces are Configured as OER Managed Exit Links 77
Prerequisites 77
Restrictions 77
Border Router Configuration 77
Examples 83
What to Do Next 83
Master Controller Configuration 84
Examples 85
Verifying Cisco IOS OER Configuration 85
Using Cisco IOS OER Clear Commands 88
Using Cisco IOS OER Debug Commands 89
Configuration Examples for Cisco IOS Optimized Edge Routing 91
Master Controller and Two Border Routers Deployment: Example 91
OER MC Configuration 91
BR 1 Configuration 92
BR 2 Configuration 92
Internal Peer Configuration 93
Master Controller and Border Router Deployed on a Single Router: Example 94
BR 1 Configuration: Master/Border with Load Distribution 94
BR 2 Configuration 95
Internal Peer Configuration 95
Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example 96
Central VPN Configuration: OER Master 96
Central VPN Configuration: BR1 97
Central VPN Configuration: BR 2 98
Central VPN Configuration: Internal Peers 99
!VPN A Configuration: MC/BR 99
VPN B Configuration: OER Master 101
VPN B Configuration: BR 1 101
VPN B Configuration: BR 2 102
VPN B Configuration: Internal Peers 103
Additional References 103
Contents
viiiCisco IOS Optimized Edge Routing Configuration Guide
Related Documents 103
Standards 104
MIBs 104
RFCs 104
Technical Assistance 104
ixCisco IOS Optimized Edge Routing Configuration Guide
About Cisco IOS Software Documentation for Release 12.4
This chapter describes the objectives, audience, organization, and conventions of Cisco IOS software documentation. It also provides sources for obtaining documentation, technical assistance, and additional publications and information from Cisco Systems. It contains the following sections:
• Documentation Objectives, page ix
• Audience, page ix
• Documentation Organization for Cisco IOS Release 12.4, page x
• Document Conventions, page xvi
• Obtaining Documentation, page xvii
• Documentation Feedback, page xviii
• Cisco Product Security Overview, page xix
• Obtaining Technical Assistance, page xx
• Obtaining Additional Publications and Information, page xxi
Documentation ObjectivesCisco IOS software documentation describes the tasks and commands available to configure and maintain Cisco networking devices.
AudienceThe Cisco IOS software documentation set is intended primarily for users who configure and maintain Cisco networking devices (such as routers and switches) but who may not be familiar with the configuration and maintenance tasks, the relationship among tasks, or the Cisco IOS software commands necessary to perform particular tasks. The Cisco IOS software documentation set is also intended for those users experienced with Cisco IOS software who need to know about new features, new configuration options, and new software characteristics in the current Cisco IOS software release.
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xCisco IOS Optimized Edge Routing Configuration Guide
Documentation Organization for Cisco IOS Release 12.4The Cisco IOS Release 12.4 documentation set consists of the configuration guide and command reference pairs listed in Table 1 and the supporting documents listed in Table 2. The configuration guides and command references are organized by technology. For the configuration guides:
• Some technology documentation, such as that for DHCP, contains features introduced in Releases 12.2T and 12.3T and, in some cases, Release 12.2S. To assist you in finding a particular feature, a roadmap document is provided.
• Other technology documentation, such as that for OSPF, consists of a chapter and accompanying Release 12.2T and 12.3T feature documents.
Note In some cases, information contained in Release 12.2T and 12.3T feature documents augments or supersedes content in the accompanying documentation. Therefore it is important to review all feature documents for a particular technology.
Table 1 lists the Cisco IOS Release 12.4 configuration guides and command references.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References
Configuration Guide and Command Reference Titles
Description
IP
Cisco IOS IP Addressing Services Configuration Guide, Release 12.4
Cisco IOS IP Addressing Services Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP addressing and services, including Network Address Translation (NAT), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP). The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS IP Application Services Configuration Guide, Release 12.4
Cisco IOS IP Application ServicesCommand Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP application services, including IP access lists, Web Cache Communication Protocol (WCCP), Gateway Load Balancing Protocol (GLBP), Server Load Balancing (SLB), Hot Standby Router Protocol (HSRP), and Virtual Router Redundancy Protocol (VRRP). The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS IP Mobility Configuration Guide, Release 12.4
Cisco IOS IP Mobility Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Mobile IP and Cisco Mobile Networks. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS IP MulticastConfiguration Guide, Release 12.4
Cisco IOS IP Multicast Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP multicast, including Protocol Independent Multicast (PIM), Internet Group Management Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP), and Multicast Source Discovery Protocol (MSDP). The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4
Cisco IOS IP Routing Protocols Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP routing protocols, including Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), and Open Shortest Path First (OSPF). The command reference provides detailed information about the commands used in the configuration guide.
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xiCisco IOS Optimized Edge Routing Configuration Guide
Cisco IOS IP Switching Configuration Guide, Release 12.4
Cisco IOS IP Switching Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP switching features, including Cisco Express Forwarding, fast switching, and Multicast Distributed Switching (MDS). The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS IPv6 Configuration Guide, Release 12.4
Cisco IOS IPv6 Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring IP version 6 (IPv6), including IPv6 broadband access, IPv6 data-link layer, IPv6 multicast routing, IPv6 quality of service (QoS), IPv6 routing, IPv6 services and management, and IPv6 tunnel services. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4
Cisco IOS Optimized Edge Routing Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Optimized Edge Routing (OER) features, including OER prefix learning, OER prefix monitoring, OER operational modes, and OER policy configuration. The command reference provides detailed information about the commands used in the configuration guide.
Security and VPN
Cisco IOS Security Configuration Guide, Release 12.4
Cisco IOS Security Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring various aspects of security, including terminal access security, network access security, accounting, traffic filters, router access, and network data encryption with router authentication. The command reference provides detailed information about the commands used in the configuration guide.
QoS
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
Cisco IOS Quality of Service Solutions Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring quality of service (QoS) features, including traffic classification and marking, traffic policing and shaping, congestion management, congestion avoidance, and signaling. The command reference provides detailed information about the commands used in the configuration guide.
LAN Switching
Cisco IOS LAN Switching Configuration Guide, Release 12.4
Cisco IOS LAN Switching Command Reference, Release 12.4
The configuration guide is a task-oriented guide to local-area network (LAN) switching features, including configuring routing between virtual LANs (VLANs) using Inter-Switch Link (ISL) encapsulation, IEEE 802.10 encapsulation, and IEEE 802.1Q encapsulation. The command reference provides detailed information about the commands used in the configuration guide.
Multiprotocol Label Switching (MPLS)
Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4
Cisco IOS Multiprotocol Label Switching Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Multiprotocol Label Switching (MPLS), including MPLS Label Distribution Protocol, MPLS traffic engineering, and MPLS Virtual Private Networks (VPNs). The command reference provides detailed information about the commands used in the configuration guide.
Network Management
Cisco IOS IP SLAs Configuration Guide, Release 12.4
Cisco IOS IP SLAs Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring the Cisco IOS IP Service Level Assurances (IP SLAs) feature. The command reference provides detailed information about the commands used in the configuration guide.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)
Configuration Guide and Command Reference Titles
Description
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xiiCisco IOS Optimized Edge Routing Configuration Guide
Cisco IOS NetFlow Configuration Guide, Release 12.4
Cisco IOS NetFlow Command Reference, Release 12.4
The configuration guide is a task-oriented guide to NetFlow features, including configuring NetFlow to analyze network traffic data, configuring NetFlow aggregation caches and export features, and configuring Simple Network Management Protocol (SNMP) and NetFlow MIB features. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Network Management Configuration Guide, Release 12.4
Cisco IOS Network Management Command Reference, Release 12.4
The configuration guide is a task-oriented guide to network management features, including performing basic system management, performing troubleshooting and fault management, configuring Cisco Discovery Protocol, configuring Cisco Networking Services (CNS), configuring DistributedDirector, and configuring Simple Network Management Protocol (SNMP). The command reference provides detailed information about the commands used in the configuration guide.
Voice
Cisco IOS Voice Configuration Library, Release 12.4
Cisco IOS Voice Command Reference, Release 12.4
The configuration library is a task-oriented collection of configuration guides, application guides, a troubleshooting guide, feature documents, a library preface, a voice glossary, and more. It also covers Cisco IOS support for voice call control protocols, interoperability, physical and virtual interface management, and troubleshooting. In addition, the library includes documentation for IP telephony applications. The command reference provides detailed information about the commands used in the configuration library.
Wireless/Mobility
Cisco IOS Mobile Wireless Gateway GPRS Support Node Configuration Guide, Release 12.4
Cisco IOS Mobile Wireless Gateway GPRS Support Node Command Reference, Release 12.4
The configuration guide is a task-oriented guide to understanding and configuring a Cisco IOS Gateway GPRS Support Node (GGSN) in a 2.5G General Packet Radio Service (GPRS) and 3G Universal Mobile Telecommunication System (UMTS) network. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Mobile Wireless Home Agent Configuration Guide, Release 12.4
Cisco IOS Mobile Wireless Home Agent Command Reference, Release 12.4
The configuration guide is a task-oriented guide to understanding and configuring the Cisco Mobile Wireless Home Agent, which is an anchor point for mobile terminals for which Mobile IP or Proxy Mobile IP services are provided. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Mobile Wireless Packet Data Serving Node Configuration Guide, Release 12.4
Cisco IOS Mobile Wireless Packet Data Serving Node Command Reference, Release 12.4
The configuration guide is a task-oriented guide to understanding and configuring the Cisco Packet Data Serving Node (PDSN), a wireless gateway between the mobile infrastructure and standard IP networks that enables packet data services in a Code Division Multiple Access (CDMA) environment. The command reference provides detailed information about the commands used in the configuration guide.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)
Configuration Guide and Command Reference Titles
Description
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xiiiCisco IOS Optimized Edge Routing Configuration Guide
Cisco IOS Mobile Wireless Radio Access Networking Configuration Guide, Release 12.4
Cisco IOS Mobile Wireless Radio Access Networking Command Reference, Release 12.4
The configuration guide is a task-oriented guide to understanding and configuring Cisco IOS Radio Access Network products. The command reference provides detailed information about the commands used in the configuration guide.
Long Reach Ethernet (LRE) and Digital Subscriber Line (xDSL)
Cisco IOS Broadband and DSL Configuration Guide, Release 12.4
Cisco IOS Broadband and DSL Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring broadband access aggregation and digital subscriber line features. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Service Selection GatewayConfiguration Guide, Release 12.4
Cisco IOS Service Selection Gateway Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Service Selection Gateway (SSG) features, including subscriber authentication, service access, and accounting. The command reference provides detailed information about the commands used in the configuration guide.
Dial—Access
Cisco IOS Dial Technologies Configuration Guide, Release 12.4
Cisco IOS Dial Technologies Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring lines, modems, and ISDN services. This guide also contains information about configuring dialup solutions, including solutions for remote sites dialing in to a central office, Internet service providers (ISPs), ISP customers at home offices, enterprise WAN system administrators implementing dial-on-demand routing, and other corporate environments. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS VPDN Configuration Guide, Release 12.4
Cisco IOS VPDN Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Virtual Private Dialup Networks (VPDNs), including information about Layer 2 tunneling protocols, client-initiated VPDN tunneling, NAS-initiated VPDN tunneling, and multihop VPDN. The command reference provides detailed information about the commands used in the configuration guide.
Asynchronous Transfer Mode (ATM)
Cisco IOS Asynchronous Transfer Mode Configuration Guide, Release 12.4
Cisco IOS Asynchronous Transfer Mode Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring Asynchronous Transfer Mode (ATM), including WAN ATM, LAN ATM, and multiprotocol over ATM (MPOA). The command reference provides detailed information about the commands used in the configuration guide.
WAN
Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4
Cisco IOS Wide-Area Networking Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring wide-area network (WAN) features, including Layer 2 Tunneling Protocol Version 3 (L2TPv3); Frame Relay; Link Access Procedure, Balanced (LAPB); and X.25. The command reference provides detailed information about the commands used in the configuration guide.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)
Configuration Guide and Command Reference Titles
Description
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xivCisco IOS Optimized Edge Routing Configuration Guide
System Management
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
Cisco IOS Configuration Fundamentals Command Reference, Release 12.4
The configuration guide is a task-oriented guide to using Cisco IOS software to configure and maintain Cisco routers and access servers, including information about using the Cisco IOS command-line interface (CLI), loading and maintaining system images, using the Cisco IOS file system, using the Cisco IOS Web browser user interface (UI), and configuring basic file transfer services. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Interface and Hardware Component Configuration Guide, Release 12.4
Cisco IOS Interface and Hardware Component Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring and managing interfaces and hardware components, including dial shelves, LAN interfaces, logical interfaces, serial interfaces, and virtual interfaces. The command reference provides detailed information about the commands used in the configuration guide.
IBM Technologies
Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4
Cisco IOS Bridging Command Reference, Release 12.4
Cisco IOS IBM Networking Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring:
• Bridging features, including transparent and source-route transparent (SRT) bridging, source-route bridging (SRB), Token Ring Inter-Switch Link (TRISL), and Token Ring Route Switch Module (TRRSM).
• IBM network features, including data-link switching plus (DLSw+), serial tunnel (STUN), and block serial tunnel (BSTUN); Logical Link Control, type 2 (LLC2), and Synchronous Data Link Control (SDLC); IBM Network Media Translation, including SDLC Logical Link Control (SDLLC) and Qualified Logical Link Control (QLLC); downstream physical unit (DSPU), Systems Network Architecture (SNA) service point, SNA Frame Relay Access, Advanced Peer-to-Peer Networking (APPN), native client interface architecture (NCIA) client/server topologies, and IBM Channel Attach.
The two command references provide detailed information about the commands used in the configuration guide.
Additional and Legacy Protocols
Cisco IOS AppleTalk Configuration Guide, Release 12.4
Cisco IOS AppleTalkCommand Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring the AppleTalk protocol. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS DECnet Configuration Guide, Release 12.4
Cisco IOS DECnet Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring the DECnet protocol. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS ISO CLNS Configuration Guide, Release 12.4
Cisco IOS ISO CLNS Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring International Organization for Standardization (ISO) Connectionless Network Service (CLNS). The command reference provides detailed information about the commands used in the configuration guide.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)
Configuration Guide and Command Reference Titles
Description
About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4
xvCisco IOS Optimized Edge Routing Configuration Guide
Table 2 lists the documents and resources that support the Cisco IOS Release 12.4 software configuration guides and command references.
Cisco IOS Novell IPX Configuration Guide, Release 12.4
Cisco IOS Novell IPX Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring the Novell Internetwork Packet Exchange (IPX) protocol. The command reference provides detailed information about the commands used in the configuration guide.
Cisco IOS Terminal Services Configuration Guide, Release 12.4
Cisco IOS Terminal Services Command Reference, Release 12.4
The configuration guide is a task-oriented guide to configuring terminal services, including DEC, local-area transport (LAT), and X.25 packet assembler/disassembler (PAD). The command reference provides detailed information about the commands used in the configuration guide.
Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)
Configuration Guide and Command Reference Titles
Description
Table 2 Cisco IOS Release 12.4 Supporting Documents and Resources
Document Title Description
Cisco IOS Master Commands List, Release 12.4
An alphabetical listing of all the commands documented in the Cisco IOS Release 12.4 command references.
Cisco IOS New, Modified, Replaced, and Removed Commands, Release 12.4
A listing of all the new, modified, replaced and removed commands since Cisco IOS Release 12.3, grouped by Release 12.3T maintenance release and ordered alphabetically within each group.
Cisco IOS New and Modified Commands, Release 12.3
A listing of all the new, modified, and replaced commands since Cisco IOS Release 12.2, grouped by Release 12.2T maintenance release and ordered alphabetically within each group.
Cisco IOS System Messages, Volume 1 of 2
Cisco IOS System Messages, Volume 2 of 2
Listings and descriptions of Cisco IOS system messages. Not all system messages indicate problems with your system. Some are purely informational, and others may help diagnose problems with communications lines, internal hardware, or the system software.
Cisco IOS Debug Command Reference, Release 12.4
An alphabetical listing of the debug commands and their descriptions. Documentation for each command includes a brief description of its use, command syntax, and usage guidelines.
Release Notes, Release 12.4 A description of general release information, including information about supported platforms, feature sets, platform-specific notes, and Cisco IOS software defects.
Internetworking Terms and Acronyms Compilation and definitions of the terms and acronyms used in the internetworking industry.
About Cisco IOS Software Documentation for Release 12.4Document Conventions
xviCisco IOS Optimized Edge Routing Configuration Guide
Document ConventionsWithin Cisco IOS software documentation, the term router is generally used to refer to a variety of Cisco products (for example, routers, access servers, and switches). Routers, access servers, and other networking devices that support Cisco IOS software are shown interchangeably within examples. These products are used only for illustrative purposes; that is, an example that shows one product does not necessarily indicate that other products are not supported.
The Cisco IOS documentation set uses the following conventions:
Command syntax descriptions use the following conventions:
RFCs RFCs are standards documents maintained by the Internet Engineering Task Force (IETF). Cisco IOS software documentation references supported RFCs when applicable. The full text of referenced RFCs may be obtained at the following URL:
http://www.rfc-editor.org/
MIBs MIBs are used for network monitoring. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
Table 2 Cisco IOS Release 12.4 Supporting Documents and Resources (continued)
Document Title Description
Convention Description
^ or Ctrl The ^ and Ctrl symbols represent the Control key. For example, the key combination ^D or Ctrl-D means hold down the Control key while you press the D key. Keys are indicated in capital letters but are not case sensitive.
string A string is a nonquoted set of characters shown in italics. For example, when setting an SNMP community string to public, do not use quotation marks around the string or the string will include the quotation marks.
Convention Description
bold Bold text indicates commands and keywords that you enter literally as shown.
italics Italic text indicates arguments for which you supply values.
[x] Square brackets enclose an optional element (keyword or argument).
| A vertical line indicates a choice within an optional or required set of keywords or arguments.
[x | y] Square brackets enclosing keywords or arguments separated by a vertical line indicate an optional choice.
{x | y} Braces enclosing keywords or arguments separated by a vertical line indicate a required choice.
About Cisco IOS Software Documentation for Release 12.4Obtaining Documentation
xviiCisco IOS Optimized Edge Routing Configuration Guide
Nested sets of square brackets or braces indicate optional or required choices within optional or required elements. For example:
Examples use the following conventions:
The following conventions are used to attract the attention of the reader:
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Note Means reader take note. Notes contain suggestions or references to material not covered in the manual.
Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.
Obtaining DocumentationCisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.comYou can access the most current Cisco documentation and technical support at this URL:
http://www.cisco.com/techsupport
Convention Description
[x {y | z}] Braces and a vertical line within square brackets indicate a required choice within an optional element.
Convention Descriptionscreen Examples of information displayed on the screen are set in Courier font.
bold screen Examples of text that you must enter are set in Courier bold font.
< > Angle brackets enclose text that is not printed to the screen, such as passwords, and are used in contexts in which the italic document convention is not available, such as ASCII text.
! An exclamation point at the beginning of a line indicates a comment line. (Exclamation points are also displayed by the Cisco IOS software for certain processes.)
[ ] Square brackets enclose default responses to system prompts.
About Cisco IOS Software Documentation for Release 12.4Documentation Feedback
xviiiCisco IOS Optimized Edge Routing Configuration Guide
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVDCisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering DocumentationBeginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at [email protected] or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation FeedbackYou can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to [email protected].
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco SystemsAttn: Customer Document Ordering170 West Tasman DriveSan Jose, CA 95134-9883
We appreciate your comments.
About Cisco IOS Software Documentation for Release 12.4Cisco Product Security Overview
xixCisco IOS Optimized Edge Routing Configuration Guide
Cisco Product Security OverviewCisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco ProductsCisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
• Emergencies— [email protected]
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
• Nonemergencies— [email protected]
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
About Cisco IOS Software Documentation for Release 12.4Obtaining Technical Assistance
xxCisco IOS Optimized Edge Routing Configuration Guide
Obtaining Technical AssistanceCisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation WebsiteThe Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service RequestUsing the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)EMEA: +32 2 704 55 55USA: 1 800 553-2447
About Cisco IOS Software Documentation for Release 12.4Obtaining Additional Publications and Information
xxiCisco IOS Optimized Edge Routing Configuration Guide
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request SeverityTo ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various online and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
• Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
About Cisco IOS Software Documentation for Release 12.4Obtaining Additional Publications and Information
xxiiCisco IOS Optimized Edge Routing Configuration Guide
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:
http://www.cisco.com/en/US/products/index.html
• Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
• World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
xxiiiCisco IOS Optimized Edge Routing Configuration Guide
Using Cisco IOS Software for Release 12.4
This chapter provides tips for understanding and configuring Cisco IOS software using the command-line interface (CLI). It contains the following sections:
• Understanding Command Modes, page xxiii
• Getting Help, page xxiv
• Using the no and default Forms of Commands, page xxviii
• Saving Configuration Changes, page xxviii
• Filtering Output from the show and more Commands, page xxix
• Finding Additional Feature Support Information, page xxix
For an overview of Cisco IOS software configuration, see the Cisco IOS Configuration Fundamentals Configuration Guide.
For information on the conventions used in the Cisco IOS software documentation set, see the “About Cisco IOS Software Documentation for Release 12.4” chapter.
Understanding Command ModesYou use the CLI to access Cisco IOS software. Because the CLI is divided into many different modes, the commands available to you at any given time depend on the mode that you are currently in. Entering a question mark (?) at the CLI prompt allows you to obtain a list of commands available for each command mode.
When you log in to a Cisco device, the device is initially in user EXEC mode. User EXEC mode contains only a limited subset of commands. To have access to all commands, you must enter privileged EXEC mode by entering the enable command and a password (when required). From privileged EXEC mode you have access to both user EXEC and privileged EXEC commands. Most EXEC commands are used independently to observe status or to perform a specific function. For example, show commands are used to display important status information, and clear commands allow you to reset counters or interfaces. The EXEC commands are not saved when the software reboots.
Configuration modes allow you to make changes to the running configuration. If you later save the running configuration to the startup configuration, these changed commands are stored when the software is rebooted. To enter specific configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and a variety of other modes, such as protocol-specific modes.
Using Cisco IOS Software for Release 12.4Getting Help
xxivCisco IOS Optimized Edge Routing Configuration Guide
ROM monitor mode is a separate mode used when the Cisco IOS software cannot load properly. If a valid software image is not found when the software boots or if the configuration file is corrupted at startup, the software might enter ROM monitor mode.
Table 1 describes how to access and exit various common command modes of the Cisco IOS software. It also shows examples of the prompts displayed for each mode.
For more information on command modes, see the “Using the Cisco IOS Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide.
Getting HelpEntering a question mark (?) at the CLI prompt displays a list of commands available for each command mode. You can also get a list of keywords and arguments associated with any command by using the context-sensitive help feature.
To get help specific to a command mode, a command, a keyword, or an argument, use one of the following commands:
Table 1 Accessing and Exiting Command Modes
Command Mode
Access Method Prompt Exit Method
User EXEC Log in. Router> Use the logout command.
Privileged EXEC
From user EXEC mode, use the enable command.
Router# To return to user EXEC mode, use the disable command.
Global configuration
From privileged EXEC mode, use the configure terminal command.
Router(config)# To return to privileged EXEC mode from global configuration mode, use the exit or end command.
Interface configuration
From global configuration mode, specify an interface using an interface command.
Router(config-if)# To return to global configuration mode, use the exit command.
To return to privileged EXEC mode, use the end command.
ROM monitor From privileged EXEC mode, use the reload command. Press the Break key during the first 60 seconds while the system is booting.
> To exit ROM monitor mode, use the continue command.
Command Purpose
help Provides a brief description of the help system in any command mode.
abbreviated-command-entry? Provides a list of commands that begin with a particular character string. (No space between command and question mark.)
abbreviated-command-entry<Tab> Completes a partial command name.
Using Cisco IOS Software for Release 12.4Getting Help
xxvCisco IOS Optimized Edge Routing Configuration Guide
Example: How to Find Command OptionsThis section provides an example of how to display syntax for a command. The syntax can consist of optional or required keywords and arguments. To display keywords and arguments for a command, enter a question mark (?) at the configuration prompt or after entering part of a command followed by a space. The Cisco IOS software displays a list and brief description of available keywords and arguments. For example, if you were in global configuration mode and wanted to see all the keywords or arguments for the arap command, you would type arap ?.
The <cr> symbol in command help output stands for “carriage return.” On older keyboards, the carriage return key is the Return key. On most modern keyboards, the carriage return key is the Enter key. The <cr> symbol at the end of command help output indicates that you have the option to press Enter to complete the command and that the arguments and keywords in the list preceding the <cr> symbol are optional. The <cr> symbol by itself indicates that no more arguments or keywords are available and that you must press Enter to complete the command.
Table 2 shows examples of how you can use the question mark (?) to assist you in entering commands. The table steps you through configuring an IP address on a serial interface on a Cisco 7206 router that is running Cisco IOS Release 12.0(3).
? Lists all commands available for a particular command mode.
command ? Lists the keywords or arguments that you must enter next on the command line. (Space between command and question mark.)
Command Purpose
Table 2 How to Find Command Options
Command Comment
Router> enablePassword: <password>Router#
Enter the enable command and password to access privileged EXEC commands. You are in privileged EXEC mode when the prompt changes to Router#.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#
Enter the configure terminal privileged EXEC command to enter global configuration mode. You are in global configuration mode when the prompt changes to Router(config)#.
Using Cisco IOS Software for Release 12.4Getting Help
xxviCisco IOS Optimized Edge Routing Configuration Guide
Router(config)# interface serial ?<0-6> Serial interface number
Router(config)# interface serial 4 ?/
Router(config)# interface serial 4/ ?<0-3> Serial interface number
Router(config)# interface serial 4/0 ?<cr>Router(config)# interface serial 4/0Router(config-if)#
Enter interface configuration mode by specifying the serial interface that you want to configure using the interface serial global configuration command.
Enter ? to display what you must enter next on the command line. In this example, you must enter the serial interface slot number and port number, separated by a forward slash.
When the <cr> symbol is displayed, you can press Enter to complete the command.
You are in interface configuration mode when the prompt changes to Router(config-if)#.
Router(config-if)# ?Interface configuration commands:
.
.
.ip Interface Internet Protocol config commandskeepalive Enable keepalivelan-name LAN Name commandllc2 LLC2 Interface Subcommandsload-interval Specify interval for load calculation for an
interfacelocaddr-priority Assign a priority grouplogging Configure logging for interfaceloopback Configure internal loopback on an interfacemac-address Manually set interface MAC addressmls mls router sub/interface commandsmpoa MPOA interface configuration commandsmtu Set the interface Maximum Transmission Unit (MTU)netbios Use a defined NETBIOS access list or enable
name-cachingno Negate a command or set its defaultsnrzi-encoding Enable use of NRZI encodingntp Configure NTP...
Router(config-if)#
Enter ? to display a list of all the interface configuration commands available for the serial interface. This example shows only some of the available interface configuration commands.
Table 2 How to Find Command Options (continued)
Command Comment
Using Cisco IOS Software for Release 12.4Getting Help
xxviiCisco IOS Optimized Edge Routing Configuration Guide
Router(config-if)# ip ?Interface IP configuration subcommands:
access-group Specify access control for packetsaccounting Enable IP accounting on this interfaceaddress Set the IP address of an interfaceauthentication authentication subcommandsbandwidth-percent Set EIGRP bandwidth limitbroadcast-address Set the broadcast address of an interfacecgmp Enable/disable CGMPdirected-broadcast Enable forwarding of directed broadcastsdvmrp DVMRP interface commandshello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcastshold-time Configures IP-EIGRP hold time...
Router(config-if)# ip
Enter the command that you want to configure for the interface. This example uses the ip command.
Enter ? to display what you must enter next on the command line. This example shows only some of the available interface IP configuration commands.
Router(config-if)# ip address ?A.B.C.D IP addressnegotiated IP Address negotiated over PPP
Router(config-if)# ip address
Enter the command that you want to configure for the interface. This example uses the ip address command.
Enter ? to display what you must enter next on the command line. In this example, you must enter an IP address or the negotiated keyword.
A carriage return (<cr>) is not displayed; therefore, you must enter additional keywords or arguments to complete the command.
Router(config-if)# ip address 172.16.0.1 ?A.B.C.D IP subnet mask
Router(config-if)# ip address 172.16.0.1
Enter the keyword or argument that you want to use. This example uses the 172.16.0.1 IP address.
Enter ? to display what you must enter next on the command line. In this example, you must enter an IP subnet mask.
A <cr> is not displayed; therefore, you must enter additional keywords or arguments to complete the command.
Table 2 How to Find Command Options (continued)
Command Comment
Using Cisco IOS Software for Release 12.4Using the no and default Forms of Commands
xxviiiCisco IOS Optimized Edge Routing Configuration Guide
Using the no and default Forms of CommandsAlmost every configuration command has a no form. In general, use the no form to disable a function. Use the command without the no keyword to reenable a disabled function or to enable a function that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, use the no ip routing command; to reenable IP routing, use the ip routing command. The Cisco IOS software command reference publications provide the complete syntax for the configuration commands and describe what the no form of a command does.
Configuration commands can also have a default form, which returns the command settings to the default values. Most commands are disabled by default, so in such cases using the default form has the same result as using the no form of the command. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default form of the command enables the command and sets the variables to their default values. The Cisco IOS software command reference publications describe the effect of the default form of a command if the command functions differently than the no form.
Saving Configuration ChangesUse the copy system:running-config nvram:startup-config command or the copy running-config startup-config command to save your configuration changes to the startup configuration so that the changes will not be lost if the software reloads or a power outage occurs. For example:
Router# copy system:running-config nvram:startup-configBuilding configuration...
It might take a minute or two to save the configuration. After the configuration has been saved, the following output appears:
[OK]Router#
On most platforms, this task saves the configuration to NVRAM. On the Class A flash file system platforms, this task saves the configuration to the location specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.
Router(config-if)# ip address 172.16.0.1 255.255.255.0 ?secondary Make this IP address a secondary address<cr>
Router(config-if)# ip address 172.16.0.1 255.255.255.0
Enter the IP subnet mask. This example uses the 255.255.255.0 IP subnet mask.
Enter ? to display what you must enter next on the command line. In this example, you can enter the secondary keyword, or you can press Enter.
A <cr> is displayed; you can press Enter to complete the command, or you can enter another keyword.
Router(config-if)# ip address 172.16.0.1 255.255.255.0Router(config-if)#
In this example, Enter is pressed to complete the command.
Table 2 How to Find Command Options (continued)
Command Comment
Using Cisco IOS Software for Release 12.4Filtering Output from the show and more Commands
xxixCisco IOS Optimized Edge Routing Configuration Guide
Filtering Output from the show and more CommandsYou can search and filter the output of show and more commands. This functionality is useful if you need to sort through large amounts of output or if you want to exclude output that you need not see.
To use this functionality, enter a show or more command followed by the “pipe” character (|); one of the keywords begin, include, or exclude; and a regular expression on which you want to search or filter (the expression is case-sensitive):
command | {begin | include | exclude} regular-expression
The output matches certain lines of information in the configuration file. The following example illustrates how to use output modifiers with the show interface command when you want the output to include only lines in which the expression “protocol” appears:
Router# show interface | include protocol
FastEthernet0/0 is up, line protocol is upSerial4/0 is up, line protocol is upSerial4/1 is up, line protocol is upSerial4/2 is administratively down, line protocol is downSerial4/3 is administratively down, line protocol is down
For more information on the search and filter functionality, see the “Using the Cisco IOS Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide.
Finding Additional Feature Support InformationIf you want to use a specific Cisco IOS software feature, you will need to determine in which Cisco IOS software images that feature is supported. Feature support in Cisco IOS software images depends on three main factors: the software version (called the “Release”), the hardware model (the “Platform” or “Series”), and the “Feature Set” (collection of specific features designed for a certain network environment). Although the Cisco IOS software documentation set documents feature support information for Release 12.4 as a whole, it does not generally provide specific hardware and feature set information.
To determine the correct combination of Release (software version), Platform (hardware version), and Feature Set needed to run a particular feature (or any combination of features), use Feature Navigator.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Software features may also have additional limitations or restrictions. For example, a minimum amount of system memory may be required. Or there may be known issues for features on certain platforms that have not yet been resolved (called “Caveats”). For the latest information about these limitations, see the release notes for the appropriate Cisco IOS software release. Release notes provide detailed installation instructions, new feature descriptions, system requirements, limitations and restrictions, caveats, and troubleshooting information for a particular software release.
Using Cisco IOS Software for Release 12.4Finding Additional Feature Support Information
xxxCisco IOS Optimized Edge Routing Configuration Guide
1Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS Optimized Edge Routing Configuration
Cisco IOS Optimized Edge Routing (OER) provides automatic route optimization and load distribution for multiple ISP and WAN connections. Cisco IOS OER is an integrated Cisco IOS solution that allows you to monitor IP traffic flows and then define policies and rules based on prefix performance, link load distribution, link cost, and traffic type. Cisco IOS OER provides active and passive monitoring systems, dynamic failure detection, and automatic path correction. Deploying Cisco IOS OER enables intelligent load distribution and optimal route selection in an enterprise network.
Feature History for Optimized Edge Routing
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Release Modification
12.3(8)T This feature was introduced.
12.3(11)T Support for the following features was integrated into Cisco IOS Release 12.3(11)T:
• Port and Protocol Based Prefix Learning allows you to configure a master controller to learn prefixes based on the protocol type and TCP or UDP port number.
• VPN IPSec/GRE Tunnel Optimization introduces the capability to configure IPSec/GRE tunnel interfaces as OER managed exit links. Only network based IPSec VPNs are supported.
12.3(14)T Support for the following feature was integrated into Cisco IOS Release 12.3(14)T:
• OER Support for Cost-Based Optimization and Traceroute Reporting introduces the capability to configure exit link policies based monetary cost and the capability to configure traceroute probes to determine prefix characteristics on a hop-by-hop basis.
Cisco IOS Optimized Edge Routing ConfigurationContents
2Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Contents• Prerequisites for Cisco IOS Optimized Edge Routing, page 2
• Restrictions for Cisco IOS Optimized Edge Routing, page 2
• Information About Cisco IOS Optimized Edge Routing, page 3
• How to Configure Cisco IOS Optimized Edge Routing, page 23
• Configuration Examples for Cisco IOS Optimized Edge Routing, page 91
• Additional References, page 103
Prerequisites for Cisco IOS Optimized Edge Routing• Cisco Express Forwarding (CEF) must be enabled on all participating routers.
• Cisco IOS OER can be deployed on a single router. The router must have at least two egress interfaces that can carry outbound traffic and can be configured as OER managed exit links. These interfaces should connect to an ISP or be WAN connections (Frame-Relay, ATM, etc) at the edge of the enterprise network.
• The master controller should be deployed close to the border routers to minimize the communication response time between these devices. All border routers must be reachable by the master controller. The border routers should be close to each other in terms of hops and throughput.
• Routing protocol peering must be established in your network or static routing must be configured before Cisco IOS OER is deployed.
If you have configured internal BGP (iBGP) on the border routers, iBGP peering must be established and consistently applied throughout your network.
If an IGP is deployed in your network, static route redistribution must be configured with the redistribute static command. Interior Gateway Protocol (IGP) or static routing should also be applied consistently throughout an OER managed network; the border router should have a consistent view of the network.
Restrictions for Cisco IOS Optimized Edge Routing• Cisco IOS OER does not influence or control inter-domain routing or interfaces that are not under
OER control, and Cisco IOS OER does not influence asymmetrical routing.
• Cisco IOS OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported.
• Cisco IOS OER can be configured to monitor and control outbound traffic only.
• Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported.
• When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the Routing Information Base (RIB), cannot be an address from the same subnet as the next hop on the other border router.
• Interfaces that are configured to be under OER control can also carry multicast traffic. However, if the source of the multicast traffic comes from outside of the OER managed network and inbound multicast traffic is carried over OER managed exit links, the source multicast address should be excluded from OER control.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
3Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.
• Token Ring interfaces are not supported by Cisco IOS OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.
Information About Cisco IOS Optimized Edge RoutingTo configure Cisco IOS Optimized Edge Routing (OER), you should understand the following concepts
• Cisco IOS Optimized Edge Routing Overview, page 4
• Cisco IOS OER Network Components, page 6
• Cisco IOS OER Managed Network, page 8
• Cisco IOS OER Prefix Learning, page 9
• Cisco IOS OER Monitoring, page 11
• Cisco IOS OER Modes of Operation, page 13
• Cisco IOS OER Routing Control, page 14
• Cisco IOS OER Policy Configuration, page 16
• VPN IPSec/GRE Tunnel Interface Optimization, page 21
• Cisco IOS OER Logging and Reporting, page 21
• Cisco IOS OER Deployment Configurations, page 22
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
4Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS Optimized Edge Routing Overview Enterprise networks use multiple ISP or WAN connections for reliability and load distribution. Existing reliability mechanisms depend on link state or route removal on the border router to select a better exit link for a prefix or set of prefixes. Multiple connections protect enterprise networks from catastrophic failures but do not protect the network from “brown outs” or soft failures that occur due to network congestion. Existing mechanisms can respond to catastrophic failures at the first indication of a problem. However, black outs and brown outs can go undetected and often require the network operator to take action to resolve the problem. When a packet is transmitted between external networks (nationally or globally), the packet spends the vast majority its life cycle on the WAN segments of the network. Optimizing WAN route selection in the enterprise network provides the end-user with the greatest performance improvement, even better than LAN speed improvements in the local network.
Cisco IOS OER is implemented in Cisco IOS software as an integrated part of Cisco core routing functionality. Deploying Cisco IOS OER enables intelligent network traffic load distribution and dynamic failure detection for data paths at the wide-area network (WAN) edge. While other routing mechanisms can provide both load distribution and failure mitigation, Cisco IOS OER is unique in that it can make routing adjustments based on criteria other than static routing metrics, such as response time, packet loss, path availability, and traffic load distribution. Deploying Cisco IOS OER allows you to optimize network performance and link load utilization while minimizing bandwidth costs and reducing operational expenses.
Cisco IOS OER: A Typical Deployment
Figure 1 shows a Cisco IOS OER managed enterprise network of a content provider. The enterprise network has three exit interfaces that are used to deliver content to customer access networks. The content provider has a separate service level agreement (SLA) with a different ISP for each exit link. The customer access network has two edge routers that connect to the Internet. Traffic is carried between the enterprise network and the customer access network over six service provider (SP) networks.
Figure 1 A Typical Cisco IOS Optimized Edge Routing Deployment
Cisco IOS OER monitors and controls outbound traffic on the three border routers (BRs). It measures the packet response time and path availability from the egress interfaces on BR1, BR2 and BR3. Changes to exit link performance on the border routers are detected on a per-prefix basis. If the performance of a
ContentConsumer
TransitService Providers
Enterprise/ContentProvider
MasterController
Customeraccess
SP A
SLA A
SLA B
eBGP
SLA C
SP C SP D
SP F
SP E
SP B CR1
BR3
Server(s)
BR2
BR1
Client(s)
iBGP and/orEIGRP, IS-IS,
OSPF, RIP
1175
46
CR2CR2
MasterController
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
5Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
prefix falls below default or user-defined policy parameters, routing is altered locally in the enterprise network to optimize performance and to route around failure conditions that occur outside of the enterprise network. For example, an interface failure or network misconfiguration in the SP D network can cause outbound traffic that is carried over the BR2 exit interface to become congested or fail to reach the customer access network. Traditional routing mechanisms cannot anticipate or resolve these types of problem without intervention by the network operator. Cisco IOS OER can detect failure conditions and alter routing inside of the network to compensate.
Cisco IOS OER: Optimizes for Performance
Traditional routing mechanisms rely upon reachability information to make routing decisions but cannot enforce performance policies. Cisco IOS OER optimizes routing to improve performance in the enterprise network. Prefix policies are defined to control the performance of a single prefix or a prefix range. You can configure Cisco IOS OER to monitor and control the performance of a single host route or routes from an entire network. Exit link policies are defined to control the performance of exit interfaces in an OER managed network. Performance policies can be defined for a single exit link or all exit links in the OER managed network.
Figure 2 shows a Cisco IOS OER managed enterprise network of a content provider. This figure shows that delay measurements are collected for monitored prefixes on the border routers. These statistics are collected by the border routers an then transmitted to the master controller.
Figure 2 Cisco IOS OER Optimizes for Performance
For example, if a performance policy is defined that sets the delay threshold for a group of prefixes to less than or equal to 200 milliseconds (ms), as shown in Figure 2. Prefixes with a slower round-trip response time (or longer delay) will be considered to be out-of-policy. Routing is locally altered to bring the prefix to an in-policy state. In Figure 2, out-of-policy prefixes that use exit links on BR3 will be moved to BR1.
The master controller monitors prefixes and exit links on the border routers. This allows the master controller to measure performance and detect failure conditions that occur outside of the network. When the master controller detects a performance change that brings a prefix out of policy, the master
1177
70
200ms
250ms
ContentConsumer
TransitService Providers
Enterprise/ContentProvider
MasterController
Customeraccess
SP A
SLA A
SLA B
eBGP
SLA C
SP C SP D
SP F
SP E
SP B CR1
BR3
Server(s)
BR2
BR1
Client(s)
iBGP and/orEIGRP, IS-IS,
OSPF, RIP
CR2CR2
MasterController
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
6Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
controller sends commands to the border routers to dynamically alter routing inside of the enterprise network to bring prefix performance back within default or user-defined policy. If all prefixes and exit links are in policy, the master controller continues to monitor the network and does not take any action.
Cisco IOS OER Network Components Cisco IOS OER is configured on Cisco routers though standard Cisco IOS CLI configuration. An OER deployment has two primary components — a master controller and one or more border routers. The master controller is the intelligent decision maker, while the border routers are enterprise edge routers with exit interfaces that are used to access the Internet or used as WAN exit links.
Cisco IOS OER Network Components: Master Controller
The master controller is a single router that coordinates all OER functions within an OER managed network. A Cisco router can be configured to run a stand-alone master controller process or can also be configured to perform other functions, such as routing or running a border router process. The master controller maintains communication and authenticates the sessions with the border routers. The master controller monitors outbound traffic flows using active or passive monitoring and then applies default or user-defined policies to alter routing to optimize prefixes and exit links. OER administration and control is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller does not need to be in the traffic forwarding path, but it must be reachable by the border routers. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Note We recommend that the master controller is deployed as close as possible to the border routers to reduce communication response time.
Cisco IOS OER Network Components: Border Router
The border router is an enterprise edge router with one or more exit links to an ISP or other participating network. The border router is where all policy decisions and changes to routing in the network are enforced. The border router participates in prefix monitoring and route optimization by reporting prefix and exit link measurements to the master controller and then by enforcing policy changes received from the master controller. The border router enforces policy changes by injecting a preferred route to alter routing in the network. The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process.
Cisco IOS OER Network Components: Interfaces
An OER managed network must have at least two external interfaces that are used to forward traffic to the external network (WAN or ISP) and at least one internal interface that is used for passive monitoring. There are three interface configurations required to deploy OER:
• External interfaces are configured as OER managed exit links to forward traffic. The physical external interface is enabled on the border router. The external interface is configured as an OER external interface on the master controller. The master controller actively monitors prefix and exit link performance on these interfaces. Each border router must have at least one external interface, and a minimum of two external interfaces are required in an OER managed network.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
7Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• Internal interfaces are used for only passive performance monitoring with NetFlow. No explicit NetFlow configuration is required. The internal interface is an active border router interface that connects to the internal network. The internal interface is configured as an OER internal l interface on the master controller. At least one internal interface must be configured on each border router.
• Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router. The local interface is identified as the source interface for communication with the master controller.
Tip If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface.
The following interface types can be configured as external and internal interfaces:
• ATM
• BRI
• CTunnel
• Ethernet
• Fast Ethernet
• Gigabit Ethernet
• HSSI
• Null
• POS
• Serial
• Tunnel
• VLAN
Note VLAN interfaces can be configured only as internal interfaces.
The following interface types can be configured as local interfaces:
• Async
• BVI
• CDMA-Ix
• CTunnel
• Dialer
• Ethernet
• Group-Async
• Lex
• Loopback
• MFR
• Multilink
• Null
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
8Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• Serial
• Tunnel
• Vif
• Virtual-PPP
• Virtual-Template
• Virtual-TokenRing
Note A Virtual-TokenRing interface can be configured as a local interface. However, Token Ring interfaces are not supported and cannot be configured as external, internal, or local interfaces.
Cisco IOS OER Managed Network Figure 3 shows an OER managed network. This network contains a master controller and two border routers. OER communication between the master controller and the border routers is carried separately from routing protocol traffic. This communication is protected by MD5 authentication. Each border router has an external interface that is connected to a different ISP or WAN link to a remote site and a local and an internal interface that are reachable by the master controller.
Figure 3 Cisco IOS OER Managed Network
External interfaces are used to forward outbound traffic from the network and are used as the source for active monitoring. Internal interfaces are used for OER communication and used for passive monitoring. At least one external and one internal interface must be configured on each border router. At least two external interfaces are required in an OER managed network. A local interface is configured on the border router for communication with the master controller.
MasterController
11
77
71
ISP-A
ISP-B
SLA A
Exit link
SLA B
BR1
BR2
Border router
BR1
BR2
Statistics
Statistics
Commands Border router
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
9Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS OER Managed Network: Central Policy Database
The master controller continuously monitors the network. The master controller maintains a central policy database where it stores collected statistical information. The master controller compares long-term and short-term measurements. The long-term measurements are collected every 60 minutes. Short term measurements are collected every five minutes. The master controller analyzes these statistics to determine which routes have the lowest delay, highest outbound throughput, relative or absolute packet loss, relative or absolute link cost, and prefix reachability to analyze and optimize the performance of monitored prefixes and to distribute the load from over-utilized exit links to under-utilized exit links.
Cisco IOS OER Managed Network: Policy Enforcement Point
The border router is the policy enforcement point. Default or user-defined policies are configured on the master controller to set the performance level for prefixes and exit links. The master controller automatically alters routing in the OER managed network, as necessary, by sending control commands to the border routers to inject a preferred route. The preferred route is advertised or redistributed through the internal network. The preferred route alters default routing behavior so that out of policy prefixes are moved from over utilized exit links to under utilized exit links to bring prefixes and exit links in-policy, and thus optimizing the overall performance of the enterprise network.
Cisco IOS OER Prefix Learning To enable Cisco IOS OER in your network prefixes must be identified to monitor and optimize. A Cisco router configured as a master controller will learn and monitor up to 2500 prefixes by default and can configured to learn and monitor up to 5000 prefixes with the max prefix total command in OER master controller configuration mode. Prefixes can be learned automatically or can manually selected.
Cisco IOS OER Prefix Learning: Automatic Prefix Learning
The master controller can be configured, using Top Talker functionality, to learn prefixes automatically based on highest outbound throughput or lowest delay time. Throughput learning measures prefixes that generate the highest outbound traffic volume. Throughput prefixes are sorted from highest to lowest. Delay learning measures prefixes with the lowest round-trip response time (RTT). Delay prefixes are sorted from the lowest to the highest delay time.
Automatic prefix learning is configured in OER Top Talker and Delay learning configuration mode. The learn command is used to enter this mode from OER master controller configuration mode. When automatic prefix learning is enabled, prefixes and their delay and/or throughput characteristics are learned, and this is information is stored in the central policy database. Prefixes are learned for 5 minutes by default. The master controller analyzes these statistics and implements policy decisions as necessary.
Prefixes are learned on the border routers through passive monitoring. Prefix learning is configured on the master controller. The border routers monitor all incoming and outgoing traffic flows. The top 100 flows are learned by default, and up to 5000 flows can be learned.
Learned prefixes can be aggregated based the prefix type, BGP or non-BGP (static routes), or the prefix length. Traffic flows are aggregated using a /24 prefix length by default. Prefix aggregation can be configured to include any subset or superset of a major network, including a single host route (/32). For each aggregated prefix, up to five host addresses are selected to use as active probe targets. Prefix aggregation is configured with the aggregation-type command in OER Top Talker and Delay learning configuration mode.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
10Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS OER Prefix Learning: Manually Selecting Prefixes
A prefix or range of prefixes can be selected for monitoring by configuring an IP prefix list. The IP prefix list is then imported into the master controller database by configuring a match clause in an OER map. IP prefix-lists are configured with the ip prefix-list command and OER maps are configured with the oer-map command in global configuration mode.
The following IP prefix list configuration options are supported:
• An exact prefix (/32)
• A specific prefix length and any subset (for example, a /24 under a /16)
• A specific prefix and all more specific routes (le 32)
• All prefixes (0.0.0.0/0)
Traffic is excluded or included by configuring permit or deny statements in the IP prefix list.
For best performance, you should apply the most commonly referenced prefix lists and deny prefix lists to the lowest (or first) OER map sequences.
Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning
Port and Protocol Based Prefix Learning was introduced in Cisco IOS Release 12.3(11)T. This feature allows you to configure the master controller to learn traffic based on the protocol number or the source or destination port number, carried by TCP or UDP traffic. This feature provides a very granular filter that can be used to further optimize prefixes learned based on throughput and delay.
Port and protocol based prefix learning allows you to optimize or exclude traffic streams for a specific protocol or the TCP port, UDP port, or range of port numbers. Traffic can be optimized for a specific application or protocol. Uninteresting traffic can be excluded, allowing you to focus router system resources, and reduce unnecessary CPU and memory utilization. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, the range of port numbers can be specified. Port and protocol prefix based learning is configured with the protocol command in OER Top Talker and Delay learning configuration mode.
For a list of IANA assigned port numbers, refer to the following document:
• http://www.iana.org/assignments/port-numbers
For a list of IANA assigned protocol numbers, refer to the following document:
• http://www.iana.org/assignments/protocol-numbers
Cisco IOS OER Prefix Learning: Prefix Transition States
Monitored prefixes pass through the following states when imported into the central policy database or when a default or user-defined policy is applied:
Default—A prefix is placed in this state when it is not under OER control. All routing decisions for the prefix are controlled by existing metrics determined by the default routing protocol. Prefixes are placed in the default state when they are initially added to the central policy database. A prefix will transition into and out of the default state depending on policy configuration and performance measurements.
In-Policy—A prefix is placed in this state when the status of the prefix exit conforms to default or user-defined policies. No changes are made when a prefix is in the in-policy state. The master controller continues to monitor the prefix and will take no action until the policy configuration or performance measurements change.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
11Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Out-of-Policy—A prefix is placed in this state when the prefix exit does not conform to default or user-defined policies. The master controller will use active probing and/or passive monitoring to find a better exit for the prefix, while the prefix is in this state. If all exit links are out-of-policy, the master controller will select the best available exit.
Choose—A prefix is placed in this state by the master controller during exit link selection. The prefix remains in the choose state until it is moved to the new exit.
Holddown—A prefix is placed in this state when the master controller moves a prefix to a new exit. No policy changes are applied to a prefix in the holddown state. The holddown state is designed to isolate the prefix during the transition period to prevent the prefix from causing instability due to rapid state changes (flapping).
Note Over aggressive policy settings can cause a prefix or exit link to remain in the out-of-policy state.
Cisco IOS OER Monitoring Cisco IOS OER monitors prefix performance over OER managed exit links to ensure that OER controlled prefixes and exit links conform to policy parameters. Prefixes are passively monitored with integrated NetFlow functionality and are actively monitored with integrated IP Service Level Agreements (IP SLAs) functionality. No explicit NetFlow or IP SLAs configuration is required. Support for these features are enabled automatically as necessary.
The master controller can be configured to monitor learned and manually selected prefixes. The border routers collect passive monitoring and active monitoring statistics and then transmit this information to the master controller. The master controller analyzes the collected information. If all monitored prefixes and exit links are in policy, no changes are made and the master controller continues to monitor the network. If a monitored prefix or exit link is out of policy, the master controller makes a policy decision and sends a control command to the border router to alter routing in the OER managed network to move the prefix to a better exit to bring the prefix or exit in policy.
Cisco IOS OER Monitoring: Passive Monitoring
Cisco IOS OER uses NetFlow, an integrated technology in Cisco IOS software, to collect and aggregate passive monitoring statistics on a per prefix basis. Passive monitoring is enabled by default when an OER managed network is created. Netflow is a flow-based monitoring and accounting system. NetFlow support is enabled by default on the border routers when passive monitoring is enabled.
Passive monitoring uses only existing traffic; additional traffic is not generated. Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. If traffic does not go over an external interface of a border router, no data is reported to the master controller.
The master controller uses passive monitoring to measure the following information:
Delay—The master controller measures the average delay of TCP flows for a given prefix. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement.
Packet loss—The master controller measures packet loss by tracking TCP sequence numbers for each TCP flow. OER estimates packet loss by tracking the highest TCP sequence number. If a subsequent packet is received with a lower sequence number, OER increments the packet loss counter. Packet loss is measured in flows per million (fpm).
Reachability—The master controller measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
12Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Throughput—The master controller measures prefixes that generate the highest outbound traffic volume or throughput. Throughput is measured on external interfaces in bits per second (bps).
Note OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported.
Passive monitoring statistics are gathered and stored in a prefix history buffer that can hold a minimum of 60 minutes of information depending on whether the traffic flow is continuos. Cisco IOS OER uses this information to determine if the prefix is in policy based on the default or user-defined policies.
Cisco IOS OER Monitoring: Active Monitoring
Active monitoring uses IP Service Level Agreements (IP SLAs), an integrated technology in Cisco IOS software, to analyze and measure the performance of TCP and UDP traffic. Active monitoring generates traffic in a continuous, reliable, and predictable manner. This allows the master controller to measure delay and jitter to determine prefix performance characteristics more accurately than is possible with only passive monitoring.
Active monitoring is enabled with the mode command in OER master controller configuration mode. When active monitoring is enabled, the master controller commands the border routers to send active probes to a target IP address. The border router collects and transmits the probe results to master controller to analyze.
Active probes are automatically generated when a prefix is learned or aggregated. The border router collects up to five host addresses from the prefix for active probing. Active probes can be configured for specific host or target address. Active probes are configured with the active-probe command in OER master controller configuration mode. The active probe is sourced from the border router and transmitted through an external interface (the external interface may or may not be the preferred route for an optimized prefix). Active probes are sent once per minute. ICMP probes are used by default.
Note For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
Active Probe Types
Cisco IOS OER uses ICMP Echo probes, by default, when an active probe is automatically generated. The following types of active probes can be configured:
ICMP Echo—A ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
TCP Connection—A TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23.
UDP Echo—A UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
13Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS OER Monitoring: Combined Monitoring
Cisco IOS OER can also be configured to combine both active and passive monitoring in order to generate a more complete picture of traffic flows within the network. Combined monitoring is enabled by default. Combined monitoring is configured with the mode monitor both command in OER master controller configuration mode.
Cisco IOS OER Monitoring: Traceroute Reporting
The OER Support for Traceroute Reporting feature was introduced in Cisco IOS Release 12.3(14)T. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit. This feature allows you to monitor prefix performance on a hop-by-hop basis. Delay, loss, and reachability measurements are gathered for each hop from the probe source to the target prefix.
Traceroute reporting is enabled with the set traceroute reporting oer-map configuration mode command. Learned or specific prefixes are selected for traceroute reporting by configuring a match clause in an OER map. When traceroute reporting is enabled, traceroute probes gather delay, loss, and reachability statistic for a given prefix. Specific traceroute probes can also be configured to gather these statistics individually only for prefixes that are in the out-of-policy state. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode.
Traceroute probes are configured using the following methods:
Continuous—A traceroute probe is triggered for each new probe cycle. Entering the set traceroute reporting command without any keywords enables continuous reporting. The probe is sourced from the current exit of the prefix.
Policy based—A traceroute probe is triggered automatically when a prefix goes into an out-of-policy state. Policy based traceroute probes are configured individually for delay, loss, and reachability policies. The monitored prefix is sourced from a match clause in an oer-map. Policy based traceroute reporting stops when the prefix returns to an in-policy state.
On demand—A trace route probe is triggered only when the show oer master prefix command is entered for a specific IP address with the current and now keywords. Continuous or policy-based traceroute reporting does not need to be enabled to use this method. Entering this command without any keywords displays the most recent probe results for all exits. Entering this command with the current keyword displays the results for the current exit from the most recent probe.
Cisco IOS OER Modes of Operation The master controller can be configured to operate in observe mode or control mode.
Cisco IOS OER Modes of Operation: Observe Mode
The master controller can be configured to operate in route observe mode or route control mode. Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before actively deploying it.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
14Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS OER Modes of Operation: Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network. Control mode or observe mode monitoring is configured with the mode route command in OER master controller configuration mode.
Cisco IOS OER Routing Control Figure 4 shows an OER managed network. The master controller alters default routing behavior inside of the OER managed network to optimize prefix and exit link performance. Cisco IOS OER uses a command/response protocol to manage all communication between the border router and the master controller.
Figure 4 Cisco IOS OER Controls Default Routing Behavior
The border routers are enterprise edge routers. Routing protocol peering or static routing is established between the border routers and internal peers. The border routers advertise a default route to internal peers through BGP peering, static routing, or route redistribution into an Interior Gateway Protocol (IGP). The master controller alters default routing behavior in the OER managed network by sending control commands to the border routers to inject a preferred route into the internal network.
When the master controller determines the best exit for a prefix, it sends a route control command to the border router with the best exit. The border router searches for a parent route for the monitored prefix. The BGP routing table is searched first and then the static routing table. This can be a default route for the monitored prefix. If a parent route is found that includes the prefix (the prefix may be equivalent or less specific) and points to the desired exit link by either the route to its nexthop or by a direct reference to the interface, a preferred route is injected into the internal network from the border router. OER injects the preferred route where the first parent is found. The preferred route can be an injected BGP route or
MasterController
1177
72
ISP-A
ISP-B
SLA A
ISP interfaces
SLA B
BR1
BR2
Border router
BR1
BR2
Commands
BGP/Static Redistribution
Border router
BGP/Static RedistributionBGP/Static Redistribution
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
15Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
an injected static route. The preferred route is learned by internal peers, which in turn recalculate their routing tables causing the monitored prefix to be moved to the preferred exit link. The preferred route is only advertised to the internal network and is not advertised to external peers.
Cisco IOS OER Routing: Border Router Peering with the Internal Network
The master controller alters default routing behavior in the OER managed network by injecting preferred routes into the routing tables of the border routers. The border routers peer with other routers in the internal network through BGP peering, BGP or static route redistribution into an IGP, or static routing. The border routers advertise the preferred route to internal peers.
The border routers should be close to each other in terms of hops and throughput and should have a consistent view of the network; routing should be configured consistently across all border routers. The master controller verifies that a monitored prefix has a parent route with a valid next hop before it commands the border routers to alter routing. The border router will not inject a route where one does not already exist. This behavior is designed to prevent traffic from being blackholed because of an invalid next hop.
Note When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on another border router.
Cisco IOS OER Routing: BGP Peering
Standard internal BGP (iBGP) peering can be established between the border routers and other internal peers. External BGP (eBGP) peering or a default route is configured to the ISP. In the iBGP network, OER uses the local preference attribute to set the preference for injected routes. The BGP local preference attribute is a discretionary attribute that is used to apply the degree of preference to a route during the BGP best path selection process. This attribute is exchanged only between iBGP peers and is not advertised outside of the OER managed network or to the eBGP network. The prefix with the highest local preference value is locally advertised as the preferred path to the destination. OER applies a local preference value of 5000 to injected routes by default. A local preference value from 1 to 65535 can be configured.
Note If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.
Note The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.
Cisco IOS OER Routing: BGP Redistribution into an IGP
BGP redistribution can be used if the border routers are configured to run BGP (for ISP peering for example) and the internal peers are configured to run another routing protocol (such as Enhanced Interior Gateway Routing Protocol [EIGRP], Open Shortest Path First [OSPF] or Routing Information Protocol [RIP]). The border routers can advertise a single default route or full routing tables to the internal
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
16Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
network. If you use BGP to redistribute more than a default route into an IGP, we recommend that you use IP prefix-list and route-map statements to limit the number of prefixes, as BGP routing tables can be very large.
Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute
OER uses the local-preference attribute to influence routing inside of a BGP network. OER injected BGP routes can redistributed within the network by configuring the match local-preference route-map configuration command. A value of 5000 (or a custom value if configured on the master controller) must be configured when entering this command.
Cisco IOS OER Routing: Static Routing and Static Route Redistribution
Static routing or static route redistribution can be configured in the internal network. OER alters routing these types of network by injecting temporary static routes. The temporary static route replaces the parent static route. OER will in not inject a temporary static route where a parent static route does not exist. OER applies a default tag value of 5000 to identify the injected static route. In the case of the network where only static routing is configured, no redistribution configuration is required. In the case of a network where an IGP is deployed and BGP is not run on the border routers, static routes to border router exit interfaces must be configured, and these static routes must be redistributed into the IGP.
Cisco IOS OER Routing: Injecting Split Prefixes
When configured to control a subset of a larger network, the master controller will add an appropriate route or split prefix to the existing routing table, as necessary. A split prefix is a more specific route that is derived from a less specific parent prefix. For example, if a /24 prefix is configured to be optimized, but only a /16 route is installed to the routing table, the master controller will inject a /24 prefix using the attributes from the /16 prefix. Any subset of the less-specific prefix can be derived, including a single host route. Split prefixes are processed only inside the OER managed network and are not advertised to external networks. If BGP is deployed in the OER managed network, the master controller will inject a more specific BGP route. If BGP is not deployed, the master controller will inject a more specific temporary static route.
Cisco IOS OER Policy Configuration The master controller optimizes prefixes and exit links to conform to default and user-defined policies. When the performance of a monitored prefix or exit link falls below a policy configuration setting, the master controller optimizes traffic in the internal network to bring either the prefix or exit link into an in-policy state. Global policies are configured in OER master controller configuration mode and OER Top Talker and Top delay learning configuration mode. Policies can also be applied to specific prefixes that pass through a match statement in an OER map in oer-map configuration mode. Global policies override OER map policies.
Cisco IOS OER Policy Configuration: Prefix Policies
A prefix policy is a set of rules that governs performance characteristics for a network address. The network address can be a single host route or an entire network. A prefix is defined as any network number with a prefix mask applied to it.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
17Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
The following performance characteristics are managed by prefix policies:
• Delay
• Packet Loss
• Reachability
Note Prefix policies always override exit link policies.
Cisco IOS OER Policy Configuration: Exit Link Policies
An exit link policy is a set of rules that are applied to OER managed exit links. The performance characteristics that are managed by a link policy are traffic load and exit link utilization. A link policy can define total outbound throughput or total link utilization. Link utilization policies can be defined for a single exit link or all OER managed exit links. The following performance characteristics are managed by link policies:
• Cost-Based Optimization
• Utilization (Range)
• Traffic Load Distribution
Cisco IOS OER Policy Configuration: Cost-Based Optimization
The OER Support for Cost-Based Optimization feature was introduced in Cisco IOS Release 12.3(14)T. Cost-based optimization allows you to configure policies based on the monetary cost (ISP Service Level Agreement [SLA]) of each exit link in your network. This feature allows you to configure the master controller send traffic over exit links that provide the most cost-effective bandwidth utilization, while still maintaining the desired performance characteristics. Cost-based optimization is configured with the cost-minimization command in OER border exit configuration mode (under the external interface configuration). Cost-based optimization supports two billing models: fixed rate or tier-based with bursting.
Fixed Rate Billing
Fixed rate—This method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The monetary cost of the exit link is entered with the fee keyword.
Tier-Based Billing
Tier-based with bursting—This method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The monetary cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
18Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
The specific details of tier-based with bursting billing models vary by ISP. However, most ISPs use some variation of the following algorithm to calculate what an enterprise should pay in a tiered billing plan:
1. Gather periodic measurements of egress and ingress traffic carried on the Enterprise connection to the ISP network and aggregate the measurements to generate a rollup value for a rollup period.
2. Generate one or more rollup values per billing period.
3. Rank the rollup values for the billing period into a stack from the largest value to the smallest.
4. Discard the top 5% of the rollup values from the stack to accommodate bursting.
5. Apply the highest remaining rollup value in the stack to a tiered structure to determine a tier associated with the rollup value.
6. Charge the customer based on a set cost associated with the determined tier.
Note A billing policy must be configured and applied to prefixes in order for the master controller to perform cost-based optimization.
Cost Optimization Algorithm
At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:
• Initial Period
• Middle Period
• Last Period
Initial Period
The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.
Middle Period
The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards.
Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.
Last Period
The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
19Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Cisco IOS OER Policy Configuration: Optimal Exit Link Selection
Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).
Cisco IOS OER Policy Configuration: Load Distribution
Cisco IOS OER supports per-prefix load distribution. The master controller measures transmission throughput on OER managed exit interfaces. When exit link utilization causes an exit link to go into an out-of-policy state, monitored prefixes are moved to bring the exit link in-policy and to equalize transmission utilization across all exit links. Load distribution settings are configured with the max-range-utilization command. The master controller sets the maximum range utilization to 20 percent for all OER managed exit links by default. Utilization can be customized for a single link or all exit links. A range policy can be applied to all monitored prefixes or any subset through oer-map or global policy configuration.
Tip When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
Cisco IOS OER Policy Configuration: Global Policies
Global policies are applied in Top Talker and Delay learning configuration mode. These policies are used to configure a master controller to learn and optimize prefixes based on the highest throughput or the highest delay. Under the Top Talker and Delay learning configuration mode, you can configure prefix learning based on delay and throughput statistics. You can configure the length of the prefix learning period, the interval between prefix learning periods, the number of prefixes to learn, and prefix learning based on port and protocol.
Cisco IOS OER Policy Configuration: Applying Policies with an OER Map
The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes defined in an IP prefix list or to select learned prefixes policies that pass a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route map, and the OER map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route map at this point. There are two important distinctions:
• Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
20Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the OER map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the oer-map with the lowest sequence number.
An OER map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for learned prefixes based on delay or based on throughput.
The OER map applies the configuration of the set clause after a successful match occurs. Anther set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts.
Policies applied by an OER map take effect after the current policy or operational timer expires. The OER map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command. Policies that are applied by an OER map do not override global policies and user-defined policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. These policies are only applied to prefixes that pass OER map match criteria.
Policy-Rules Configuration
The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps.
Cisco IOS OER Policy Configuration: Resolving Policies
When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority.
Configuring Resolve with Variance
When configuring resolve settings, you can also set an allowable variance for the defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal.
Note Variance cannot be configured for cost or range policies.
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
21Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
VPN IPSec/GRE Tunnel Interface Optimization Cisco IOS OER support for VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over IPSec/GRE tunnel interfaces. The VPN tunnel interface is configured as OER external interfaces on the master controller. Figure 5 shows a an OER managed network that is configured to optimize VPN traffic. Cisco IOS OER is deployed at the Central Office and Remote Offices.
Figure 5 Cisco IOS OER Network Optimized for VPN Routing
This enhancement allows you to configure two-way VPN optimization. A master controller and border router process are enabled on each side of the VPN. Each site maintains a separate master controller database. VPN routes can be dynamically learned through the tunnel interfaces or can be configured. Prefix and exit link policies are configured for VPN prefixes through standard Cisco IOS OER configuration.
Cisco IOS OER Logging and Reporting Cisco IOS OER supports standard syslog functions. The notice level of syslog is enabled by default. System logging is enabled and configured in Cisco IOS software under Global configuration mode. The logging command in OER master controller or OER border router configuration mode is used only to enable or disable system logging under OER. OER system logging supports the following message types:
Error Messages—These messages indicate OER operational failures and communication problems that can impact normal OER operation.
1272
63
OER master
Central officeCentral office
Providers
Remote offices
Frame Relay VPNFrame Relay
Internet
Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing
22Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Debug Messages—These messages are used to monitor detailed OER operations to diagnose operational or software problems.
Notification Messages—These messages indicate that OER is performing a normal operation.
Warning Messages—These messages indicate that OER is functioning properly but an event outside of OER may be impacting normal OER operation.
To modify system, terminal, destination, and other system global logging parameters, use the logging commands in Global configuration mode. For more information about global system logging configuration, refer to the “Troubleshooting and Fault Management” section of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3.
Cisco IOS OER Deployment Configurations Cisco IOS OER can be deployed in an enterprise network, remote office network, or small office home office (SOHO) network using one of the following three configurations shown in Figure 6:
• Configuration A shows a network with two edge routers configured as border routers. The border router that peers with ISP2 is also configured to run a master controller process. This configuration is suitable for a small network with multiple edge routers that each provide an exit link to a separate external network.
• Configuration B shows two border routers and an master controller, each running on a separate router. This configuration is suitable for small, medium, and large networks. In this configuration, the master controller process is run on a separate Cisco router. This router performs no routing or forwarding functions. Although, routing and forwarding functions are not prohibited.
• Configuration C shows a single router that is configured to run a master controller and border router process. This configuration is suitable for a small network with a single router, such as a remote office or home network.
Figure 6 Cisco IOS OER Deployment Scenarios
In each deployment scenario, a single master controller is deployed. The master controller does not need to be in the traffic forwarding path but must be reachable by the border routers. A master controller process can be enabled on router that is also configured to run a border router process.The master controller can support up to 10 border routers and up to 20 OER managed external interfaces. At least one border router process and two exit interfaces are required in an OER managed network.
MC/BR
ISP1
ISP2
BRs
Config A
ISP1ISP1
ISP2 ISP2
BRs
MC
Config B
1166
61
Config C
MC/BRMC/BR
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
23Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Note A Cisco router that is configured to run both a master controller and border router process will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation. See the following document for more information: Cisco Optimized Edge Routing CPU and Memory Performance Tests
How to Configure Cisco IOS Optimized Edge RoutingThis section contains the following procedures:
• Minimum Master Controller Configuration, page 24 (required)
• Minimum Border Router Configuration, page 29 (required)
• Configuring Prefix Learning, page 33 (optional)
• Manually Selecting Prefixes for Monitoring, page 36 (optional)
• Configuring Active Probing, page 38 (optional)
• Configuring the Source Address of an Active Probe, page 41 (optional)
• Configuring Traceroute Reporting, page 42 (optional)
• Configuring Prefix and Exit Link Policies, page 45 (optional)
• Configuring Cost-Based Optimization, page 50 (optional)
• Configuring Resolve Policies, page 52 (optional)
• Configuring Cisco IOS OER Modes of Operation, page 54 (optional)
• Configuring OER Policies with an OER Map, page 56 (optional)
• Configuring Policy Rules for OER Maps, page 63 (optional)
• Configuring iBGP Peering on the Border Routers, page 64 (optional)
• Configuring BGP Redistribution into an IGP on the Border Routers, page 67 (optional)
• Configuring Static Route Redistribution on the Border Routers, page 70 (optional)
• Configuring Static Route Redistribution into EIGRP, page 73 (optional)
• Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels, page 76 (optional)
• Verifying Cisco IOS OER Configuration, page 85 (optional)
• Using Cisco IOS OER Clear Commands, page 88 (optional)
• Using Cisco IOS OER Debug Commands, page 89 (optional)
Specific example configurations for each procedure follow each configuration table. Proceed to the Configuration Examples for Cisco IOS Optimized Edge Routing section to see more complex example deployment configurations.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
24Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Minimum Master Controller Configuration This section describes the minimum required steps to configure a master controller process to manage an OER managed network. In this section, the following tasks are completed:
• Communication is established between the master controller and the border router.
• The communication session is protected by key-chain authentication.
• Border routers are specified for OER control.
• Internal and external border router interfaces are specified.
• Passive monitoring is enabled (by default).
• Prefix learning based on outbound packet throughput is enabled.
• Route control mode monitoring is enabled.
Master Controller
• OER administration is centralized on the master controller, which makes all policy decisions and controls the border routers.
• The master controller is not required to be in the traffic forwarding path but should be deployed near the border routers to minimize communication response time.
• The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.
Disabling a Master Controller Process
To disable a master controller and completely remove the process configuration from the running-config file, use the no oer master command in Global configuration mode.
To temporarily disable a master controller, use the shutdown command in OER master controller configuration mode. Entering the shutdown command stops an active master controller process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Manual Port Configuration
Communication between the master controller and border router is automatically carried over port 3949 when connectivity is established. Port 3949 is registered with IANA for OER communication. Support for port 3949 was introduced in Cisco IOS Release 12.3(11)T. Manual port number configuration is only required if you are running Cisco IOS Release 12.3(8)T or if you need to configure OER communication to use a dynamic port number.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
25Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Key Chain Authentication
Communication between the master controller and the border router is protected by key-chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the “Managing Authentication Keys” section of the Cisco IOS IP Configuration Guide, Release 12.3.
Restrictions
Token Ring Interfaces are not Supported
Token Ring interfaces are not supported by OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.
SUMMARY STEPS
1. enable
2. configure terminal
3. key chain name-of-chain
4. key key-id
5. key-string text
6. exit
7. exit
8. oer master
9. port port-number
10. logging
11. border ip-address [key-chain key-chain-name]
12. interface type number external
13. interface type number internal
14. exit
15. keepalive timer
16. mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
17. learn
18. throughput
19. end
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
26Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 key chain name-of-chain
Example:Router(config)# key chain OER
Enables key-chain authentication.
• Key-chain authentication protects the communication session between the master controller and the border router. The key ID and key string must match in order for communication to be established.
Step 4 key key-id
Example:Router(config-keychain)# key 1
Identifies an authentication key on a key chain.
• The key ID must match the key ID configured on the border router.
Step 5 key-string text
Example:Router(config-keychain-key)# key-string CISCO
Specifies the authentication string for the key.
• The authentication string must match the authentication string configured on the border router.
• Any encryption level can be configured.
Step 6 exit
Example:Router(config-keychain-key)# exit
Exits key chain key configuration mode, and enters key chain configuration mode.
Step 7 exit
Example:Router(config-keychain)# exit
Exits key chain configuration mode, and enters Global configuration mode.
Step 8 oer border | master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller.
• A master controller and border router process can be enabled on the same router. For example, in a network that has a single router with two exit links to different service providers.
Step 9 port port-number (Optional) Configures a dynamic port for communication between the master controller and border router.
• Communication cannot be established until the same port number has been configured on both the master controller and the border router.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
27Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example:Router(config-oer-mc)# port 65534
Note Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.
Step 10 logging
Example:Router(config-oer-mc)# logging
Enables syslog event logging for a master controller or border router process.
• The notice level of syslog is enabled by default.
Step 11 border ip-address [key-chain key-chain-name]
Example:Router(config-oer-mc)# border 10.100.1.1 key-chain OER
Enters OER managed border router configuration mode to establish communication with a border router.
• An IP address is configured to identify the border router.
• At least one border router must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller.
• The value for the key-chain-name argument must match the key-chain name configured in Step 3.
Note The key-chain keyword and argument must be entered when a border router is initially configured. However, this keyword is optional when reconfiguring an existing border router.
Step 12 interface type number external
Example:Router(config-oer-mc-br)# interface Ethernet 0/0 external
Configures a border router interface as an OER managed external interface.
• External interfaces are used to forward traffic and for active monitoring.
• A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 external interfaces can be controlled by single master controller.
Tip Configuring an interface as external also enters OER Border Exit configuration mode. In this mode you can configure maximum link utilization or cost-based optimization for the interface.
Note Entering the interface command without the external or internal keyword, places the router in Global configuration mode and not OER Border Exit configuration mode. The no form of this command should be applied carefully so that active interfaces are not removed from the router configuration.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
28Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 13 interface type number internal
Example:Router(config-oer-mc-br)# interface Ethernet 0/1 internal
Configures a border router interface as an OER controlled internal interface.
• Internal interfaces are used for passive monitoring only. Internal interfaces do not forward traffic.
• At least one internal interface must be configured on each border router.
Step 14 exit
Example:Router(config-oer-mc-br)# exit
Exits OER managed border router configuration mode, and enters OER master controller configuration mode.
Step 15 keepalive timer
Example:Router(config-oer-mc)# keepalive 10
(Optional) Configures the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received.
• The example sets the keep alive timer to 10 seconds.
Step 16 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
Example:Router(config-oer-mc)# mode route control
Configures route monitoring or route control on an OER master controller. The route keyword is used to enable control mode or observe mode.
• In control mode, the master controller analyzes monitored prefixes and implements changes based on policy parameters.
• In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes.
Step 17 learn
Example:Router(config-oer-mc)# learn
Enters OER Top Talker and Top Delay learning configuration mode to enable prefix learning.
• Prefixes can be learned based on highest outbound throughput or lowest delay.
Step 18 throughput
Example:Router(config-oer-mc-learn)# throughput
Configures OER to learn the top prefixes based on the highest outbound throughput.
• The master controller uses the list of Top Talker prefixes to select the exit with the highest throughput when the periodic timer expires or immediately if a prefix becomes unreachable.
Step 19 end
Example:Router(config-oer-mc-learn)# end
Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
29Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following configuration example, starting in Global configuration mode, shows the minimum configuration required to configure a master controller process to control an OER managed network:
A key-chain configuration named OER is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
The master controller is configured to communicate with the 10.100.1.1 and 10.200.2.2 border routers. The keep alive interval is set to 10 seconds. Route control mode is enabled. Internal and external OER controlled border router interfaces are defined.
Router(config)# oer master Router(config-oer-mc)# keepalive 10 Router(config-oer-mc)# mode route control Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc-br)# exitRouter(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc)# exit
Automatic prefix learning based on highest outbound throughput is enabled.
Router(config-oer-mc)# learn Router(config-oer-mc-learn)# throughput Router(config-oer-mc-learn)# end
What to Do Next
Border routers must be configured to complete the minimum configuration of the OER managed network. Proceed to the next section to see instructions for configuring the border routers.
Minimum Border Router Configuration This section describes the minimum required steps to configure a border router process. In this section, the following tasks are completed:
• Communication is established between the border router and master controller.
• The communication session is protected by key-chain authentication.
• A local interface is configured as the source for communication with the master controller.
• External interfaces are configured as OER managed exit links.
Border Router
• The border router is an enterprise edge router with one or more exit links to an ISP or other participating network.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
30Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• The border router is deployed on the edge of the network, so the border router must be in the forwarding path.
• A border router process can be enabled on the same router as a master controller process.
Interface Configuration
• Each border router must have at least one external interface that is used to connect to an ISP or is used as an external WAN link. A minimum of two are required in an OER managed network.
• Each border router must have at least one internal interface. Internal interfaces are used for only passive performance monitoring with NetFlow. Internal interfaces are not used to forward traffic.
• Each border router must have at least one local interface. Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router.
Tip If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface.
Disabling a Border Router Process
To disable a border router and completely remove the process configuration from the running-config file, use the no oer border command in Global configuration mode.
To temporarily disable a border router process, use the shutdown command in OER border router configuration mode. Entering the shutdown command stops an active border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.
Prerequisites
Interfaces Must be Defined
Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.
Restrictions
Internet Exchange Point over Broadcast Media
Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
31Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
SUMMARY STEPS
1. enable
2. configure terminal
3. key chain name-of-chain
4. key key-id
5. key-string text
6. exit
7. exit
8. oer border
9. port port-number
10. local type number
11. master ip-address key-chain key-chain-name
12. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 key chain name-of-chain
Example:Router(config)# key chain OER
Enables key-chain authentication.
• Key-chain authentication protects the communication session between the both the master controller and the border router. The key ID and key string must match in order for communication to be established.
Step 4 key key-id
Example:Router(config-keychain)# key 1
Identifies an authentication key on a key chain.
• The key ID must match the key ID configured on the master controller.
Step 5 key-string text
Example:Router(config-keychain-key)# key-string CISCO
Specifies the authentication string for the key.
• The authentication string must match the authentication string configured on the master controller.
• Any level of encryption can be configured.
Step 6 exit
Example:Router(config-keychain-key)# exit
Exits key chain key configuration mode, and enters key chain configuration mode.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
32Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following configuration example, starting in Global configuration mode, shows the minimum required configuration to enable a border router:
The key-chain configuration is defined in Global configuration mode.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit
Step 7 exit
Example:Router(config-keychain)# exit
Exits key chain configuration mode, and enters Global configuration mode.
Step 8 oer border | master
Example:Router(config)# oer border
Enters OER border router configuration mode to configure a router as a border router.
• The border router must be in the forwarding path and contain at least one external and internal interface.
Step 9 port port-number
Example:Router(config-oer-br)# port 65535
(Optional) Configures a dynamic port for communication between an OER master controller and border router.
• Communication cannot be established until the same port number has been configured on both the border router and the master controller.
Note Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.
Step 10 local type number
Example:Router(config-oer-br)# local Ethernet 0/1
Identifies a local interface on an OER border router as the source for communication with an OER master controller.
• A local interface must be defined.
Tip A loopback should be configured when a single router is configured to run both a master controller and border router process.
Step 11 master ip-address key-chain key-chain-name
Example:Router(config-oer-br)# master 192.168.1.1 key-chain OER
Enters OER managed border router configuration mode to establish communication with a master controller.
• An IP address is used to identify the master controller.
• The value for the key-chain-name argument must match the key-chain name configured in Step 3.
Step 12 end
Example:Router(config-oer-br)# end
Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
33Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
The key-chain OER is applied to protect communication. An interface is identified to the master controller as the local source interface for OER communication.
Router(config)# oer border Router(config-oer-br)# local Ethernet 0/1 Router(config-oer-br)# master 192.168.1.1 key-chain OER Router(config-oer-br)# end
What to Do Next
Prefix learning based on the highest outbound throughput was enabled in the “Minimum Master Controller Configuration” section. Proceed to the next section to see more information about configuring and customizing prefix learning on the master controller.
Configuring Prefix Learning This section describes the commands that are used to configure prefix learning on a master controller in OER Top Talker and Top Delay configuration mode. The learn command is entered in OER master controller configuration mode and is required to enter OER Top Talker and Top Delay configuration mode. All commands described in this section are optional.
The tasks described in this section allow you to configure the following:
• Prefix learning based on highest outbound throughput or lowest delay time
• Port and protocol based prefix learning
• Prefix learning period timers and intervals
• Maximum number of prefixes that can be learned
Defaults
The following defaults are applied when a prefix learning is enabled:
• Aggregation is performed based on a /24 prefix length
• Up to five host addresses are learned for active monitoring when a prefix is aggregated
• The top 100 traffic flows are learned
• The learning period is five minutes
• The interval between prefix learning periods is 120 minutes
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. learn
5. aggregation-type bgp | non-bgp | prefix-length prefix-mask
6. delay
7. monitor-period minutes
8. periodic-interval minutes
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
34Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
9. prefixes number
10. protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
11. throughput
12. exit
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a Cisco router as a master controller and to configure master controller policy and timer settings.
Step 4 learn
Example:Router(config-oer-mc)# learn
Enters OER Top Talker and Top Delay learning configuration mode to configure prefix learning policies and timers.
Step 5 aggregation-type bgp | non-bgp | prefix-length prefix-mask
Example:Router(config-oer-mc-learn)# aggregation-type bgp
(Optional) Configures a master controller to aggregate learned prefixes based on traffic flow type.
• The bgp keyword configures prefix aggregation based on entries in the BGP routing table. This keyword is used if iBGP peering is enabled in the internal network.
• The non-bgp keyword configures learned prefix aggregation based on static routes. Entries in the BGP routing table are ignored when this keyword is entered.
• The prefix-length keyword configures aggregation based on the specified prefix length. The range of values that can be configured for this argument is a prefix mask from 1 to 32.
• The example configures BGP prefix aggregation.
Step 6 delay (Optional) Enables prefix learning based on the lowest delay time (round-trip response time).
• When this command is enabled, the master controller learn prefixes based on the lowest delay time. The master controller measures the delay for monitored prefixes when this command is enabled.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
35Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example:Router(config-oer-mc-learn)# delay
• The master controller uses the list of Top Delay prefixes to select the prefixes with the lowest delay time.
• The example configures a master controller to learn top prefixes based on the lowest delay.
Step 7 monitor-period minutes
Example:Router(config-oer-mc-learn)# monitor-period 10
Sets the time period that an OER master controller learns traffic flows.
• The length of time between monitoring periods is configured with the periodic-interval command.
• The number of prefixes that are learned is configured with the prefixes command.
• The example sets the length of each monitoring period to 10 minutes.
Step 8 periodic-interval minutes
Example:Router(config-oer-mc-learn)# periodic-interval 20
Sets the time interval between prefix learning periods.
• The length of time of the learning period is configured with the monitor-period command.
• The number of prefixes that are learned is configured with the prefixes command.
• The example sets the time interval between monitoring periods to 20 minutes.
Step 9 prefixes number
Example:Router(config-oer-mc-learn)# prefixes 200
Sets the number of prefixes that the master controller will learn during the monitoring period.
• The length of time of the learning period is configured with the monitor-period command.
• The length of time between monitoring periods is configured with the periodic-interval command.
• The example configures a master controller to learn 200 prefixes during each monitoring period.
Step 10 protocol protocol-number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]
Configures the master controller to learn prefixes based on a protocol number, TCP or UDP port number, or a range of port numbers.
• Filtering based on a specific protocol is configured with the protocol-number argument.
• TCP or UDP based filtering is enabled by configuring the tcp or udp argument.
• Port based filtering is enabled by configuring the port keyword. Port number ranges can be filtered based on greater-than or equal-to and less-than or equal-to filtering, or can be filtered by specifying a starting and ending port numbers with the range keyword.
• Prefix destination or source based filtering is enabled by configuring the dst or src keywords.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
36Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
What to Do Next
This section shows how to configure a master controller to automatically learn prefixes to monitor. Prefixes can also be manually selected for monitoring. Proceed to the next section to see information about manually importing prefixes.
Manually Selecting Prefixes for Monitoring This section describes how to manually select prefixes for monitoring. An IP prefix list is created to define the prefix or prefix range. The prefix list is then imported into the central policy database by configuring a match clause in an OER map. The following IP prefix list configuration options are supported:
• An exact prefix (/32)
• A specific prefix length and any subset (for example, a /24 under a /16)
• A specific prefix and all more specific routes (le 32)
• All prefixes (0.0.0.0/0)
Manually Excluding Prefixes
An IP prefix list with a deny statement is used to configure the master controller to exclude a prefix or prefix length. Deny prefix list sequences should be applied in the lowest oer-map sequences for best performance.
Example:Router(config-oer-mc-learn)# protocol 88
• The example configures a master controller to learn EIGRP prefixes during each monitoring period.
Step 11 throughput
Example:Router(config-oer-mc-learn)# throughput
Configures the master controller to learn the top prefixes based on the highest outbound throughput.
• When this command is enabled, the master controller will learn the top prefixes across all border routers according to the highest outbound throughput.
• The example configures a master controller to learn the top prefixes based on highest outbound throughput.
Step 12 exit
Example:Router(config-oer-mc)# exit
Exits OER Top Talker and Top Delay learning and configuration mode, and enters global configuration mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
37Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
OER Map Operation
The operation of an OER map is similar to the operation of a route-map. An OER map is configured to select an IP prefix list or OER learn policy using a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route-map, and the OER map with the lowest sequence number is evaluated first.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value]
4. oer-map map-name sequence-number
5. match ip address prefix-list name
6. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value]
Example:Router(config)# ip prefix-list PREFIXES seq 20 permit 192.168.1.0/24
Creates a prefix list to manually select prefixes for monitoring.
• A master controller can monitor and control an exact prefix of any length including the default route. The master controller acts only on the configured prefix.
• A master controller can monitor and control an inclusive prefix using the le 32 option. The master controller acts on the configured prefix and forces any more specific prefixes in the RIB to use the same exit.
Note This option should not be needed in typical deployments, and should be applied carefully.
• The example creates an IP prefix list for OER to monitor and control the exact prefix, 192.168.1.0/24
Step 4 oer-map map-name sequence-number Enters oer-map configuration mode to create or configure an OER map.
• OER map operation is similar to that of route-maps.
• Only a single match clause can be configured for each oer-map sequence.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
38Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example creates an oer-map named PREFIXES that matches traffic defined in the IP prefix lists named EXCLUDE and IMPORT. The prefix-list named EXCLUDE defines a deny sequence for all prefixes or host routes in the 192.168.0.0/16 subnet. The master controller will exclude these prefixes from the master controller database. The prefix-list named IMPORT defines a permit sequence to manually import the exact prefix 10.4.9.0/24.
Router(config)# ip prefix-list seq 10 EXCLUDE deny 192.168.0.0/16 le 32 Router(config)# ip prefix-list seq 10 IMPORT permit 10.4.9.0/24 Router(config)# !Router(config)# oer-map PREFIXES 10 Router(config-oer-map)# match ip address prefix-list EXCLUDE Router(config-oer-map)# exit Router(config)# oer-map PREFIXES 20 Router(config-oer-map)# match ip address prefix-list IMPORT Router(config-oer-map)# end
Tip Notice that the deny prefix list is configured with the lowest oer-map sequence number. For best performance, all deny sequences should be configured in same prefix list and applied to the lowest oer-map sequence.
What to Do Next
Proceed to the next section to see information about configuring active probing.
Configuring Active Probing This section describes how to enable active monitoring and how to configure active probing. Active monitoring is enabled with the mode command, and active probing is configured with the active-probe command in OER master controller mode. Active probes are configured with a specific host or target address. Active probes are sourced on the border router. The active probe source external interface may or may not be the preferred route for an optimized prefix.
Example:Router(config)# oer-map IMPORT 10
• Common and deny sequences should be applied to lowest oer-map sequence for best performance.
• The example creates an oer-map named IMPORT.
Step 5 match ip address prefix-list name
Example:Router(config-oer-map)# match ip address prefix-list PREFIXES
Creates a prefix list match clause entry in an oer-map to apply OER policies.
• This command supports IP prefix lists only.
• The example configures the prefix list PREFIXES.
Step 6 end
Example:Router(config-oer-map)# end
Exits oer-map configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
39Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Active Probing over eBGP Peerings
For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.
ICMP Echo Probes
Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
Defaults
The following defaults are applied when a active monitoring is enabled:
• The border router collects up to five host addresses from the prefix for active probing when a prefix is learned or aggregated.
• Active probes are sent once per minute.
• ICMP probes are used to actively monitor learned prefixes.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
5. active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
6. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
40Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Note Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.
Examples
ICMP Echo Example
The following example configures an active probe using an ICMP echo (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.
Router(config-oer-mc)# active-probe echo 10.4.9.1
TCP Connection Example
The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.
Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23
Step 4 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
Example:Router(config-oer-mc)# mode monitor both
Configures route monitoring or route control on an OER master controller.
• The monitor keyword is used to configure active and/or passive monitoring.
• The example enables both active and passive monitoring.
Step 5 active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}
Example:Router(config-oer-mc)# active-probe echo 10.5.5.55
Configures an active probe for a target prefix.
• Active probing measures delay and jitter of the target prefix more accurately than is possible with only passive monitoring.
• Active Probing requires you to configure a specific host or target address.
• Active probes are sourced from an OER managed external interfaces. This external interface may or may not be the preferred route for an optimized prefix.
• A remote responder with the corresponding port number must be configured on the target device when configuring an UDP echo probe or when configuring a TCP connection probe that is configured with a port number other than 23. The remote responder is configured with the ip sla monitor responder Global configuration command.
Step 6 end
Example:Router(config)# end
Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
41Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
UDP Echo Example
The following example configures an active probe using UDP echo messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.
Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001
UDP Remote Responder Example
The following example configures an RTR responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.
Border-Router(config)# ip sla monitor responder type udpEcho port 1001
TCP Remote Responder Example
The following example configures an RTR responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured for TCP active probes that do not use the TCP well-known port number 23.
Border-Router(config)# ip sla monitor responder type tcpConnect port 49152
Note A remote responder is required for TCP connection probes only when a port other than 23 is configured.
What to Do Next
If you need to configure a specific interface as the source for active monitoring, proceed to the next section for more information.
Configuring the Source Address of an Active Probe The section describes how to specify the source interface for active probing. The active probe source interface is configured on the border router with the active-probe address source in OER border router configuration mode. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface.
Defaults
• The source IP address is used from the default OER external interface that transmits the active probe when this command is not enabled or if the no form is entered.
• If the interface is not configured with an IP address, the active probe will not be generated.
• If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address.
• If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and not restarted until a valid primary IP address is configured.
SUMMARY STEPS
1. enable
2. configure terminal
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
42Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
3. oer border
4. active-probe address source interface type number
5. end
DETAILED STEPS
Example
The following example, starting in Global configuration mode, configures FastEthernet 0/0 as the active-probe source interface.
Router(config)# oer border Router(config-oer-br)# active-probe address source interface FastEthernet 0/0 Router(config-oer-br)# end
What to Do Next
Traceroute reporting can be enable to gather hop-by-hop delay, loss, reachability statistics. Proceed to the next section for more information.
Configuring Traceroute Reporting This section describes how to configure trace route reporting. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit.
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer border
Example:Router(config)# oer border
Enters OER border router configuration mode to configure a router as a border router.
Step 4 active-probe address source interface type number
Example:Router(config-oer-br)# active-probe address source interface FastEthernet 0/0
Configures an interface on a border router as the active-probe source.
• The example configures interface FastEthernet 0/0 as the source interface.
Step 5 end
Example:Router(config-oer-br)# end
Exits OER border router configuration mode, and enters Privileged EXEC mode.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
43Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Continuous and policy based traceroute reporting is configured with the set traceroute reporting oer-map configuration mode command. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode. On-demand traceroute probes are triggered by entering the show oer master prefix command with the traceroute and now keywords.
Defaults
When traceroute reporting is enabled, the default time interval between traceroute probes is 1000 milliseconds.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. traceroute probe-delay milliseconds
5. exit
6. oer-map map-name sequence-number
7. match oer learn delay | throughput
8. set traceroute reporting [policy {delay | loss | unreachable}]
9. end
10. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.
Step 4 traceroute probe-delay milliseconds
Example:Router(config-oer-mc)# traceroute probe-delay 1000
Sets the time interval between traceroute probe cycles.
• The example sets the probe interval to a 10000 milliseconds.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
44Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 5 exit
Example:
Exits OER master controller configuration mode, and enters Global configuration mode.
Step 6 oer-map map-name sequence-number
Example:Router(config)# oer-map TRACE 10
Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.
• Only one match clause can be configured for each oer-map sequence.
• The example creates and OER map named TRACEROUTE.
Step 7 match oer learn delay | throughput
Example:Router(config-oer-map)# match oer learn delay
Creates a match clause entry in an oer-map to match learned prefixes.
• Can be configured to learn prefixes based on lowest delay or highest outbound throughput.
• Only a single match clause can be configured for each oer-map sequence.
• The example creates a match clause entry that matches traffic learned based on lowest delay.
Step 8 set traceroute reporting [policy {delay | loss | unreachable}]
Example:Router(config-oer-map)# set traceroute reporting
Configures an OER map to enable traceroute reporting.
• Monitored prefixes must be included in an OER map. These can be learned or manually selected prefixes.
• Entering this command with no keywords enables continuous monitoring.
• Entering this command the policy keyword enables policy-based trace route reporting.
Step 9 end
Example:Router(config-oer-map)# end
Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Step 10 show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
Displays the status of monitored prefixes.
• An on-demand traceroute probe is initiated by entering the current and now keywords.
• The current keyword displays the results of the most recent traceroute probe for the current exit.
• Traceroute probe results can be displayed for the specified border router exit by entering the exit-id or border-address keyword.
Example:Router# show oer master prefix 10.5.5.5 traceroute now
• The example initiates an on-demand traceroute probe for the 10.5.5.55 prefix.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
45Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example
The following example, starting in Global configuration mode, configures continuous traceroute reporting for prefix learned based on delay:
Router(config)# oer master Router(config-oer-mc)# traceroute probe-delay 10000 Router(config-oer-mc)# exit Router(config)# oer-map TRACE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set traceroute reporting Router(config-oer-map)# end
The following example, starting in Privileged EXEC mode, initiates an on-demand traceroute probe for the 10.5.5.5 prefix:
Router# show oer master prefix 10.5.5.55 traceroute current now
Path for Prefix: 10.5.5.0/24 Target: 10.5.5.5 Exit ID: 2, Border: 10.1.1.3 External Interface: Et1/0 Status: DONE, How Recent: 00:00:08 minutes oldHop Host Time(ms) BGP 1 10.1.4.2 8 0 2 10.1.3.2 8 300 3 10.5.5.5 20 50
What to Do Next
In the “Minimum Master Controller Configuration” section prefix learning based on highest outbound throughput is configured and only default prefix and exit link policies are enabled, using global settings. Proceed to the next section to configure and customize global prefix and exit link policies.
Configuring Prefix and Exit Link Policies This section describes commands that are used to configure global prefix and exit link policies in OER master controller configuration mode. The oer master command is required to enter OER master controller configuration mode. All other command listed in this section are optional.
Prefix Policies
A prefix policy is a set of rules that govern the performance characteristics for a network address. The network address can be a single end point within a network or an entire subnet. A prefix is defined as any network number with a prefix mask applied to it. The performance characteristics that are managed by a prefix policy are reachability, delay, and packet loss.
Note Prefix policies will always override exit link policies.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
46Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Exit Link Policies
An exit link policy is a set of rules that govern the performance of an OER managed exit link. Prefixes are moved to another exit link to bring an exit link in-policy. The performance characteristics that are managed by a link policy are traffic load distribution, link utilization (range), and link bandwidth monetary cost. An exit link policy can define total outbound throughput or total link utilization.Exit link utilization policies can be defined for a single exit link or all OER managed exit links.
Tip When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.
Adjusting Cisco IOS OER Timers
Configuring a new timer value will immediately replaces the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
Note Over aggressive settings can keep an exit link or prefix in an out-of-policy state.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. backoff min-timer max-timer [step-timer]
5. delay relative percentage | threshold maximum
6. holddown timer
7. loss relative average | threshold maximum
8. max-range-utilization percent maximum
9. periodic timer
10. unreachable relative average | threshold maximum
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
47Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Step 4 backoff min-timer max-timer [step-timer]
Example:Router(config-oer-mc)# backoff 400 4000 400
Sets the backoff timer to adjust the time period for prefix policy decisions.
• The min-timer argument is used to set the minimum transition period in seconds.
• The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes.
• The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached.
Step 5 delay relative percentage | threshold maximum
Example:Router(config-oer-mc)# delay relative 800
Sets the delay threshold as a relative percentage or as an absolute value.
• The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements.
• The threshold keyword is used to configure the absolute maximum delay period in milliseconds.
• If the configured delay threshold is exceeded, then the prefix is out-of-policy.
• The example sets a delay threshold of 80 percent based on a relative average.
Step 6 holddown timer Configures the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
• OER does not implement policy changes while a prefix is in the holddown state.
• When the holddown timer expires, OER will select the best exit based on performance and policy configuration.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
48Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example:Router(config-oer-mc)# holddown 600
• An an immediate route change will be triggered if the current exit for a prefix becomes unreachable.
• The example sets the prefix route dampening timer to 600 seconds.
Step 7 loss relative average | threshold maximum
Example:Router(config-oer-mc)# loss relative 200
Sets the relative or maximum packet loss limit that OER will permit for an exit link.
• The relative keyword sets a relative percentage of packet loss based on a comparison of short-term and long-term packet loss percentages.
• The threshold keyword sets the absolute packet loss based on packets per million.
• The example configures the master controller to search for a new exit link when the relative percentage of packet loss is equal to or greater than 20 percent.
Step 8 max-range-utilization percent maximum
Example:Router(config-oer-mc)# max-range-utilization 80
Sets the maximum utilization range for all OER managed exit links for load distribution.
• OER will equalizes traffic across all exit links by moving prefixes from over utilized or out-of-policy exits to in-policy exits.
• If exit link utilization is equal to or greater than the configured or default maximum utilization value, OER will select an optimal exit link to bring the affected prefixes back into policy.
• The example sets the maximum utilization range for OER managed exit links to 80 percent:
Step 9 periodic timer
Example:Router(config-oer-mc)# periodic 300
Configures OER to periodically select the best exit link when the periodic timer expires.
• When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links.
• The mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires.
• The example sets the periodic timer to 300 seconds. When the timer expires OER will select either the best exit or the first in-policy exit.
Step 10 unreachable relative average | threshold maximum
Sets the maximum number of unreachable hosts.
• Specifies the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm). If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
49Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
Loss Policy Example
The following example configures the master controller to move prefixes to an in-policy exit link when the relative percentage of packet loss is equal to or greater than 20 percent:
Router(config-oer-mc)# loss relative 200
Delay Policy Example
The following example sets the absolute delay threshold to 100 milliseconds:
Router(config-oer-mc)# delay threshold 100
Prefix Timer Policy Example
The following example adjusts the period of time that the master controller holds prefixes during transition states and the period time that the prefix must use an exit before a new exit can be selected. The backoff command sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds. The holddown command sets the prefix route dampening timer to 10 minutes.
Router(config-oer-mc)# backoff 400 4000 400Router(config-oer-mc)# holddown 600
Exit Link Selection Example
The following example configures the master controller to evaluate OER managed exit links every 5 minutes and then move out-of-policy prefixes to the first in-policy exit.
Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good
Load Distribution Example
The following examples configures the master controller to set the maximum utilization range for OER managed exit links to 40 percent:
Router(config-oer-mc)# max-range-utilization 40
What to Do Next
To configure exit link policies based on the monetary cost of the exit links in your network, proceed to the next section for more information.
Example:Router(config-oer-mc)# unreachable relative 100
• The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements.
• The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm.
• The example configures OER to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
50Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Configuring Cost-Based Optimization This section describes how to configure cost-based optimization. Cost-based optimization is configured on a master controller with the cost-minimization command in OER border exit interface configuration mode (under the external interface configuration). Cost-based optimization supports tiered and fixed billing methods.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. border ip-address [key-chain key-chain-name]
5. interface type number external
6. cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]}
7. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Step 4 border ip-address [key-chain key-chain-name]
Example:Router(config-oer-mc)# border 10.100.1.1 key-chain OER
Enters OER managed border router configuration mode to establish communication with a border router.
Note The key-chain keyword is required only for initial border router configuration.
Step 5 interface type number external
Example:Router(config-oer-mc-br)# interface Ethernet 0/0 external
Enters OER Border Exit configuration mode to configure a border router interface as an external interface.
• At least one external interface must be configured on each border router.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
51Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 6 cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]
Example:Router(config-oer-mc-br-if)# cost-minimization calc combined
Example:Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180
Example:Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800
Configures cost-based optimization policies on a master controller.
• Cost-based optimization supports fixed or tier based billing, inbound and outbound cost measurements, and very granular sampling.
• The calc keyword is used to configure how the fee is calculated. You can configure the master controller to combine ingress and egress samples, to first add and then combine, or to analyze ingress and egress samples separately.
• The discard keyword is used to configure the number of samples that are removed for bursty link usage. It is specified as a percentage or as an absolute value. If a sampling rollup is configured, the discard values also applies to the rollup. If the daily keyword is entered, samples are analyzed and discarded on a daily basis. At the end of the billing cycle, monthly sustained usage is calculated by averaging daily sustained utilization.
• The end keyword is used to configure the last day of the billing cycle. Entering the offset keyword allows you to adjust the end of the cycle to compensate for an service provider in a different zone.
• The fixed keyword is configured when the service provider bills for network access over the specified exit link at a flat rate. The fee keyword is optionally used to specify the exit link cost.
• The nickname keyword is used to apply label that identifies the service provider.
• The sampling keyword is used to configure the time intervals at which link utilization samples are gathered. By default, the link is sampled every five minutes. The rollup keyword is used to reduce the number of samples by aggregating them. All samples collected during the rollup period are averaged to calculate rollup utilization.
Note The minimum number that can be entered for the rollup period must be equal to or greater than the number that is entered for the sampling period.
• The first example configures fee calculation based on combined ingress and egress samples.
• The second example sets 30 as the billing end date, and applies a three hour offset.
• The third example configures a tiered fee of 1000 at 100 percent utilization, a tiered fee of 900 at 90 percent utilization, and a tiered fee of 800 at 80 percent utilization.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
52Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.
Router(config)# oer masterRouter(config-oer-mc)# border 10.5.5.55 key-chain keyRouter(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br-if)# cost-minimization nickname ISP1 Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180 Router(config-oer-mc-br-if)# cost-minimization calc separate Router(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60 Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000 Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900 Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800 Router(config-oer-mc-br-if)# exit
What to Do Next
To set the priority for multiple overlapping policies, proceed to the next section.
Configuring Resolve Policies When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority. Assigning a priority value to any policy will override the default settings.
Setting Variance for Resolve Policies
When setting resolve settings, you can also set an allowable variance for a user-defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal. Variance cannot be configured for cost or range policies.
SUMMARY STEPS
1. enable
2. configure terminal
Step 7 end
Example:Router(config-oer-mc-br-if)# end
Exits OER border exit configuration mode, and enters Privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
53Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
3. oer master
4. resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
5. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Step 4 resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
Example:Router(config-oer-mc)# resolve cost priority 1 Router(config-oer-mc)# resolve loss priority 2 variance 10Router(config-oer-mc)# resolve delay priority 3 variance 20
Sets policy priority or resolves policy conflicts.
• This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.
• The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to a policy. Setting the number 10 assigns the lowest priority.
• Each policy must be assigned a different priority number.
• The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent.
• The example sets the priority for cost policies to 1, the priority for loss policies to 2 with a 10 percent variance, the priority for delay policies to 3 with a 20 percent variance.
Note Variance cannot be configured for range or cost policies
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
54Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
Resolve with Variance Policy Example.
The following example configures a resolve policy that sets delay to the highest priority, followed by loss, and then utilization. The delay policy is configured to allow a 20 percent variance., the loss policy is configured to allow a 30 percent variance, and the utilization policy is configured to allow a 10 percent variance.
Router(config-oer-mc)# resolve delay priority 1 variance 20 Router(config-oer-mc)# resolve loss priority 2 variance 30 Router(config-oer-mc)# resolve utilization priority 3 variance 10
What to Do Next
Observe mode monitoring was enabled in the “Minimum Master Controller Configuration” section. Proceed to the next section to see information about configuring and customizing the Cisco IOS OER mode of operation.
Configuring Cisco IOS OER Modes of Operation This section describes commands that are used to configure the mode of operation in OER master controller configuration mode. The master controller can be configured to operate in observe mode or control mode. A Cisco IOS OER managed network can be configured to use active and passive monitoring or both active and passive monitoring. The oer master command is required to enter OER master controller configuration mode.
Observe Mode
Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.
Control Mode
In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.
Note Route redistribution is required when control mode is enabled on the master controller.
Step 5 end
Example:Router(config-oer-mc)# end
Exits OER master controller configuration mode, and enters Privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
55Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Optimal Exit Link Selection
Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.
Step 4 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}
Example:Router(config-oer-mc)# mode monitor both
Example:Router(config-oer-mc)# mode route control
Example:Router(config-oer-mc)# mode select-exit best
Configures route monitoring or route control on an OER master controller.
• The monitor keyword is used to configure active and/or passive monitoring. The first example enables both active and passive monitoring.
• The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example enable OER control mode.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
56Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example enables both active and passive monitoring, control mode, and sets the master controller to evaluate and select the first in-policy exit every 5 minutes. (The monitored prefix is moved only if the prefix is out-of-policy.) Active and passive monitoring is enabled with the mode monitor both command. Route control is enabled with the mode route control command. The time period between the exit selection process is configured with the periodic command. The selection of the first in-policy exit is configured with the mode select-exit good command.
Router(config)# oer master Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good
What to Do Next
Proceed to the next section to see information about configuring OER policies with an oer-map.
Configuring OER Policies with an OER Map This section describes commands that are used to configure policies to be applied to prefixes through an OER Map. The oer-map command is required to enter oer-map 1configuration mode. All other command listed in this section are optional.
Note Policies applied in an OER map do not override global policies. These policies are only applied to prefixes that match the oer-map match criteria.
OER Map Operation
The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes or to select OER learn policies using a match clause and then to apply OER policy configurations using a set clause. The oer-map is configured with a sequence number like a route-map, and the oer-map with the lowest sequence number is evaluated first. The operation of an OER map differs from a route map at this point. There are two important distinctions:
• Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence.
• The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered and the first in-policy exit when the good keyword is entered. The third example configures the master controller to select the best available exit for monitored prefixes.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
57Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
• An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the oer-map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the OER map with the lowest sequence number.
IP Prefix Lists
Cisco IOS OER supports three IP prefix configuration options for importing prefixes. The master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16).
IP prefix list permit and deny statements are supported by Cisco IOS OER. An IP prefix list with a deny statement can be used to exclude a prefix or prefix length. Any prefix length can be specified for a deny IP prefix list.
Adjusting OER Timers
An oer-map can be used to configure OER timers for traffic that is defined as match criteria. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
4. oer-map map-name sequence-number
5. match ip address prefix-list prefix-list-name
6. match oer learn {delay | throughput }
7. set backoff min-timer max-timer [step-timer]
8. set delay relative percentage | threshold maximum
9. set holddown timer
10. set loss relative average | threshold maximum
11. set periodic timer
12. set resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
13. set unreachable relative average | threshold maximum
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
58Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters Global configuration mode.
Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
Example:Router(config)# ip prefix-list OER seq 10 permit 10.4.9.0/24
Creates an IP prefix list.
• IP prefix lists are used to manual select prefixes for monitoring by the master controller.
• A master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16).
• A prefix range can also be selected using the le keyword with a 32 bit prefix length.
• The prefixes specified in the IP prefix list are imported into the oer-map with the match ip address (OER) command.
• The example creates an IP prefix list that permits prefixes from the 10.4.9.0/24 subnet.
Step 4 oer-map map-name sequence-number
Example:Router(config)# oer-map THROUGHPUT 10
Enters oer-map configuration mode to configure an OER map to apply policies to selected IP prefixes.
• Only one match clause can be configured for each oer-map sequence.
• Deny sequences must be defined in an IP prefix list and then applied with the match ip address (OER) command.
• The example creates an oer-map named THROUGHPUT.
Step 5 match ip address prefix-list prefix-list-name
Example:Router(config-oer-map)# match ip address prefix-list OER
Creates a prefix list match clause entry in an OER map to apply OER policies.
• This command supports IP prefix lists only.
• Only a single match clause can be configured for each OER map sequence.
• The example configures the prefix list named OER as match criteria in an OER map.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
59Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 6 match oer learn delay | throughput
Example:Router(config-oer-map)# match oer learn delay
Creates a match clause entry in an OER map to match OER learned prefixes.
• Prefixes can be configured to learn prefixes based on lowest delay or highest outbound throughput.
• Only a single match clause can be configured for each OER map sequence.
• The example creates a match clause entry that matches traffic learned based on lowest delay.
Step 7 set backoff min-timer max-timer [step-timer]
Example:Router(config-oer-map)# set backoff 400 4000 400
Creates a set clause entry to configure the backoff timer to adjust the time period for prefix policy decisions.
• The min-timer argument is used to set the minimum transition period in seconds.
• The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes.
• The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached.
• The example creates a set clause to configure the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds for traffic that is matched in the same oer-map sequence.
Step 8 set delay relative percentage | threshold maximum
Example:Router(config-oer-map)# set delay threshold 2000
Creates a set clause entry to configure the delay threshold.
• The delay threshold can be configured as a relative percentage or as an absolute value for match criteria.
• The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements.
• The threshold keyword is used to configure the absolute maximum delay period in milliseconds.
• The example creates a set clause that sets the absolute maximum delay threshold to 2000 milliseconds for traffic that is matched in the same oer-map sequence.
Step 9 set holddown timer Creates a set clause entry to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
• The prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.
• OER does not implement policy changes while a prefix is in the holddown state.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
60Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example:Router(config-oer-map)# set holddown 400
• The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes.
• An immediate route change will be triggered if the current exit for a prefix becomes unreachable.
• The example creates a set clause that sets the holddown timer to 400 seconds for traffic that is matched in the same oer-map sequence.
Step 10 set loss relative average | threshold maximum
Example:Router(config-oer-map)# set loss relative 200
Creates a set clause entry to configure the relative or maximum packet loss limit that the master controller will permit for an exit link.
• This command is used to configure an oer-map to configure the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy.
• The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss.
• The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.
• The example creates a set clause that configures the relative percentage of acceptable packet loss to less than 20 percent for traffic that is matched in the same oer-map sequence.
Step 11 set mode {monitor {active | both | passive} | route {control | observe}| select-exit {best | good}}
Example:Router(config-oer-map)# set mode monitor both
Example:Router(config-oer-map)# set mode route control
Creates a set clause entry to configure monitoring, control, or exit selection settings for matched traffic.
• The monitor keyword is used to configured active and/or passive monitoring. The first example creates a set clause that enables both active and passive monitoring.
• The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example creates a set clause that enables OER control mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
61Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Example:Router(config-oer-map)# set mode select-exit best
• The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered or the first in-policy exit when the good keyword is entered. The third example creates a set clause that configures the master controller to select the best available exit for matched prefixes.
Step 12 set periodic timer
Example:Router(config-oer-map)# set periodic 300
Creates a set clause entry to configure the time period for the periodic timer.
• When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links.
• The set mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires.
• The example creates a set clause that configures the periodic timer to 300 seconds for traffic that is matched in the same OER map sequence.
Step 13 set resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}
Example:Router(config-oer-map)# set resolve delay priority 1 variance 10
Creates a set clause entry to configure policy priority or resolve policy conflicts.
• This command is used to set priority for a policy type when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.
• The priority keyword is used to specify the priority value. Configuring the number 1 assigns the highest priority to a policy. Configuring the number 10 assigns the lowest priority.
• Each policy must be assigned a different priority number.
• The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent.
• Variance cannot be configured for range policies.
• The example creates set clause that configures the priority for delay policies to 1 for traffic learned based on highest outbound throughput. The variance is configured to allow a 10 percent difference in delay statistics before a prefix is determined to be out-of-policy.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
62Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
Imported Prefix Policy Example
The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This OER map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.
Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map SELECT_EXIT 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode select-exit good Router(config-oer-map)# set resolve utilization priority 1 variance 10
Learned Prefix Policy Example
The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:
Router(config)# oer-map THROUGHPUT 20 Router(config-oer-map)# match oer learn throughput Router(config-oer-map)# set loss relative 10
Step 14 set unreachable relative average | threshold maximum
Example:Router(config-oer-map)# set unreachable relative 100
Creates a set clause entry to configure the maximum number of unreachable hosts.
• This command is used to specify the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million, that a master controller will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy and searches for an alternate exit link.
• The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements.
• The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm.
• The example creates a set clause entry that configures the master controller to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent for traffic learned based on highest delay.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
63Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
What to do Next
An OER map configuration can also be applied in OER master controller configuration mode. Proceed to the next section to see more information.
Configuring Policy Rules for OER Maps The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an OER map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined OER maps.
Prerequisites
At least one oer-map must be configured before you can enable policy-rule support.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. policy-rules map-name
5. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure global prefix and exit link policies.
Step 4 policy-rules map-name Applies a configuration from an OER map to a master controller configuration in OER master controller configuration mode.
• Reentering this command with a new oer-map name will immediately overwrite the previous configuration. This behavior is designed to allow you to quickly select and switch between predefined OER maps.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
64Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the OER map configuration named BLUE under OER master controller mode:
Router(config-oer-map)# oer-map BLUE 10 Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set loss relative 900Router(config-oer-map)# exitRouter(config)# oer master Router(config-oer-mc)# policy-rules BLUE Router(config-oer-mc)# exit
What to Do Next
If iBGP peering is enabled in the internal network, proceed to the next section to see information about configuring iBGP redistribution from the border routers.
Configuring iBGP Peering on the Border Routers The master control implements policy changes by altering default routing behavior in the OER managed network. If iBGP peering is enabled on the border routers, the master controller will inject iBGP routes into routing tables on the border routers. The border routers advertise the preferred route through standard iBGP peering.
BGP Local Preference Attribute
OER uses the BGP local preference attribute to set the preference for injected BGP prefixes. If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.
Injected Routes are not Advertised to External Networks
All OER injected routes remain local to an Autonomous System. The “no-export” community is automatically applied to inject routes to ensure that are not advertised to external networks.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Example:Router(config-oer-mc)# policy-rules RED
• The example applies the configuration from the OER map named RED.
Step 5 end
Example:Router(config-oer-mc)# end
Exits OER master controller configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
65Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
eBGP Peerings
The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.
Prerequisites
Peering must be Consistently Applied
Routing protocol peering must be established in your network and consistently applied to the border routers; the border routers should have a consistent view of the network.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast]
5. neighbor ip-address | peer-group-name remote-as as-number
6. neighbor ip-address | peer-group-name activate
7. neighbor ip-address | peer-group-name send-community [both | extended | standard]
8. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 router bgp as-number
Example:Router(config)# router bgp 65534
Enters router configuration mode to create or configure a BGP routing process.
Step 4 address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast]
Example:Router(config-router)# address-family ipv4 unicast
Enters address-family configuration mode to configure a BGP address- family session.
• The example creates an IPv4 unicast address family session.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
66Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in Global configuration mode, establishes peering between two routers in autonomous system 65534. This example also configures the two routers to exchange the standard BGP communities attribute:
Border Router Configuration Router(config)# router bgp 65534 Router(config-router)# neighbor 10.100.1.3 remote-as 65534Router(config-router)# address-family ipv4 Router(config-router-af)# neighbor 10.100.1.3 activate Router(config-router-af)# neighbor 10.100.1.3 send-community standard
Internal Border Peer Configuration Router(config)# router bgp 65534 Router(config-router)# neighbor 10.100.1.2 remote-as 65534 Router(config-router)# address-family ipv4 Router(config-router-af)# neighbor 10.100.1.2 activate Router(config-router-af)# neighbor 10.100.1.2 send-community standard
What to Do Next
If BGP is configured on the border routers and another IGP is deployed in the internal network, proceed to the next section to see information about configuring redistribution from BGP into the IGP.
If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the Configuring Static Route Redistribution on the Border Routers section.
Step 5 neighbor ip-address | peer-group-name remote-as as-neighbor
Example:Router(config-router)# neighbor 10.100.1.3 remote-as 65534
Establishes BGP peering with the specified neighbor or border router.
Step 6 neighbor ip-address | peer-group-name activate
Example:Router(config-router)# neighbor 10.100.1.3 activate
Enables the exchange of address-family routing information.
Step 7 neighbor ip-address | peer-group-name send-community [both | extended | standard]
Example:Router(config-router)# neighbor 10.100.1.3 send-community standard
Configures the BGP routing process to send the BGP communities attribute to the specified neighbor.
• Each iBGP peer must be configured to send the standard BGP communities attribute.
Step 8 end
Example:Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
67Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Configuring BGP Redistribution into an IGP on the Border Routers This section describes BGP redistribution into an IGP in the OER managed network. The configuration task table and examples in this section redistribution into OSPF, but EIGRP, IS-IS, or RIP could also be used in this configuration.
Filtering Routes that are Redistributed by BGP into the IGP
When redistributing BGP into any IGP, be sure to use IP prefix-list and route-map statements to limit the number of prefixes that are redistributed. Redistributing full BGP routing tables into an IGP can have a serious detrimental effect on IGP network operation.
Redistributing OER Injected Routes by Matching on the Local-Preference Attribute
OER uses a local-preference value of 5000 (default) to move traffic to the preferred exit point in a BGP network. (This value is configured on the OER master controller.) The match local-preference can be used in place of the ip prefix-list command to redistribute OER injected routes into the IGP. The local-preference value must match the default or configured value on the master controller. Only OER injected routes will be redistributed into the IGP. A branching task for this configuration is included in the task table below. The prefix-list is not required in this configuration.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
4. route-map map-tag [permit | deny] [sequence-number]
5. match ip address prefix-list prefix-list-name
or
6. match local preference {value}
7. exit
8. router bgp as-number
9. bgp redistribute-internal
10. exit
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
68Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
11. router {eigrp as-number | is-is [area-tag] | ospf process-id | rip}
12. redistribute static [metric metric-value] [route-map map-tag]
13. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
Example:Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24
Example:Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0
Defines the prefix range to redistribute into the IGP.
• Any prefix length can be specified.
• The first longest match is processed in the IP prefix list.
• The examples creates a prefix list named PREFIXES. The first sequence permits the 10.200.2.0/24 subnet. The second sequence denies all other prefixes.
Step 4 route-map map-tag [permit | deny] [sequence-number]
Example:Router(config)# route-map BGP permit 10
Enters route-map configuration mode and configures a route map.
• The example creates a route map named BGP.
Step 5 match ip address prefix-list prefix-list-name
Example:Router(config-route-map)# match ip address prefix-list PREFIXES
Creates a prefix list match clause entry in a route-map to redistribute BGP prefixes.
• The example configures the prefix list named PREFIXES as match criteria in for the route-map.
Note Step 6 can be entered in place of this step. No prefix-list configuration is necessary when redistribution is configured based on the BGP local-preference value.
or
Step 6 match local-preference {value}
Example:Router(config-route-map)# match local-preference 5000
Configures a route map to match routes based on the BGP local-preference attribute.
• The example configures routes with a local-preference value of 5000 (default OER) to redistributed into the IGP.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
69Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in Global configuration mode, configures the border router to redistribute BGP routes into the internal network and configures the IGP (OSPF) to accept redistributed BGP routes. The first example configures redistribution using prefix lists. The second example configures redistribution using the BGP local-preference attribute. The IGP peer configuration is the same for either configuration.
Border Router Redistribution Configuration Using Prefix Lists Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24 Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0 Router(config)# ! Router(config)# route-map BGP permit 10
Step 7 exit
Example:Router(config-route-map)# exit
Exits route-map configuration mode, and enters global configuration mode.
Step 8 router bgp as-number
Example:Router(config)# router bgp 65534
Enters router configuration mode, and creates a BGP routing process.
Step 9 bgp redistribute-internal
Example:Router(config-router)# bgp redistribute-internal
Configures BGP to redistribute routes into the IGP.
Step 10 exit
Example:Router(config-router)# exit
Exits router configuration mode, and enters global configuration mode.
Step 11 router {eigrp as-number | is-is [area-tag] | ospf process-id | rip}
Example:Router(config)# router ospf 1
Enters router configuration mode, and creates a routing process.
• The example creates an OSPF routing process.
Step 12 redistribute static [metric metric-value] [route-map map-tag]
Example:Router(config-router)# redistribute static route-map BGP subnets
Redistributes static routes into the specified protocol.
• The example configures the IGP to accept the redistributed BGP routes that pass through the route map.
Note In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.
Step 13 end
Example:Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
70Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Router(config-route-map)# match ip address prefix-list PREFIXES Router(config-route-map)# exit Router(config)# router bgp 65534 Router(config-router)# bgp redistribute-internal
Border Router Redistribution Configuration Matching on the Local-Preference Attribute Router(config)# route-map BGP permit 10 Router(config-route-map)# match local-preference 5000 Router(config-route-map)# exit Router(config)# router bgp 65534 Router(config-router)# bgp redistribute-internal
IGP Peer Configuration Router(config)# router ospf 1 Router(config-router)# redistribute bgp 65534 route-map BGP subnets
What to Do Next
If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the next section.
Configuring Static Route Redistribution on the Border Routers This section describes static redistribution into an IGP in an OER managed network.
OER Tags Static Routes
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP. If you use the tag value of 5000 for another routing function, you should use a different tag value for that function, or you can change the default static tag values by configuring the mode command in OER master controller configuration mode.
Parent Route Must Exist
Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Static Routing without IGP Redistribution
If static routing is configured in your network and no IGP is deployed, OER will inject temporary static routes as necessary. No redistribution or other specific network configuration is required.
Supported Interior Gateway Protocols
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Open Shortest Path First (OSPF)
• Intermediate System-to-Intermediate System (IS-IS)
• Routing Information Protocol (RIP)
EIGRP Static Route Redistribution
Cisco IOS OER supports static route redistribution into EIGRP. However, it is configured differently. Proceed to the Configuring Static Route Redistribution into EIGRP section for more information.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
71Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
4. route-map map-tag [permit | deny] [sequence-number]
5. match tag tag-value [...tag-value]
6. set metric metric-value
7. exit
8. router {is-is area-tag | ospf process-id | rip}
9. redistribute static [metric metric-value] [route-map map-tag]
10. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
Example:Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0
Configures a static route.
• A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
72Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 4 route-map map-tag [permit | deny] [sequence-number]
Example:Router(config)# route-map STATIC permit 10
Enters route-map configuration mode and creates a route map.
• The example creates a route map named STATIC.
Step 5 match tag tag-value [...tag-value]
Example:Router(config-route-map)# match tag 5000
Redistribute routes in the routing table that match the specified tag value.
• 5000 must be configured for this tag value unless you have configured a different value with the mode command.
Step 6 set metric metric-value
Example:Router(config-route-map)# set metric -10
Sets the metric value for prefixes that pass through the route map.
• A metric value that is less than 1 must be configured in order for the OER injected static route to be preferred by default routing.
• The example set the metric value for the OER injected routes to -10.
Step 7 exit
Example:Router(config-route-map)# exit
Exits route-map configuration mode, and enters global configuration mode.
Step 8 router {is-is area-tag | ospf process-id | rip}
Example:Router(config)# router rip
Enters router configuration mode, and creates a routing process for the specified routing protocol.
Step 9 redistribute static [metric metric-value] [route-map map-tag]
Example:Router(config-router)# redistribute static route-map STATIC
Redistributes static routes into the specified protocol.
• The example configures the IGP to redistribute static routes injected from the REDISTRIBUTE_STATIC route map.
Note In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.
Step 10 end
Example:Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
73Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running RIP. The match tag command is match OER injected temporary static routes. The set metric command is used to set the preference of the injected static.
Border Router Configuration Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router rip Router(config-router)# network 192.168.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# redistribute static route-map STATIC
Internal Border Peer ConfigurationRouter(config)# route rip Router(config-router)# network 192.168.0.0 Router(config-router)# network 172.16.0.0
What to Do Next
If EIGRP is deployed in the internal network and BGP is not configured on the border routers, proceed to the next section for more information.
Configuring Static Route Redistribution into EIGRP This section describes static route redistribution into EIGRP. Under the EIGRP configuration, a tag is applied to the static route and an a distribute list is configured on all egress interfaces.
OER Tags Static Routes
OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP.
Parent Route Must Exist
Before injecting the temporary static route, the master controller verifies that a parent static route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.
Prerequisites
Peering must be Consistently Applied
IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
74Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Restrictions
Border Exits Cannot use the Same Next Hop
When two or more border routers are deployed in an OER managed network, the next hop, as installed in the RIB, to an external network on each border router cannot be an IP address from the same subnet as the next hop on the other border router.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
4. route-map map-tag [permit | deny] [sequence-number]
5. match tag tag-value [...tag-value]
6. exit
7. router eigrp as-number
8. no auto-summary
9. network ip-address [wildcard-mask]
10. redistribute static [metric metric-value] [route-map map-tag]
11. distribute-list {acl-number | acl-name | prefix-list-name} out [interface-name | routing-process | as-number]
12. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
Example:Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10
Configures a static route.
• A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized.
• Under EIGRP, a tag is applied to the static route. The tag is then filtered through a route map.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
75Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 4 route-map map-tag [permit | deny] [sequence-number]
Example:Router(config)# route-map BLUE deny 10
Enters route-map configuration mode and creates a route map.
• Two route map sequences are configured. One sequence is configured for static route redistribution and one to filter prefixes on egress interfaces.
Step 5 match tag tag-value [...tag-value]
Example:Router(config-route-map)# match tag 10
Example:Router(config-route-map)# match tag 5000
Redistribute routes in the routing table that match the specified tag value.
• The first example matches the static route tag, and the second example matches the default OER tag value applied to injected temporary static routes.
Step 6 exit
Example:Router(config-route-map)# exit
Exits route-map configuration mode, and enters global configuration mode.
Step 7 router eigrp as-number
Example:Router(config)# router eigrp 1
Enters router configuration mode, and creates an EIGRP routing process.
Step 8 no auto-summary
Example:Router(config-router)# no auto-summary
Disables automatic summarization under the EIGRP routing process.
Step 9 network ip-address [wildcard-mask]
Example:Router(config-router)# network 192.168.0.0 0.0.255.255
Specifies a network for an EIGRP routing process.
• The network state must cover any interfaces and prefixes that need to be optimized for the internal network.
Step 10 redistribute static [metric metric-value] [route-map map-tag]
Example:Router(config-router)# redistribute static route-map RED
Redistributes static routes into the specified protocol.
• The example configures the EIGRP to redistribute static routes that filter through the route map.
Step 11 distribute-list {acl-number | acl-name | prefix-list-name} out [interface-name | routing-process | as-number]
Example:Router(config-router)# distribute-list
Applies a distribute list to filter outbound advertisements.
• The distribute list must be applied to egress interfaces.
Step 12 end
Example:Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
76Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in Global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running EIGRP:
Border Router Configuration Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 tag 10Router(config)# ! Router(config)# route-map RED deny 20 Router(config-route-map)# match tag 10Router(config-route-map)# exit Router(config)# route-map RED permit 30 Router(config-route-map)# exit Router(config)# route-map BLUE permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# exit Router(config)# route-map BLUE permit 20 Router(config-route-map)# exit Router(config)# route eigrp 1 Router(config-router)# no auto-summary Router(config-router)# redistribute static route-map RED Router(config-router)# network 10.0.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# network 192.168.0.0 Router(config-router)# distribute-list route-map BLUE out Ethernet 0 Router(config-router)# distribute-list route-map BLUE out Ethernet 1
Internal Border Peer ConfigurationRouter(config)# route eigrp 1 Router(config-router)# no auto-summary Router(config-router)# network 10.0.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# network 192.168.0.0 Router(config-router)# end
Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over GRE tunnel interfaces and protected with IPSec. Both GRE and multipoint GRE tunnels are supported.
This task shows a sample IPSec VPN configuration example. In this example, the IPSec VPN is configured on the border router, and the tunnel interface is configured as an OER managed interface on the master controller. The following tasks are completed:
• An IKE policy is defined
• A transforms set is configured
• A crypto profile is defined
• A crypto map is defined
• A GRE tunnel is configured
• Tunnel interfaces are configured as an OER managed external interfaces
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
77Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Routing Prefixes that are Protected with IPSec over GRE Tunnels
The IPSec to GRE model allows a service provider to provide VPN services over the IP backbone. Both the central and remote VPN clients terminate per the IPSec-to-IPSec model. Prefixes are encapsulated using generic route encapsulation (GRE) tunnels. The GRE packet is protected by IPSec. The encapsulated prefixes are forwarded from the central VPN site to a customer headend router that is the other endpoint for GRE. The IPSec protected GRE packets provide secure connectivity across the IP backbone of the service provider network.
For more information about configuring IPSec over GRE tunnels, refer to the Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs) published at the following URL:
http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
GRE Tunnel Interfaces are Configured as OER Managed Exit Links
GRE tunnel interfaces on the border routers are configured as OER external interfaces on the master controller. At least two external tunnel interfaces must be configured on separate physical interfaces in an OER managed network. These interfaces can be configured on a single border router or multiple border routers. Internal interfaces are configured normally using a physical interface on the border router that is reachable by the master controller.
Prerequisites
• Cisco Express Forwarding (CEF) must be enabled on all participating routers.
• Routing protocol peering or static routing is configured in the OER managed network.
• Standard Cisco OER border router and master controller configuration is completed.
Restrictions
• Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported.
Border Router Configuration
The GRE tunnel and IPSec protection is configured on the border router. The following configuration steps show the configuration of single tunnel. At least two tunnels must be configured on the border router(s) in an OER managed network. The IPSec configuration must be applied at each tunnel end point (the central and remote site).
SUMMARY STEPS
1. enable
2. configure terminal
3. crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}
4. crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3] [transform4]
5. mode transport [require] | tunnel
6. exit
7. crypto map map-name seq-num [ipsec-manual]
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
78Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
8. set peer host-name | ip-address
9. set transform-set transform-set-name [transform-set-name2...transform-set-name6]
10. match address [access-list-id | name]
11. exit
12. crypto map map-name local-address interface-id
13. crypto ipsec profile name
14. set transform-set transform-set-name [transform-set-name2...transform-set-name6]
15. exit
16. crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name} [no-xauth]
17. crypto isakmp keepalive seconds [retries] [periodic | on-demand]
18. crypto isakmp policy priority
19. encryption {des | 3des | aes | aes 192 | aes 256}
20. authentication {rsa-sig | rsa-encr | pre-share}
21. exit
22. interface type number [name-tag]
23. ip address ip-address mask [secondary]
24. crypto map map-name [redundancy standby-name]
25. exit
26. interface type number [name-tag]
27. ip address ip-address mask [secondary]
28. bandwidth kbps | inherit [kbps]
29. tunnel source {ip-address | interface-type interface-number}
30. tunnel destination {host-name | ip-address}
31. tunnel protection ipsec profile name [shared]
32. exit
33. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name] [permanent] [tag tag]
34. access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]
35. end
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
79Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}
Example:Router(config)# crypto ipsec security-association lifetime kilobytes 530000000
Router(config)# crypto ipsec security-association lifetime second 14400
Sets global lifetime values used when negotiating IPSec security associations.
• The first example sets volume of traffic, in kilobytes, that can pass between IPSec peers for this security association.
• The second example sets the expiration timer, in seconds, for this security association.
Step 4 crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3] [transform4]
Example:Router(config)# crypto ipsec transform-set VPN_1 esp-des esp-3des esp-sha-hmac
Enters crypto transform configuration mode to create or modify a transform set—an acceptable combination of security protocols and algorithms.
• The example specifies 56-bit DES, 168-bit DES, or SHA for authentication.
Step 5 mode transport [require] | tunnel
Example:Router(cfg-crypto-trans)# mode transport
Sets the mode for the transform set.
• The example sets the mode to transport. The default mode is tunnel. Under tunnel mode, the entire packet is protected. Under transport mode, only the payload is protected. Encapsulation is performed by GRE.
Step 6 exit
Example:Router(cfg-crypto-trans)# exit
Exits crypto transform configuration mode, and enters global configuration mode.
Step 7 crypto map map-name seq-num [ipsec-manual]
Example:Router(config)# crypto map TUNNEL 10 ipsec-isakmp
Enters crypto map configuration mode to create or modify a crypto map.
• The example create a crypto map named TUNNEL, and configures IKE to establish the security association.
Step 8 set peer host-name | ip-address
Example:Router(config-crypto-map)# set peer 10.4.9.81
Specifies the IPSec peer in the crypto map entry.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
80Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 9 set transform-set transform-set-name [transform-set-name2...transform-set-name6]
Example:Router(config-crypto-map)# set transform-set VPN_1
Specifies which transform sets can be used with the crypto map entry.
• Specifies the transform set VPN_1 that was configured in Step 4.
Step 10 match address [access-list-id | name]
Example:Router(config-crypto-map)# match address 100
Specifies an extended access list to define IPSec peers for the crypto map entry.
• The access list is defined in Step 33.
Step 11 exit
Example:Router(config-crypto-map)# exit
Exits crypto map configuration mode, and enters global configuration mode.
Step 12 crypto map map-name local-address interface-id
Example:Router(config)# crypto map TUNNEL local-address FastEthernet 0/0
Attaches a defined crypto map to the specified interface.
• The example attaches the crypto map named TUNNEL to interface FastEthernet 0/0.
Step 13 crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name} [no-xauth]
Example:Router(config)# crypto isakmp key 0 CISCO address 10.4.9.81 no-xauth
Creates the preshared authentication key.
• The example configures encryption level 0, and configures the router to not prompt the IPSec peer for extended authentication. However, any encryption level or authentication level can be specified.
Step 14 crypto isakmp keepalive seconds [retries] [periodic | on-demand]
Example:Router(config)# crypto isakmp keepalive 10
Allows the gateway to send dead peer detection (DPD) messages to the peer.
Step 15 crypto isakmp policy priority
Example:Router(config)# crypto isakmp policy 1
Define an Internet Key Exchange (IKE) policy, and enters ISAKMP policy configuration mode.
Step 16 encryption {des | 3des | aes | aes 192 | aes 256}
Example:Router(config-isakmp)# encryption 3des
Specifies the encryption algorithm within the IKE policy.
• The example specifies 168-bit DES encryption.
Step 17 authentication {rsa-sig | rsa-encr | pre-share}
Example:Router(config-isakmp)# authentication pre-share
Specifies the authentication method within the IKE policy.
• The example specifies that a preshared key will be used.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
81Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 18 exit
Example:Router(config-isakmp)# exit
Exits ISAKMP policy configuration mode, and enters global configuration mode.
Step 19 crypto ipsec profile name
Example:Router(config)# crypto ipsec profile OER
Defines the IPSec parameters that are to be used for IPSec encryption between two IPSec routers, and enters IPsec profile configuration mode.
• The example creates a profile named OER.
Step 20 set transform-set transform-set-name [transform-set-name2...transform-set-name6]
Example:Router(ipsec-profile)# set transform-set VPN_1
Specifies which transform sets can be used with the crypto map entry.
• The example specifies transform set named VPN_1. VPN_1 was configured in Step 4.
Step 21 exit
Example:Router(ipsec-profile)# exit
Exits IPsec profile configuration mode, and enters global configuration mode.
Step 22 interface type number [name-tag]
Example:Router(config)# interface FastEthernet0/0
Configures an interface type, and enters interface configuration mode.
• The physical interface is defined in this step.
Step 23 ip address ip-address mask [secondary]
Example:Router(config-if) ip address 10.4.9.14 255.255.255.0
Sets a primary or secondary IP address for an interface.
Step 24 crypto map map-name [redundancy standby-name]
Example:Router(config-if)# crypto map TUNNEL
Applies the crypto map set to the interface.
• The example specifies the crypto map named TUNNEL that was defined in Step 7.
Step 25 exit
Example:Router(config-if)# exit
Exits interface configuration mode, and enters global configuration mode.
Step 26 interface type number [name-tag]
Example:Router(config)# interface Tunnel0
Configures an interface type, and enters interface configuration mode.
• The tunnel interface is defined in this step.
Step 27 ip address ip-address mask [secondary]
Example:Router(config-if) ip address 10.100.2.1 255.255.0.0
Sets a primary or secondary IP address for an interface.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
82Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 28 bandwidth kbps | inherit [kbps]
Example:Router(config-if)# bandwidth 500
Router(config-if)# bandwidth inherit
Sets and communicates the current bandwidth value for an interface to higher-level protocols.
Step 29 tunnel source {ip-address | interface-type interface-number}
Example:Router(config-if)# tunnel source 10.4.9.14
Sets the source address for a tunnel interface.
• The source interface in the example was defined in Step 22. The interface name or IP address can be specified.
Step 30 tunnel destination {host-name | ip-address}
Example:Router(config-if)# tunnel destination 10.4.9.81
Specifies the destination for a tunnel interface.
• The IP address of the physical interface where the remote tunnel end point is attached is configured in this step.
Step 31 tunnel protection ipsec profile name [shared]
Example:Router(config-if)# tunnel protection ipsec profile OER
Associates the tunnel interface with the IPSec profile.
• The IPSec profile named OER that is configured in the example was defined in Step 19.
Step 32 exit
Example:Router(config-if)# exit
Exits interface configuration mode, and enters global configuration mode.
Step 33 access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]
Example:Router(config)# access-list 100 permit gre host 10.4.9.14 host 10.4.9.81
Creates or configures an extended IP access list.
• An extended access list is defined to permit only the GRE hosts.
• The access list in this example is referenced in the match address statement in Step 10.
Step 34 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name] [permanent] [tag tag]
Example:Router(config)# ip route 10.2.2.2 255.255.255.255 Tunnel0
Establishes a static route.
• A default route is configured for the tunnel destination host or network.
Step 35 end
Example:Router(config)# end
Exits global configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
83Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example, starting in global configuration mode, configures an IPSec/GRE tunnel on a border router. This example shows the configuration of one tunnel. Two tunnels must be configured in the OER managed network to enable the VPN IPSec/GRE Tunnel Optimization feature.
crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address FastEthernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface FastEthernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit!ip route 10.100.2.2 255.255.255.255 Tunnel0 !access-list 100 permit gre host 10.4.9.14 host 10.4.9.81!end
What to Do Next
Tunnel interfaces must be configured as OER managed external interfaces to complete this configuration task. Proceed to the next step table.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
84Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Master Controller Configuration
The tunnel interfaces are configured as OER managed external interfaces on the master controller. A minimum of two tunnel interfaces must be configured to enable the VPN IPSec/GRE Tunnel Optimization feature.
SUMMARY STEPS
1. enable
2. configure terminal
3. oer master
4. border ip-address key-chain key-chain-name
5. interface type number external
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3 oer border | master
Example:Router(config)# oer master
Enters OER master controller configuration mode to configure a router as a master controller.
Step 4 border ip-address key-chain key-chain-name
Example:Router(config-oer-mc)# border 10.10.10.1 key-chain OER
Enters OER managed border router configuration mode to establish communication with a border router.
• An IP address is configured to identify the border router.
• A minimum of two border routers must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
85Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Examples
The following example completes the configuration in this task. Starting in global configuration mode on the master controller, the Tunnel0 and Tunnel1 interfaces on the border are configured as an OER managed external interfaces:
oer masterborder 10.10.10.1 key-chain OER interface Tunnel0 external interface Tunnel1 external
end
Verifying Cisco IOS OER Configuration This section describes the show commands that can be used to verify the configuration of Cisco IOS OER. All show command described in this section are entered in Privileged EXEC mode. The show oer master commands are entered on a master controller. The show oer border command are entered on a border router.
SUMMARY STEPS
1. enable
2. show oer border
3. show oer border active-probes
4. show oer border passive cache {learned | prefix}
5. show oer border passive prefixes
6. show oer border routes bgp | static
7. show oer master
Step 5 interface type number external
Example:Router(config-oer-mc-br)# interface Tunnel0 external
Configures a border router interface as an OER managed external interface.
• Serial and Ethernet interfaces are supported. External interfaces are used to forward traffic and for active monitoring.
• A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 interfaces can be controlled by single master controller.
• The example configures a GRE tunnel interface as an OER managed external interface.
Step 6 end
Example:Router(config-oer-mc-br)# end
Exits OER managed border router configuration mode, and enters privileged EXEC mode.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
86Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
8. show oer master active-probes
9. show oer master border [ip-address] [detail]
10. show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}
11. show oer master policy [sequence-number] [policy-name] | [default]
12. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 show oer border
Example:Router# show oer border
Displays information about a border router connection and OER controlled interfaces.
• The output displays information about the border router and master controller connection status and border router interfaces.
Step 3 show oer border active-probes
Example:Router# show oer border active-probes
Displays connection status and information about active probes on a border router.
• This command displays target active-probe assignment for a given prefix and the current probing status including the border router or border routers that are executing the active probes.
Step 4 show oer border passive cache {learned | prefix}
Displays passive measurement information collected by NetFlow for monitored prefixes and traffic flows.
• This command displays real-time prefix information collected from the border router through NetFlow passive monitoring.
• Entering the learned keyword displays learned prefixes. A maximum of 5 host addresses and 5 ports are collected for each prefix. The output will also show the throughput in bytes and the delay in milliseconds.
Step 5
Example:Router# show oer border passive cache learned
• Entering the prefix keyword displays the metrics captured for monitored prefixes. This information includes the number of packets and bytes per packet, the delay, the number of delay samples, the amount of packet loss, the number of unreachable flows, and the interfaces through which traffic flows travel.
Step 6 show oer border passive prefixes
Example:Router# show oer border passive prefixes
Displays information about passive monitored prefixes.
• The output of this command displays prefixes monitored by NetFlow on the border router. The prefixes displayed in the output are sent from the master controller.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
87Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 7 show oer border routes bgp | static
Example:Router# show oer border routes bgp
Displays information about OER controlled routes.
• This command is used to display information about OER controlled routes on a border router. You can display information about BGP routes or static routes.
Step 8 show oer master
Example:Router# show oer master
Displays information about the master controller.
• The output of this command displays information about the status of the master controller, border routers and OER controlled interfaces as well as default and user-defined policy settings.
Step 9 show oer master active-probes
Example:Router# show oer master active-probes
Displays connection and status information about active probes on a master controller.
• This command is used to display the current state of active probing. The output displays the probe type, status, and destination.
Step 10 show oer master border [ip-address] [detail]
Example:Router# show oer master border
Displays the status of connected border routers.
• The output of this command shows the status of all border router connections or a single border router connection.
Step 11 show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}
Example:Router# show oer master cost-minimization border 10.1.1.1 Ethernet 0/0
Displays information about cost policies.
• The output can be filtered to display information about a specific border router or interface, to display billing information, or to display information about the specified service provider.
Step 12 show oer master policy [sequence-number] [policy-name] | [default]
Example:Router# show oer master policy
Displays user-defined and default policy settings on a master controller.
• The output of this command displays global policy and policies configured with an oer-map.
Step 13 show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]
Example:Router# show oer master prefix
Displays the status of monitored prefixes.
Step 14 show oer master prefix-list list-name [detail]
Example:Router# show oer master prefix-list list-name
Displays the status of prefixes imported using a prefix list.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
88Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Using Cisco IOS OER Clear CommandsThis section describes the clear commands that can be used to clear Cisco IOS OER sessions and counters. All clear command described in this section are entered in Privileged EXEC mode. The clear oer master commands are enter on a master controller. The clear oer border command are entered on a border router.
SUMMARY STEPS
1. enable
2. clear oer border *
3. clear oer master *
4. clear oer master border * | ip-address
5. clear oer master prefix * | prefix | learned
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 clear oer border *
Example:Router# clear oer border *
Resets a connection between a border router and the master controller.
• The border router and master controller will automatically reestablish communication after this command is entered.
Step 3 clear oer master * Resets a master controller process and all active border router connections.
Example:Router# clear master *
• The master controller will restart all default and user-defined processes and reestablish communication with active border routers after this command is entered.
Step 4 clear oer master border * | ip-address
Example:Router# clear oer master border *
Resets an active border router connection or all connections with a master controller.
Step 5 clear oer master prefix * | prefix | learned
Example:Router# clear oer master prefix *
Clears OER controlled prefixes from the master controller database.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
89Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Using Cisco IOS OER Debug CommandsThis section describes the debug commands that can be used to trouble shoot Cisco IOS OER sessions and operations. All debug commands described in this section are entered in Privileged EXEC mode. The debug oer master commands are enter on a master controller. The debug oer border command are entered on a border router.
Caution Debug commands can generate a substantial amount of output and use significant system resources. Debug commands should be used only as necessary for troubleshooting and should be used with caution in production networks.
SUMMARY STEPS
1. enable
2. debug oer border
3. debug oer border active-probe
4. debug oer cc [detail]
5. debug oer master border ip-address
6. debug oer master collector [active-probes [detail [trace]]] | [netflow]
7. debug oer master exit [detail]
8. debug oer master learn
9. debug oer master prefix [prefix] [detail]
10. debug oer master prefix-list list-name [detail]
11. debug oer master process
DETAILED STEPS
Command or Action Purpose
Step 1 enable
Example:Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2 debug oer border
Example:Router# debug oer border
Displays general border router debugging information.
• This command is used to display debugging information about the OER border process, controlled routes and monitored prefixes.
Step 3 debug oer border active-probe
Example:Router# debug oer border active-probe
Displays debugging information for active probes configured on the local border router.
Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing
90Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Step 4 debug oer cc [detail]
Example:Router# debug oer cc
Displays OER communication control debugging information for master controller and border router communication.
• This command is used to display messages exchanged between the master controller and the border router. These messages include control commands, configuration commands, and monitoring information.
Step 5 debug oer master border ip-address
Example:Router# debug oer master border
Displays debugging information for border router events on a master controller.
• The output displays information related to the events or updates from one or more border routers.
Step 6 debug oer master collector [active-probes [detail [trace]]] | [netflow]
Example:Router# debug oer master collector
Displays data collection debugging information for monitored prefixes.
Step 7 debug oer master exit [detail]
Example:Router# debug oer master exit
Displays debugging event information for OER managed exit links.
Step 8 debug oer master learn
Example:Router# debug oer master learn
Displays debugging information for master controller learning events.
Step 9 debug oer master prefix [prefix] [detail]
Example:Router# debug oer master prefix
Displays debugging events related to prefix processing on an OER master controller.
Step 10 debug oer master prefix-list list-name [detail]
Example:Router# debug oer master prefix-list
Displays debug events related to prefix-list processing on an OER master controller
Step 11 debug oer master process
Example:Router# debug oer master process
Displays debugging information about the OER master controller process.
Command or Action Purpose
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
91Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Configuration Examples for Cisco IOS Optimized Edge RoutingThis section provides the following sample configuration provide example deployment configurations for Cisco IOS OER:
• Master Controller and Two Border Routers Deployment: Example, page 91
• Master Controller and Border Router Deployed on a Single Router: Example, page 94
• Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example, page 96
Master Controller and Two Border Routers Deployment: ExampleFigure 7 shows an OER managed network with two border router processes and a master controller process deployed separately on Cisco routers.
Figure 7 Master Controller Deployed with Two Border Routers
The master controller performs no routing functions. BGP is deployed on the border routers and internal peers in the OER managed network. Each border router has an eBGP peering session with a different ISP. The eBGP peers (ISP border routers) are reachable through connected routes. Injected prefixes are advertised the internal network through standard iBGP peering.
OER MC Configuration
The following example, starting in Global configuration mode, shows the master controller configuration. Both active and passive monitoring is configured. Route control mode is enabled. The master controller is configured to analyze and move out of policy prefixes to first in-policy exit when the periodic timer expires. Automatic prefix learning is enabled. The master controller is configured to learn prefixes with the highest outbound throughput, the monitoring period is set to10 minutes, the number of prefixes learned during each monitoring period is set to 500, and the interval between monitoring periods is set to 20 minutes. The master controller is configured to aggregate BGP prefixes.
Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config)# oer master Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external
1272
64
Enterprisenetwork
BR1ISP1 AS2
192.168.1.1
ISP2 AS3192.168.2.2
ISP1 AS2192.168.1.1
ISP2 AS3192.168.2.2
BR2
iBGP InternetOER MCOER MC
AS1
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
92Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 1/1 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# mode select-exit good Router(config-oer-mc)# learn Router(config-oer-mc-learn)# throughput Router(config-oer-mc-learn)# monitor-period 10 Router(config-oer-mc-learn)# periodic-interval 20 Router(config-oer-mc-learn)# prefixes 500Router(config-oer-mc-learn)# aggregation-type bgpRouter(config-oer-mc-learn)# end
BR 1 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR1. EBGP peering is established with ISP 1 (192.168.1.1 AS2). Standard community exchange and iBGP peering is established with BR2 (10.200.2.2) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.1.1 remote-as 2Router(config-router)# neighbor 10.200.2.2 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.1.1 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standard Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end
BR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration for BR2. EBGP peering is established with ISP 2 (192.168.2.2 AS1). Standard community exchange and iBGP peering is established with BR2 (10.100.1.1) and internal peers (in the 10.150.1.0/24 network).
Router(config)# key chain OER
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
93Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.2.2 remote-as 3 Router(config-router)# neighbor 10.100.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standard Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end
Internal Peer Configuration
The following example, starting in Global configuration mode, shows the internal peer configuration. Standard full-mesh iBGP peering is established with the BR1 and BR2 and internal peers in autonomous system 1.
Router(config)# router bgp 1 Router(config-router)# neighbor 10.100.1.1 remote-as 1 Router(config-router)# neighbor 10.200.2.2 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 10.100.1.1 activate Router(config-router-af)# neighbor 10.100.1.1 send-community standard Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
94Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Master Controller and Border Router Deployed on a Single Router: ExampleFigure 8 shows an OER managed network with two border routers. BR1 is configured to run a master controller and border router process.
Figure 8 Master Controller and Border Process Deployed on a Single Router
BR2 is configured as a border router. The internal network is running OSPF. Each border router peers with a different ISP. A static routes to the egress interface is configured on each border router. The static routes are then redistributed into OSPF. Injected prefixes are advertised through static route redistribution.
BR 1 Configuration: Master/Border with Load Distribution
The following example, starting in Global configuration mode, shows the configuration of BR 1. This router is configured to run both a master controller and a border router process. BR 1 peers with ISP1. A traffic load distribution policy is configured under the master controller process that is applied to all exit links in the OER managed network.
Router(config)# key chain OER Router(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 10.100.1.1 key-chain OER Router(config-oer-br)# local Loopback 0 Router(config-oer-br)# exit Router(config)# oer master Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Serial 0/0 external Router(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Ethernet 1/1 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit
127265
Enterprisenetwork
MC/BR 1
BR2
BGP Internet
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
95Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Serial 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Ethernet 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# max-range-utilization percent 80 Router(config-oer-mc)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 0/0 Router(config)# !Router(config)# route-map STATICRouter(config-route-map)# match tag 5000Router(config-route-map)# set metric -10Router(config-route-map)# exitRouter(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.0.0.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end
BR 2 Configuration
The following example, starting in Global configuration mode, shows the configuration of BR 2. This router is configured to run only a border router process.
Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer borderRouter(config-oer-border)# master 10.100.1.1 key-chain OER Router(config-oer-border)# local Ethernet3/3 Router(config-oer-border)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 2/2 Router(config)# !Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.255.255.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end
Internal Peer Configuration
The following example, starting in Global configuration mode, configures an OSPF routing process to establish peering with the border routers and internal peers. No redistribution is configured on the internal peers.
Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.255.255.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
96Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example Figure 9 shows a central VPN site and two remote VPN sites. VPN Peering is established through the service provider clouds. An OER managed network is configured at each site where Cisco IOS OER configuration is applied independently. Each site has separate master controller and border router process, and each site maintains a separate master controller database.
Figure 9
Two GRE tunnels are configured between each remote site and the central site. VPN prefixes are encapsulated in GRE tunnels. The GRE tunnels are protected by IPSec encryption. The examples in this section show the configuration for the central VPN site, VPN A, and VPN B.
Central VPN Configuration: OER Master
The central VPN site peers with VPN A and VPN B. A separate policy is defined for each site using an OER map. For VPN A prefixes, a delay policy of 80 ms is configured and out-of-policy prefixes are moved to the first in-policy exit. For VPN B prefixes, a delay policy of 40ms and a relative loss policy is configured, and out-of-policy prefixes are moved to the best available exit.
key chain OER key 1key-string CISCO
!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal
!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal
BR1SLA A
SLA B
eBGP
SLA C
BR2BR2
126266
SP A SP B
SP F
VPN A
VPN B
VPNBranches
TransitService Providers
Enterprise/VPNHead-end
OER MasterOptions
Server(s)
Server(s)
Server(s)
SP C SP D SP E
CR2
OERmasterOER
master
iBGP and/orEIGRP, OSPF, etc.
BR3BR3
F-VR2
F-VR1 Smallsize
MC/BR
BR1
BR2
CLRmaster
CLRmaster
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
97Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
!mode route control mode monitor both exit
!ip prefix VPN A permit <ip address> oer-map VPNA match ip address prefix-list VPNBset delay 800 set mode select-exit goodexit
!ip prefix VPNB permit <ip address> oer-map VPNB match ip address prefix-list VPNCset delay 400 set loss relative 100 set resolve loss priority 1 variance 10 set mode select-exit bestend
Central VPN Configuration: BR1
The following example, starting in Global configuration mode, shows the configuration for BR 1:
key chain OER key 1 key-string CISCO!oer border local serial 0/1 master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0 !route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit
!router eigrp 1 network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATICexit
!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
98Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit
Central VPN Configuration: BR 2
The following example, starting in Global configuration mode, shows the configuration of BR 2:
key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit
!router eigrp 1 network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATIC
!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
99Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OERend
Central VPN Configuration: Internal Peers
An EIGRP routing process created to establish peering with the border routers and internal peers.
router eigrp 1 network 10.50.1.0 0.0.0.255 redistribute static route-map REDISTRIBUTE_STATIC end
!VPN A Configuration: MC/BR
The following configuration example, starting in global configuration mode, shows the configuration of VPN A. VPN A is a remote site that is configured for a small office home office (SOHO) client. A single router is deployed. This router peers with service provider B and service provider E. No IGP is deployed at this network, only a static route is configured to the remote tunnel endpoint at the central site. A delay policy, a loss policy, and optimal exit link selection is configured so that traffic is always routed through the ISP with the lowest delay time and lowest packet loss. A resolve policy is configured to configure loss to have the highest priority. Physical interface and internal host peering configuration is not shown in this example.
key chain BR1 key 1 key-string CISCO!
Note The local border router process is enabled. Because the border router and master controller process is enabled on the same router, a loopback interface (192.168.0.1) is configured as the local interface.
oer border local Loopback0 master 192.168.0.1 key-chain BR1!oer masterlearndelaymode route control delay threshold 100loss relative 200periodic 300
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
100Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
mode select-exit good resolve loss priority 1 variance 20resolve delay priority 2 variance 10! border 192.168.0.1 key-chain BR1 interface Serial0/0 internal interface Tunnel0 external interface Tunnel0 externalexit
!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!
interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit!
Note A single tunnel configuration is show in this example. Two tunnels are required to configure VPN optimization.
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
101Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
VPN B Configuration: OER Master
The following example, starting in Global configuration mode, shows the master controller configuration in VPN B. Load distribution and route control mode is enabled. Out-of-policy prefixes are configured to be moved to first in-policy exit.
key chain OER key 1key-string CISCO
!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal
!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal
!mode route control mode select-exit good max-range utilization !learndelayend
VPN B Configuration: BR 1
The following example, starting in Global configuration mode, shows the configuration for BR 1:
key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit
!router ripnetwork 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATICend
!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER
Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing
102Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end
VPN B Configuration: BR 2
The following example, starting in Global configuration mode, shows the configuration for BR 2:
key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OERexit
!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit
!router ripnetwork 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATICexit
!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1
Cisco IOS Optimized Edge Routing ConfigurationAdditional References
103Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end
VPN B Configuration: Internal Peers
A RIP routing process created to establish peering with the border routers and internal peers.
router rip network 10.60.1.0 end
Additional ReferencesThe following sections provide references related to Cisco IOS Optimized Edge Routing:
Related Documents
Related Topic Document Title
IP SLAs • Cisco IOS IP SLAs Configuration Guide, Release 12.4
Key Chain Authentication: Information about authentication key configuration and management in Cisco IOS Software
• Managing Authentication Keys” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4
NetFlow • Cisco IOS NetFlow Configuration Guide, Release 12.4
Routing Protocol Commands • Cisco IOS IP Routing Command Reference, Release 12.4
Routing Protocol Configuration Tasks • Cisco IOS IP Routing Configuration Guide, Release 12.4
System Logging • Cisco IOS Network Management Configuration Guide, Release 12.4
Cisco IOS Optimized Edge Routing ConfigurationAdditional References
104Cisco IOS Optimized Edge Routing Configuration Guide
78-17876-01
Standards
MIBs
RFCs
Technical Assistance
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs Title
No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.
—
Description Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
http://www.cisco.com/public/support/tac/home.shtml