cisco ios optimized edge routing configuration guide, release 12.4

134
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Cisco IOS Optimized Edge Routing Configuration Guide Release 12.4 Customer Order Number: DOC-7817876= Text Part Number: 78-17876-01

Upload: karimjiwani

Post on 26-Mar-2015

136 views

Category:

Documents


5 download

TRANSCRIPT

Page 1: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 526-4100

Cisco IOS Optimized Edge Routing Configuration GuideRelease 12.4

Customer Order Number: DOC-7817876=Text Part Number: 78-17876-01

Page 2: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco IOS Optimized Edge Routing Configuration Guide© 2005–2006 Cisco Systems, Inc. All rights reserved.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)

Page 3: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

iiiCisco IOS Optimized Edge Routing Configuration Guide

C O N T E N T S

About Cisco IOS Software Documentation for Release 12.4 ix

Documentation Objectives ix

Audience ix

Documentation Organization for Cisco IOS Release 12.4 x

Document Conventions xvi

Obtaining Documentation xvii

Cisco.com xvii

Product Documentation DVD xviii

Ordering Documentation xviii

Documentation Feedback xviii

Cisco Product Security Overview xix

Reporting Security Problems in Cisco Products xix

Obtaining Technical Assistance xx

Cisco Technical Support & Documentation Website xx

Submitting a Service Request xx

Definitions of Service Request Severity xxi

Obtaining Additional Publications and Information xxi

Using Cisco IOS Software for Release 12.4 xxiii

Understanding Command Modes xxiii

Getting Help xxiv

Example: How to Find Command Options xxv

Using the no and default Forms of Commands xxviii

Saving Configuration Changes xxviii

Filtering Output from the show and more Commands xxix

Finding Additional Feature Support Information xxix

Cisco IOS Optimized Edge Routing Configuration 1

Contents 2

Prerequisites for Cisco IOS Optimized Edge Routing 2

Restrictions for Cisco IOS Optimized Edge Routing 2

Information About Cisco IOS Optimized Edge Routing 3

Cisco IOS Optimized Edge Routing Overview 4

Cisco IOS OER: A Typical Deployment 4

Page 4: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Contents

ivCisco IOS Optimized Edge Routing Configuration Guide

Cisco IOS OER: Optimizes for Performance 5

Cisco IOS OER Network Components 6

Cisco IOS OER Network Components: Master Controller 6

Cisco IOS OER Network Components: Border Router 6

Cisco IOS OER Network Components: Interfaces 6

Cisco IOS OER Managed Network 8

Cisco IOS OER Managed Network: Central Policy Database 9

Cisco IOS OER Managed Network: Policy Enforcement Point 9

Cisco IOS OER Prefix Learning 9

Cisco IOS OER Prefix Learning: Automatic Prefix Learning 9

Cisco IOS OER Prefix Learning: Manually Selecting Prefixes 10

Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning 10

Cisco IOS OER Prefix Learning: Prefix Transition States 10

Cisco IOS OER Monitoring 11

Cisco IOS OER Monitoring: Passive Monitoring 11

Cisco IOS OER Monitoring: Active Monitoring 12

Cisco IOS OER Monitoring: Combined Monitoring 13

Cisco IOS OER Monitoring: Traceroute Reporting 13

Cisco IOS OER Modes of Operation 13

Cisco IOS OER Modes of Operation: Observe Mode 13

Cisco IOS OER Modes of Operation: Control Mode 14

Cisco IOS OER Routing Control 14

Cisco IOS OER Routing: Border Router Peering with the Internal Network 15

Cisco IOS OER Routing: BGP Peering 15

Cisco IOS OER Routing: BGP Redistribution into an IGP 15

Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute 16

Cisco IOS OER Routing: Static Routing and Static Route Redistribution 16

Cisco IOS OER Routing: Injecting Split Prefixes 16

Cisco IOS OER Policy Configuration 16

Cisco IOS OER Policy Configuration: Prefix Policies 16

Cisco IOS OER Policy Configuration: Exit Link Policies 17

Cisco IOS OER Policy Configuration: Cost-Based Optimization 17

Cisco IOS OER Policy Configuration: Optimal Exit Link Selection 19

Cisco IOS OER Policy Configuration: Load Distribution 19

Cisco IOS OER Policy Configuration: Global Policies 19

Cisco IOS OER Policy Configuration: Applying Policies with an OER Map 19

Cisco IOS OER Policy Configuration: Resolving Policies 20

VPN IPSec/GRE Tunnel Interface Optimization 21

Cisco IOS OER Logging and Reporting 21

Cisco IOS OER Deployment Configurations 22

Page 5: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Contents

vCisco IOS Optimized Edge Routing Configuration Guide

How to Configure Cisco IOS Optimized Edge Routing 23

Minimum Master Controller Configuration 24

Master Controller 24

Disabling a Master Controller Process 24

Manual Port Configuration 24

Prerequisites 24

Restrictions 25

Examples 29

What to Do Next 29

Minimum Border Router Configuration 29

Border Router 29

Interface Configuration 30

Disabling a Border Router Process 30

Prerequisites 30

Restrictions 30

Examples 32

What to Do Next 33

Configuring Prefix Learning 33

Defaults 33

What to Do Next 36

Manually Selecting Prefixes for Monitoring 36

Manually Excluding Prefixes 36

OER Map Operation 37

Examples 38

What to Do Next 38

Configuring Active Probing 38

Active Probing over eBGP Peerings 39

ICMP Echo Probes 39

Defaults 39

Examples 40

What to Do Next 41

Configuring the Source Address of an Active Probe 41

Defaults 41

Example 42

What to Do Next 42

Configuring Traceroute Reporting 42

Defaults 43

Example 45

What to Do Next 45

Configuring Prefix and Exit Link Policies 45

Page 6: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Contents

viCisco IOS Optimized Edge Routing Configuration Guide

Prefix Policies 45

Exit Link Policies 46

Adjusting Cisco IOS OER Timers 46

Examples 49

What to Do Next 49

Configuring Cost-Based Optimization 50

Examples 52

What to Do Next 52

Configuring Resolve Policies 52

Setting Variance for Resolve Policies 52

Examples 54

What to Do Next 54

Configuring Cisco IOS OER Modes of Operation 54

Observe Mode 54

Control Mode 54

Optimal Exit Link Selection 55

Examples 56

What to Do Next 56

Configuring OER Policies with an OER Map 56

OER Map Operation 56

IP Prefix Lists 57

Adjusting OER Timers 57

Examples 62

What to do Next 63

Configuring Policy Rules for OER Maps 63

Prerequisites 63

Examples 64

What to Do Next 64

Configuring iBGP Peering on the Border Routers 64

Prerequisites 65

Examples 66

What to Do Next 66

Configuring BGP Redistribution into an IGP on the Border Routers 67

Prerequisites 67

Restrictions 67

Examples 69

What to Do Next 70

Configuring Static Route Redistribution on the Border Routers 70

Prerequisites 71

Restrictions 71

Page 7: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Contents

viiCisco IOS Optimized Edge Routing Configuration Guide

Examples 73

What to Do Next 73

Configuring Static Route Redistribution into EIGRP 73

Prerequisites 73

Restrictions 74

Examples 76

Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels 76

Routing Prefixes that are Protected with IPSec over GRE Tunnels 77

GRE Tunnel Interfaces are Configured as OER Managed Exit Links 77

Prerequisites 77

Restrictions 77

Border Router Configuration 77

Examples 83

What to Do Next 83

Master Controller Configuration 84

Examples 85

Verifying Cisco IOS OER Configuration 85

Using Cisco IOS OER Clear Commands 88

Using Cisco IOS OER Debug Commands 89

Configuration Examples for Cisco IOS Optimized Edge Routing 91

Master Controller and Two Border Routers Deployment: Example 91

OER MC Configuration 91

BR 1 Configuration 92

BR 2 Configuration 92

Internal Peer Configuration 93

Master Controller and Border Router Deployed on a Single Router: Example 94

BR 1 Configuration: Master/Border with Load Distribution 94

BR 2 Configuration 95

Internal Peer Configuration 95

Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example 96

Central VPN Configuration: OER Master 96

Central VPN Configuration: BR1 97

Central VPN Configuration: BR 2 98

Central VPN Configuration: Internal Peers 99

!VPN A Configuration: MC/BR 99

VPN B Configuration: OER Master 101

VPN B Configuration: BR 1 101

VPN B Configuration: BR 2 102

VPN B Configuration: Internal Peers 103

Additional References 103

Page 8: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Contents

viiiCisco IOS Optimized Edge Routing Configuration Guide

Related Documents 103

Standards 104

MIBs 104

RFCs 104

Technical Assistance 104

Page 9: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

ixCisco IOS Optimized Edge Routing Configuration Guide

About Cisco IOS Software Documentation for Release 12.4

This chapter describes the objectives, audience, organization, and conventions of Cisco IOS software documentation. It also provides sources for obtaining documentation, technical assistance, and additional publications and information from Cisco Systems. It contains the following sections:

• Documentation Objectives, page ix

• Audience, page ix

• Documentation Organization for Cisco IOS Release 12.4, page x

• Document Conventions, page xvi

• Obtaining Documentation, page xvii

• Documentation Feedback, page xviii

• Cisco Product Security Overview, page xix

• Obtaining Technical Assistance, page xx

• Obtaining Additional Publications and Information, page xxi

Documentation ObjectivesCisco IOS software documentation describes the tasks and commands available to configure and maintain Cisco networking devices.

AudienceThe Cisco IOS software documentation set is intended primarily for users who configure and maintain Cisco networking devices (such as routers and switches) but who may not be familiar with the configuration and maintenance tasks, the relationship among tasks, or the Cisco IOS software commands necessary to perform particular tasks. The Cisco IOS software documentation set is also intended for those users experienced with Cisco IOS software who need to know about new features, new configuration options, and new software characteristics in the current Cisco IOS software release.

Page 10: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xCisco IOS Optimized Edge Routing Configuration Guide

Documentation Organization for Cisco IOS Release 12.4The Cisco IOS Release 12.4 documentation set consists of the configuration guide and command reference pairs listed in Table 1 and the supporting documents listed in Table 2. The configuration guides and command references are organized by technology. For the configuration guides:

• Some technology documentation, such as that for DHCP, contains features introduced in Releases 12.2T and 12.3T and, in some cases, Release 12.2S. To assist you in finding a particular feature, a roadmap document is provided.

• Other technology documentation, such as that for OSPF, consists of a chapter and accompanying Release 12.2T and 12.3T feature documents.

Note In some cases, information contained in Release 12.2T and 12.3T feature documents augments or supersedes content in the accompanying documentation. Therefore it is important to review all feature documents for a particular technology.

Table 1 lists the Cisco IOS Release 12.4 configuration guides and command references.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References

Configuration Guide and Command Reference Titles

Description

IP

Cisco IOS IP Addressing Services Configuration Guide, Release 12.4

Cisco IOS IP Addressing Services Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP addressing and services, including Network Address Translation (NAT), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP). The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS IP Application Services Configuration Guide, Release 12.4

Cisco IOS IP Application ServicesCommand Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP application services, including IP access lists, Web Cache Communication Protocol (WCCP), Gateway Load Balancing Protocol (GLBP), Server Load Balancing (SLB), Hot Standby Router Protocol (HSRP), and Virtual Router Redundancy Protocol (VRRP). The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS IP Mobility Configuration Guide, Release 12.4

Cisco IOS IP Mobility Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Mobile IP and Cisco Mobile Networks. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS IP MulticastConfiguration Guide, Release 12.4

Cisco IOS IP Multicast Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP multicast, including Protocol Independent Multicast (PIM), Internet Group Management Protocol (IGMP), Distance Vector Multicast Routing Protocol (DVMRP), and Multicast Source Discovery Protocol (MSDP). The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4

Cisco IOS IP Routing Protocols Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP routing protocols, including Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), and Open Shortest Path First (OSPF). The command reference provides detailed information about the commands used in the configuration guide.

Page 11: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xiCisco IOS Optimized Edge Routing Configuration Guide

Cisco IOS IP Switching Configuration Guide, Release 12.4

Cisco IOS IP Switching Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP switching features, including Cisco Express Forwarding, fast switching, and Multicast Distributed Switching (MDS). The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS IPv6 Configuration Guide, Release 12.4

Cisco IOS IPv6 Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring IP version 6 (IPv6), including IPv6 broadband access, IPv6 data-link layer, IPv6 multicast routing, IPv6 quality of service (QoS), IPv6 routing, IPv6 services and management, and IPv6 tunnel services. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Optimized Edge Routing (OER) features, including OER prefix learning, OER prefix monitoring, OER operational modes, and OER policy configuration. The command reference provides detailed information about the commands used in the configuration guide.

Security and VPN

Cisco IOS Security Configuration Guide, Release 12.4

Cisco IOS Security Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring various aspects of security, including terminal access security, network access security, accounting, traffic filters, router access, and network data encryption with router authentication. The command reference provides detailed information about the commands used in the configuration guide.

QoS

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4

Cisco IOS Quality of Service Solutions Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring quality of service (QoS) features, including traffic classification and marking, traffic policing and shaping, congestion management, congestion avoidance, and signaling. The command reference provides detailed information about the commands used in the configuration guide.

LAN Switching

Cisco IOS LAN Switching Configuration Guide, Release 12.4

Cisco IOS LAN Switching Command Reference, Release 12.4

The configuration guide is a task-oriented guide to local-area network (LAN) switching features, including configuring routing between virtual LANs (VLANs) using Inter-Switch Link (ISL) encapsulation, IEEE 802.10 encapsulation, and IEEE 802.1Q encapsulation. The command reference provides detailed information about the commands used in the configuration guide.

Multiprotocol Label Switching (MPLS)

Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4

Cisco IOS Multiprotocol Label Switching Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Multiprotocol Label Switching (MPLS), including MPLS Label Distribution Protocol, MPLS traffic engineering, and MPLS Virtual Private Networks (VPNs). The command reference provides detailed information about the commands used in the configuration guide.

Network Management

Cisco IOS IP SLAs Configuration Guide, Release 12.4

Cisco IOS IP SLAs Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring the Cisco IOS IP Service Level Assurances (IP SLAs) feature. The command reference provides detailed information about the commands used in the configuration guide.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)

Configuration Guide and Command Reference Titles

Description

Page 12: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xiiCisco IOS Optimized Edge Routing Configuration Guide

Cisco IOS NetFlow Configuration Guide, Release 12.4

Cisco IOS NetFlow Command Reference, Release 12.4

The configuration guide is a task-oriented guide to NetFlow features, including configuring NetFlow to analyze network traffic data, configuring NetFlow aggregation caches and export features, and configuring Simple Network Management Protocol (SNMP) and NetFlow MIB features. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Network Management Configuration Guide, Release 12.4

Cisco IOS Network Management Command Reference, Release 12.4

The configuration guide is a task-oriented guide to network management features, including performing basic system management, performing troubleshooting and fault management, configuring Cisco Discovery Protocol, configuring Cisco Networking Services (CNS), configuring DistributedDirector, and configuring Simple Network Management Protocol (SNMP). The command reference provides detailed information about the commands used in the configuration guide.

Voice

Cisco IOS Voice Configuration Library, Release 12.4

Cisco IOS Voice Command Reference, Release 12.4

The configuration library is a task-oriented collection of configuration guides, application guides, a troubleshooting guide, feature documents, a library preface, a voice glossary, and more. It also covers Cisco IOS support for voice call control protocols, interoperability, physical and virtual interface management, and troubleshooting. In addition, the library includes documentation for IP telephony applications. The command reference provides detailed information about the commands used in the configuration library.

Wireless/Mobility

Cisco IOS Mobile Wireless Gateway GPRS Support Node Configuration Guide, Release 12.4

Cisco IOS Mobile Wireless Gateway GPRS Support Node Command Reference, Release 12.4

The configuration guide is a task-oriented guide to understanding and configuring a Cisco IOS Gateway GPRS Support Node (GGSN) in a 2.5G General Packet Radio Service (GPRS) and 3G Universal Mobile Telecommunication System (UMTS) network. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Mobile Wireless Home Agent Configuration Guide, Release 12.4

Cisco IOS Mobile Wireless Home Agent Command Reference, Release 12.4

The configuration guide is a task-oriented guide to understanding and configuring the Cisco Mobile Wireless Home Agent, which is an anchor point for mobile terminals for which Mobile IP or Proxy Mobile IP services are provided. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Mobile Wireless Packet Data Serving Node Configuration Guide, Release 12.4

Cisco IOS Mobile Wireless Packet Data Serving Node Command Reference, Release 12.4

The configuration guide is a task-oriented guide to understanding and configuring the Cisco Packet Data Serving Node (PDSN), a wireless gateway between the mobile infrastructure and standard IP networks that enables packet data services in a Code Division Multiple Access (CDMA) environment. The command reference provides detailed information about the commands used in the configuration guide.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)

Configuration Guide and Command Reference Titles

Description

Page 13: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xiiiCisco IOS Optimized Edge Routing Configuration Guide

Cisco IOS Mobile Wireless Radio Access Networking Configuration Guide, Release 12.4

Cisco IOS Mobile Wireless Radio Access Networking Command Reference, Release 12.4

The configuration guide is a task-oriented guide to understanding and configuring Cisco IOS Radio Access Network products. The command reference provides detailed information about the commands used in the configuration guide.

Long Reach Ethernet (LRE) and Digital Subscriber Line (xDSL)

Cisco IOS Broadband and DSL Configuration Guide, Release 12.4

Cisco IOS Broadband and DSL Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring broadband access aggregation and digital subscriber line features. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Service Selection GatewayConfiguration Guide, Release 12.4

Cisco IOS Service Selection Gateway Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Service Selection Gateway (SSG) features, including subscriber authentication, service access, and accounting. The command reference provides detailed information about the commands used in the configuration guide.

Dial—Access

Cisco IOS Dial Technologies Configuration Guide, Release 12.4

Cisco IOS Dial Technologies Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring lines, modems, and ISDN services. This guide also contains information about configuring dialup solutions, including solutions for remote sites dialing in to a central office, Internet service providers (ISPs), ISP customers at home offices, enterprise WAN system administrators implementing dial-on-demand routing, and other corporate environments. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS VPDN Configuration Guide, Release 12.4

Cisco IOS VPDN Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Virtual Private Dialup Networks (VPDNs), including information about Layer 2 tunneling protocols, client-initiated VPDN tunneling, NAS-initiated VPDN tunneling, and multihop VPDN. The command reference provides detailed information about the commands used in the configuration guide.

Asynchronous Transfer Mode (ATM)

Cisco IOS Asynchronous Transfer Mode Configuration Guide, Release 12.4

Cisco IOS Asynchronous Transfer Mode Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring Asynchronous Transfer Mode (ATM), including WAN ATM, LAN ATM, and multiprotocol over ATM (MPOA). The command reference provides detailed information about the commands used in the configuration guide.

WAN

Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4

Cisco IOS Wide-Area Networking Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring wide-area network (WAN) features, including Layer 2 Tunneling Protocol Version 3 (L2TPv3); Frame Relay; Link Access Procedure, Balanced (LAPB); and X.25. The command reference provides detailed information about the commands used in the configuration guide.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)

Configuration Guide and Command Reference Titles

Description

Page 14: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xivCisco IOS Optimized Edge Routing Configuration Guide

System Management

Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4

Cisco IOS Configuration Fundamentals Command Reference, Release 12.4

The configuration guide is a task-oriented guide to using Cisco IOS software to configure and maintain Cisco routers and access servers, including information about using the Cisco IOS command-line interface (CLI), loading and maintaining system images, using the Cisco IOS file system, using the Cisco IOS Web browser user interface (UI), and configuring basic file transfer services. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Interface and Hardware Component Configuration Guide, Release 12.4

Cisco IOS Interface and Hardware Component Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring and managing interfaces and hardware components, including dial shelves, LAN interfaces, logical interfaces, serial interfaces, and virtual interfaces. The command reference provides detailed information about the commands used in the configuration guide.

IBM Technologies

Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4

Cisco IOS Bridging Command Reference, Release 12.4

Cisco IOS IBM Networking Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring:

• Bridging features, including transparent and source-route transparent (SRT) bridging, source-route bridging (SRB), Token Ring Inter-Switch Link (TRISL), and Token Ring Route Switch Module (TRRSM).

• IBM network features, including data-link switching plus (DLSw+), serial tunnel (STUN), and block serial tunnel (BSTUN); Logical Link Control, type 2 (LLC2), and Synchronous Data Link Control (SDLC); IBM Network Media Translation, including SDLC Logical Link Control (SDLLC) and Qualified Logical Link Control (QLLC); downstream physical unit (DSPU), Systems Network Architecture (SNA) service point, SNA Frame Relay Access, Advanced Peer-to-Peer Networking (APPN), native client interface architecture (NCIA) client/server topologies, and IBM Channel Attach.

The two command references provide detailed information about the commands used in the configuration guide.

Additional and Legacy Protocols

Cisco IOS AppleTalk Configuration Guide, Release 12.4

Cisco IOS AppleTalkCommand Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring the AppleTalk protocol. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS DECnet Configuration Guide, Release 12.4

Cisco IOS DECnet Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring the DECnet protocol. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS ISO CLNS Configuration Guide, Release 12.4

Cisco IOS ISO CLNS Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring International Organization for Standardization (ISO) Connectionless Network Service (CLNS). The command reference provides detailed information about the commands used in the configuration guide.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)

Configuration Guide and Command Reference Titles

Description

Page 15: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Organization for Cisco IOS Release 12.4

xvCisco IOS Optimized Edge Routing Configuration Guide

Table 2 lists the documents and resources that support the Cisco IOS Release 12.4 software configuration guides and command references.

Cisco IOS Novell IPX Configuration Guide, Release 12.4

Cisco IOS Novell IPX Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring the Novell Internetwork Packet Exchange (IPX) protocol. The command reference provides detailed information about the commands used in the configuration guide.

Cisco IOS Terminal Services Configuration Guide, Release 12.4

Cisco IOS Terminal Services Command Reference, Release 12.4

The configuration guide is a task-oriented guide to configuring terminal services, including DEC, local-area transport (LAT), and X.25 packet assembler/disassembler (PAD). The command reference provides detailed information about the commands used in the configuration guide.

Table 1 Cisco IOS Release 12.4 Configuration Guides and Command References (continued)

Configuration Guide and Command Reference Titles

Description

Table 2 Cisco IOS Release 12.4 Supporting Documents and Resources

Document Title Description

Cisco IOS Master Commands List, Release 12.4

An alphabetical listing of all the commands documented in the Cisco IOS Release 12.4 command references.

Cisco IOS New, Modified, Replaced, and Removed Commands, Release 12.4

A listing of all the new, modified, replaced and removed commands since Cisco IOS Release 12.3, grouped by Release 12.3T maintenance release and ordered alphabetically within each group.

Cisco IOS New and Modified Commands, Release 12.3

A listing of all the new, modified, and replaced commands since Cisco IOS Release 12.2, grouped by Release 12.2T maintenance release and ordered alphabetically within each group.

Cisco IOS System Messages, Volume 1 of 2

Cisco IOS System Messages, Volume 2 of 2

Listings and descriptions of Cisco IOS system messages. Not all system messages indicate problems with your system. Some are purely informational, and others may help diagnose problems with communications lines, internal hardware, or the system software.

Cisco IOS Debug Command Reference, Release 12.4

An alphabetical listing of the debug commands and their descriptions. Documentation for each command includes a brief description of its use, command syntax, and usage guidelines.

Release Notes, Release 12.4 A description of general release information, including information about supported platforms, feature sets, platform-specific notes, and Cisco IOS software defects.

Internetworking Terms and Acronyms Compilation and definitions of the terms and acronyms used in the internetworking industry.

Page 16: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Document Conventions

xviCisco IOS Optimized Edge Routing Configuration Guide

Document ConventionsWithin Cisco IOS software documentation, the term router is generally used to refer to a variety of Cisco products (for example, routers, access servers, and switches). Routers, access servers, and other networking devices that support Cisco IOS software are shown interchangeably within examples. These products are used only for illustrative purposes; that is, an example that shows one product does not necessarily indicate that other products are not supported.

The Cisco IOS documentation set uses the following conventions:

Command syntax descriptions use the following conventions:

RFCs RFCs are standards documents maintained by the Internet Engineering Task Force (IETF). Cisco IOS software documentation references supported RFCs when applicable. The full text of referenced RFCs may be obtained at the following URL:

http://www.rfc-editor.org/

MIBs MIBs are used for network monitoring. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Table 2 Cisco IOS Release 12.4 Supporting Documents and Resources (continued)

Document Title Description

Convention Description

^ or Ctrl The ^ and Ctrl symbols represent the Control key. For example, the key combination ^D or Ctrl-D means hold down the Control key while you press the D key. Keys are indicated in capital letters but are not case sensitive.

string A string is a nonquoted set of characters shown in italics. For example, when setting an SNMP community string to public, do not use quotation marks around the string or the string will include the quotation marks.

Convention Description

bold Bold text indicates commands and keywords that you enter literally as shown.

italics Italic text indicates arguments for which you supply values.

[x] Square brackets enclose an optional element (keyword or argument).

| A vertical line indicates a choice within an optional or required set of keywords or arguments.

[x | y] Square brackets enclosing keywords or arguments separated by a vertical line indicate an optional choice.

{x | y} Braces enclosing keywords or arguments separated by a vertical line indicate a required choice.

Page 17: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Obtaining Documentation

xviiCisco IOS Optimized Edge Routing Configuration Guide

Nested sets of square brackets or braces indicate optional or required choices within optional or required elements. For example:

Examples use the following conventions:

The following conventions are used to attract the attention of the reader:

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Note Means reader take note. Notes contain suggestions or references to material not covered in the manual.

Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.

Obtaining DocumentationCisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.comYou can access the most current Cisco documentation and technical support at this URL:

http://www.cisco.com/techsupport

Convention Description

[x {y | z}] Braces and a vertical line within square brackets indicate a required choice within an optional element.

Convention Descriptionscreen Examples of information displayed on the screen are set in Courier font.

bold screen Examples of text that you must enter are set in Courier bold font.

< > Angle brackets enclose text that is not printed to the screen, such as passwords, and are used in contexts in which the italic document convention is not available, such as ASCII text.

! An exclamation point at the beginning of a line indicates a comment line. (Exclamation points are also displayed by the Cisco IOS software for certain processes.)

[ ] Square brackets enclose default responses to system prompts.

Page 18: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Documentation Feedback

xviiiCisco IOS Optimized Edge Routing Configuration Guide

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVDCisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.

The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering DocumentationBeginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at [email protected] or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation FeedbackYou can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can send comments about Cisco documentation to [email protected].

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco SystemsAttn: Customer Document Ordering170 West Tasman DriveSan Jose, CA 95134-9883

We appreciate your comments.

Page 19: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Cisco Product Security Overview

xixCisco IOS Optimized Edge Routing Configuration Guide

Cisco Product Security OverviewCisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

• Report security vulnerabilities in Cisco products.

• Obtain assistance with security incidents that involve Cisco products.

• Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco ProductsCisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

• Emergencies— [email protected]

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

• Nonemergencies— [email protected]

In an emergency, you can also reach PSIRT by telephone:

• 1 877 228-7302

• 1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

Page 20: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Obtaining Technical Assistance

xxCisco IOS Optimized Edge Routing Configuration Guide

Obtaining Technical AssistanceCisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation WebsiteThe Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service RequestUsing the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)EMEA: +32 2 704 55 55USA: 1 800 553-2447

Page 21: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Obtaining Additional Publications and Information

xxiCisco IOS Optimized Edge Routing Configuration Guide

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request SeverityTo ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various online and printed sources.

• Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

• Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Page 22: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

About Cisco IOS Software Documentation for Release 12.4Obtaining Additional Publications and Information

xxiiCisco IOS Optimized Edge Routing Configuration Guide

• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

• Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

• Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

• World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

Page 23: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

xxiiiCisco IOS Optimized Edge Routing Configuration Guide

Using Cisco IOS Software for Release 12.4

This chapter provides tips for understanding and configuring Cisco IOS software using the command-line interface (CLI). It contains the following sections:

• Understanding Command Modes, page xxiii

• Getting Help, page xxiv

• Using the no and default Forms of Commands, page xxviii

• Saving Configuration Changes, page xxviii

• Filtering Output from the show and more Commands, page xxix

• Finding Additional Feature Support Information, page xxix

For an overview of Cisco IOS software configuration, see the Cisco IOS Configuration Fundamentals Configuration Guide.

For information on the conventions used in the Cisco IOS software documentation set, see the “About Cisco IOS Software Documentation for Release 12.4” chapter.

Understanding Command ModesYou use the CLI to access Cisco IOS software. Because the CLI is divided into many different modes, the commands available to you at any given time depend on the mode that you are currently in. Entering a question mark (?) at the CLI prompt allows you to obtain a list of commands available for each command mode.

When you log in to a Cisco device, the device is initially in user EXEC mode. User EXEC mode contains only a limited subset of commands. To have access to all commands, you must enter privileged EXEC mode by entering the enable command and a password (when required). From privileged EXEC mode you have access to both user EXEC and privileged EXEC commands. Most EXEC commands are used independently to observe status or to perform a specific function. For example, show commands are used to display important status information, and clear commands allow you to reset counters or interfaces. The EXEC commands are not saved when the software reboots.

Configuration modes allow you to make changes to the running configuration. If you later save the running configuration to the startup configuration, these changed commands are stored when the software is rebooted. To enter specific configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and a variety of other modes, such as protocol-specific modes.

Page 24: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Getting Help

xxivCisco IOS Optimized Edge Routing Configuration Guide

ROM monitor mode is a separate mode used when the Cisco IOS software cannot load properly. If a valid software image is not found when the software boots or if the configuration file is corrupted at startup, the software might enter ROM monitor mode.

Table 1 describes how to access and exit various common command modes of the Cisco IOS software. It also shows examples of the prompts displayed for each mode.

For more information on command modes, see the “Using the Cisco IOS Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide.

Getting HelpEntering a question mark (?) at the CLI prompt displays a list of commands available for each command mode. You can also get a list of keywords and arguments associated with any command by using the context-sensitive help feature.

To get help specific to a command mode, a command, a keyword, or an argument, use one of the following commands:

Table 1 Accessing and Exiting Command Modes

Command Mode

Access Method Prompt Exit Method

User EXEC Log in. Router> Use the logout command.

Privileged EXEC

From user EXEC mode, use the enable command.

Router# To return to user EXEC mode, use the disable command.

Global configuration

From privileged EXEC mode, use the configure terminal command.

Router(config)# To return to privileged EXEC mode from global configuration mode, use the exit or end command.

Interface configuration

From global configuration mode, specify an interface using an interface command.

Router(config-if)# To return to global configuration mode, use the exit command.

To return to privileged EXEC mode, use the end command.

ROM monitor From privileged EXEC mode, use the reload command. Press the Break key during the first 60 seconds while the system is booting.

> To exit ROM monitor mode, use the continue command.

Command Purpose

help Provides a brief description of the help system in any command mode.

abbreviated-command-entry? Provides a list of commands that begin with a particular character string. (No space between command and question mark.)

abbreviated-command-entry<Tab> Completes a partial command name.

Page 25: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Getting Help

xxvCisco IOS Optimized Edge Routing Configuration Guide

Example: How to Find Command OptionsThis section provides an example of how to display syntax for a command. The syntax can consist of optional or required keywords and arguments. To display keywords and arguments for a command, enter a question mark (?) at the configuration prompt or after entering part of a command followed by a space. The Cisco IOS software displays a list and brief description of available keywords and arguments. For example, if you were in global configuration mode and wanted to see all the keywords or arguments for the arap command, you would type arap ?.

The <cr> symbol in command help output stands for “carriage return.” On older keyboards, the carriage return key is the Return key. On most modern keyboards, the carriage return key is the Enter key. The <cr> symbol at the end of command help output indicates that you have the option to press Enter to complete the command and that the arguments and keywords in the list preceding the <cr> symbol are optional. The <cr> symbol by itself indicates that no more arguments or keywords are available and that you must press Enter to complete the command.

Table 2 shows examples of how you can use the question mark (?) to assist you in entering commands. The table steps you through configuring an IP address on a serial interface on a Cisco 7206 router that is running Cisco IOS Release 12.0(3).

? Lists all commands available for a particular command mode.

command ? Lists the keywords or arguments that you must enter next on the command line. (Space between command and question mark.)

Command Purpose

Table 2 How to Find Command Options

Command Comment

Router> enablePassword: <password>Router#

Enter the enable command and password to access privileged EXEC commands. You are in privileged EXEC mode when the prompt changes to Router#.

Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#

Enter the configure terminal privileged EXEC command to enter global configuration mode. You are in global configuration mode when the prompt changes to Router(config)#.

Page 26: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Getting Help

xxviCisco IOS Optimized Edge Routing Configuration Guide

Router(config)# interface serial ?<0-6> Serial interface number

Router(config)# interface serial 4 ?/

Router(config)# interface serial 4/ ?<0-3> Serial interface number

Router(config)# interface serial 4/0 ?<cr>Router(config)# interface serial 4/0Router(config-if)#

Enter interface configuration mode by specifying the serial interface that you want to configure using the interface serial global configuration command.

Enter ? to display what you must enter next on the command line. In this example, you must enter the serial interface slot number and port number, separated by a forward slash.

When the <cr> symbol is displayed, you can press Enter to complete the command.

You are in interface configuration mode when the prompt changes to Router(config-if)#.

Router(config-if)# ?Interface configuration commands:

.

.

.ip Interface Internet Protocol config commandskeepalive Enable keepalivelan-name LAN Name commandllc2 LLC2 Interface Subcommandsload-interval Specify interval for load calculation for an

interfacelocaddr-priority Assign a priority grouplogging Configure logging for interfaceloopback Configure internal loopback on an interfacemac-address Manually set interface MAC addressmls mls router sub/interface commandsmpoa MPOA interface configuration commandsmtu Set the interface Maximum Transmission Unit (MTU)netbios Use a defined NETBIOS access list or enable

name-cachingno Negate a command or set its defaultsnrzi-encoding Enable use of NRZI encodingntp Configure NTP...

Router(config-if)#

Enter ? to display a list of all the interface configuration commands available for the serial interface. This example shows only some of the available interface configuration commands.

Table 2 How to Find Command Options (continued)

Command Comment

Page 27: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Getting Help

xxviiCisco IOS Optimized Edge Routing Configuration Guide

Router(config-if)# ip ?Interface IP configuration subcommands:

access-group Specify access control for packetsaccounting Enable IP accounting on this interfaceaddress Set the IP address of an interfaceauthentication authentication subcommandsbandwidth-percent Set EIGRP bandwidth limitbroadcast-address Set the broadcast address of an interfacecgmp Enable/disable CGMPdirected-broadcast Enable forwarding of directed broadcastsdvmrp DVMRP interface commandshello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcastshold-time Configures IP-EIGRP hold time...

Router(config-if)# ip

Enter the command that you want to configure for the interface. This example uses the ip command.

Enter ? to display what you must enter next on the command line. This example shows only some of the available interface IP configuration commands.

Router(config-if)# ip address ?A.B.C.D IP addressnegotiated IP Address negotiated over PPP

Router(config-if)# ip address

Enter the command that you want to configure for the interface. This example uses the ip address command.

Enter ? to display what you must enter next on the command line. In this example, you must enter an IP address or the negotiated keyword.

A carriage return (<cr>) is not displayed; therefore, you must enter additional keywords or arguments to complete the command.

Router(config-if)# ip address 172.16.0.1 ?A.B.C.D IP subnet mask

Router(config-if)# ip address 172.16.0.1

Enter the keyword or argument that you want to use. This example uses the 172.16.0.1 IP address.

Enter ? to display what you must enter next on the command line. In this example, you must enter an IP subnet mask.

A <cr> is not displayed; therefore, you must enter additional keywords or arguments to complete the command.

Table 2 How to Find Command Options (continued)

Command Comment

Page 28: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Using the no and default Forms of Commands

xxviiiCisco IOS Optimized Edge Routing Configuration Guide

Using the no and default Forms of CommandsAlmost every configuration command has a no form. In general, use the no form to disable a function. Use the command without the no keyword to reenable a disabled function or to enable a function that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, use the no ip routing command; to reenable IP routing, use the ip routing command. The Cisco IOS software command reference publications provide the complete syntax for the configuration commands and describe what the no form of a command does.

Configuration commands can also have a default form, which returns the command settings to the default values. Most commands are disabled by default, so in such cases using the default form has the same result as using the no form of the command. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default form of the command enables the command and sets the variables to their default values. The Cisco IOS software command reference publications describe the effect of the default form of a command if the command functions differently than the no form.

Saving Configuration ChangesUse the copy system:running-config nvram:startup-config command or the copy running-config startup-config command to save your configuration changes to the startup configuration so that the changes will not be lost if the software reloads or a power outage occurs. For example:

Router# copy system:running-config nvram:startup-configBuilding configuration...

It might take a minute or two to save the configuration. After the configuration has been saved, the following output appears:

[OK]Router#

On most platforms, this task saves the configuration to NVRAM. On the Class A flash file system platforms, this task saves the configuration to the location specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.

Router(config-if)# ip address 172.16.0.1 255.255.255.0 ?secondary Make this IP address a secondary address<cr>

Router(config-if)# ip address 172.16.0.1 255.255.255.0

Enter the IP subnet mask. This example uses the 255.255.255.0 IP subnet mask.

Enter ? to display what you must enter next on the command line. In this example, you can enter the secondary keyword, or you can press Enter.

A <cr> is displayed; you can press Enter to complete the command, or you can enter another keyword.

Router(config-if)# ip address 172.16.0.1 255.255.255.0Router(config-if)#

In this example, Enter is pressed to complete the command.

Table 2 How to Find Command Options (continued)

Command Comment

Page 29: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Filtering Output from the show and more Commands

xxixCisco IOS Optimized Edge Routing Configuration Guide

Filtering Output from the show and more CommandsYou can search and filter the output of show and more commands. This functionality is useful if you need to sort through large amounts of output or if you want to exclude output that you need not see.

To use this functionality, enter a show or more command followed by the “pipe” character (|); one of the keywords begin, include, or exclude; and a regular expression on which you want to search or filter (the expression is case-sensitive):

command | {begin | include | exclude} regular-expression

The output matches certain lines of information in the configuration file. The following example illustrates how to use output modifiers with the show interface command when you want the output to include only lines in which the expression “protocol” appears:

Router# show interface | include protocol

FastEthernet0/0 is up, line protocol is upSerial4/0 is up, line protocol is upSerial4/1 is up, line protocol is upSerial4/2 is administratively down, line protocol is downSerial4/3 is administratively down, line protocol is down

For more information on the search and filter functionality, see the “Using the Cisco IOS Command-Line Interface” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide.

Finding Additional Feature Support InformationIf you want to use a specific Cisco IOS software feature, you will need to determine in which Cisco IOS software images that feature is supported. Feature support in Cisco IOS software images depends on three main factors: the software version (called the “Release”), the hardware model (the “Platform” or “Series”), and the “Feature Set” (collection of specific features designed for a certain network environment). Although the Cisco IOS software documentation set documents feature support information for Release 12.4 as a whole, it does not generally provide specific hardware and feature set information.

To determine the correct combination of Release (software version), Platform (hardware version), and Feature Set needed to run a particular feature (or any combination of features), use Feature Navigator.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Software features may also have additional limitations or restrictions. For example, a minimum amount of system memory may be required. Or there may be known issues for features on certain platforms that have not yet been resolved (called “Caveats”). For the latest information about these limitations, see the release notes for the appropriate Cisco IOS software release. Release notes provide detailed installation instructions, new feature descriptions, system requirements, limitations and restrictions, caveats, and troubleshooting information for a particular software release.

Page 30: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Using Cisco IOS Software for Release 12.4Finding Additional Feature Support Information

xxxCisco IOS Optimized Edge Routing Configuration Guide

Page 31: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

1Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS Optimized Edge Routing Configuration

Cisco IOS Optimized Edge Routing (OER) provides automatic route optimization and load distribution for multiple ISP and WAN connections. Cisco IOS OER is an integrated Cisco IOS solution that allows you to monitor IP traffic flows and then define policies and rules based on prefix performance, link load distribution, link cost, and traffic type. Cisco IOS OER provides active and passive monitoring systems, dynamic failure detection, and automatic path correction. Deploying Cisco IOS OER enables intelligent load distribution and optimal route selection in an enterprise network.

Feature History for Optimized Edge Routing

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Release Modification

12.3(8)T This feature was introduced.

12.3(11)T Support for the following features was integrated into Cisco IOS Release 12.3(11)T:

• Port and Protocol Based Prefix Learning allows you to configure a master controller to learn prefixes based on the protocol type and TCP or UDP port number.

• VPN IPSec/GRE Tunnel Optimization introduces the capability to configure IPSec/GRE tunnel interfaces as OER managed exit links. Only network based IPSec VPNs are supported.

12.3(14)T Support for the following feature was integrated into Cisco IOS Release 12.3(14)T:

• OER Support for Cost-Based Optimization and Traceroute Reporting introduces the capability to configure exit link policies based monetary cost and the capability to configure traceroute probes to determine prefix characteristics on a hop-by-hop basis.

Page 32: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationContents

2Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Contents• Prerequisites for Cisco IOS Optimized Edge Routing, page 2

• Restrictions for Cisco IOS Optimized Edge Routing, page 2

• Information About Cisco IOS Optimized Edge Routing, page 3

• How to Configure Cisco IOS Optimized Edge Routing, page 23

• Configuration Examples for Cisco IOS Optimized Edge Routing, page 91

• Additional References, page 103

Prerequisites for Cisco IOS Optimized Edge Routing• Cisco Express Forwarding (CEF) must be enabled on all participating routers.

• Cisco IOS OER can be deployed on a single router. The router must have at least two egress interfaces that can carry outbound traffic and can be configured as OER managed exit links. These interfaces should connect to an ISP or be WAN connections (Frame-Relay, ATM, etc) at the edge of the enterprise network.

• The master controller should be deployed close to the border routers to minimize the communication response time between these devices. All border routers must be reachable by the master controller. The border routers should be close to each other in terms of hops and throughput.

• Routing protocol peering must be established in your network or static routing must be configured before Cisco IOS OER is deployed.

If you have configured internal BGP (iBGP) on the border routers, iBGP peering must be established and consistently applied throughout your network.

If an IGP is deployed in your network, static route redistribution must be configured with the redistribute static command. Interior Gateway Protocol (IGP) or static routing should also be applied consistently throughout an OER managed network; the border router should have a consistent view of the network.

Restrictions for Cisco IOS Optimized Edge Routing• Cisco IOS OER does not influence or control inter-domain routing or interfaces that are not under

OER control, and Cisco IOS OER does not influence asymmetrical routing.

• Cisco IOS OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported.

• Cisco IOS OER can be configured to monitor and control outbound traffic only.

• Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported.

• When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the Routing Information Base (RIB), cannot be an address from the same subnet as the next hop on the other border router.

• Interfaces that are configured to be under OER control can also carry multicast traffic. However, if the source of the multicast traffic comes from outside of the OER managed network and inbound multicast traffic is carried over OER managed exit links, the source multicast address should be excluded from OER control.

Page 33: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

3Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.

• Token Ring interfaces are not supported by Cisco IOS OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.

Information About Cisco IOS Optimized Edge RoutingTo configure Cisco IOS Optimized Edge Routing (OER), you should understand the following concepts

• Cisco IOS Optimized Edge Routing Overview, page 4

• Cisco IOS OER Network Components, page 6

• Cisco IOS OER Managed Network, page 8

• Cisco IOS OER Prefix Learning, page 9

• Cisco IOS OER Monitoring, page 11

• Cisco IOS OER Modes of Operation, page 13

• Cisco IOS OER Routing Control, page 14

• Cisco IOS OER Policy Configuration, page 16

• VPN IPSec/GRE Tunnel Interface Optimization, page 21

• Cisco IOS OER Logging and Reporting, page 21

• Cisco IOS OER Deployment Configurations, page 22

Page 34: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

4Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS Optimized Edge Routing Overview Enterprise networks use multiple ISP or WAN connections for reliability and load distribution. Existing reliability mechanisms depend on link state or route removal on the border router to select a better exit link for a prefix or set of prefixes. Multiple connections protect enterprise networks from catastrophic failures but do not protect the network from “brown outs” or soft failures that occur due to network congestion. Existing mechanisms can respond to catastrophic failures at the first indication of a problem. However, black outs and brown outs can go undetected and often require the network operator to take action to resolve the problem. When a packet is transmitted between external networks (nationally or globally), the packet spends the vast majority its life cycle on the WAN segments of the network. Optimizing WAN route selection in the enterprise network provides the end-user with the greatest performance improvement, even better than LAN speed improvements in the local network.

Cisco IOS OER is implemented in Cisco IOS software as an integrated part of Cisco core routing functionality. Deploying Cisco IOS OER enables intelligent network traffic load distribution and dynamic failure detection for data paths at the wide-area network (WAN) edge. While other routing mechanisms can provide both load distribution and failure mitigation, Cisco IOS OER is unique in that it can make routing adjustments based on criteria other than static routing metrics, such as response time, packet loss, path availability, and traffic load distribution. Deploying Cisco IOS OER allows you to optimize network performance and link load utilization while minimizing bandwidth costs and reducing operational expenses.

Cisco IOS OER: A Typical Deployment

Figure 1 shows a Cisco IOS OER managed enterprise network of a content provider. The enterprise network has three exit interfaces that are used to deliver content to customer access networks. The content provider has a separate service level agreement (SLA) with a different ISP for each exit link. The customer access network has two edge routers that connect to the Internet. Traffic is carried between the enterprise network and the customer access network over six service provider (SP) networks.

Figure 1 A Typical Cisco IOS Optimized Edge Routing Deployment

Cisco IOS OER monitors and controls outbound traffic on the three border routers (BRs). It measures the packet response time and path availability from the egress interfaces on BR1, BR2 and BR3. Changes to exit link performance on the border routers are detected on a per-prefix basis. If the performance of a

ContentConsumer

TransitService Providers

Enterprise/ContentProvider

MasterController

Customeraccess

SP A

SLA A

SLA B

eBGP

SLA C

SP C SP D

SP F

SP E

SP B CR1

BR3

Server(s)

BR2

BR1

Client(s)

iBGP and/orEIGRP, IS-IS,

OSPF, RIP

1175

46

CR2CR2

MasterController

Page 35: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

5Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

prefix falls below default or user-defined policy parameters, routing is altered locally in the enterprise network to optimize performance and to route around failure conditions that occur outside of the enterprise network. For example, an interface failure or network misconfiguration in the SP D network can cause outbound traffic that is carried over the BR2 exit interface to become congested or fail to reach the customer access network. Traditional routing mechanisms cannot anticipate or resolve these types of problem without intervention by the network operator. Cisco IOS OER can detect failure conditions and alter routing inside of the network to compensate.

Cisco IOS OER: Optimizes for Performance

Traditional routing mechanisms rely upon reachability information to make routing decisions but cannot enforce performance policies. Cisco IOS OER optimizes routing to improve performance in the enterprise network. Prefix policies are defined to control the performance of a single prefix or a prefix range. You can configure Cisco IOS OER to monitor and control the performance of a single host route or routes from an entire network. Exit link policies are defined to control the performance of exit interfaces in an OER managed network. Performance policies can be defined for a single exit link or all exit links in the OER managed network.

Figure 2 shows a Cisco IOS OER managed enterprise network of a content provider. This figure shows that delay measurements are collected for monitored prefixes on the border routers. These statistics are collected by the border routers an then transmitted to the master controller.

Figure 2 Cisco IOS OER Optimizes for Performance

For example, if a performance policy is defined that sets the delay threshold for a group of prefixes to less than or equal to 200 milliseconds (ms), as shown in Figure 2. Prefixes with a slower round-trip response time (or longer delay) will be considered to be out-of-policy. Routing is locally altered to bring the prefix to an in-policy state. In Figure 2, out-of-policy prefixes that use exit links on BR3 will be moved to BR1.

The master controller monitors prefixes and exit links on the border routers. This allows the master controller to measure performance and detect failure conditions that occur outside of the network. When the master controller detects a performance change that brings a prefix out of policy, the master

1177

70

200ms

250ms

ContentConsumer

TransitService Providers

Enterprise/ContentProvider

MasterController

Customeraccess

SP A

SLA A

SLA B

eBGP

SLA C

SP C SP D

SP F

SP E

SP B CR1

BR3

Server(s)

BR2

BR1

Client(s)

iBGP and/orEIGRP, IS-IS,

OSPF, RIP

CR2CR2

MasterController

Page 36: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

6Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

controller sends commands to the border routers to dynamically alter routing inside of the enterprise network to bring prefix performance back within default or user-defined policy. If all prefixes and exit links are in policy, the master controller continues to monitor the network and does not take any action.

Cisco IOS OER Network Components Cisco IOS OER is configured on Cisco routers though standard Cisco IOS CLI configuration. An OER deployment has two primary components — a master controller and one or more border routers. The master controller is the intelligent decision maker, while the border routers are enterprise edge routers with exit interfaces that are used to access the Internet or used as WAN exit links.

Cisco IOS OER Network Components: Master Controller

The master controller is a single router that coordinates all OER functions within an OER managed network. A Cisco router can be configured to run a stand-alone master controller process or can also be configured to perform other functions, such as routing or running a border router process. The master controller maintains communication and authenticates the sessions with the border routers. The master controller monitors outbound traffic flows using active or passive monitoring and then applies default or user-defined policies to alter routing to optimize prefixes and exit links. OER administration and control is centralized on the master controller, which makes all policy decisions and controls the border routers. The master controller does not need to be in the traffic forwarding path, but it must be reachable by the border routers. The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.

Note We recommend that the master controller is deployed as close as possible to the border routers to reduce communication response time.

Cisco IOS OER Network Components: Border Router

The border router is an enterprise edge router with one or more exit links to an ISP or other participating network. The border router is where all policy decisions and changes to routing in the network are enforced. The border router participates in prefix monitoring and route optimization by reporting prefix and exit link measurements to the master controller and then by enforcing policy changes received from the master controller. The border router enforces policy changes by injecting a preferred route to alter routing in the network. The border router is deployed on the edge of the network, so the border router must be in the forwarding path. A border router process can be enabled on the same router as a master controller process.

Cisco IOS OER Network Components: Interfaces

An OER managed network must have at least two external interfaces that are used to forward traffic to the external network (WAN or ISP) and at least one internal interface that is used for passive monitoring. There are three interface configurations required to deploy OER:

• External interfaces are configured as OER managed exit links to forward traffic. The physical external interface is enabled on the border router. The external interface is configured as an OER external interface on the master controller. The master controller actively monitors prefix and exit link performance on these interfaces. Each border router must have at least one external interface, and a minimum of two external interfaces are required in an OER managed network.

Page 37: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

7Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• Internal interfaces are used for only passive performance monitoring with NetFlow. No explicit NetFlow configuration is required. The internal interface is an active border router interface that connects to the internal network. The internal interface is configured as an OER internal l interface on the master controller. At least one internal interface must be configured on each border router.

• Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router. The local interface is identified as the source interface for communication with the master controller.

Tip If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface.

The following interface types can be configured as external and internal interfaces:

• ATM

• BRI

• CTunnel

• Ethernet

• Fast Ethernet

• Gigabit Ethernet

• HSSI

• Null

• POS

• Serial

• Tunnel

• VLAN

Note VLAN interfaces can be configured only as internal interfaces.

The following interface types can be configured as local interfaces:

• Async

• BVI

• CDMA-Ix

• CTunnel

• Dialer

• Ethernet

• Group-Async

• Lex

• Loopback

• MFR

• Multilink

• Null

Page 38: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

8Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• Serial

• Tunnel

• Vif

• Virtual-PPP

• Virtual-Template

• Virtual-TokenRing

Note A Virtual-TokenRing interface can be configured as a local interface. However, Token Ring interfaces are not supported and cannot be configured as external, internal, or local interfaces.

Cisco IOS OER Managed Network Figure 3 shows an OER managed network. This network contains a master controller and two border routers. OER communication between the master controller and the border routers is carried separately from routing protocol traffic. This communication is protected by MD5 authentication. Each border router has an external interface that is connected to a different ISP or WAN link to a remote site and a local and an internal interface that are reachable by the master controller.

Figure 3 Cisco IOS OER Managed Network

External interfaces are used to forward outbound traffic from the network and are used as the source for active monitoring. Internal interfaces are used for OER communication and used for passive monitoring. At least one external and one internal interface must be configured on each border router. At least two external interfaces are required in an OER managed network. A local interface is configured on the border router for communication with the master controller.

MasterController

11

77

71

ISP-A

ISP-B

SLA A

Exit link

SLA B

BR1

BR2

Border router

BR1

BR2

Statistics

Statistics

Commands Border router

Page 39: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

9Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS OER Managed Network: Central Policy Database

The master controller continuously monitors the network. The master controller maintains a central policy database where it stores collected statistical information. The master controller compares long-term and short-term measurements. The long-term measurements are collected every 60 minutes. Short term measurements are collected every five minutes. The master controller analyzes these statistics to determine which routes have the lowest delay, highest outbound throughput, relative or absolute packet loss, relative or absolute link cost, and prefix reachability to analyze and optimize the performance of monitored prefixes and to distribute the load from over-utilized exit links to under-utilized exit links.

Cisco IOS OER Managed Network: Policy Enforcement Point

The border router is the policy enforcement point. Default or user-defined policies are configured on the master controller to set the performance level for prefixes and exit links. The master controller automatically alters routing in the OER managed network, as necessary, by sending control commands to the border routers to inject a preferred route. The preferred route is advertised or redistributed through the internal network. The preferred route alters default routing behavior so that out of policy prefixes are moved from over utilized exit links to under utilized exit links to bring prefixes and exit links in-policy, and thus optimizing the overall performance of the enterprise network.

Cisco IOS OER Prefix Learning To enable Cisco IOS OER in your network prefixes must be identified to monitor and optimize. A Cisco router configured as a master controller will learn and monitor up to 2500 prefixes by default and can configured to learn and monitor up to 5000 prefixes with the max prefix total command in OER master controller configuration mode. Prefixes can be learned automatically or can manually selected.

Cisco IOS OER Prefix Learning: Automatic Prefix Learning

The master controller can be configured, using Top Talker functionality, to learn prefixes automatically based on highest outbound throughput or lowest delay time. Throughput learning measures prefixes that generate the highest outbound traffic volume. Throughput prefixes are sorted from highest to lowest. Delay learning measures prefixes with the lowest round-trip response time (RTT). Delay prefixes are sorted from the lowest to the highest delay time.

Automatic prefix learning is configured in OER Top Talker and Delay learning configuration mode. The learn command is used to enter this mode from OER master controller configuration mode. When automatic prefix learning is enabled, prefixes and their delay and/or throughput characteristics are learned, and this is information is stored in the central policy database. Prefixes are learned for 5 minutes by default. The master controller analyzes these statistics and implements policy decisions as necessary.

Prefixes are learned on the border routers through passive monitoring. Prefix learning is configured on the master controller. The border routers monitor all incoming and outgoing traffic flows. The top 100 flows are learned by default, and up to 5000 flows can be learned.

Learned prefixes can be aggregated based the prefix type, BGP or non-BGP (static routes), or the prefix length. Traffic flows are aggregated using a /24 prefix length by default. Prefix aggregation can be configured to include any subset or superset of a major network, including a single host route (/32). For each aggregated prefix, up to five host addresses are selected to use as active probe targets. Prefix aggregation is configured with the aggregation-type command in OER Top Talker and Delay learning configuration mode.

Page 40: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

10Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS OER Prefix Learning: Manually Selecting Prefixes

A prefix or range of prefixes can be selected for monitoring by configuring an IP prefix list. The IP prefix list is then imported into the master controller database by configuring a match clause in an OER map. IP prefix-lists are configured with the ip prefix-list command and OER maps are configured with the oer-map command in global configuration mode.

The following IP prefix list configuration options are supported:

• An exact prefix (/32)

• A specific prefix length and any subset (for example, a /24 under a /16)

• A specific prefix and all more specific routes (le 32)

• All prefixes (0.0.0.0/0)

Traffic is excluded or included by configuring permit or deny statements in the IP prefix list.

For best performance, you should apply the most commonly referenced prefix lists and deny prefix lists to the lowest (or first) OER map sequences.

Cisco IOS OER Prefix Learning: Port and Protocol Based Prefix Learning

Port and Protocol Based Prefix Learning was introduced in Cisco IOS Release 12.3(11)T. This feature allows you to configure the master controller to learn traffic based on the protocol number or the source or destination port number, carried by TCP or UDP traffic. This feature provides a very granular filter that can be used to further optimize prefixes learned based on throughput and delay.

Port and protocol based prefix learning allows you to optimize or exclude traffic streams for a specific protocol or the TCP port, UDP port, or range of port numbers. Traffic can be optimized for a specific application or protocol. Uninteresting traffic can be excluded, allowing you to focus router system resources, and reduce unnecessary CPU and memory utilization. In cases where traffic streams need to be excluded or included over ports that fall above or below a certain port number, the range of port numbers can be specified. Port and protocol prefix based learning is configured with the protocol command in OER Top Talker and Delay learning configuration mode.

For a list of IANA assigned port numbers, refer to the following document:

• http://www.iana.org/assignments/port-numbers

For a list of IANA assigned protocol numbers, refer to the following document:

• http://www.iana.org/assignments/protocol-numbers

Cisco IOS OER Prefix Learning: Prefix Transition States

Monitored prefixes pass through the following states when imported into the central policy database or when a default or user-defined policy is applied:

Default—A prefix is placed in this state when it is not under OER control. All routing decisions for the prefix are controlled by existing metrics determined by the default routing protocol. Prefixes are placed in the default state when they are initially added to the central policy database. A prefix will transition into and out of the default state depending on policy configuration and performance measurements.

In-Policy—A prefix is placed in this state when the status of the prefix exit conforms to default or user-defined policies. No changes are made when a prefix is in the in-policy state. The master controller continues to monitor the prefix and will take no action until the policy configuration or performance measurements change.

Page 41: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

11Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Out-of-Policy—A prefix is placed in this state when the prefix exit does not conform to default or user-defined policies. The master controller will use active probing and/or passive monitoring to find a better exit for the prefix, while the prefix is in this state. If all exit links are out-of-policy, the master controller will select the best available exit.

Choose—A prefix is placed in this state by the master controller during exit link selection. The prefix remains in the choose state until it is moved to the new exit.

Holddown—A prefix is placed in this state when the master controller moves a prefix to a new exit. No policy changes are applied to a prefix in the holddown state. The holddown state is designed to isolate the prefix during the transition period to prevent the prefix from causing instability due to rapid state changes (flapping).

Note Over aggressive policy settings can cause a prefix or exit link to remain in the out-of-policy state.

Cisco IOS OER Monitoring Cisco IOS OER monitors prefix performance over OER managed exit links to ensure that OER controlled prefixes and exit links conform to policy parameters. Prefixes are passively monitored with integrated NetFlow functionality and are actively monitored with integrated IP Service Level Agreements (IP SLAs) functionality. No explicit NetFlow or IP SLAs configuration is required. Support for these features are enabled automatically as necessary.

The master controller can be configured to monitor learned and manually selected prefixes. The border routers collect passive monitoring and active monitoring statistics and then transmit this information to the master controller. The master controller analyzes the collected information. If all monitored prefixes and exit links are in policy, no changes are made and the master controller continues to monitor the network. If a monitored prefix or exit link is out of policy, the master controller makes a policy decision and sends a control command to the border router to alter routing in the OER managed network to move the prefix to a better exit to bring the prefix or exit in policy.

Cisco IOS OER Monitoring: Passive Monitoring

Cisco IOS OER uses NetFlow, an integrated technology in Cisco IOS software, to collect and aggregate passive monitoring statistics on a per prefix basis. Passive monitoring is enabled by default when an OER managed network is created. Netflow is a flow-based monitoring and accounting system. NetFlow support is enabled by default on the border routers when passive monitoring is enabled.

Passive monitoring uses only existing traffic; additional traffic is not generated. Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. If traffic does not go over an external interface of a border router, no data is reported to the master controller.

The master controller uses passive monitoring to measure the following information:

Delay—The master controller measures the average delay of TCP flows for a given prefix. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement.

Packet loss—The master controller measures packet loss by tracking TCP sequence numbers for each TCP flow. OER estimates packet loss by tracking the highest TCP sequence number. If a subsequent packet is received with a lower sequence number, OER increments the packet loss counter. Packet loss is measured in flows per million (fpm).

Reachability—The master controller measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement.

Page 42: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

12Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Throughput—The master controller measures prefixes that generate the highest outbound traffic volume or throughput. Throughput is measured on external interfaces in bits per second (bps).

Note OER passively monitors TCP traffic flows for IP traffic. Passive monitoring of non-TCP sessions is not supported.

Passive monitoring statistics are gathered and stored in a prefix history buffer that can hold a minimum of 60 minutes of information depending on whether the traffic flow is continuos. Cisco IOS OER uses this information to determine if the prefix is in policy based on the default or user-defined policies.

Cisco IOS OER Monitoring: Active Monitoring

Active monitoring uses IP Service Level Agreements (IP SLAs), an integrated technology in Cisco IOS software, to analyze and measure the performance of TCP and UDP traffic. Active monitoring generates traffic in a continuous, reliable, and predictable manner. This allows the master controller to measure delay and jitter to determine prefix performance characteristics more accurately than is possible with only passive monitoring.

Active monitoring is enabled with the mode command in OER master controller configuration mode. When active monitoring is enabled, the master controller commands the border routers to send active probes to a target IP address. The border router collects and transmits the probe results to master controller to analyze.

Active probes are automatically generated when a prefix is learned or aggregated. The border router collects up to five host addresses from the prefix for active probing. Active probes can be configured for specific host or target address. Active probes are configured with the active-probe command in OER master controller configuration mode. The active probe is sourced from the border router and transmitted through an external interface (the external interface may or may not be the preferred route for an optimized prefix). Active probes are sent once per minute. ICMP probes are used by default.

Note For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.

Active Probe Types

Cisco IOS OER uses ICMP Echo probes, by default, when an active probe is automatically generated. The following types of active probes can be configured:

ICMP Echo—A ping is sent to the target address. Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.

TCP Connection—A TCP connection probe is sent to the target address. A target port number must be specified. A remote responder must be enabled if TCP messages are configured to use a port number other than TCP well-known port number 23.

UDP Echo—A UDP echo probe is sent to the target address. A target port number must be specified. A remote responder must be enabled on the target device, regardless of the configured port number.

Page 43: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

13Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS OER Monitoring: Combined Monitoring

Cisco IOS OER can also be configured to combine both active and passive monitoring in order to generate a more complete picture of traffic flows within the network. Combined monitoring is enabled by default. Combined monitoring is configured with the mode monitor both command in OER master controller configuration mode.

Cisco IOS OER Monitoring: Traceroute Reporting

The OER Support for Traceroute Reporting feature was introduced in Cisco IOS Release 12.3(14)T. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit. This feature allows you to monitor prefix performance on a hop-by-hop basis. Delay, loss, and reachability measurements are gathered for each hop from the probe source to the target prefix.

Traceroute reporting is enabled with the set traceroute reporting oer-map configuration mode command. Learned or specific prefixes are selected for traceroute reporting by configuring a match clause in an OER map. When traceroute reporting is enabled, traceroute probes gather delay, loss, and reachability statistic for a given prefix. Specific traceroute probes can also be configured to gather these statistics individually only for prefixes that are in the out-of-policy state. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode.

Traceroute probes are configured using the following methods:

Continuous—A traceroute probe is triggered for each new probe cycle. Entering the set traceroute reporting command without any keywords enables continuous reporting. The probe is sourced from the current exit of the prefix.

Policy based—A traceroute probe is triggered automatically when a prefix goes into an out-of-policy state. Policy based traceroute probes are configured individually for delay, loss, and reachability policies. The monitored prefix is sourced from a match clause in an oer-map. Policy based traceroute reporting stops when the prefix returns to an in-policy state.

On demand—A trace route probe is triggered only when the show oer master prefix command is entered for a specific IP address with the current and now keywords. Continuous or policy-based traceroute reporting does not need to be enabled to use this method. Entering this command without any keywords displays the most recent probe results for all exits. Entering this command with the current keyword displays the results for the current exit from the most recent probe.

Cisco IOS OER Modes of Operation The master controller can be configured to operate in observe mode or control mode.

Cisco IOS OER Modes of Operation: Observe Mode

The master controller can be configured to operate in route observe mode or route control mode. Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before actively deploying it.

Page 44: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

14Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS OER Modes of Operation: Control Mode

In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network. Control mode or observe mode monitoring is configured with the mode route command in OER master controller configuration mode.

Cisco IOS OER Routing Control Figure 4 shows an OER managed network. The master controller alters default routing behavior inside of the OER managed network to optimize prefix and exit link performance. Cisco IOS OER uses a command/response protocol to manage all communication between the border router and the master controller.

Figure 4 Cisco IOS OER Controls Default Routing Behavior

The border routers are enterprise edge routers. Routing protocol peering or static routing is established between the border routers and internal peers. The border routers advertise a default route to internal peers through BGP peering, static routing, or route redistribution into an Interior Gateway Protocol (IGP). The master controller alters default routing behavior in the OER managed network by sending control commands to the border routers to inject a preferred route into the internal network.

When the master controller determines the best exit for a prefix, it sends a route control command to the border router with the best exit. The border router searches for a parent route for the monitored prefix. The BGP routing table is searched first and then the static routing table. This can be a default route for the monitored prefix. If a parent route is found that includes the prefix (the prefix may be equivalent or less specific) and points to the desired exit link by either the route to its nexthop or by a direct reference to the interface, a preferred route is injected into the internal network from the border router. OER injects the preferred route where the first parent is found. The preferred route can be an injected BGP route or

MasterController

1177

72

ISP-A

ISP-B

SLA A

ISP interfaces

SLA B

BR1

BR2

Border router

BR1

BR2

Commands

BGP/Static Redistribution

Border router

BGP/Static RedistributionBGP/Static Redistribution

Page 45: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

15Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

an injected static route. The preferred route is learned by internal peers, which in turn recalculate their routing tables causing the monitored prefix to be moved to the preferred exit link. The preferred route is only advertised to the internal network and is not advertised to external peers.

Cisco IOS OER Routing: Border Router Peering with the Internal Network

The master controller alters default routing behavior in the OER managed network by injecting preferred routes into the routing tables of the border routers. The border routers peer with other routers in the internal network through BGP peering, BGP or static route redistribution into an IGP, or static routing. The border routers advertise the preferred route to internal peers.

The border routers should be close to each other in terms of hops and throughput and should have a consistent view of the network; routing should be configured consistently across all border routers. The master controller verifies that a monitored prefix has a parent route with a valid next hop before it commands the border routers to alter routing. The border router will not inject a route where one does not already exist. This behavior is designed to prevent traffic from being blackholed because of an invalid next hop.

Note When two or more border routers are deployed in an OER managed network, the next hop on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on another border router.

Cisco IOS OER Routing: BGP Peering

Standard internal BGP (iBGP) peering can be established between the border routers and other internal peers. External BGP (eBGP) peering or a default route is configured to the ISP. In the iBGP network, OER uses the local preference attribute to set the preference for injected routes. The BGP local preference attribute is a discretionary attribute that is used to apply the degree of preference to a route during the BGP best path selection process. This attribute is exchanged only between iBGP peers and is not advertised outside of the OER managed network or to the eBGP network. The prefix with the highest local preference value is locally advertised as the preferred path to the destination. OER applies a local preference value of 5000 to injected routes by default. A local preference value from 1 to 65535 can be configured.

Note If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.

Note The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.

Cisco IOS OER Routing: BGP Redistribution into an IGP

BGP redistribution can be used if the border routers are configured to run BGP (for ISP peering for example) and the internal peers are configured to run another routing protocol (such as Enhanced Interior Gateway Routing Protocol [EIGRP], Open Shortest Path First [OSPF] or Routing Information Protocol [RIP]). The border routers can advertise a single default route or full routing tables to the internal

Page 46: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

16Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

network. If you use BGP to redistribute more than a default route into an IGP, we recommend that you use IP prefix-list and route-map statements to limit the number of prefixes, as BGP routing tables can be very large.

Cisco IOS OER Routing: BGP Redistribution Based on the BGP Local-Preference Attribute

OER uses the local-preference attribute to influence routing inside of a BGP network. OER injected BGP routes can redistributed within the network by configuring the match local-preference route-map configuration command. A value of 5000 (or a custom value if configured on the master controller) must be configured when entering this command.

Cisco IOS OER Routing: Static Routing and Static Route Redistribution

Static routing or static route redistribution can be configured in the internal network. OER alters routing these types of network by injecting temporary static routes. The temporary static route replaces the parent static route. OER will in not inject a temporary static route where a parent static route does not exist. OER applies a default tag value of 5000 to identify the injected static route. In the case of the network where only static routing is configured, no redistribution configuration is required. In the case of a network where an IGP is deployed and BGP is not run on the border routers, static routes to border router exit interfaces must be configured, and these static routes must be redistributed into the IGP.

Cisco IOS OER Routing: Injecting Split Prefixes

When configured to control a subset of a larger network, the master controller will add an appropriate route or split prefix to the existing routing table, as necessary. A split prefix is a more specific route that is derived from a less specific parent prefix. For example, if a /24 prefix is configured to be optimized, but only a /16 route is installed to the routing table, the master controller will inject a /24 prefix using the attributes from the /16 prefix. Any subset of the less-specific prefix can be derived, including a single host route. Split prefixes are processed only inside the OER managed network and are not advertised to external networks. If BGP is deployed in the OER managed network, the master controller will inject a more specific BGP route. If BGP is not deployed, the master controller will inject a more specific temporary static route.

Cisco IOS OER Policy Configuration The master controller optimizes prefixes and exit links to conform to default and user-defined policies. When the performance of a monitored prefix or exit link falls below a policy configuration setting, the master controller optimizes traffic in the internal network to bring either the prefix or exit link into an in-policy state. Global policies are configured in OER master controller configuration mode and OER Top Talker and Top delay learning configuration mode. Policies can also be applied to specific prefixes that pass through a match statement in an OER map in oer-map configuration mode. Global policies override OER map policies.

Cisco IOS OER Policy Configuration: Prefix Policies

A prefix policy is a set of rules that governs performance characteristics for a network address. The network address can be a single host route or an entire network. A prefix is defined as any network number with a prefix mask applied to it.

Page 47: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

17Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

The following performance characteristics are managed by prefix policies:

• Delay

• Packet Loss

• Reachability

Note Prefix policies always override exit link policies.

Cisco IOS OER Policy Configuration: Exit Link Policies

An exit link policy is a set of rules that are applied to OER managed exit links. The performance characteristics that are managed by a link policy are traffic load and exit link utilization. A link policy can define total outbound throughput or total link utilization. Link utilization policies can be defined for a single exit link or all OER managed exit links. The following performance characteristics are managed by link policies:

• Cost-Based Optimization

• Utilization (Range)

• Traffic Load Distribution

Cisco IOS OER Policy Configuration: Cost-Based Optimization

The OER Support for Cost-Based Optimization feature was introduced in Cisco IOS Release 12.3(14)T. Cost-based optimization allows you to configure policies based on the monetary cost (ISP Service Level Agreement [SLA]) of each exit link in your network. This feature allows you to configure the master controller send traffic over exit links that provide the most cost-effective bandwidth utilization, while still maintaining the desired performance characteristics. Cost-based optimization is configured with the cost-minimization command in OER border exit configuration mode (under the external interface configuration). Cost-based optimization supports two billing models: fixed rate or tier-based with bursting.

Fixed Rate Billing

Fixed rate—This method is used when the ISP bills one flat rate for network access regardless of bandwidth usage. If only fixed rate billing is configured on the exit links, all exits are considered to be equal in regards to cost-optimization and other policy parameters (such as delay, loss, utilization, etc) are used to determine if the prefix or exit link is in-policy. If multiple exit links are configured with tiered and fixed policies, then exit links with fixed policies have the highest priority in regards to cost optimization. If the fixed exit links are at maximum utilization, then the tiered exit links will be used. Fixed rate billing is configured for an exit link when the fixed keyword is entered with the cost-minimization command. The monetary cost of the exit link is entered with the fee keyword.

Tier-Based Billing

Tier-based with bursting—This method is used when the ISP bills at a tiered rate based on the percentage of exit link utilization. Tiered-based billing is configured for an exit link when the tier keyword is entered with the cost-minimization command. A command statement is configured for each cost tier. The monetary cost of the tier is entered with the fee keyword. The percentage of bandwidth utilization that activates the tier is entered after the tier keyword.

Page 48: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

18Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

The specific details of tier-based with bursting billing models vary by ISP. However, most ISPs use some variation of the following algorithm to calculate what an enterprise should pay in a tiered billing plan:

1. Gather periodic measurements of egress and ingress traffic carried on the Enterprise connection to the ISP network and aggregate the measurements to generate a rollup value for a rollup period.

2. Generate one or more rollup values per billing period.

3. Rank the rollup values for the billing period into a stack from the largest value to the smallest.

4. Discard the top 5% of the rollup values from the stack to accommodate bursting.

5. Apply the highest remaining rollup value in the stack to a tiered structure to determine a tier associated with the rollup value.

6. Charge the customer based on a set cost associated with the determined tier.

Note A billing policy must be configured and applied to prefixes in order for the master controller to perform cost-based optimization.

Cost Optimization Algorithm

At the end of each billing cycle the top n% of samples, or rollup values, are discarded. The remaining highest value is the sustained utilization. Based on the number of samples discarded, the billing cycle is divided into three periods:

• Initial Period

• Middle Period

• Last Period

Initial Period

The period when the samples measured is less than the number of discards +1. For example, if discard is 7%, billing month is 30 days long, and sample period is 24 hours, then there are 30 samples at the end of the month. The number of discard samples is two (2% of 30). In this case, days one, two, and three are in the Initial Period. During this period, target the lowest tier for each ISP at the start of their respective billing periods and walk up the tiers until the current total traffic amount is allocated across the links.

Middle Period

The period after the Initial Period until the number of samples yet to be measured or collected is less than the number of discards.

Using the same example as above, the Middle Period would be from day four through day 28. During this period, set the target tier to the sustained utilization tier, which is the tier where (discard +1) the highest sample so far measured falls in.

Last Period

The period after the Middle Period until the end of billing period is the Last Period. During this period, if links were used at the maximum link capacity for the remainder of the billing period and sustained utilization does not change by doing so, then set the target to maximum allowable link utilization. Maximum link utilization is configurable where most likely values would be 75-90%. Otherwise, set the target to sustained utilization tier. During any sample period, if the cumulative usage is more than targeted cumulative usage, then bump up to the next tier for the remainder of sample period. If rollup is enabled, then replace sample values to rollup values and number of sample to number of rollups in above algorithm.

Page 49: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

19Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Cisco IOS OER Policy Configuration: Optimal Exit Link Selection

Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).

Cisco IOS OER Policy Configuration: Load Distribution

Cisco IOS OER supports per-prefix load distribution. The master controller measures transmission throughput on OER managed exit interfaces. When exit link utilization causes an exit link to go into an out-of-policy state, monitored prefixes are moved to bring the exit link in-policy and to equalize transmission utilization across all exit links. Load distribution settings are configured with the max-range-utilization command. The master controller sets the maximum range utilization to 20 percent for all OER managed exit links by default. Utilization can be customized for a single link or all exit links. A range policy can be applied to all monitored prefixes or any subset through oer-map or global policy configuration.

Tip When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.

Cisco IOS OER Policy Configuration: Global Policies

Global policies are applied in Top Talker and Delay learning configuration mode. These policies are used to configure a master controller to learn and optimize prefixes based on the highest throughput or the highest delay. Under the Top Talker and Delay learning configuration mode, you can configure prefix learning based on delay and throughput statistics. You can configure the length of the prefix learning period, the interval between prefix learning periods, the number of prefixes to learn, and prefix learning based on port and protocol.

Cisco IOS OER Policy Configuration: Applying Policies with an OER Map

The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes defined in an IP prefix list or to select learned prefixes policies that pass a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route map, and the OER map with the lowest sequence number is evaluated first. The operation of an oer-map differs from a route map at this point. There are two important distinctions:

• Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence.

Page 50: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

20Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the OER map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the oer-map with the lowest sequence number.

An OER map can match a prefix or prefix range with the match ip address (OER) command. A prefix can be any IP network number combined with a prefix mask that specifies the prefix length. The prefix or prefix range is defined with the ip prefix-list command in Global configuration mode. Any prefix length can be specified. An oer-map can also match OER learned prefixes with the match oer learn command. Matching can be configured for learned prefixes based on delay or based on throughput.

The OER map applies the configuration of the set clause after a successful match occurs. Anther set clause can be used to set policy parameters for the backoff timer, packet delay, holddown timer, packet loss, mode settings, periodic timer, resolve settings, and unreachable hosts.

Policies applied by an OER map take effect after the current policy or operational timer expires. The OER map configuration can be viewed in the output of the show running-config command. OER policy configuration can be viewed in the output of the show oer master policy command. Policies that are applied by an OER map do not override global policies and user-defined policies configured under OER master controller configuration mode and OER Top Talker and Delay configuration mode. These policies are only applied to prefixes that pass OER map match criteria.

Policy-Rules Configuration

The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an oer-map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined oer-maps.

Cisco IOS OER Policy Configuration: Resolving Policies

When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority.

Configuring Resolve with Variance

When configuring resolve settings, you can also set an allowable variance for the defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal.

Note Variance cannot be configured for cost or range policies.

Page 51: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

21Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

VPN IPSec/GRE Tunnel Interface Optimization Cisco IOS OER support for VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over IPSec/GRE tunnel interfaces. The VPN tunnel interface is configured as OER external interfaces on the master controller. Figure 5 shows a an OER managed network that is configured to optimize VPN traffic. Cisco IOS OER is deployed at the Central Office and Remote Offices.

Figure 5 Cisco IOS OER Network Optimized for VPN Routing

This enhancement allows you to configure two-way VPN optimization. A master controller and border router process are enabled on each side of the VPN. Each site maintains a separate master controller database. VPN routes can be dynamically learned through the tunnel interfaces or can be configured. Prefix and exit link policies are configured for VPN prefixes through standard Cisco IOS OER configuration.

Cisco IOS OER Logging and Reporting Cisco IOS OER supports standard syslog functions. The notice level of syslog is enabled by default. System logging is enabled and configured in Cisco IOS software under Global configuration mode. The logging command in OER master controller or OER border router configuration mode is used only to enable or disable system logging under OER. OER system logging supports the following message types:

Error Messages—These messages indicate OER operational failures and communication problems that can impact normal OER operation.

1272

63

OER master

Central officeCentral office

Providers

Remote offices

Frame Relay VPNFrame Relay

Internet

Page 52: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationInformation About Cisco IOS Optimized Edge Routing

22Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Debug Messages—These messages are used to monitor detailed OER operations to diagnose operational or software problems.

Notification Messages—These messages indicate that OER is performing a normal operation.

Warning Messages—These messages indicate that OER is functioning properly but an event outside of OER may be impacting normal OER operation.

To modify system, terminal, destination, and other system global logging parameters, use the logging commands in Global configuration mode. For more information about global system logging configuration, refer to the “Troubleshooting and Fault Management” section of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3.

Cisco IOS OER Deployment Configurations Cisco IOS OER can be deployed in an enterprise network, remote office network, or small office home office (SOHO) network using one of the following three configurations shown in Figure 6:

• Configuration A shows a network with two edge routers configured as border routers. The border router that peers with ISP2 is also configured to run a master controller process. This configuration is suitable for a small network with multiple edge routers that each provide an exit link to a separate external network.

• Configuration B shows two border routers and an master controller, each running on a separate router. This configuration is suitable for small, medium, and large networks. In this configuration, the master controller process is run on a separate Cisco router. This router performs no routing or forwarding functions. Although, routing and forwarding functions are not prohibited.

• Configuration C shows a single router that is configured to run a master controller and border router process. This configuration is suitable for a small network with a single router, such as a remote office or home network.

Figure 6 Cisco IOS OER Deployment Scenarios

In each deployment scenario, a single master controller is deployed. The master controller does not need to be in the traffic forwarding path but must be reachable by the border routers. A master controller process can be enabled on router that is also configured to run a border router process.The master controller can support up to 10 border routers and up to 20 OER managed external interfaces. At least one border router process and two exit interfaces are required in an OER managed network.

MC/BR

ISP1

ISP2

BRs

Config A

ISP1ISP1

ISP2 ISP2

BRs

MC

Config B

1166

61

Config C

MC/BRMC/BR

Page 53: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

23Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Note A Cisco router that is configured to run both a master controller and border router process will use more memory than a router that is configured to run only a border router process. This should be considered when selecting a router for dual operation. See the following document for more information: Cisco Optimized Edge Routing CPU and Memory Performance Tests

How to Configure Cisco IOS Optimized Edge RoutingThis section contains the following procedures:

• Minimum Master Controller Configuration, page 24 (required)

• Minimum Border Router Configuration, page 29 (required)

• Configuring Prefix Learning, page 33 (optional)

• Manually Selecting Prefixes for Monitoring, page 36 (optional)

• Configuring Active Probing, page 38 (optional)

• Configuring the Source Address of an Active Probe, page 41 (optional)

• Configuring Traceroute Reporting, page 42 (optional)

• Configuring Prefix and Exit Link Policies, page 45 (optional)

• Configuring Cost-Based Optimization, page 50 (optional)

• Configuring Resolve Policies, page 52 (optional)

• Configuring Cisco IOS OER Modes of Operation, page 54 (optional)

• Configuring OER Policies with an OER Map, page 56 (optional)

• Configuring Policy Rules for OER Maps, page 63 (optional)

• Configuring iBGP Peering on the Border Routers, page 64 (optional)

• Configuring BGP Redistribution into an IGP on the Border Routers, page 67 (optional)

• Configuring Static Route Redistribution on the Border Routers, page 70 (optional)

• Configuring Static Route Redistribution into EIGRP, page 73 (optional)

• Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels, page 76 (optional)

• Verifying Cisco IOS OER Configuration, page 85 (optional)

• Using Cisco IOS OER Clear Commands, page 88 (optional)

• Using Cisco IOS OER Debug Commands, page 89 (optional)

Specific example configurations for each procedure follow each configuration table. Proceed to the Configuration Examples for Cisco IOS Optimized Edge Routing section to see more complex example deployment configurations.

Page 54: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

24Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Minimum Master Controller Configuration This section describes the minimum required steps to configure a master controller process to manage an OER managed network. In this section, the following tasks are completed:

• Communication is established between the master controller and the border router.

• The communication session is protected by key-chain authentication.

• Border routers are specified for OER control.

• Internal and external border router interfaces are specified.

• Passive monitoring is enabled (by default).

• Prefix learning based on outbound packet throughput is enabled.

• Route control mode monitoring is enabled.

Master Controller

• OER administration is centralized on the master controller, which makes all policy decisions and controls the border routers.

• The master controller is not required to be in the traffic forwarding path but should be deployed near the border routers to minimize communication response time.

• The master controller can support up to 10 border routers and up to 20 OER managed external interfaces.

Disabling a Master Controller Process

To disable a master controller and completely remove the process configuration from the running-config file, use the no oer master command in Global configuration mode.

To temporarily disable a master controller, use the shutdown command in OER master controller configuration mode. Entering the shutdown command stops an active master controller process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.

Manual Port Configuration

Communication between the master controller and border router is automatically carried over port 3949 when connectivity is established. Port 3949 is registered with IANA for OER communication. Support for port 3949 was introduced in Cisco IOS Release 12.3(11)T. Manual port number configuration is only required if you are running Cisco IOS Release 12.3(8)T or if you need to configure OER communication to use a dynamic port number.

Prerequisites

Interfaces Must be Defined

Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.

Page 55: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

25Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Key Chain Authentication

Communication between the master controller and the border router is protected by key-chain authentication. The authentication key must be configured on both the master controller and the border router before communication can be established. The key-chain configuration is defined in Global configuration mode on both the master controller and the border router before key-chain authentication is enabled for master controller to border router communication. For more information about key management in Cisco IOS software, refer to the “Managing Authentication Keys” section of the Cisco IOS IP Configuration Guide, Release 12.3.

Restrictions

Token Ring Interfaces are not Supported

Token Ring interfaces are not supported by OER and cannot be configured as OER managed interfaces. It may be possible to load a Token Ring interface configuration under certain conditions. However, the Token Ring interface will not become active and the border router will not function if the Token Ring interface is the only external interface on the border router.

SUMMARY STEPS

1. enable

2. configure terminal

3. key chain name-of-chain

4. key key-id

5. key-string text

6. exit

7. exit

8. oer master

9. port port-number

10. logging

11. border ip-address [key-chain key-chain-name]

12. interface type number external

13. interface type number internal

14. exit

15. keepalive timer

16. mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

17. learn

18. throughput

19. end

Page 56: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

26Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 key chain name-of-chain

Example:Router(config)# key chain OER

Enables key-chain authentication.

• Key-chain authentication protects the communication session between the master controller and the border router. The key ID and key string must match in order for communication to be established.

Step 4 key key-id

Example:Router(config-keychain)# key 1

Identifies an authentication key on a key chain.

• The key ID must match the key ID configured on the border router.

Step 5 key-string text

Example:Router(config-keychain-key)# key-string CISCO

Specifies the authentication string for the key.

• The authentication string must match the authentication string configured on the border router.

• Any encryption level can be configured.

Step 6 exit

Example:Router(config-keychain-key)# exit

Exits key chain key configuration mode, and enters key chain configuration mode.

Step 7 exit

Example:Router(config-keychain)# exit

Exits key chain configuration mode, and enters Global configuration mode.

Step 8 oer border | master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a router as a master controller.

• A master controller and border router process can be enabled on the same router. For example, in a network that has a single router with two exit links to different service providers.

Step 9 port port-number (Optional) Configures a dynamic port for communication between the master controller and border router.

• Communication cannot be established until the same port number has been configured on both the master controller and the border router.

Page 57: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

27Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example:Router(config-oer-mc)# port 65534

Note Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.

Step 10 logging

Example:Router(config-oer-mc)# logging

Enables syslog event logging for a master controller or border router process.

• The notice level of syslog is enabled by default.

Step 11 border ip-address [key-chain key-chain-name]

Example:Router(config-oer-mc)# border 10.100.1.1 key-chain OER

Enters OER managed border router configuration mode to establish communication with a border router.

• An IP address is configured to identify the border router.

• At least one border router must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller.

• The value for the key-chain-name argument must match the key-chain name configured in Step 3.

Note The key-chain keyword and argument must be entered when a border router is initially configured. However, this keyword is optional when reconfiguring an existing border router.

Step 12 interface type number external

Example:Router(config-oer-mc-br)# interface Ethernet 0/0 external

Configures a border router interface as an OER managed external interface.

• External interfaces are used to forward traffic and for active monitoring.

• A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 external interfaces can be controlled by single master controller.

Tip Configuring an interface as external also enters OER Border Exit configuration mode. In this mode you can configure maximum link utilization or cost-based optimization for the interface.

Note Entering the interface command without the external or internal keyword, places the router in Global configuration mode and not OER Border Exit configuration mode. The no form of this command should be applied carefully so that active interfaces are not removed from the router configuration.

Command or Action Purpose

Page 58: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

28Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 13 interface type number internal

Example:Router(config-oer-mc-br)# interface Ethernet 0/1 internal

Configures a border router interface as an OER controlled internal interface.

• Internal interfaces are used for passive monitoring only. Internal interfaces do not forward traffic.

• At least one internal interface must be configured on each border router.

Step 14 exit

Example:Router(config-oer-mc-br)# exit

Exits OER managed border router configuration mode, and enters OER master controller configuration mode.

Step 15 keepalive timer

Example:Router(config-oer-mc)# keepalive 10

(Optional) Configures the length of time that an OER master controller will maintain connectivity with an OER border router after no keepalive packets have been received.

• The example sets the keep alive timer to 10 seconds.

Step 16 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

Example:Router(config-oer-mc)# mode route control

Configures route monitoring or route control on an OER master controller. The route keyword is used to enable control mode or observe mode.

• In control mode, the master controller analyzes monitored prefixes and implements changes based on policy parameters.

• In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes.

Step 17 learn

Example:Router(config-oer-mc)# learn

Enters OER Top Talker and Top Delay learning configuration mode to enable prefix learning.

• Prefixes can be learned based on highest outbound throughput or lowest delay.

Step 18 throughput

Example:Router(config-oer-mc-learn)# throughput

Configures OER to learn the top prefixes based on the highest outbound throughput.

• The master controller uses the list of Top Talker prefixes to select the exit with the highest throughput when the periodic timer expires or immediately if a prefix becomes unreachable.

Step 19 end

Example:Router(config-oer-mc-learn)# end

Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 59: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

29Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following configuration example, starting in Global configuration mode, shows the minimum configuration required to configure a master controller process to control an OER managed network:

A key-chain configuration named OER is defined in Global configuration mode.

Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit

The master controller is configured to communicate with the 10.100.1.1 and 10.200.2.2 border routers. The keep alive interval is set to 10 seconds. Route control mode is enabled. Internal and external OER controlled border router interfaces are defined.

Router(config)# oer master Router(config-oer-mc)# keepalive 10 Router(config-oer-mc)# mode route control Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc-br)# exitRouter(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br)# interface Ethernet 0/1 internal Router(config-oer-mc)# exit

Automatic prefix learning based on highest outbound throughput is enabled.

Router(config-oer-mc)# learn Router(config-oer-mc-learn)# throughput Router(config-oer-mc-learn)# end

What to Do Next

Border routers must be configured to complete the minimum configuration of the OER managed network. Proceed to the next section to see instructions for configuring the border routers.

Minimum Border Router Configuration This section describes the minimum required steps to configure a border router process. In this section, the following tasks are completed:

• Communication is established between the border router and master controller.

• The communication session is protected by key-chain authentication.

• A local interface is configured as the source for communication with the master controller.

• External interfaces are configured as OER managed exit links.

Border Router

• The border router is an enterprise edge router with one or more exit links to an ISP or other participating network.

Page 60: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

30Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• The border router is deployed on the edge of the network, so the border router must be in the forwarding path.

• A border router process can be enabled on the same router as a master controller process.

Interface Configuration

• Each border router must have at least one external interface that is used to connect to an ISP or is used as an external WAN link. A minimum of two are required in an OER managed network.

• Each border router must have at least one internal interface. Internal interfaces are used for only passive performance monitoring with NetFlow. Internal interfaces are not used to forward traffic.

• Each border router must have at least one local interface. Local interfaces are used for only master controller and border router communication. A single interface must be configured as a local interface on each border router.

Tip If a master controller and border router process is enabled on the same router, a loopback interface should be configured as the local interface.

Disabling a Border Router Process

To disable a border router and completely remove the process configuration from the running-config file, use the no oer border command in Global configuration mode.

To temporarily disable a border router process, use the shutdown command in OER border router configuration mode. Entering the shutdown command stops an active border router process but does not remove any configuration parameters. The shutdown command is displayed in the running-config file when enabled.

Prerequisites

Interfaces Must be Defined

Interfaces must be defined and reachable by the master controller and the border router before an OER managed network can be configured.

Restrictions

Internet Exchange Point over Broadcast Media

Internet exchange points where a border router can communicate with several service providers over the same broadcast media are not supported.

Border Exits Cannot use the Same Next Hop

When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.

Page 61: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

31Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

SUMMARY STEPS

1. enable

2. configure terminal

3. key chain name-of-chain

4. key key-id

5. key-string text

6. exit

7. exit

8. oer border

9. port port-number

10. local type number

11. master ip-address key-chain key-chain-name

12. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 key chain name-of-chain

Example:Router(config)# key chain OER

Enables key-chain authentication.

• Key-chain authentication protects the communication session between the both the master controller and the border router. The key ID and key string must match in order for communication to be established.

Step 4 key key-id

Example:Router(config-keychain)# key 1

Identifies an authentication key on a key chain.

• The key ID must match the key ID configured on the master controller.

Step 5 key-string text

Example:Router(config-keychain-key)# key-string CISCO

Specifies the authentication string for the key.

• The authentication string must match the authentication string configured on the master controller.

• Any level of encryption can be configured.

Step 6 exit

Example:Router(config-keychain-key)# exit

Exits key chain key configuration mode, and enters key chain configuration mode.

Page 62: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

32Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following configuration example, starting in Global configuration mode, shows the minimum required configuration to enable a border router:

The key-chain configuration is defined in Global configuration mode.

Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit

Step 7 exit

Example:Router(config-keychain)# exit

Exits key chain configuration mode, and enters Global configuration mode.

Step 8 oer border | master

Example:Router(config)# oer border

Enters OER border router configuration mode to configure a router as a border router.

• The border router must be in the forwarding path and contain at least one external and internal interface.

Step 9 port port-number

Example:Router(config-oer-br)# port 65535

(Optional) Configures a dynamic port for communication between an OER master controller and border router.

• Communication cannot be established until the same port number has been configured on both the border router and the master controller.

Note Manual port number configuration is required to establish OER communication only when running Cisco IOS Release 12.3(8)T.

Step 10 local type number

Example:Router(config-oer-br)# local Ethernet 0/1

Identifies a local interface on an OER border router as the source for communication with an OER master controller.

• A local interface must be defined.

Tip A loopback should be configured when a single router is configured to run both a master controller and border router process.

Step 11 master ip-address key-chain key-chain-name

Example:Router(config-oer-br)# master 192.168.1.1 key-chain OER

Enters OER managed border router configuration mode to establish communication with a master controller.

• An IP address is used to identify the master controller.

• The value for the key-chain-name argument must match the key-chain name configured in Step 3.

Step 12 end

Example:Router(config-oer-br)# end

Exits OER Top Talker and Top Delay learning configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 63: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

33Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

The key-chain OER is applied to protect communication. An interface is identified to the master controller as the local source interface for OER communication.

Router(config)# oer border Router(config-oer-br)# local Ethernet 0/1 Router(config-oer-br)# master 192.168.1.1 key-chain OER Router(config-oer-br)# end

What to Do Next

Prefix learning based on the highest outbound throughput was enabled in the “Minimum Master Controller Configuration” section. Proceed to the next section to see more information about configuring and customizing prefix learning on the master controller.

Configuring Prefix Learning This section describes the commands that are used to configure prefix learning on a master controller in OER Top Talker and Top Delay configuration mode. The learn command is entered in OER master controller configuration mode and is required to enter OER Top Talker and Top Delay configuration mode. All commands described in this section are optional.

The tasks described in this section allow you to configure the following:

• Prefix learning based on highest outbound throughput or lowest delay time

• Port and protocol based prefix learning

• Prefix learning period timers and intervals

• Maximum number of prefixes that can be learned

Defaults

The following defaults are applied when a prefix learning is enabled:

• Aggregation is performed based on a /24 prefix length

• Up to five host addresses are learned for active monitoring when a prefix is aggregated

• The top 100 traffic flows are learned

• The learning period is five minutes

• The interval between prefix learning periods is 120 minutes

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. learn

5. aggregation-type bgp | non-bgp | prefix-length prefix-mask

6. delay

7. monitor-period minutes

8. periodic-interval minutes

Page 64: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

34Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

9. prefixes number

10. protocol number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]

11. throughput

12. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a Cisco router as a master controller and to configure master controller policy and timer settings.

Step 4 learn

Example:Router(config-oer-mc)# learn

Enters OER Top Talker and Top Delay learning configuration mode to configure prefix learning policies and timers.

Step 5 aggregation-type bgp | non-bgp | prefix-length prefix-mask

Example:Router(config-oer-mc-learn)# aggregation-type bgp

(Optional) Configures a master controller to aggregate learned prefixes based on traffic flow type.

• The bgp keyword configures prefix aggregation based on entries in the BGP routing table. This keyword is used if iBGP peering is enabled in the internal network.

• The non-bgp keyword configures learned prefix aggregation based on static routes. Entries in the BGP routing table are ignored when this keyword is entered.

• The prefix-length keyword configures aggregation based on the specified prefix length. The range of values that can be configured for this argument is a prefix mask from 1 to 32.

• The example configures BGP prefix aggregation.

Step 6 delay (Optional) Enables prefix learning based on the lowest delay time (round-trip response time).

• When this command is enabled, the master controller learn prefixes based on the lowest delay time. The master controller measures the delay for monitored prefixes when this command is enabled.

Page 65: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

35Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example:Router(config-oer-mc-learn)# delay

• The master controller uses the list of Top Delay prefixes to select the prefixes with the lowest delay time.

• The example configures a master controller to learn top prefixes based on the lowest delay.

Step 7 monitor-period minutes

Example:Router(config-oer-mc-learn)# monitor-period 10

Sets the time period that an OER master controller learns traffic flows.

• The length of time between monitoring periods is configured with the periodic-interval command.

• The number of prefixes that are learned is configured with the prefixes command.

• The example sets the length of each monitoring period to 10 minutes.

Step 8 periodic-interval minutes

Example:Router(config-oer-mc-learn)# periodic-interval 20

Sets the time interval between prefix learning periods.

• The length of time of the learning period is configured with the monitor-period command.

• The number of prefixes that are learned is configured with the prefixes command.

• The example sets the time interval between monitoring periods to 20 minutes.

Step 9 prefixes number

Example:Router(config-oer-mc-learn)# prefixes 200

Sets the number of prefixes that the master controller will learn during the monitoring period.

• The length of time of the learning period is configured with the monitor-period command.

• The length of time between monitoring periods is configured with the periodic-interval command.

• The example configures a master controller to learn 200 prefixes during each monitoring period.

Step 10 protocol protocol-number | tcp | udp [port port-number | gt port-number | lt port-number | range lower-number upper-number] [dst | src]

Configures the master controller to learn prefixes based on a protocol number, TCP or UDP port number, or a range of port numbers.

• Filtering based on a specific protocol is configured with the protocol-number argument.

• TCP or UDP based filtering is enabled by configuring the tcp or udp argument.

• Port based filtering is enabled by configuring the port keyword. Port number ranges can be filtered based on greater-than or equal-to and less-than or equal-to filtering, or can be filtered by specifying a starting and ending port numbers with the range keyword.

• Prefix destination or source based filtering is enabled by configuring the dst or src keywords.

Command or Action Purpose

Page 66: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

36Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

What to Do Next

This section shows how to configure a master controller to automatically learn prefixes to monitor. Prefixes can also be manually selected for monitoring. Proceed to the next section to see information about manually importing prefixes.

Manually Selecting Prefixes for Monitoring This section describes how to manually select prefixes for monitoring. An IP prefix list is created to define the prefix or prefix range. The prefix list is then imported into the central policy database by configuring a match clause in an OER map. The following IP prefix list configuration options are supported:

• An exact prefix (/32)

• A specific prefix length and any subset (for example, a /24 under a /16)

• A specific prefix and all more specific routes (le 32)

• All prefixes (0.0.0.0/0)

Manually Excluding Prefixes

An IP prefix list with a deny statement is used to configure the master controller to exclude a prefix or prefix length. Deny prefix list sequences should be applied in the lowest oer-map sequences for best performance.

Example:Router(config-oer-mc-learn)# protocol 88

• The example configures a master controller to learn EIGRP prefixes during each monitoring period.

Step 11 throughput

Example:Router(config-oer-mc-learn)# throughput

Configures the master controller to learn the top prefixes based on the highest outbound throughput.

• When this command is enabled, the master controller will learn the top prefixes across all border routers according to the highest outbound throughput.

• The example configures a master controller to learn the top prefixes based on highest outbound throughput.

Step 12 exit

Example:Router(config-oer-mc)# exit

Exits OER Top Talker and Top Delay learning and configuration mode, and enters global configuration mode.

Command or Action Purpose

Page 67: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

37Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

OER Map Operation

The operation of an OER map is similar to the operation of a route-map. An OER map is configured to select an IP prefix list or OER learn policy using a match clause and then to apply OER policy configurations using a set clause. The OER map is configured with a sequence number like a route-map, and the OER map with the lowest sequence number is evaluated first.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value]

4. oer-map map-name sequence-number

5. match ip address prefix-list name

6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [le le-value]

Example:Router(config)# ip prefix-list PREFIXES seq 20 permit 192.168.1.0/24

Creates a prefix list to manually select prefixes for monitoring.

• A master controller can monitor and control an exact prefix of any length including the default route. The master controller acts only on the configured prefix.

• A master controller can monitor and control an inclusive prefix using the le 32 option. The master controller acts on the configured prefix and forces any more specific prefixes in the RIB to use the same exit.

Note This option should not be needed in typical deployments, and should be applied carefully.

• The example creates an IP prefix list for OER to monitor and control the exact prefix, 192.168.1.0/24

Step 4 oer-map map-name sequence-number Enters oer-map configuration mode to create or configure an OER map.

• OER map operation is similar to that of route-maps.

• Only a single match clause can be configured for each oer-map sequence.

Page 68: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

38Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example creates an oer-map named PREFIXES that matches traffic defined in the IP prefix lists named EXCLUDE and IMPORT. The prefix-list named EXCLUDE defines a deny sequence for all prefixes or host routes in the 192.168.0.0/16 subnet. The master controller will exclude these prefixes from the master controller database. The prefix-list named IMPORT defines a permit sequence to manually import the exact prefix 10.4.9.0/24.

Router(config)# ip prefix-list seq 10 EXCLUDE deny 192.168.0.0/16 le 32 Router(config)# ip prefix-list seq 10 IMPORT permit 10.4.9.0/24 Router(config)# !Router(config)# oer-map PREFIXES 10 Router(config-oer-map)# match ip address prefix-list EXCLUDE Router(config-oer-map)# exit Router(config)# oer-map PREFIXES 20 Router(config-oer-map)# match ip address prefix-list IMPORT Router(config-oer-map)# end

Tip Notice that the deny prefix list is configured with the lowest oer-map sequence number. For best performance, all deny sequences should be configured in same prefix list and applied to the lowest oer-map sequence.

What to Do Next

Proceed to the next section to see information about configuring active probing.

Configuring Active Probing This section describes how to enable active monitoring and how to configure active probing. Active monitoring is enabled with the mode command, and active probing is configured with the active-probe command in OER master controller mode. Active probes are configured with a specific host or target address. Active probes are sourced on the border router. The active probe source external interface may or may not be the preferred route for an optimized prefix.

Example:Router(config)# oer-map IMPORT 10

• Common and deny sequences should be applied to lowest oer-map sequence for best performance.

• The example creates an oer-map named IMPORT.

Step 5 match ip address prefix-list name

Example:Router(config-oer-map)# match ip address prefix-list PREFIXES

Creates a prefix list match clause entry in an oer-map to apply OER policies.

• This command supports IP prefix lists only.

• The example configures the prefix list PREFIXES.

Step 6 end

Example:Router(config-oer-map)# end

Exits oer-map configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 69: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

39Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Active Probing over eBGP Peerings

For eBGP peering sessions, the IP address of the eBGP peer must be reachable from the border router via a connected route in order for active probes to be generated.

ICMP Echo Probes

Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.

Defaults

The following defaults are applied when a active monitoring is enabled:

• The border router collects up to five host addresses from the prefix for active probing when a prefix is learned or aggregated.

• Active probes are sent once per minute.

• ICMP probes are used to actively monitor learned prefixes.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. mode {monitor {active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

5. active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}

6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.

Page 70: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

40Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Note Configuring an ICMP echo probe does not require knowledgeable cooperation from the target device. However, repeated probing could trigger an Intrusion Detection System (IDS) alarm in the target network. If an IDS is configured in a target network that is not under your administrative control, we recommend that you notify the target network administration entity.

Examples

ICMP Echo Example

The following example configures an active probe using an ICMP echo (ping) message. The 10.4.9.1 address is the target. No explicit configuration is required on the target device.

Router(config-oer-mc)# active-probe echo 10.4.9.1

TCP Connection Example

The following example configures an active probe using a TCP connection message. The 10.4.9.2 address is the target. The target port number must be specified when configuring this type of probe.

Router(config-oer-mc)# active-probe tcp-conn 10.4.9.2 target-port 23

Step 4 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

Example:Router(config-oer-mc)# mode monitor both

Configures route monitoring or route control on an OER master controller.

• The monitor keyword is used to configure active and/or passive monitoring.

• The example enables both active and passive monitoring.

Step 5 active-probe {echo ip-address | tcp-conn ip-address target-port number | udp-echo ip-address target-port number}

Example:Router(config-oer-mc)# active-probe echo 10.5.5.55

Configures an active probe for a target prefix.

• Active probing measures delay and jitter of the target prefix more accurately than is possible with only passive monitoring.

• Active Probing requires you to configure a specific host or target address.

• Active probes are sourced from an OER managed external interfaces. This external interface may or may not be the preferred route for an optimized prefix.

• A remote responder with the corresponding port number must be configured on the target device when configuring an UDP echo probe or when configuring a TCP connection probe that is configured with a port number other than 23. The remote responder is configured with the ip sla monitor responder Global configuration command.

Step 6 end

Example:Router(config)# end

Exits OER master controller configuration mode, and enters Privileged EXEC mode.

Command or Action Purpose

Page 71: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

41Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

UDP Echo Example

The following example configures an active probe using UDP echo messages. The 10.4.9.3 address is the target. The target port number must be specified when configuring this type of probe, and a remote responder must also be enabled on the target device.

Router(config-oer-mc)# active-probe udp-echo 10.4.9.3 target-port 1001

UDP Remote Responder Example

The following example configures an RTR responder on a border router to send IP SLAs control packets in response to UDP active probes. The port number must match the number that is configured for the active probe.

Border-Router(config)# ip sla monitor responder type udpEcho port 1001

TCP Remote Responder Example

The following example configures an RTR responder on a border router to send IP SLAs control packets in response to TCP active probes. The remote responder must be configured for TCP active probes that do not use the TCP well-known port number 23.

Border-Router(config)# ip sla monitor responder type tcpConnect port 49152

Note A remote responder is required for TCP connection probes only when a port other than 23 is configured.

What to Do Next

If you need to configure a specific interface as the source for active monitoring, proceed to the next section for more information.

Configuring the Source Address of an Active Probe The section describes how to specify the source interface for active probing. The active probe source interface is configured on the border router with the active-probe address source in OER border router configuration mode. The active probe source interface IP address must be unique to ensure that the probe reply is routed back to the specified source interface.

Defaults

• The source IP address is used from the default OER external interface that transmits the active probe when this command is not enabled or if the no form is entered.

• If the interface is not configured with an IP address, the active probe will not be generated.

• If the IP address is changed after the interface has been configured as an active probe source, active probing is stopped, and then restarted with the new IP address.

• If the IP address is removed after the interface has been configured as an active probe source, active probing is stopped and not restarted until a valid primary IP address is configured.

SUMMARY STEPS

1. enable

2. configure terminal

Page 72: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

42Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

3. oer border

4. active-probe address source interface type number

5. end

DETAILED STEPS

Example

The following example, starting in Global configuration mode, configures FastEthernet 0/0 as the active-probe source interface.

Router(config)# oer border Router(config-oer-br)# active-probe address source interface FastEthernet 0/0 Router(config-oer-br)# end

What to Do Next

Traceroute reporting can be enable to gather hop-by-hop delay, loss, reachability statistics. Proceed to the next section for more information.

Configuring Traceroute Reporting This section describes how to configure trace route reporting. Traceroute reporting is configured on a master controller. Traceroute probes are sourced from the current border router exit.

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer border

Example:Router(config)# oer border

Enters OER border router configuration mode to configure a router as a border router.

Step 4 active-probe address source interface type number

Example:Router(config-oer-br)# active-probe address source interface FastEthernet 0/0

Configures an interface on a border router as the active-probe source.

• The example configures interface FastEthernet 0/0 as the source interface.

Step 5 end

Example:Router(config-oer-br)# end

Exits OER border router configuration mode, and enters Privileged EXEC mode.

Page 73: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

43Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Continuous and policy based traceroute reporting is configured with the set traceroute reporting oer-map configuration mode command. The time interval between traceroute probes is configured with the traceroute probe-delay command in OER master controller configuration mode. On-demand traceroute probes are triggered by entering the show oer master prefix command with the traceroute and now keywords.

Defaults

When traceroute reporting is enabled, the default time interval between traceroute probes is 1000 milliseconds.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. traceroute probe-delay milliseconds

5. exit

6. oer-map map-name sequence-number

7. match oer learn delay | throughput

8. set traceroute reporting [policy {delay | loss | unreachable}]

9. end

10. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.

Step 4 traceroute probe-delay milliseconds

Example:Router(config-oer-mc)# traceroute probe-delay 1000

Sets the time interval between traceroute probe cycles.

• The example sets the probe interval to a 10000 milliseconds.

Page 74: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

44Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 5 exit

Example:

Exits OER master controller configuration mode, and enters Global configuration mode.

Step 6 oer-map map-name sequence-number

Example:Router(config)# oer-map TRACE 10

Enters oer-map configuration mode to configure an oer-map to apply policies to selected IP prefixes.

• Only one match clause can be configured for each oer-map sequence.

• The example creates and OER map named TRACEROUTE.

Step 7 match oer learn delay | throughput

Example:Router(config-oer-map)# match oer learn delay

Creates a match clause entry in an oer-map to match learned prefixes.

• Can be configured to learn prefixes based on lowest delay or highest outbound throughput.

• Only a single match clause can be configured for each oer-map sequence.

• The example creates a match clause entry that matches traffic learned based on lowest delay.

Step 8 set traceroute reporting [policy {delay | loss | unreachable}]

Example:Router(config-oer-map)# set traceroute reporting

Configures an OER map to enable traceroute reporting.

• Monitored prefixes must be included in an OER map. These can be learned or manually selected prefixes.

• Entering this command with no keywords enables continuous monitoring.

• Entering this command the policy keyword enables policy-based trace route reporting.

Step 9 end

Example:Router(config-oer-map)# end

Exits OER master controller configuration mode, and enters Privileged EXEC mode.

Step 10 show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]

Displays the status of monitored prefixes.

• An on-demand traceroute probe is initiated by entering the current and now keywords.

• The current keyword displays the results of the most recent traceroute probe for the current exit.

• Traceroute probe results can be displayed for the specified border router exit by entering the exit-id or border-address keyword.

Example:Router# show oer master prefix 10.5.5.5 traceroute now

• The example initiates an on-demand traceroute probe for the 10.5.5.55 prefix.

Command or Action Purpose

Page 75: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

45Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example

The following example, starting in Global configuration mode, configures continuous traceroute reporting for prefix learned based on delay:

Router(config)# oer master Router(config-oer-mc)# traceroute probe-delay 10000 Router(config-oer-mc)# exit Router(config)# oer-map TRACE 10 Router(config-oer-map)# match oer learn delay Router(config-oer-map)# set traceroute reporting Router(config-oer-map)# end

The following example, starting in Privileged EXEC mode, initiates an on-demand traceroute probe for the 10.5.5.5 prefix:

Router# show oer master prefix 10.5.5.55 traceroute current now

Path for Prefix: 10.5.5.0/24 Target: 10.5.5.5 Exit ID: 2, Border: 10.1.1.3 External Interface: Et1/0 Status: DONE, How Recent: 00:00:08 minutes oldHop Host Time(ms) BGP 1 10.1.4.2 8 0 2 10.1.3.2 8 300 3 10.5.5.5 20 50

What to Do Next

In the “Minimum Master Controller Configuration” section prefix learning based on highest outbound throughput is configured and only default prefix and exit link policies are enabled, using global settings. Proceed to the next section to configure and customize global prefix and exit link policies.

Configuring Prefix and Exit Link Policies This section describes commands that are used to configure global prefix and exit link policies in OER master controller configuration mode. The oer master command is required to enter OER master controller configuration mode. All other command listed in this section are optional.

Prefix Policies

A prefix policy is a set of rules that govern the performance characteristics for a network address. The network address can be a single end point within a network or an entire subnet. A prefix is defined as any network number with a prefix mask applied to it. The performance characteristics that are managed by a prefix policy are reachability, delay, and packet loss.

Note Prefix policies will always override exit link policies.

Page 76: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

46Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Exit Link Policies

An exit link policy is a set of rules that govern the performance of an OER managed exit link. Prefixes are moved to another exit link to bring an exit link in-policy. The performance characteristics that are managed by a link policy are traffic load distribution, link utilization (range), and link bandwidth monetary cost. An exit link policy can define total outbound throughput or total link utilization.Exit link utilization policies can be defined for a single exit link or all OER managed exit links.

Tip When enabling Cisco IOS OER for load distribution, we recommend that you set the interface load calculation on OER managed external interfaces to 30 second intervals with the load-interval interface configuration command (The default calculation interval is 300 seconds). The load calculation is configured under interface configuration mode on the border router. This configuration is not required. It is recommended to allow Cisco IOS OER to respond as quickly as possible to load distribution issues.

Adjusting Cisco IOS OER Timers

Configuring a new timer value will immediately replaces the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.

Note Over aggressive settings can keep an exit link or prefix in an out-of-policy state.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. backoff min-timer max-timer [step-timer]

5. delay relative percentage | threshold maximum

6. holddown timer

7. loss relative average | threshold maximum

8. max-range-utilization percent maximum

9. periodic timer

10. unreachable relative average | threshold maximum

Page 77: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

47Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure global prefix and exit link policies.

Step 4 backoff min-timer max-timer [step-timer]

Example:Router(config-oer-mc)# backoff 400 4000 400

Sets the backoff timer to adjust the time period for prefix policy decisions.

• The min-timer argument is used to set the minimum transition period in seconds.

• The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes.

• The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached.

Step 5 delay relative percentage | threshold maximum

Example:Router(config-oer-mc)# delay relative 800

Sets the delay threshold as a relative percentage or as an absolute value.

• The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements.

• The threshold keyword is used to configure the absolute maximum delay period in milliseconds.

• If the configured delay threshold is exceeded, then the prefix is out-of-policy.

• The example sets a delay threshold of 80 percent based on a relative average.

Step 6 holddown timer Configures the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.

• OER does not implement policy changes while a prefix is in the holddown state.

• When the holddown timer expires, OER will select the best exit based on performance and policy configuration.

Page 78: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

48Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example:Router(config-oer-mc)# holddown 600

• An an immediate route change will be triggered if the current exit for a prefix becomes unreachable.

• The example sets the prefix route dampening timer to 600 seconds.

Step 7 loss relative average | threshold maximum

Example:Router(config-oer-mc)# loss relative 200

Sets the relative or maximum packet loss limit that OER will permit for an exit link.

• The relative keyword sets a relative percentage of packet loss based on a comparison of short-term and long-term packet loss percentages.

• The threshold keyword sets the absolute packet loss based on packets per million.

• The example configures the master controller to search for a new exit link when the relative percentage of packet loss is equal to or greater than 20 percent.

Step 8 max-range-utilization percent maximum

Example:Router(config-oer-mc)# max-range-utilization 80

Sets the maximum utilization range for all OER managed exit links for load distribution.

• OER will equalizes traffic across all exit links by moving prefixes from over utilized or out-of-policy exits to in-policy exits.

• If exit link utilization is equal to or greater than the configured or default maximum utilization value, OER will select an optimal exit link to bring the affected prefixes back into policy.

• The example sets the maximum utilization range for OER managed exit links to 80 percent:

Step 9 periodic timer

Example:Router(config-oer-mc)# periodic 300

Configures OER to periodically select the best exit link when the periodic timer expires.

• When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links.

• The mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires.

• The example sets the periodic timer to 300 seconds. When the timer expires OER will select either the best exit or the first in-policy exit.

Step 10 unreachable relative average | threshold maximum

Sets the maximum number of unreachable hosts.

• Specifies the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million (fpm). If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, OER determines that the exit link is out-of-policy and searches for an alternate exit link.

Command or Action Purpose

Page 79: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

49Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

Loss Policy Example

The following example configures the master controller to move prefixes to an in-policy exit link when the relative percentage of packet loss is equal to or greater than 20 percent:

Router(config-oer-mc)# loss relative 200

Delay Policy Example

The following example sets the absolute delay threshold to 100 milliseconds:

Router(config-oer-mc)# delay threshold 100

Prefix Timer Policy Example

The following example adjusts the period of time that the master controller holds prefixes during transition states and the period time that the prefix must use an exit before a new exit can be selected. The backoff command sets the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds. The holddown command sets the prefix route dampening timer to 10 minutes.

Router(config-oer-mc)# backoff 400 4000 400Router(config-oer-mc)# holddown 600

Exit Link Selection Example

The following example configures the master controller to evaluate OER managed exit links every 5 minutes and then move out-of-policy prefixes to the first in-policy exit.

Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good

Load Distribution Example

The following examples configures the master controller to set the maximum utilization range for OER managed exit links to 40 percent:

Router(config-oer-mc)# max-range-utilization 40

What to Do Next

To configure exit link policies based on the monetary cost of the exit links in your network, proceed to the next section for more information.

Example:Router(config-oer-mc)# unreachable relative 100

• The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements.

• The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm.

• The example configures OER to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent.

Command or Action Purpose

Page 80: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

50Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Configuring Cost-Based Optimization This section describes how to configure cost-based optimization. Cost-based optimization is configured on a master controller with the cost-minimization command in OER border exit interface configuration mode (under the external interface configuration). Cost-based optimization supports tiered and fixed billing methods.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. border ip-address [key-chain key-chain-name]

5. interface type number external

6. cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]}

7. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure global prefix and exit link policies.

Step 4 border ip-address [key-chain key-chain-name]

Example:Router(config-oer-mc)# border 10.100.1.1 key-chain OER

Enters OER managed border router configuration mode to establish communication with a border router.

Note The key-chain keyword is required only for initial border router configuration.

Step 5 interface type number external

Example:Router(config-oer-mc-br)# interface Ethernet 0/0 external

Enters OER Border Exit configuration mode to configure a border router interface as an external interface.

• At least one external interface must be configured on each border router.

Page 81: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

51Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 6 cost-minimization {calc {combined | separate | sum} | discard [daily] {absolute number | percent percentage} | end day-of-month day [offset hh:mm] | fixed fee [cost] | nickname name | sampling period minutes [rollup minutes] | summer-time {start end} [offset] | tier percentage fee]

Example:Router(config-oer-mc-br-if)# cost-minimization calc combined

Example:Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180

Example:Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800

Configures cost-based optimization policies on a master controller.

• Cost-based optimization supports fixed or tier based billing, inbound and outbound cost measurements, and very granular sampling.

• The calc keyword is used to configure how the fee is calculated. You can configure the master controller to combine ingress and egress samples, to first add and then combine, or to analyze ingress and egress samples separately.

• The discard keyword is used to configure the number of samples that are removed for bursty link usage. It is specified as a percentage or as an absolute value. If a sampling rollup is configured, the discard values also applies to the rollup. If the daily keyword is entered, samples are analyzed and discarded on a daily basis. At the end of the billing cycle, monthly sustained usage is calculated by averaging daily sustained utilization.

• The end keyword is used to configure the last day of the billing cycle. Entering the offset keyword allows you to adjust the end of the cycle to compensate for an service provider in a different zone.

• The fixed keyword is configured when the service provider bills for network access over the specified exit link at a flat rate. The fee keyword is optionally used to specify the exit link cost.

• The nickname keyword is used to apply label that identifies the service provider.

• The sampling keyword is used to configure the time intervals at which link utilization samples are gathered. By default, the link is sampled every five minutes. The rollup keyword is used to reduce the number of samples by aggregating them. All samples collected during the rollup period are averaged to calculate rollup utilization.

Note The minimum number that can be entered for the rollup period must be equal to or greater than the number that is entered for the sampling period.

• The first example configures fee calculation based on combined ingress and egress samples.

• The second example sets 30 as the billing end date, and applies a three hour offset.

• The third example configures a tiered fee of 1000 at 100 percent utilization, a tiered fee of 900 at 90 percent utilization, and a tiered fee of 800 at 80 percent utilization.

Command or Action Purpose

Page 82: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

52Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in Global configuration mode, configures cost-based optimization on a master controller. Cost optimization configuration is applied under the external interface configuration. A policy for a tiered billing cycle is configured. Calculation is configured separately for egress and ingress samples. The time interval between sampling is set to 10 minutes. These samples are configured to be rolled up every 60 minutes.

Router(config)# oer masterRouter(config-oer-mc)# border 10.5.5.55 key-chain keyRouter(config-oer-mc-br)# interface Ethernet 0/0 external Router(config-oer-mc-br-if)# cost-minimization nickname ISP1 Router(config-oer-mc-br-if)# cost-minimization end day-of-month 30 180 Router(config-oer-mc-br-if)# cost-minimization calc separate Router(config-oer-mc-br-if)# cost-minimization sampling 10 rollup 60 Router(config-oer-mc-br-if)# cost-minimization tier 100 fee 1000 Router(config-oer-mc-br-if)# cost-minimization tier 90 fee 900 Router(config-oer-mc-br-if)# cost-minimization tier 80 fee 800 Router(config-oer-mc-br-if)# exit

What to Do Next

To set the priority for multiple overlapping policies, proceed to the next section.

Configuring Resolve Policies When configuring multiple policy parameters for a monitored prefix or set of prefixes, it is possible to have multiple overlapping policies. The resolve function is a flexible mechanism that allows you to set the priority for cost, delay, loss, utilization, and range policies. Each policy is assigned a unique value. The policy with the highest priority is selected to determine the policy decision. By default, delay has the highest priority and utilization has the second highest priority. Assigning a priority value to any policy will override the default settings.

Setting Variance for Resolve Policies

When setting resolve settings, you can also set an allowable variance for a user-defined policy. Variance configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent. For example, if exit link delay is set to 80 percent and a 10 percent variance is configured, exit links that have delay values from 80 to 89 percent will be considered equal. Variance cannot be configured for cost or range policies.

SUMMARY STEPS

1. enable

2. configure terminal

Step 7 end

Example:Router(config-oer-mc-br-if)# end

Exits OER border exit configuration mode, and enters Privileged EXEC mode.

Command or Action Purpose

Page 83: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

53Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

3. oer master

4. resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}

5. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure global prefix and exit link policies.

Step 4 resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}

Example:Router(config-oer-mc)# resolve cost priority 1 Router(config-oer-mc)# resolve loss priority 2 variance 10Router(config-oer-mc)# resolve delay priority 3 variance 20

Sets policy priority or resolves policy conflicts.

• This command is used to set priority when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.

• The priority keyword is used to specify the priority value. Setting the number 1 assigns the highest priority to a policy. Setting the number 10 assigns the lowest priority.

• Each policy must be assigned a different priority number.

• The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent.

• The example sets the priority for cost policies to 1, the priority for loss policies to 2 with a 10 percent variance, the priority for delay policies to 3 with a 20 percent variance.

Note Variance cannot be configured for range or cost policies

Page 84: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

54Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

Resolve with Variance Policy Example.

The following example configures a resolve policy that sets delay to the highest priority, followed by loss, and then utilization. The delay policy is configured to allow a 20 percent variance., the loss policy is configured to allow a 30 percent variance, and the utilization policy is configured to allow a 10 percent variance.

Router(config-oer-mc)# resolve delay priority 1 variance 20 Router(config-oer-mc)# resolve loss priority 2 variance 30 Router(config-oer-mc)# resolve utilization priority 3 variance 10

What to Do Next

Observe mode monitoring was enabled in the “Minimum Master Controller Configuration” section. Proceed to the next section to see information about configuring and customizing the Cisco IOS OER mode of operation.

Configuring Cisco IOS OER Modes of Operation This section describes commands that are used to configure the mode of operation in OER master controller configuration mode. The master controller can be configured to operate in observe mode or control mode. A Cisco IOS OER managed network can be configured to use active and passive monitoring or both active and passive monitoring. The oer master command is required to enter OER master controller configuration mode.

Observe Mode

Observe mode monitoring is enabled by default. In observe mode, the master controller monitors prefixes and exit links based on default and user-defined policies and then reports the status of the network and the decisions that should be made but does not implement any changes. This mode allows you to verify the effectiveness of this feature before it is actively deployed.

Control Mode

In control mode, the master controller coordinates information from the border routers and makes policy decisions just as it does in observe mode. The master controller monitors prefixes and exits based on default and user-defined policies but then implements changes to optimize prefixes and to select the best exit. In this mode, the master controller gathers performance statistics from the border routers and then transmits commands to the border routers to alter routing as necessary in the OER managed network.

Note Route redistribution is required when control mode is enabled on the master controller.

Step 5 end

Example:Router(config-oer-mc)# end

Exits OER master controller configuration mode, and enters Privileged EXEC mode.

Command or Action Purpose

Page 85: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

55Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Optimal Exit Link Selection

Cisco IOS OER can be configured to periodically select the Optimal Exit Link (OEL) from the available ISP connections based on exit link performance. The master controller will move traffic from over-utilized exit links to under-utilized exit links. Optimal Exit Link Selection (OELS) uses policy configuration to manage prefix and exit link performance. Policy configuration can be customized to your requirements. For example, a policy can be created to ensure that priority traffic is always routed to the target network through the exit link with the highest outbound throughput or the lowest delay (round-trip response time).

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a router as a master controller and to configure global operations and policies.

Step 4 mode {monitor{active | both | passive} | route {control | metric {bgp local-pref preference | static tag value} observe | select-exit {best | good}}

Example:Router(config-oer-mc)# mode monitor both

Example:Router(config-oer-mc)# mode route control

Example:Router(config-oer-mc)# mode select-exit best

Configures route monitoring or route control on an OER master controller.

• The monitor keyword is used to configure active and/or passive monitoring. The first example enables both active and passive monitoring.

• The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example enable OER control mode.

Page 86: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

56Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example enables both active and passive monitoring, control mode, and sets the master controller to evaluate and select the first in-policy exit every 5 minutes. (The monitored prefix is moved only if the prefix is out-of-policy.) Active and passive monitoring is enabled with the mode monitor both command. Route control is enabled with the mode route control command. The time period between the exit selection process is configured with the periodic command. The selection of the first in-policy exit is configured with the mode select-exit good command.

Router(config)# oer master Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# periodic 300 Router(config-oer-mc)# mode select-exit good

What to Do Next

Proceed to the next section to see information about configuring OER policies with an oer-map.

Configuring OER Policies with an OER Map This section describes commands that are used to configure policies to be applied to prefixes through an OER Map. The oer-map command is required to enter oer-map 1configuration mode. All other command listed in this section are optional.

Note Policies applied in an OER map do not override global policies. These policies are only applied to prefixes that match the oer-map match criteria.

OER Map Operation

The operation of an OER map is similar to the operation of a route map. An OER map is designed to select IP prefixes or to select OER learn policies using a match clause and then to apply OER policy configurations using a set clause. The oer-map is configured with a sequence number like a route-map, and the oer-map with the lowest sequence number is evaluated first. The operation of an OER map differs from a route map at this point. There are two important distinctions:

• Only a single match clause may be configured for each sequence. An error message will be displayed in the console if you attempt to configure multiple match clauses for a single OER map sequence.

• The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered and the first in-policy exit when the good keyword is entered. The third example configures the master controller to select the best available exit for monitored prefixes.

Command or Action Purpose

Page 87: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

57Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

• An OER map is not configured with permit or deny statements. However, a permit or deny sequence can be configured for an IP traffic flow by configuring a permit or deny statement in an IP prefix list and then applying the prefix list to the oer-map with the match ip address (OER) command. Deny prefixes should be combined in a single prefix list and applied to the OER map with the lowest sequence number.

IP Prefix Lists

Cisco IOS OER supports three IP prefix configuration options for importing prefixes. The master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16).

IP prefix list permit and deny statements are supported by Cisco IOS OER. An IP prefix list with a deny statement can be used to exclude a prefix or prefix length. Any prefix length can be specified for a deny IP prefix list.

Adjusting OER Timers

An oer-map can be used to configure OER timers for traffic that is defined as match criteria. Configuring a new timer value will immediately replace the existing value if the new value is less than the time remaining. If the new value is greater than the time remaining, the new timer value will be used when the existing timer is reset.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

4. oer-map map-name sequence-number

5. match ip address prefix-list prefix-list-name

6. match oer learn {delay | throughput }

7. set backoff min-timer max-timer [step-timer]

8. set delay relative percentage | threshold maximum

9. set holddown timer

10. set loss relative average | threshold maximum

11. set periodic timer

12. set resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}

13. set unreachable relative average | threshold maximum

Page 88: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

58Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters Global configuration mode.

Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

Example:Router(config)# ip prefix-list OER seq 10 permit 10.4.9.0/24

Creates an IP prefix list.

• IP prefix lists are used to manual select prefixes for monitoring by the master controller.

• A master controller can monitor and control an exact prefix (/32), a specific prefix length, and a specific prefix length and any prefix that falls under the prefix length (for example, a /24 under a /16).

• A prefix range can also be selected using the le keyword with a 32 bit prefix length.

• The prefixes specified in the IP prefix list are imported into the oer-map with the match ip address (OER) command.

• The example creates an IP prefix list that permits prefixes from the 10.4.9.0/24 subnet.

Step 4 oer-map map-name sequence-number

Example:Router(config)# oer-map THROUGHPUT 10

Enters oer-map configuration mode to configure an OER map to apply policies to selected IP prefixes.

• Only one match clause can be configured for each oer-map sequence.

• Deny sequences must be defined in an IP prefix list and then applied with the match ip address (OER) command.

• The example creates an oer-map named THROUGHPUT.

Step 5 match ip address prefix-list prefix-list-name

Example:Router(config-oer-map)# match ip address prefix-list OER

Creates a prefix list match clause entry in an OER map to apply OER policies.

• This command supports IP prefix lists only.

• Only a single match clause can be configured for each OER map sequence.

• The example configures the prefix list named OER as match criteria in an OER map.

Page 89: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

59Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 6 match oer learn delay | throughput

Example:Router(config-oer-map)# match oer learn delay

Creates a match clause entry in an OER map to match OER learned prefixes.

• Prefixes can be configured to learn prefixes based on lowest delay or highest outbound throughput.

• Only a single match clause can be configured for each OER map sequence.

• The example creates a match clause entry that matches traffic learned based on lowest delay.

Step 7 set backoff min-timer max-timer [step-timer]

Example:Router(config-oer-map)# set backoff 400 4000 400

Creates a set clause entry to configure the backoff timer to adjust the time period for prefix policy decisions.

• The min-timer argument is used to set the minimum transition period in seconds.

• The max-timer argument is used to set the maximum length of time OER holds an out-of-policy prefix when there are no OER controlled in-policy prefixes.

• The step-timer argument allows you to optionally configure OER to add time each time the minimum timer expires until the maximum time limit has been reached.

• The example creates a set clause to configure the minimum timer to 400 seconds, the maximum timer to 4000 seconds, and the step timer to 400 seconds for traffic that is matched in the same oer-map sequence.

Step 8 set delay relative percentage | threshold maximum

Example:Router(config-oer-map)# set delay threshold 2000

Creates a set clause entry to configure the delay threshold.

• The delay threshold can be configured as a relative percentage or as an absolute value for match criteria.

• The relative keyword is used to configure a relative delay percentage. The relative delay percentage is based on a comparison of short-term and long-term measurements.

• The threshold keyword is used to configure the absolute maximum delay period in milliseconds.

• The example creates a set clause that sets the absolute maximum delay threshold to 2000 milliseconds for traffic that is matched in the same oer-map sequence.

Step 9 set holddown timer Creates a set clause entry to configure the prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.

• The prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected.

• OER does not implement policy changes while a prefix is in the holddown state.

Command or Action Purpose

Page 90: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

60Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example:Router(config-oer-map)# set holddown 400

• The master controller puts a prefix in a holddown state during an exit change to isolate the prefix during the transition period to prevent the prefix from flapping due to rapid state changes.

• An immediate route change will be triggered if the current exit for a prefix becomes unreachable.

• The example creates a set clause that sets the holddown timer to 400 seconds for traffic that is matched in the same oer-map sequence.

Step 10 set loss relative average | threshold maximum

Example:Router(config-oer-map)# set loss relative 200

Creates a set clause entry to configure the relative or maximum packet loss limit that the master controller will permit for an exit link.

• This command is used to configure an oer-map to configure the relative percentage or maximum number of packets that OER will permit to be lost during transmission on an exit link. If packet loss is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy.

• The relative keyword is used to configure the relative packet loss percentage. The relative packet loss percentage is based on a comparison of short-term and long-term packet loss.

• The threshold keyword is used to configure the absolute maximum packet loss. The maximum value is based on the actual number of packets per million that have been lost.

• The example creates a set clause that configures the relative percentage of acceptable packet loss to less than 20 percent for traffic that is matched in the same oer-map sequence.

Step 11 set mode {monitor {active | both | passive} | route {control | observe}| select-exit {best | good}}

Example:Router(config-oer-map)# set mode monitor both

Example:Router(config-oer-map)# set mode route control

Creates a set clause entry to configure monitoring, control, or exit selection settings for matched traffic.

• The monitor keyword is used to configured active and/or passive monitoring. The first example creates a set clause that enables both active and passive monitoring.

• The route keyword is enable control mode or observe mode. In control mode, the master controller analyzes monitored prefixes and implemented changes based on policy parameters. In observe mode, the master controller analyzes monitored prefixes, reports the changes that should be made, but does not implement any changes. The second example creates a set clause that enables OER control mode.

Command or Action Purpose

Page 91: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

61Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Example:Router(config-oer-map)# set mode select-exit best

• The select-exit keyword is used to configure the master controller to select either the best available exit when the best keyword is entered or the first in-policy exit when the good keyword is entered. The third example creates a set clause that configures the master controller to select the best available exit for matched prefixes.

Step 12 set periodic timer

Example:Router(config-oer-map)# set periodic 300

Creates a set clause entry to configure the time period for the periodic timer.

• When this command is enabled, the master controller will periodically evaluate and then make policy decisions for OER managed exit links.

• The set mode command is used to determine if OER selects the first in-policy exit or the best available exit when this timer expires.

• The example creates a set clause that configures the periodic timer to 300 seconds for traffic that is matched in the same OER map sequence.

Step 13 set resolve {cost priority value | delay priority value variance percentage | loss priority value variance percentage | range priority value | utilization priority value variance percentage}

Example:Router(config-oer-map)# set resolve delay priority 1 variance 10

Creates a set clause entry to configure policy priority or resolve policy conflicts.

• This command is used to set priority for a policy type when multiple policies are configured for the same prefix. When this command is configured, the policy with the highest priority will be selected to determine the policy decision.

• The priority keyword is used to specify the priority value. Configuring the number 1 assigns the highest priority to a policy. Configuring the number 10 assigns the lowest priority.

• Each policy must be assigned a different priority number.

• The variance keyword is used to set an allowable variance for a user-defined policy. This keyword configures the allowable percentage that an exit link or prefix can vary from the user-defined policy value and still be considered equivalent.

• Variance cannot be configured for range policies.

• The example creates set clause that configures the priority for delay policies to 1 for traffic learned based on highest outbound throughput. The variance is configured to allow a 10 percent difference in delay statistics before a prefix is determined to be out-of-policy.

Command or Action Purpose

Page 92: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

62Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

Imported Prefix Policy Example

The following example creates an oer-map named SELECT_EXIT that matches traffic defined in the IP prefix list named CUSTOMER and sets exit selection to the first in-policy exit when the periodic timer expires. This OER map also sets a resolve policy that sets the priority of link utilization policies to 1 (highest priority) and allows for a 10 percent variance in exit link utilization statistics.

Router(config)# ip prefix-list CUSTOMER permit 10.4.9.0/24 Router(config)# ! Router(config)# oer-map SELECT_EXIT 10 Router(config-oer-map)# match ip address prefix-list CUSTOMER Router(config-oer-map)# set mode select-exit good Router(config-oer-map)# set resolve utilization priority 1 variance 10

Learned Prefix Policy Example

The following example creates an oer-map named THROUGHPUT that matches traffic learned based on the highest outbound throughput. The set clause applies a relative loss policy that will permit 1 percent packet loss:

Router(config)# oer-map THROUGHPUT 20 Router(config-oer-map)# match oer learn throughput Router(config-oer-map)# set loss relative 10

Step 14 set unreachable relative average | threshold maximum

Example:Router(config-oer-map)# set unreachable relative 100

Creates a set clause entry to configure the maximum number of unreachable hosts.

• This command is used to specify the relative percentage or the absolute maximum number of unreachable hosts, based on flows per million, that a master controller will permit from an OER managed exit link. If the absolute number or relative percentage of unreachable hosts is greater than the user-defined or the default value, the master controller determines that the exit link is out-of-policy and searches for an alternate exit link.

• The relative keyword is used to configure the relative percentage of unreachable hosts. The relative unreachable host percentage is based on a comparison of short-term and long-term measurements.

• The threshold keyword is used to configure the absolute maximum number of unreachable hosts based on fpm.

• The example creates a set clause entry that configures the master controller to search for a new exit link when the relative percentage of unreachable hosts is equal to or greater than 10 percent for traffic learned based on highest delay.

Command or Action Purpose

Page 93: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

63Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

What to do Next

An OER map configuration can also be applied in OER master controller configuration mode. Proceed to the next section to see more information.

Configuring Policy Rules for OER Maps The policy-rules OER master controller configuration command was introduced in Cisco IOS Release 12.3(11)T. This command allows you to select an OER map and apply the configuration under OER master controller configuration mode, providing an improved method to switch between predefined OER maps.

Prerequisites

At least one oer-map must be configured before you can enable policy-rule support.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. policy-rules map-name

5. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure global prefix and exit link policies.

Step 4 policy-rules map-name Applies a configuration from an OER map to a master controller configuration in OER master controller configuration mode.

• Reentering this command with a new oer-map name will immediately overwrite the previous configuration. This behavior is designed to allow you to quickly select and switch between predefined OER maps.

Page 94: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

64Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following examples, starting in global configuration mode, show how to configure the policy-rules command to apply the OER map configuration named BLUE under OER master controller mode:

Router(config-oer-map)# oer-map BLUE 10 Router(config-oer-map)# match oer learn delayRouter(config-oer-map)# set loss relative 900Router(config-oer-map)# exitRouter(config)# oer master Router(config-oer-mc)# policy-rules BLUE Router(config-oer-mc)# exit

What to Do Next

If iBGP peering is enabled in the internal network, proceed to the next section to see information about configuring iBGP redistribution from the border routers.

Configuring iBGP Peering on the Border Routers The master control implements policy changes by altering default routing behavior in the OER managed network. If iBGP peering is enabled on the border routers, the master controller will inject iBGP routes into routing tables on the border routers. The border routers advertise the preferred route through standard iBGP peering.

BGP Local Preference Attribute

OER uses the BGP local preference attribute to set the preference for injected BGP prefixes. If a local preference value of 5000 or higher has been configured for default BGP routing, you should configure a higher value in OER. OER default BGP local preference and default static tag values are configurable with the mode command in OER master controller configuration mode.

Injected Routes are not Advertised to External Networks

All OER injected routes remain local to an Autonomous System. The “no-export” community is automatically applied to inject routes to ensure that are not advertised to external networks.

Parent Route Must Exist

Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.

Example:Router(config-oer-mc)# policy-rules RED

• The example applies the configuration from the OER map named RED.

Step 5 end

Example:Router(config-oer-mc)# end

Exits OER master controller configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 95: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

65Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

eBGP Peerings

The IP address for each eBGP peering session must be reachable from the border router via a connected route. Peering sessions established through loopback interfaces or with the neighbor ebgp-multihop command are not supported.

Prerequisites

Peering must be Consistently Applied

Routing protocol peering must be established in your network and consistently applied to the border routers; the border routers should have a consistent view of the network.

SUMMARY STEPS

1. enable

2. configure terminal

3. router bgp as-number

4. address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast]

5. neighbor ip-address | peer-group-name remote-as as-number

6. neighbor ip-address | peer-group-name activate

7. neighbor ip-address | peer-group-name send-community [both | extended | standard]

8. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 router bgp as-number

Example:Router(config)# router bgp 65534

Enters router configuration mode to create or configure a BGP routing process.

Step 4 address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name] | vpnv4 [unicast]

Example:Router(config-router)# address-family ipv4 unicast

Enters address-family configuration mode to configure a BGP address- family session.

• The example creates an IPv4 unicast address family session.

Page 96: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

66Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in Global configuration mode, establishes peering between two routers in autonomous system 65534. This example also configures the two routers to exchange the standard BGP communities attribute:

Border Router Configuration Router(config)# router bgp 65534 Router(config-router)# neighbor 10.100.1.3 remote-as 65534Router(config-router)# address-family ipv4 Router(config-router-af)# neighbor 10.100.1.3 activate Router(config-router-af)# neighbor 10.100.1.3 send-community standard

Internal Border Peer Configuration Router(config)# router bgp 65534 Router(config-router)# neighbor 10.100.1.2 remote-as 65534 Router(config-router)# address-family ipv4 Router(config-router-af)# neighbor 10.100.1.2 activate Router(config-router-af)# neighbor 10.100.1.2 send-community standard

What to Do Next

If BGP is configured on the border routers and another IGP is deployed in the internal network, proceed to the next section to see information about configuring redistribution from BGP into the IGP.

If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the Configuring Static Route Redistribution on the Border Routers section.

Step 5 neighbor ip-address | peer-group-name remote-as as-neighbor

Example:Router(config-router)# neighbor 10.100.1.3 remote-as 65534

Establishes BGP peering with the specified neighbor or border router.

Step 6 neighbor ip-address | peer-group-name activate

Example:Router(config-router)# neighbor 10.100.1.3 activate

Enables the exchange of address-family routing information.

Step 7 neighbor ip-address | peer-group-name send-community [both | extended | standard]

Example:Router(config-router)# neighbor 10.100.1.3 send-community standard

Configures the BGP routing process to send the BGP communities attribute to the specified neighbor.

• Each iBGP peer must be configured to send the standard BGP communities attribute.

Step 8 end

Example:Router(config-router)# end

Exits router configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 97: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

67Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Configuring BGP Redistribution into an IGP on the Border Routers This section describes BGP redistribution into an IGP in the OER managed network. The configuration task table and examples in this section redistribution into OSPF, but EIGRP, IS-IS, or RIP could also be used in this configuration.

Filtering Routes that are Redistributed by BGP into the IGP

When redistributing BGP into any IGP, be sure to use IP prefix-list and route-map statements to limit the number of prefixes that are redistributed. Redistributing full BGP routing tables into an IGP can have a serious detrimental effect on IGP network operation.

Redistributing OER Injected Routes by Matching on the Local-Preference Attribute

OER uses a local-preference value of 5000 (default) to move traffic to the preferred exit point in a BGP network. (This value is configured on the OER master controller.) The match local-preference can be used in place of the ip prefix-list command to redistribute OER injected routes into the IGP. The local-preference value must match the default or configured value on the master controller. Only OER injected routes will be redistributed into the IGP. A branching task for this configuration is included in the task table below. The prefix-list is not required in this configuration.

Prerequisites

Peering must be Consistently Applied

IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.

Restrictions

Border Exits Cannot use the Same Next Hop

When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

4. route-map map-tag [permit | deny] [sequence-number]

5. match ip address prefix-list prefix-list-name

or

6. match local preference {value}

7. exit

8. router bgp as-number

9. bgp redistribute-internal

10. exit

Page 98: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

68Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

11. router {eigrp as-number | is-is [area-tag] | ospf process-id | rip}

12. redistribute static [metric metric-value] [route-map map-tag]

13. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

Example:Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24

Example:Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0

Defines the prefix range to redistribute into the IGP.

• Any prefix length can be specified.

• The first longest match is processed in the IP prefix list.

• The examples creates a prefix list named PREFIXES. The first sequence permits the 10.200.2.0/24 subnet. The second sequence denies all other prefixes.

Step 4 route-map map-tag [permit | deny] [sequence-number]

Example:Router(config)# route-map BGP permit 10

Enters route-map configuration mode and configures a route map.

• The example creates a route map named BGP.

Step 5 match ip address prefix-list prefix-list-name

Example:Router(config-route-map)# match ip address prefix-list PREFIXES

Creates a prefix list match clause entry in a route-map to redistribute BGP prefixes.

• The example configures the prefix list named PREFIXES as match criteria in for the route-map.

Note Step 6 can be entered in place of this step. No prefix-list configuration is necessary when redistribution is configured based on the BGP local-preference value.

or

Step 6 match local-preference {value}

Example:Router(config-route-map)# match local-preference 5000

Configures a route map to match routes based on the BGP local-preference attribute.

• The example configures routes with a local-preference value of 5000 (default OER) to redistributed into the IGP.

Page 99: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

69Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in Global configuration mode, configures the border router to redistribute BGP routes into the internal network and configures the IGP (OSPF) to accept redistributed BGP routes. The first example configures redistribution using prefix lists. The second example configures redistribution using the BGP local-preference attribute. The IGP peer configuration is the same for either configuration.

Border Router Redistribution Configuration Using Prefix Lists Router(config)# ip prefix-list PREFIXES seq 5 permit 10.200.2.0/24 Router(config)# ip prefix-list PREFIXES seq 10 deny 0.0.0.0/0 Router(config)# ! Router(config)# route-map BGP permit 10

Step 7 exit

Example:Router(config-route-map)# exit

Exits route-map configuration mode, and enters global configuration mode.

Step 8 router bgp as-number

Example:Router(config)# router bgp 65534

Enters router configuration mode, and creates a BGP routing process.

Step 9 bgp redistribute-internal

Example:Router(config-router)# bgp redistribute-internal

Configures BGP to redistribute routes into the IGP.

Step 10 exit

Example:Router(config-router)# exit

Exits router configuration mode, and enters global configuration mode.

Step 11 router {eigrp as-number | is-is [area-tag] | ospf process-id | rip}

Example:Router(config)# router ospf 1

Enters router configuration mode, and creates a routing process.

• The example creates an OSPF routing process.

Step 12 redistribute static [metric metric-value] [route-map map-tag]

Example:Router(config-router)# redistribute static route-map BGP subnets

Redistributes static routes into the specified protocol.

• The example configures the IGP to accept the redistributed BGP routes that pass through the route map.

Note In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.

Step 13 end

Example:Router(config-router)# end

Exits router configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 100: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

70Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Router(config-route-map)# match ip address prefix-list PREFIXES Router(config-route-map)# exit Router(config)# router bgp 65534 Router(config-router)# bgp redistribute-internal

Border Router Redistribution Configuration Matching on the Local-Preference Attribute Router(config)# route-map BGP permit 10 Router(config-route-map)# match local-preference 5000 Router(config-route-map)# exit Router(config)# router bgp 65534 Router(config-router)# bgp redistribute-internal

IGP Peer Configuration Router(config)# router ospf 1 Router(config-router)# redistribute bgp 65534 route-map BGP subnets

What to Do Next

If BGP is not configured in the internal network, then static routes to the border exits must be configured and the static routes must be redistributed into the IGP. For more information, proceed to the next section.

Configuring Static Route Redistribution on the Border Routers This section describes static redistribution into an IGP in an OER managed network.

OER Tags Static Routes

OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP. If you use the tag value of 5000 for another routing function, you should use a different tag value for that function, or you can change the default static tag values by configuring the mode command in OER master controller configuration mode.

Parent Route Must Exist

Before injecting a route, the master controller verifies that a parent route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.

Static Routing without IGP Redistribution

If static routing is configured in your network and no IGP is deployed, OER will inject temporary static routes as necessary. No redistribution or other specific network configuration is required.

Supported Interior Gateway Protocols

• Enhanced Interior Gateway Routing Protocol (EIGRP)

• Open Shortest Path First (OSPF)

• Intermediate System-to-Intermediate System (IS-IS)

• Routing Information Protocol (RIP)

EIGRP Static Route Redistribution

Cisco IOS OER supports static route redistribution into EIGRP. However, it is configured differently. Proceed to the Configuring Static Route Redistribution into EIGRP section for more information.

Page 101: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

71Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Prerequisites

Peering must be Consistently Applied

IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.

Restrictions

Border Exits Cannot use the Same Next Hop

When two or more border routers are deployed in an OER managed network, the next hop to an external network on each border router, as installed in the RIB, cannot be an IP address from the same subnet as the next hop on the other border router.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

4. route-map map-tag [permit | deny] [sequence-number]

5. match tag tag-value [...tag-value]

6. set metric metric-value

7. exit

8. router {is-is area-tag | ospf process-id | rip}

9. redistribute static [metric metric-value] [route-map map-tag]

10. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

Example:Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0

Configures a static route.

• A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized.

Page 102: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

72Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 4 route-map map-tag [permit | deny] [sequence-number]

Example:Router(config)# route-map STATIC permit 10

Enters route-map configuration mode and creates a route map.

• The example creates a route map named STATIC.

Step 5 match tag tag-value [...tag-value]

Example:Router(config-route-map)# match tag 5000

Redistribute routes in the routing table that match the specified tag value.

• 5000 must be configured for this tag value unless you have configured a different value with the mode command.

Step 6 set metric metric-value

Example:Router(config-route-map)# set metric -10

Sets the metric value for prefixes that pass through the route map.

• A metric value that is less than 1 must be configured in order for the OER injected static route to be preferred by default routing.

• The example set the metric value for the OER injected routes to -10.

Step 7 exit

Example:Router(config-route-map)# exit

Exits route-map configuration mode, and enters global configuration mode.

Step 8 router {is-is area-tag | ospf process-id | rip}

Example:Router(config)# router rip

Enters router configuration mode, and creates a routing process for the specified routing protocol.

Step 9 redistribute static [metric metric-value] [route-map map-tag]

Example:Router(config-router)# redistribute static route-map STATIC

Redistributes static routes into the specified protocol.

• The example configures the IGP to redistribute static routes injected from the REDISTRIBUTE_STATIC route map.

Note In OSPF, the subnets keyword must be entered if you redistribute anything less than a major network prefix range.

Step 10 end

Example:Router(config-router)# end

Exits router configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 103: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

73Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running RIP. The match tag command is match OER injected temporary static routes. The set metric command is used to set the preference of the injected static.

Border Router Configuration Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router rip Router(config-router)# network 192.168.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# redistribute static route-map STATIC

Internal Border Peer ConfigurationRouter(config)# route rip Router(config-router)# network 192.168.0.0 Router(config-router)# network 172.16.0.0

What to Do Next

If EIGRP is deployed in the internal network and BGP is not configured on the border routers, proceed to the next section for more information.

Configuring Static Route Redistribution into EIGRP This section describes static route redistribution into EIGRP. Under the EIGRP configuration, a tag is applied to the static route and an a distribute list is configured on all egress interfaces.

OER Tags Static Routes

OER applies a default tag value of 5000 to injected temporary static routes. The static route is filtered through a route map and then redistributed into the IGP.

Parent Route Must Exist

Before injecting the temporary static route, the master controller verifies that a parent static route with a valid next hop exists. This behavior is designed to prevent traffic from being blackholed.

Prerequisites

Peering must be Consistently Applied

IGP peering, static routing, and static route redistribution must be applied consistently throughout the OER managed network; the border routers should have a consistent view of the network.

Page 104: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

74Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Restrictions

Border Exits Cannot use the Same Next Hop

When two or more border routers are deployed in an OER managed network, the next hop, as installed in the RIB, to an external network on each border router cannot be an IP address from the same subnet as the next hop on the other border router.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

4. route-map map-tag [permit | deny] [sequence-number]

5. match tag tag-value [...tag-value]

6. exit

7. router eigrp as-number

8. no auto-summary

9. network ip-address [wildcard-mask]

10. redistribute static [metric metric-value] [route-map map-tag]

11. distribute-list {acl-number | acl-name | prefix-list-name} out [interface-name | routing-process | as-number]

12. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

Example:Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10

Configures a static route.

• A static route must be configured for each external interface. The static route is configured only on the border routers. The static route must include any prefixes that need to be optimized.

• Under EIGRP, a tag is applied to the static route. The tag is then filtered through a route map.

Page 105: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

75Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 4 route-map map-tag [permit | deny] [sequence-number]

Example:Router(config)# route-map BLUE deny 10

Enters route-map configuration mode and creates a route map.

• Two route map sequences are configured. One sequence is configured for static route redistribution and one to filter prefixes on egress interfaces.

Step 5 match tag tag-value [...tag-value]

Example:Router(config-route-map)# match tag 10

Example:Router(config-route-map)# match tag 5000

Redistribute routes in the routing table that match the specified tag value.

• The first example matches the static route tag, and the second example matches the default OER tag value applied to injected temporary static routes.

Step 6 exit

Example:Router(config-route-map)# exit

Exits route-map configuration mode, and enters global configuration mode.

Step 7 router eigrp as-number

Example:Router(config)# router eigrp 1

Enters router configuration mode, and creates an EIGRP routing process.

Step 8 no auto-summary

Example:Router(config-router)# no auto-summary

Disables automatic summarization under the EIGRP routing process.

Step 9 network ip-address [wildcard-mask]

Example:Router(config-router)# network 192.168.0.0 0.0.255.255

Specifies a network for an EIGRP routing process.

• The network state must cover any interfaces and prefixes that need to be optimized for the internal network.

Step 10 redistribute static [metric metric-value] [route-map map-tag]

Example:Router(config-router)# redistribute static route-map RED

Redistributes static routes into the specified protocol.

• The example configures the EIGRP to redistribute static routes that filter through the route map.

Step 11 distribute-list {acl-number | acl-name | prefix-list-name} out [interface-name | routing-process | as-number]

Example:Router(config-router)# distribute-list

Applies a distribute list to filter outbound advertisements.

• The distribute list must be applied to egress interfaces.

Step 12 end

Example:Router(config-router)# end

Exits router configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 106: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

76Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in Global configuration mode, configures static redistribution to allow the master controller to influence routing in an internal network that is running EIGRP:

Border Router Configuration Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 0 tag 10 Router(config)# ip route 0.0.0.0 0.0.0.0 Ethernet 1 tag 10Router(config)# ! Router(config)# route-map RED deny 20 Router(config-route-map)# match tag 10Router(config-route-map)# exit Router(config)# route-map RED permit 30 Router(config-route-map)# exit Router(config)# route-map BLUE permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# exit Router(config)# route-map BLUE permit 20 Router(config-route-map)# exit Router(config)# route eigrp 1 Router(config-router)# no auto-summary Router(config-router)# redistribute static route-map RED Router(config-router)# network 10.0.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# network 192.168.0.0 Router(config-router)# distribute-list route-map BLUE out Ethernet 0 Router(config-router)# distribute-list route-map BLUE out Ethernet 1

Internal Border Peer ConfigurationRouter(config)# route eigrp 1 Router(config-router)# no auto-summary Router(config-router)# network 10.0.0.0 Router(config-router)# network 172.16.0.0 Router(config-router)# network 192.168.0.0 Router(config-router)# end

Configuring OER to Monitor and Control IPSec VPN Prefixes Over GRE Tunnels VPN IPSec/GRE Tunnel Optimization was introduced in Cisco IOS Release 12.3(11)T. Cisco IOS OER supports the optimization of prefixes that are routed over GRE tunnel interfaces and protected with IPSec. Both GRE and multipoint GRE tunnels are supported.

This task shows a sample IPSec VPN configuration example. In this example, the IPSec VPN is configured on the border router, and the tunnel interface is configured as an OER managed interface on the master controller. The following tasks are completed:

• An IKE policy is defined

• A transforms set is configured

• A crypto profile is defined

• A crypto map is defined

• A GRE tunnel is configured

• Tunnel interfaces are configured as an OER managed external interfaces

Page 107: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

77Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Routing Prefixes that are Protected with IPSec over GRE Tunnels

The IPSec to GRE model allows a service provider to provide VPN services over the IP backbone. Both the central and remote VPN clients terminate per the IPSec-to-IPSec model. Prefixes are encapsulated using generic route encapsulation (GRE) tunnels. The GRE packet is protected by IPSec. The encapsulated prefixes are forwarded from the central VPN site to a customer headend router that is the other endpoint for GRE. The IPSec protected GRE packets provide secure connectivity across the IP backbone of the service provider network.

For more information about configuring IPSec over GRE tunnels, refer to the Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs) published at the following URL:

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

GRE Tunnel Interfaces are Configured as OER Managed Exit Links

GRE tunnel interfaces on the border routers are configured as OER external interfaces on the master controller. At least two external tunnel interfaces must be configured on separate physical interfaces in an OER managed network. These interfaces can be configured on a single border router or multiple border routers. Internal interfaces are configured normally using a physical interface on the border router that is reachable by the master controller.

Prerequisites

• Cisco Express Forwarding (CEF) must be enabled on all participating routers.

• Routing protocol peering or static routing is configured in the OER managed network.

• Standard Cisco OER border router and master controller configuration is completed.

Restrictions

• Cisco IOS OER supports only IPSec/GRE VPNs. No other VPN types are supported.

Border Router Configuration

The GRE tunnel and IPSec protection is configured on the border router. The following configuration steps show the configuration of single tunnel. At least two tunnels must be configured on the border router(s) in an OER managed network. The IPSec configuration must be applied at each tunnel end point (the central and remote site).

SUMMARY STEPS

1. enable

2. configure terminal

3. crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}

4. crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3] [transform4]

5. mode transport [require] | tunnel

6. exit

7. crypto map map-name seq-num [ipsec-manual]

Page 108: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

78Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

8. set peer host-name | ip-address

9. set transform-set transform-set-name [transform-set-name2...transform-set-name6]

10. match address [access-list-id | name]

11. exit

12. crypto map map-name local-address interface-id

13. crypto ipsec profile name

14. set transform-set transform-set-name [transform-set-name2...transform-set-name6]

15. exit

16. crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name} [no-xauth]

17. crypto isakmp keepalive seconds [retries] [periodic | on-demand]

18. crypto isakmp policy priority

19. encryption {des | 3des | aes | aes 192 | aes 256}

20. authentication {rsa-sig | rsa-encr | pre-share}

21. exit

22. interface type number [name-tag]

23. ip address ip-address mask [secondary]

24. crypto map map-name [redundancy standby-name]

25. exit

26. interface type number [name-tag]

27. ip address ip-address mask [secondary]

28. bandwidth kbps | inherit [kbps]

29. tunnel source {ip-address | interface-type interface-number}

30. tunnel destination {host-name | ip-address}

31. tunnel protection ipsec profile name [shared]

32. exit

33. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name] [permanent] [tag tag]

34. access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]

35. end

Page 109: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

79Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}

Example:Router(config)# crypto ipsec security-association lifetime kilobytes 530000000

Router(config)# crypto ipsec security-association lifetime second 14400

Sets global lifetime values used when negotiating IPSec security associations.

• The first example sets volume of traffic, in kilobytes, that can pass between IPSec peers for this security association.

• The second example sets the expiration timer, in seconds, for this security association.

Step 4 crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3] [transform4]

Example:Router(config)# crypto ipsec transform-set VPN_1 esp-des esp-3des esp-sha-hmac

Enters crypto transform configuration mode to create or modify a transform set—an acceptable combination of security protocols and algorithms.

• The example specifies 56-bit DES, 168-bit DES, or SHA for authentication.

Step 5 mode transport [require] | tunnel

Example:Router(cfg-crypto-trans)# mode transport

Sets the mode for the transform set.

• The example sets the mode to transport. The default mode is tunnel. Under tunnel mode, the entire packet is protected. Under transport mode, only the payload is protected. Encapsulation is performed by GRE.

Step 6 exit

Example:Router(cfg-crypto-trans)# exit

Exits crypto transform configuration mode, and enters global configuration mode.

Step 7 crypto map map-name seq-num [ipsec-manual]

Example:Router(config)# crypto map TUNNEL 10 ipsec-isakmp

Enters crypto map configuration mode to create or modify a crypto map.

• The example create a crypto map named TUNNEL, and configures IKE to establish the security association.

Step 8 set peer host-name | ip-address

Example:Router(config-crypto-map)# set peer 10.4.9.81

Specifies the IPSec peer in the crypto map entry.

Page 110: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

80Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 9 set transform-set transform-set-name [transform-set-name2...transform-set-name6]

Example:Router(config-crypto-map)# set transform-set VPN_1

Specifies which transform sets can be used with the crypto map entry.

• Specifies the transform set VPN_1 that was configured in Step 4.

Step 10 match address [access-list-id | name]

Example:Router(config-crypto-map)# match address 100

Specifies an extended access list to define IPSec peers for the crypto map entry.

• The access list is defined in Step 33.

Step 11 exit

Example:Router(config-crypto-map)# exit

Exits crypto map configuration mode, and enters global configuration mode.

Step 12 crypto map map-name local-address interface-id

Example:Router(config)# crypto map TUNNEL local-address FastEthernet 0/0

Attaches a defined crypto map to the specified interface.

• The example attaches the crypto map named TUNNEL to interface FastEthernet 0/0.

Step 13 crypto isakmp key encryption-level key-string {address peer-address [mask] | hostname name} [no-xauth]

Example:Router(config)# crypto isakmp key 0 CISCO address 10.4.9.81 no-xauth

Creates the preshared authentication key.

• The example configures encryption level 0, and configures the router to not prompt the IPSec peer for extended authentication. However, any encryption level or authentication level can be specified.

Step 14 crypto isakmp keepalive seconds [retries] [periodic | on-demand]

Example:Router(config)# crypto isakmp keepalive 10

Allows the gateway to send dead peer detection (DPD) messages to the peer.

Step 15 crypto isakmp policy priority

Example:Router(config)# crypto isakmp policy 1

Define an Internet Key Exchange (IKE) policy, and enters ISAKMP policy configuration mode.

Step 16 encryption {des | 3des | aes | aes 192 | aes 256}

Example:Router(config-isakmp)# encryption 3des

Specifies the encryption algorithm within the IKE policy.

• The example specifies 168-bit DES encryption.

Step 17 authentication {rsa-sig | rsa-encr | pre-share}

Example:Router(config-isakmp)# authentication pre-share

Specifies the authentication method within the IKE policy.

• The example specifies that a preshared key will be used.

Command or Action Purpose

Page 111: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

81Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 18 exit

Example:Router(config-isakmp)# exit

Exits ISAKMP policy configuration mode, and enters global configuration mode.

Step 19 crypto ipsec profile name

Example:Router(config)# crypto ipsec profile OER

Defines the IPSec parameters that are to be used for IPSec encryption between two IPSec routers, and enters IPsec profile configuration mode.

• The example creates a profile named OER.

Step 20 set transform-set transform-set-name [transform-set-name2...transform-set-name6]

Example:Router(ipsec-profile)# set transform-set VPN_1

Specifies which transform sets can be used with the crypto map entry.

• The example specifies transform set named VPN_1. VPN_1 was configured in Step 4.

Step 21 exit

Example:Router(ipsec-profile)# exit

Exits IPsec profile configuration mode, and enters global configuration mode.

Step 22 interface type number [name-tag]

Example:Router(config)# interface FastEthernet0/0

Configures an interface type, and enters interface configuration mode.

• The physical interface is defined in this step.

Step 23 ip address ip-address mask [secondary]

Example:Router(config-if) ip address 10.4.9.14 255.255.255.0

Sets a primary or secondary IP address for an interface.

Step 24 crypto map map-name [redundancy standby-name]

Example:Router(config-if)# crypto map TUNNEL

Applies the crypto map set to the interface.

• The example specifies the crypto map named TUNNEL that was defined in Step 7.

Step 25 exit

Example:Router(config-if)# exit

Exits interface configuration mode, and enters global configuration mode.

Step 26 interface type number [name-tag]

Example:Router(config)# interface Tunnel0

Configures an interface type, and enters interface configuration mode.

• The tunnel interface is defined in this step.

Step 27 ip address ip-address mask [secondary]

Example:Router(config-if) ip address 10.100.2.1 255.255.0.0

Sets a primary or secondary IP address for an interface.

Command or Action Purpose

Page 112: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

82Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 28 bandwidth kbps | inherit [kbps]

Example:Router(config-if)# bandwidth 500

Router(config-if)# bandwidth inherit

Sets and communicates the current bandwidth value for an interface to higher-level protocols.

Step 29 tunnel source {ip-address | interface-type interface-number}

Example:Router(config-if)# tunnel source 10.4.9.14

Sets the source address for a tunnel interface.

• The source interface in the example was defined in Step 22. The interface name or IP address can be specified.

Step 30 tunnel destination {host-name | ip-address}

Example:Router(config-if)# tunnel destination 10.4.9.81

Specifies the destination for a tunnel interface.

• The IP address of the physical interface where the remote tunnel end point is attached is configured in this step.

Step 31 tunnel protection ipsec profile name [shared]

Example:Router(config-if)# tunnel protection ipsec profile OER

Associates the tunnel interface with the IPSec profile.

• The IPSec profile named OER that is configured in the example was defined in Step 19.

Step 32 exit

Example:Router(config-if)# exit

Exits interface configuration mode, and enters global configuration mode.

Step 33 access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]

Example:Router(config)# access-list 100 permit gre host 10.4.9.14 host 10.4.9.81

Creates or configures an extended IP access list.

• An extended access list is defined to permit only the GRE hosts.

• The access list in this example is referenced in the match address statement in Step 10.

Step 34 ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name] [permanent] [tag tag]

Example:Router(config)# ip route 10.2.2.2 255.255.255.255 Tunnel0

Establishes a static route.

• A default route is configured for the tunnel destination host or network.

Step 35 end

Example:Router(config)# end

Exits global configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 113: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

83Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example, starting in global configuration mode, configures an IPSec/GRE tunnel on a border router. This example shows the configuration of one tunnel. Two tunnels must be configured in the OER managed network to enable the VPN IPSec/GRE Tunnel Optimization feature.

crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address FastEthernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface FastEthernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit!ip route 10.100.2.2 255.255.255.255 Tunnel0 !access-list 100 permit gre host 10.4.9.14 host 10.4.9.81!end

What to Do Next

Tunnel interfaces must be configured as OER managed external interfaces to complete this configuration task. Proceed to the next step table.

Page 114: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

84Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Master Controller Configuration

The tunnel interfaces are configured as OER managed external interfaces on the master controller. A minimum of two tunnel interfaces must be configured to enable the VPN IPSec/GRE Tunnel Optimization feature.

SUMMARY STEPS

1. enable

2. configure terminal

3. oer master

4. border ip-address key-chain key-chain-name

5. interface type number external

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:Router# configure terminal

Enters global configuration mode.

Step 3 oer border | master

Example:Router(config)# oer master

Enters OER master controller configuration mode to configure a router as a master controller.

Step 4 border ip-address key-chain key-chain-name

Example:Router(config-oer-mc)# border 10.10.10.1 key-chain OER

Enters OER managed border router configuration mode to establish communication with a border router.

• An IP address is configured to identify the border router.

• A minimum of two border routers must be specified to create an OER managed network. A maximum of 10 border routers can be controlled by a single master controller.

Page 115: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

85Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Examples

The following example completes the configuration in this task. Starting in global configuration mode on the master controller, the Tunnel0 and Tunnel1 interfaces on the border are configured as an OER managed external interfaces:

oer masterborder 10.10.10.1 key-chain OER interface Tunnel0 external interface Tunnel1 external

end

Verifying Cisco IOS OER Configuration This section describes the show commands that can be used to verify the configuration of Cisco IOS OER. All show command described in this section are entered in Privileged EXEC mode. The show oer master commands are entered on a master controller. The show oer border command are entered on a border router.

SUMMARY STEPS

1. enable

2. show oer border

3. show oer border active-probes

4. show oer border passive cache {learned | prefix}

5. show oer border passive prefixes

6. show oer border routes bgp | static

7. show oer master

Step 5 interface type number external

Example:Router(config-oer-mc-br)# interface Tunnel0 external

Configures a border router interface as an OER managed external interface.

• Serial and Ethernet interfaces are supported. External interfaces are used to forward traffic and for active monitoring.

• A minimum of two external border router interfaces are required in an OER managed network. At least 1 external interface must be configured on each border router. A maximum of 20 interfaces can be controlled by single master controller.

• The example configures a GRE tunnel interface as an OER managed external interface.

Step 6 end

Example:Router(config-oer-mc-br)# end

Exits OER managed border router configuration mode, and enters privileged EXEC mode.

Command or Action Purpose

Page 116: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

86Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

8. show oer master active-probes

9. show oer master border [ip-address] [detail]

10. show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}

11. show oer master policy [sequence-number] [policy-name] | [default]

12. show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 show oer border

Example:Router# show oer border

Displays information about a border router connection and OER controlled interfaces.

• The output displays information about the border router and master controller connection status and border router interfaces.

Step 3 show oer border active-probes

Example:Router# show oer border active-probes

Displays connection status and information about active probes on a border router.

• This command displays target active-probe assignment for a given prefix and the current probing status including the border router or border routers that are executing the active probes.

Step 4 show oer border passive cache {learned | prefix}

Displays passive measurement information collected by NetFlow for monitored prefixes and traffic flows.

• This command displays real-time prefix information collected from the border router through NetFlow passive monitoring.

• Entering the learned keyword displays learned prefixes. A maximum of 5 host addresses and 5 ports are collected for each prefix. The output will also show the throughput in bytes and the delay in milliseconds.

Step 5

Example:Router# show oer border passive cache learned

• Entering the prefix keyword displays the metrics captured for monitored prefixes. This information includes the number of packets and bytes per packet, the delay, the number of delay samples, the amount of packet loss, the number of unreachable flows, and the interfaces through which traffic flows travel.

Step 6 show oer border passive prefixes

Example:Router# show oer border passive prefixes

Displays information about passive monitored prefixes.

• The output of this command displays prefixes monitored by NetFlow on the border router. The prefixes displayed in the output are sent from the master controller.

Page 117: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

87Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 7 show oer border routes bgp | static

Example:Router# show oer border routes bgp

Displays information about OER controlled routes.

• This command is used to display information about OER controlled routes on a border router. You can display information about BGP routes or static routes.

Step 8 show oer master

Example:Router# show oer master

Displays information about the master controller.

• The output of this command displays information about the status of the master controller, border routers and OER controlled interfaces as well as default and user-defined policy settings.

Step 9 show oer master active-probes

Example:Router# show oer master active-probes

Displays connection and status information about active probes on a master controller.

• This command is used to display the current state of active probing. The output displays the probe type, status, and destination.

Step 10 show oer master border [ip-address] [detail]

Example:Router# show oer master border

Displays the status of connected border routers.

• The output of this command shows the status of all border router connections or a single border router connection.

Step 11 show oer master cost-minimization {billing-history | border ip-address [interface] | nickname name}

Example:Router# show oer master cost-minimization border 10.1.1.1 Ethernet 0/0

Displays information about cost policies.

• The output can be filtered to display information about a specific border router or interface, to display billing information, or to display information about the specified service provider.

Step 12 show oer master policy [sequence-number] [policy-name] | [default]

Example:Router# show oer master policy

Displays user-defined and default policy settings on a master controller.

• The output of this command displays global policy and policies configured with an oer-map.

Step 13 show oer master prefix [detail | learned [delay | throughput] | prefix [detail | policy | traceroute [exit-id | border-address | current] [now]]]

Example:Router# show oer master prefix

Displays the status of monitored prefixes.

Step 14 show oer master prefix-list list-name [detail]

Example:Router# show oer master prefix-list list-name

Displays the status of prefixes imported using a prefix list.

Command or Action Purpose

Page 118: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

88Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Using Cisco IOS OER Clear CommandsThis section describes the clear commands that can be used to clear Cisco IOS OER sessions and counters. All clear command described in this section are entered in Privileged EXEC mode. The clear oer master commands are enter on a master controller. The clear oer border command are entered on a border router.

SUMMARY STEPS

1. enable

2. clear oer border *

3. clear oer master *

4. clear oer master border * | ip-address

5. clear oer master prefix * | prefix | learned

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 clear oer border *

Example:Router# clear oer border *

Resets a connection between a border router and the master controller.

• The border router and master controller will automatically reestablish communication after this command is entered.

Step 3 clear oer master * Resets a master controller process and all active border router connections.

Example:Router# clear master *

• The master controller will restart all default and user-defined processes and reestablish communication with active border routers after this command is entered.

Step 4 clear oer master border * | ip-address

Example:Router# clear oer master border *

Resets an active border router connection or all connections with a master controller.

Step 5 clear oer master prefix * | prefix | learned

Example:Router# clear oer master prefix *

Clears OER controlled prefixes from the master controller database.

Page 119: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

89Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Using Cisco IOS OER Debug CommandsThis section describes the debug commands that can be used to trouble shoot Cisco IOS OER sessions and operations. All debug commands described in this section are entered in Privileged EXEC mode. The debug oer master commands are enter on a master controller. The debug oer border command are entered on a border router.

Caution Debug commands can generate a substantial amount of output and use significant system resources. Debug commands should be used only as necessary for troubleshooting and should be used with caution in production networks.

SUMMARY STEPS

1. enable

2. debug oer border

3. debug oer border active-probe

4. debug oer cc [detail]

5. debug oer master border ip-address

6. debug oer master collector [active-probes [detail [trace]]] | [netflow]

7. debug oer master exit [detail]

8. debug oer master learn

9. debug oer master prefix [prefix] [detail]

10. debug oer master prefix-list list-name [detail]

11. debug oer master process

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example:Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 debug oer border

Example:Router# debug oer border

Displays general border router debugging information.

• This command is used to display debugging information about the OER border process, controlled routes and monitored prefixes.

Step 3 debug oer border active-probe

Example:Router# debug oer border active-probe

Displays debugging information for active probes configured on the local border router.

Page 120: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationHow to Configure Cisco IOS Optimized Edge Routing

90Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Step 4 debug oer cc [detail]

Example:Router# debug oer cc

Displays OER communication control debugging information for master controller and border router communication.

• This command is used to display messages exchanged between the master controller and the border router. These messages include control commands, configuration commands, and monitoring information.

Step 5 debug oer master border ip-address

Example:Router# debug oer master border

Displays debugging information for border router events on a master controller.

• The output displays information related to the events or updates from one or more border routers.

Step 6 debug oer master collector [active-probes [detail [trace]]] | [netflow]

Example:Router# debug oer master collector

Displays data collection debugging information for monitored prefixes.

Step 7 debug oer master exit [detail]

Example:Router# debug oer master exit

Displays debugging event information for OER managed exit links.

Step 8 debug oer master learn

Example:Router# debug oer master learn

Displays debugging information for master controller learning events.

Step 9 debug oer master prefix [prefix] [detail]

Example:Router# debug oer master prefix

Displays debugging events related to prefix processing on an OER master controller.

Step 10 debug oer master prefix-list list-name [detail]

Example:Router# debug oer master prefix-list

Displays debug events related to prefix-list processing on an OER master controller

Step 11 debug oer master process

Example:Router# debug oer master process

Displays debugging information about the OER master controller process.

Command or Action Purpose

Page 121: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

91Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Configuration Examples for Cisco IOS Optimized Edge RoutingThis section provides the following sample configuration provide example deployment configurations for Cisco IOS OER:

• Master Controller and Two Border Routers Deployment: Example, page 91

• Master Controller and Border Router Deployed on a Single Router: Example, page 94

• Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example, page 96

Master Controller and Two Border Routers Deployment: ExampleFigure 7 shows an OER managed network with two border router processes and a master controller process deployed separately on Cisco routers.

Figure 7 Master Controller Deployed with Two Border Routers

The master controller performs no routing functions. BGP is deployed on the border routers and internal peers in the OER managed network. Each border router has an eBGP peering session with a different ISP. The eBGP peers (ISP border routers) are reachable through connected routes. Injected prefixes are advertised the internal network through standard iBGP peering.

OER MC Configuration

The following example, starting in Global configuration mode, shows the master controller configuration. Both active and passive monitoring is configured. Route control mode is enabled. The master controller is configured to analyze and move out of policy prefixes to first in-policy exit when the periodic timer expires. Automatic prefix learning is enabled. The master controller is configured to learn prefixes with the highest outbound throughput, the monitoring period is set to10 minutes, the number of prefixes learned during each monitoring period is set to 500, and the interval between monitoring periods is set to 20 minutes. The master controller is configured to aggregate BGP prefixes.

Router(config)# key chain OER Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config)# oer master Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Ethernet 0/0 external

1272

64

Enterprisenetwork

BR1ISP1 AS2

192.168.1.1

ISP2 AS3192.168.2.2

ISP1 AS2192.168.1.1

ISP2 AS3192.168.2.2

BR2

iBGP InternetOER MCOER MC

AS1

Page 122: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

92Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 1/1 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Ethernet 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Serial 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# mode monitor both Router(config-oer-mc)# mode route control Router(config-oer-mc)# mode select-exit good Router(config-oer-mc)# learn Router(config-oer-mc-learn)# throughput Router(config-oer-mc-learn)# monitor-period 10 Router(config-oer-mc-learn)# periodic-interval 20 Router(config-oer-mc-learn)# prefixes 500Router(config-oer-mc-learn)# aggregation-type bgpRouter(config-oer-mc-learn)# end

BR 1 Configuration

The following example, starting in Global configuration mode, shows the configuration for BR1. EBGP peering is established with ISP 1 (192.168.1.1 AS2). Standard community exchange and iBGP peering is established with BR2 (10.200.2.2) and internal peers (in the 10.150.1.0/24 network).

Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.1.1 remote-as 2Router(config-router)# neighbor 10.200.2.2 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.1.1 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standard Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end

BR 2 Configuration

The following example, starting in Global configuration mode, shows the configuration for BR2. EBGP peering is established with ISP 2 (192.168.2.2 AS1). Standard community exchange and iBGP peering is established with BR2 (10.100.1.1) and internal peers (in the 10.150.1.0/24 network).

Router(config)# key chain OER

Page 123: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

93Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Router(config-keychain)# key 1 Router(config-keychain-key)# key-string CISCO Router(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 172.16.1.1 key-chain OER Router(config-oer-br)# local Serial 1/1 Router(config-oer-br)# exit Router(config)# router bgp 1 Router(config-router)# neighbor 192.168.2.2 remote-as 3 Router(config-router)# neighbor 10.100.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 192.168.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standard Router(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end

Internal Peer Configuration

The following example, starting in Global configuration mode, shows the internal peer configuration. Standard full-mesh iBGP peering is established with the BR1 and BR2 and internal peers in autonomous system 1.

Router(config)# router bgp 1 Router(config-router)# neighbor 10.100.1.1 remote-as 1 Router(config-router)# neighbor 10.200.2.2 remote-as 1 Router(config-router)# neighbor 10.150.1.1 remote-as 1 Router(config-router)# neighbor 10.150.1.2 remote-as 1 Router(config-router)# neighbor 10.150.1.3 remote-as 1 Router(config-router)# address-family ipv4 unicast Router(config-router-af)# neighbor 10.100.1.1 activate Router(config-router-af)# neighbor 10.100.1.1 send-community standard Router(config-router-af)# neighbor 10.200.2.2 activate Router(config-router-af)# neighbor 10.200.2.2 send-community standardRouter(config-router-af)# neighbor 10.150.1.1 activate Router(config-router-af)# neighbor 10.150.1.1 send-community standard Router(config-router-af)# neighbor 10.150.1.2 activate Router(config-router-af)# neighbor 10.150.1.2 send-community standard Router(config-router-af)# neighbor 10.150.1.3 activate Router(config-router-af)# neighbor 10.150.1.3 send-community standard Router(config-router-af)# end

Page 124: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

94Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Master Controller and Border Router Deployed on a Single Router: ExampleFigure 8 shows an OER managed network with two border routers. BR1 is configured to run a master controller and border router process.

Figure 8 Master Controller and Border Process Deployed on a Single Router

BR2 is configured as a border router. The internal network is running OSPF. Each border router peers with a different ISP. A static routes to the egress interface is configured on each border router. The static routes are then redistributed into OSPF. Injected prefixes are advertised through static route redistribution.

BR 1 Configuration: Master/Border with Load Distribution

The following example, starting in Global configuration mode, shows the configuration of BR 1. This router is configured to run both a master controller and a border router process. BR 1 peers with ISP1. A traffic load distribution policy is configured under the master controller process that is applied to all exit links in the OER managed network.

Router(config)# key chain OER Router(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer border Router(config-oer-br)# master 10.100.1.1 key-chain OER Router(config-oer-br)# local Loopback 0 Router(config-oer-br)# exit Router(config)# oer master Router(config-oer-mc)# logging Router(config-oer-mc)# border 10.100.1.1 key-chain OER Router(config-oer-mc-br)# interface Serial 0/0 external Router(config-oer-mc-br-if)# exitRouter(config-oer-mc-br)# interface Ethernet 1/1 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit

127265

Enterprisenetwork

MC/BR 1

BR2

BGP Internet

Page 125: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

95Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Router(config-oer-mc)# border 10.200.2.2 key-chain OER Router(config-oer-mc-br)# interface Serial 2/2 external Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# interface Ethernet 3/3 internal Router(config-oer-mc-br-if)# exit Router(config-oer-mc-br)# exit Router(config-oer-mc)# max-range-utilization percent 80 Router(config-oer-mc)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 0/0 Router(config)# !Router(config)# route-map STATICRouter(config-route-map)# match tag 5000Router(config-route-map)# set metric -10Router(config-route-map)# exitRouter(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.0.0.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end

BR 2 Configuration

The following example, starting in Global configuration mode, shows the configuration of BR 2. This router is configured to run only a border router process.

Router(config)# key chain OERRouter(config-keychain)# key 1Router(config-keychain-key)# key-string CISCORouter(config-keychain-key)# exit Router(config-keychain)# exit Router(config)# oer borderRouter(config-oer-border)# master 10.100.1.1 key-chain OER Router(config-oer-border)# local Ethernet3/3 Router(config-oer-border)# exit Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 2/2 Router(config)# !Router(config)# route-map STATIC permit 10 Router(config-route-map)# match tag 5000 Router(config-route-map)# set metric -10 Router(config-route-map)# exit Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.255.255.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end

Internal Peer Configuration

The following example, starting in Global configuration mode, configures an OSPF routing process to establish peering with the border routers and internal peers. No redistribution is configured on the internal peers.

Router(config)# router ospf 1 Router(config-router)# network 10.0.0.0 0.255.255.255 area 0 Router(config-router)# redistribute static route-map STATIC subnets Router(config-router)# end

Page 126: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

96Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Configuring OER to Monitor and Control GRE/IPSec VPN Prefixes: Example Figure 9 shows a central VPN site and two remote VPN sites. VPN Peering is established through the service provider clouds. An OER managed network is configured at each site where Cisco IOS OER configuration is applied independently. Each site has separate master controller and border router process, and each site maintains a separate master controller database.

Figure 9

Two GRE tunnels are configured between each remote site and the central site. VPN prefixes are encapsulated in GRE tunnels. The GRE tunnels are protected by IPSec encryption. The examples in this section show the configuration for the central VPN site, VPN A, and VPN B.

Central VPN Configuration: OER Master

The central VPN site peers with VPN A and VPN B. A separate policy is defined for each site using an OER map. For VPN A prefixes, a delay policy of 80 ms is configured and out-of-policy prefixes are moved to the first in-policy exit. For VPN B prefixes, a delay policy of 40ms and a relative loss policy is configured, and out-of-policy prefixes are moved to the best available exit.

key chain OER key 1key-string CISCO

!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal

!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal

BR1SLA A

SLA B

eBGP

SLA C

BR2BR2

126266

SP A SP B

SP F

VPN A

VPN B

VPNBranches

TransitService Providers

Enterprise/VPNHead-end

OER MasterOptions

Server(s)

Server(s)

Server(s)

SP C SP D SP E

CR2

OERmasterOER

master

iBGP and/orEIGRP, OSPF, etc.

BR3BR3

F-VR2

F-VR1 Smallsize

MC/BR

BR1

BR2

CLRmaster

CLRmaster

Page 127: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

97Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

!mode route control mode monitor both exit

!ip prefix VPN A permit <ip address> oer-map VPNA match ip address prefix-list VPNBset delay 800 set mode select-exit goodexit

!ip prefix VPNB permit <ip address> oer-map VPNB match ip address prefix-list VPNCset delay 400 set loss relative 100 set resolve loss priority 1 variance 10 set mode select-exit bestend

Central VPN Configuration: BR1

The following example, starting in Global configuration mode, shows the configuration for BR 1:

key chain OER key 1 key-string CISCO!oer border local serial 0/1 master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0 !route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit

!router eigrp 1 network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATICexit

!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10

Page 128: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

98Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit

Central VPN Configuration: BR 2

The following example, starting in Global configuration mode, shows the configuration of BR 2:

key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER!ip route 10.70.1.0 255.255.255.0!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit

!router eigrp 1 network 10.70.0.0 0.0.0.255redistribute static route-map REDISTRIBUTE_STATIC

!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1

Page 129: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

99Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OERend

Central VPN Configuration: Internal Peers

An EIGRP routing process created to establish peering with the border routers and internal peers.

router eigrp 1 network 10.50.1.0 0.0.0.255 redistribute static route-map REDISTRIBUTE_STATIC end

!VPN A Configuration: MC/BR

The following configuration example, starting in global configuration mode, shows the configuration of VPN A. VPN A is a remote site that is configured for a small office home office (SOHO) client. A single router is deployed. This router peers with service provider B and service provider E. No IGP is deployed at this network, only a static route is configured to the remote tunnel endpoint at the central site. A delay policy, a loss policy, and optimal exit link selection is configured so that traffic is always routed through the ISP with the lowest delay time and lowest packet loss. A resolve policy is configured to configure loss to have the highest priority. Physical interface and internal host peering configuration is not shown in this example.

key chain BR1 key 1 key-string CISCO!

Note The local border router process is enabled. Because the border router and master controller process is enabled on the same router, a loopback interface (192.168.0.1) is configured as the local interface.

oer border local Loopback0 master 192.168.0.1 key-chain BR1!oer masterlearndelaymode route control delay threshold 100loss relative 200periodic 300

Page 130: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

100Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

mode select-exit good resolve loss priority 1 variance 20resolve delay priority 2 variance 10! border 192.168.0.1 key-chain BR1 interface Serial0/0 internal interface Tunnel0 external interface Tunnel0 externalexit

!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.81 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.81 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!

interface Ethernet0/0 ip address 10.4.9.14 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.1 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.14 tunnel destination 10.4.9.81 tunnel protection ipsec profile OER exit!

Note A single tunnel configuration is show in this example. Two tunnels are required to configure VPN optimization.

Page 131: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

101Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

VPN B Configuration: OER Master

The following example, starting in Global configuration mode, shows the master controller configuration in VPN B. Load distribution and route control mode is enabled. Out-of-policy prefixes are configured to be moved to first in-policy exit.

key chain OER key 1key-string CISCO

!oer masterloggingborder 10.4.9.6 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal

!border 10.4.9.7 key-chain OERinterface Ethernet 0/0 externalinterface Ethernet 0/1 internal

!mode route control mode select-exit good max-range utilization !learndelayend

VPN B Configuration: BR 1

The following example, starting in Global configuration mode, shows the configuration for BR 1:

key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OER!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit

!router ripnetwork 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATICend

!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER

Page 132: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationConfiguration Examples for Cisco IOS Optimized Edge Routing

102Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

set transform-set VPN_1 exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end

VPN B Configuration: BR 2

The following example, starting in Global configuration mode, shows the configuration for BR 2:

key chain OER key 1 key-string CISCO!oer border local Ethernet 0/1 master 10.4.9.4 key-chain OERexit

!route-map REDISTRIBUTE_STATICmatch tag 5000set metric -10exit

!router ripnetwork 10.600.1.0 redistribute static route-map REDISTRIBUTE_STATICexit

!crypto ipsec security-association lifetime kilobytes 530000000crypto ipsec security-association lifetime second 14400crypto ipsec transform-set VPN_1 esp-3des esp-sha-hmac mode transport exit!crypto map TUNNEL 10 ipsec-isakmp set peer 10.4.9.82 set transform-set VPN_1 match address 100 !crypto ipsec profile OER set transform-set VPN_1

Page 133: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationAdditional References

103Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

exit crypto map TUNNEL local-address Ethernet 0/0!crypto isakmp key 0 CISCO address 10.4.9.82 no-xauthcrypto isakmp keepalive 10crypto isakmp policy 1 encryption 3des authentication pre-share exit!interface Ethernet0/0 ip address 10.4.9.15 255.255.255.0 crypto map TUNNEL exit!interface Tunnel0 ip address 10.100.2.2 255.255.0.0 keepalive 30 5 bandwidth 500 bandwidth inherit tunnel mode gre ip tunnel source 10.4.9.15 tunnel destination 10.4.9.82 tunnel protection ipsec profile OER end

VPN B Configuration: Internal Peers

A RIP routing process created to establish peering with the border routers and internal peers.

router rip network 10.60.1.0 end

Additional ReferencesThe following sections provide references related to Cisco IOS Optimized Edge Routing:

Related Documents

Related Topic Document Title

IP SLAs • Cisco IOS IP SLAs Configuration Guide, Release 12.4

Key Chain Authentication: Information about authentication key configuration and management in Cisco IOS Software

• Managing Authentication Keys” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4

NetFlow • Cisco IOS NetFlow Configuration Guide, Release 12.4

Routing Protocol Commands • Cisco IOS IP Routing Command Reference, Release 12.4

Routing Protocol Configuration Tasks • Cisco IOS IP Routing Configuration Guide, Release 12.4

System Logging • Cisco IOS Network Management Configuration Guide, Release 12.4

Page 134: Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4

Cisco IOS Optimized Edge Routing ConfigurationAdditional References

104Cisco IOS Optimized Edge Routing Configuration Guide

78-17876-01

Standards

MIBs

RFCs

Technical Assistance

Standards Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

MIBs MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs Title

No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.

Description Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml