Configure EIGRP SAF to Push Policies in PfRv3
Available Languages
Contents
Introduction
This document describes Performance Routing (PfRv3), an intelligent solution that monitors various network performance related parameters like delay, jitter, link utilization. PfRv3 accordingly chooses the best exit link amongst several candidates and routes traffic over it. To achieve this, PfRv3 allows network administrator to configure centralized policies on hub master which are then pushed to several hub spokes.
Prerequisites
Requirements
Cisco recommends that you have basic knowledge of Performance Routing (PfR).
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Configure
Centralized Policy Definition
In PfRv3 , all the policies are created and modified by master hub device. Master hub is also responsible for pushing these policies to all master spoke devices. This central provisioning of policies adds great deal to scalability of PfRv3. Network administrator-defined policies dictates treatment of various type of traffic. Traffic could be grouped/categorized based on DSCP value or on basis of application type like Lotus notes, WebEx and so on.
EIGRP Service Address Family(SAF):
EIGRP forms the SAF neighbor adjancey with Hub Border Router as well as Master Branch router as well. This is a set of EIGRP SAF nieghbor adjancey formed:
- Hub Master Controller <---> Hub Border Router
- Hub Master Controller <---> Branch Master Controller
- Branch Master Controller <---> Branch Border Router
EIGRP SAF framework is used by PfRv3 to push policies from hub site to several spoke sites. Only hub master is authorised to modify any pre-deployed policy and these modified polices are then syncronised with other spoke-master over EIGRP SAF framework.
Network Diagram
Configurations
R3 Master Hub Router
interface Loopback0
ip address 10.3.3.3 255.255.255.255
!
domain PfRv3
vrf default
master hub
source-interface Loopback0
class VOICE sequence 10
match dscp ef policy voice
path-preference MPLS fallback INET
R4 Hub Border Router
interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
domain PfRv3
vrf default
border
source-interface Loopback0
master 10.3.3.3
domain one path MPLS
R5 Hub Border Router
interface Loopback0
ip address 10.5.5.5 255.255.255.255
domain one
vrf default
border
source-interface Loopback0
master 10.3.3.3
domain one path INET
R9 Branch Master Router
interface Loopback0
ip address 10.9.9.9 255.255.255.255
domain PFRv3
vrf default
border
source-interface Loopback0
master local
master branch
source-interface Loopback0
hub 10.3.3.3
R10 Branch Master Router
interface Loopback0
ip address 10.10.10.10 255.255.255.255
domain PFRv3
vrf default
border
source-interface Loopback0
master local
master branch
source-interface Loopback0
hub 10.3.3.3
Verify
Checking And Verifying EIGRP SAF
R3 forms the EIGRP SAF adjency with Spoke Master Controller (R9 and R10) and Hub Border routers (R4 and R5).
R3#show eigrp service-family ipv4 neighbors
EIGRP-SFv4 VR(#AUTOCFG#) Service-Family Neighbors for AS(59501)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.4.4.4 Lo0 503 01:30:28 9 100 0 7
2 10.5.5.5 Lo0 592 01:30:28 11 100 0 7
1 10.9.9.9 Lo0 505 01:30:28 22 132 0 10
0 10.10.10.10 Lo0 519 01:30:28 21 132 0 10
Spoke Master router forms the SAF neighbor relationship with hub master controller
R9#show eigrp service-family ipv4 neighbors
EIGRP-SFv4 VR(#AUTOCFG#) Service-Family Neighbors for AS(59501)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.3.3.3 Lo0 530 01:34:43 32 192 0 19
When PfRv3 is configured, EIGRP SAF is automatically initiated in the background. There is no additional configuration needed to be done. EIGRP SAF neighborship is built between master hub and master border routers (BR) as well as master hub and master spokes.
It is essential to have EIGRP SAF adjacency established as SAF lays the foundation for exchange and synchronization of policies ,performance monitoring indexes (PMIs) and so on.
Policy Push From Master Hub To Master Spokes Over EIGRP SAF
R3#show domain one master policy
No Policy publish pending
class VOICE sequence 10
path-preference MPLS fallback INET
class type: Dscp Based
match dscp ef policy voice
priority 2 packet-loss-rate threshold 1.0 percent
priority 1 one-way-delay threshold 150 msec
priority 3 jitter threshold 30000 usec
priority 2 byte-loss-rate threshold 1.0 percent
R9#show domain one master policy
class VOICE sequence 10
path-preference MPLS fallback INET
class type: Dscp Based
match dscp ef policy voice
priority 2 packet-loss-rate threshold 1.0 percent
priority 1 one-way-delay threshold 150 msec
priority 3 jitter threshold 30000 usec
priority 2 byte-loss-rate threshold 1.0 percent
Site-Prefixes Also Being Pushed Over SAF Address Family
Site prefixes are inside prefixes for each site. Site prefix database resides on Master Controllers and Border Routers. Site prefixes are learnt when traffic is initiated from each site destined to spoke location. Master Controller and Border router maintains the Site-Prefix table which must be syncronised at each PFR running site. Flags in site-prefix table help in understanding how prefixes are being learnt.
L Flag :- Indicates Locally learned prefixes learnt by monotoring the egress traffic on the wan links.
S Flag :- Indicates prefixes learnt via SAF address family.
C Flag :- Indicates prefixes configured on the master using the command "site-prefixes".
T Flag :- Indicates prefixes as enterprise prefix.
In this example prefix 10.2.3.0/24 is learned locally on R3 and its information is passed to R9 via SAF:
R3#sh domain one master site-prefix
Change will be published between 5-60 seconds
Next Publish 01:54:04 later
Prefix DB Origin: 10.3.3.3
Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured;
Site-id Site-prefix Last Updated Flag
--------------------------------------------------------------------------------
10.3.3.3 10.2.3.0/24 1w1d ago L,
10.9.9.9 10.20.20.0/24 00:06:30 ago S,
--------------------------------------------------------------------------------
R9#sh domain one master site-prefix
Change will be published between 5-60 seconds
Next Publish 01:55:53 later
Prefix DB Origin: 10.9.9.9
Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured;
Site-id Site-prefix Last Updated Flag
--------------------------------------------------------------------------------
10.3.3.3 10.2.3.0/24 00:11:41 ago S,
10.9.9.9 10.20.20.0/24 00:04:06 ago L,
--------------------------------------------------------------------------------
This diagram shows various attributes being pushed over EIGRP SAF family:
- Site prefix database, monitoring specification and the global templates on Hub MC are pushed by the EIGRP SAF to all hub border devices.
- Master Hub also pushes site-prefixes and global template to the Border Master using the SAF.
- Border Master then pushes its local site-prefixes as well as attributes it subscribed from hub MC, as shown in step 2, to its BR.
This is the output from Master Hub Router which shows that it is publishing the services
R3#show domain one master peering
Peering state: Enabled
Origin: Loopback0(10.3.3.3)
Peering type: Listener
Subscribed service:
cent-policy (2) :
site-prefix (1) :
Last Notification Info: 01:06:33 ago, Size: 242, Compressed size: 160, Status: No Error, Count: 31
service-provider (4) :
globals (5) :
pmi (3) :
Published service:
site-prefix (1) :
Last Publish Info: 01:06:33 ago, Size: 168, Compressed size: 132, Status: No Error
cent-policy (2) :
Last Publish Info: 1w0d ago, Size: 1380, Compressed size: 345, Status: No Error
pmi (3) :
Last Publish Info: 1w0d ago, Size: 1535, Compressed size: 432, Status: No Error
globals (5) :
Last Publish Info: 1w0d ago, Size: 325, Compressed size: 197, Status: No Error
This is the output from Hub Border router
R5#show domain one border peering
Peering state: Enabled
Origin: Loopback0(10.5.5.5)
Peering type: Peer(With 10.3.3.3)
Subscribed service:
pmi (3) :
Last Notification Info: 01:30:58 ago, Size: 1535, Compressed size: 452, Status: No Error, Count: 47
site-prefix (1) :
Last Notification Info: 01:07:09 ago, Size: 242, Compressed size: 160, Status: No Error, Count: 464
globals (5) :
Last Notification Info: 01:30:58 ago, Size: 325, Compressed size: 217, Status: No Error, Count: 47
Published service:
So it is only Subscribing the services being offered from Hub Master Router .
R9#show domain one maste peering
Peering state: Enabled
Origin: Loopback0(10.9.9.9)
Peering type: Listener, Peer(With 10.3.3.3)
Subscribed service:
cent-policy (2) :
Last Notification Info: 01:35:29 ago, Size: 1380, Compressed size: 365, Status: No Error, Count: 25
site-prefix (1) :
Last Notification Info: 01:11:39 ago, Size: 242, Compressed size: 160, Status: No Error, Count: 339
service-provider (4) :
globals (5) :
Last Notification Info: 01:35:29 ago, Size: 325, Compressed size: 217, Status: No Error, Count: 50
Published service:
site-prefix (1) :
Last Publish Info: 01:11:40 ago, Size: 242, Compressed size: 140, Status: No Error
R9#show domain one border peering
Peering state: Enabled
Origin: Loopback0(10.9.9.9)
Peering type: Peer(With 10.9.9.9)
Subscribed service:
pmi (3) :
Last Notification Info: 01:36:26 ago, Size: 1535, Compressed size: 452, Status: No Error, Count: 25
site-prefix (1) :
Last Notification Info: 01:12:36 ago, Size: 242, Compressed size: 160, Status: No Error, Count: 339
globals (5) :
Last Notification Info: 01:36:26 ago, Size: 325, Compressed size: 217, Status: No Error, Count: 50
Published service:
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
2.0 |
19-Sep-2024 |
Updated text to meet Cisco publication guidelines. |
1.0 |
28-Oct-2015 |
Initial Release |
Feedback