使用BGP或EIGRP配置PfRv2流量控制机制
简介
本文档介绍性能路由版本2(PfRv2)如何根据PfRv2策略决策控制流量。用于控制流量的方法和标准取决于获取父路由所依据的底层协议。在本文档中,当通过BGP和EIGRP获知父路由时,将演示PfRv2流量控制操作。
先决条件
要求
思科建议您具备性能路由(PfR)的基本知识。
使用的组件
本文档不限于特定的软件和硬件版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
配置
PfRv2允许网络管理员配置学习列表以分组流量,应用已配置的策略并选择满足策略中定义的延迟、抖动、利用率等特定参数集的最佳边界路由器(BR)。PfRv2控制流量有多种模式,它取决于用于获取目的前缀的父路由的协议。PfRv2能够通过操作路由协议、注入静态路由或基于动态策略的路由来更改路由信息库(RIB)。下表重点介绍了各种协议的路由控制方法。
网络图
本文档将以下图像作为文档其余部分的示例拓扑。
图中所示的设备:
R1 — 服务器,发起流量。
R3- PfR主路由器。
R4&R5- PfR边界路由器。
连接到R9和R10的客户端是从R1服务器接收流量的设备。
配置
!
key chain pfr
key 0
key-string cisco
pfr master
policy-rules PFR
!
border 10.4.4.4 key-chain pfr
interface Ethernet1/0 external
interface Ethernet1/2 internal
link-group MPLS
!
border 10.5.5.5 key-chain pfr
interface Ethernet1/3 internal
interface Ethernet1/0 external
link-group INET
!
learn
traffic-class filter access-list DENY-ALL
list seq 10 refname APPLICATION-LEARN-LIST
traffic-class prefix-list APPLICATION
throughput
list seq 20 refname DATA-LEARN-LIST
traffic-class prefix-list DATA
throughput
!
pfr-map PFR 10
match pfr learn list APPLICATION-LEARN-LIST
set periodic 90
set delay threshold 25
set mode monitor active
set active-probe echo 10.20.21.1
set probe frequency 5
set link-group MPLS fallback INET
!
pfr-map PFR 20
match pfr learn list DATA-LEARN-LIST
set periodic 90
set delay threshold 25
set mode monitor active
set active-probe echo 10.30.31.1
set probe frequency 5
set link-group INET fallback MPLS
!
ip prefix-list APPLICATION: 1 entries
seq 5 permit 10.20.0.0/16
!
ip prefix-list DATA: 1 entries
seq 5 permit 10.30.0.0/16
!
验证
第 1 种情况:通过BGP的父路由
在这种情况下,两个前缀(即10.20.0.0/16和10.30.0.0/16)的父路由都通过BGP获取。下面是来自两个边界路由器(R4和R5)的父路由的输出。
R4#show ip route
--output suppressed--
B 10.20.0.0/16 [20/0] via 10.0.46.6, 01:26:58
B 10.30.0.0/16 [20/0] via 10.0.46.6, 01:26:58
R5#show ip route
--output suppressed--
B 10.20.0.0/16 [20/0] via 10.0.57.7, 00:42:37
B 10.30.0.0/16 [20/0] via 10.0.57.7, 00:42:37
两个流量类都有活动流量,在INPOLICY状态下,可在以下输出中看到这两种流量。在下面可以看到为前缀10.20.20.0/24选择R4,为前缀10.30.30.0/24选择R5。这是根据每个学习列表的配置的链路组首选项。
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 56 10.4.4.4 Et1/0 BGP
N N N N N N N N
1 2 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 59 10.5.5.5 Et1/0 BGP
N N N N N N N N
3 2 0 0 N N N N
由于PfRv2已选择R4作为10.20.20.0/24的送出路由器,因此R4会注入本地优先级较高的10.20.20.0/24路由,如下所示。注入路由的属性由父路由继承。
R4#show ip bgp 10.20.20.0/24
BGP routing table entry for 10.20.20.0/24, version 60
Paths: (1 available, best #1, table default, not advertised to EBGP peer)
Advertised to update-groups:
10
Refresh Epoch 1
200, (injected path from 10.20.0.0/16)
10.0.46.6 from 10.0.46.6 (10.6.6.6)
Origin incomplete, metric 0, localpref 100, valid, external, best
Community: no-export
rx pathid: 0, tx pathid: 0x0
注入路由的路由器上看不到更高的本地优先级。相反,在通过iBGP接收此路由的其他BR上可见。下面是R5上看到的前缀10.20.20.0/24的路由示例。
R5#show ip bgp 10.20.20.0/24
BGP routing table entry for 10.20.20.0/24, version 17
Paths: (1 available, best #1, table default)
Advertised to update-groups:
6
Refresh Epoch 1
200
10.0.45.4 from 10.0.45.4 (10.4.4.4)
Origin incomplete, metric 0, localpref 5000, valid, internal, best
rx pathid: 0, tx pathid: 0x0
因此,R5为前缀10.20.20.0/24接收的任何流量都会路由回R4,以便流量可以退出PfRv2选择的BR。
R4#show pfr border routes bgp
BGP table version is 60, local router ID is 10.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
OER Flags: C - Controlled, X - Excluded, E - Exact, N - Non-exact, I - Injected
Network Next Hop OER LocPrf Weight Path
*> 10.20.20.0/24 10.0.46.6 CEI 5000 0 200 ?
*>i10.30.30.0/24 10.0.45.5 XN 5000 0 300 ?
对于前缀10.20.20.0/24,可以看到三个标志。“C”(受控)表示路由是本地控制和注入的。“E”(确切)表示此路由是精确的,并且存在于BGP表中,并且没有比此更具体的路由。“I”(已注入)表示此路由已本地注入到此路由器。
同样,对于前缀10.30.30.0/24,可以看到两个标志。“X”(排除)表明此路由未在本地注入,而是源于其他BR(在本例中为R5)。如果设置了“X”标志,则可以忽略“N”标志。
需要注意的一点是,默认情况下,注入的路由携带的本地优先级值为5000。因此,如果BGP策略已使用高于5000的值,则可能存在问题,无法预期结果。您可以通过以下命令调整默认本地首选项值。
R3(config-pfr-mc)#mode route metric bgp local-pref
案例2:父路由通过EIGRP
考虑这种情况:通过EIGRP获取两个前缀(即10.20.0.0/16和10.30.0.0/16)的父路由。下面是来自两个边界路由器(R4和R5)的父路由的输出。 在本例中,这些路由是外部路由,但可能是内部eigrp父路由,具体取决于网络设计。
R4#show ip route
--output suppressed--
D EX 10.20.0.0/16 [170/25651200] via 10.0.46.6, 00:04:25, Ethernet1/0
D EX 10.30.0.0/16 [170/25651200] via 10.0.46.6, 00:04:25, Ethernet1/0
R5#show ip route
--output suppressed--
D EX 10.20.0.0/16 [170/25651200] via 10.0.57.7, 00:05:46, Ethernet1/0
D EX 10.30.0.0/16 [170/25651200] via 10.0.57.7, 00:05:46, Ethernet1/0
如上例所示,两个流量类都有活动的流量,在以下输出的INPOLICY状态中可以看到这两个流量。已为前缀10.20.20.0/24选择R4,为前缀10.30.30.0/24选择R5。这与每个学习列表的已配置链路组首选项相同。
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 31 10.4.4.4 Et1/0 EIGRP
N N N N N N N N
1 2 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 24 10.5.5.5 Et1/0 EIGRP
N N N N N N N N
2 2 0 0 N N N N
由于PfRv2已选择R4作为10.20.20.0/24的最佳送出路由器,因此R4使用标签5000注入更具体的路由,如下所示。即使父路由是外部路由,此注入路由也始终是EIGRP内部路由。此外,如果父路由带有标记值,则注入路由不会继承该标记值。
R4#show ip route 10.20.20.0 255.255.255.0
Routing entry for 10.20.20.0/24
Known via "eigrp 100", distance 90, metric 25651200
Tag 5000, type internal
Redistributing via eigrp 100
Last update from 10.0.46.6 on Ethernet1/0, 00:17:04 ago
Routing Descriptor Blocks:
* 10.0.46.6, from 0.0.0.0, 00:17:04 ago, via Ethernet1/0
Route metric is 25651200, traffic share count is 1
Total delay is 2000 microseconds, minimum bandwidth is 100 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 12/255, Hops 0
Route tag 5000
R4#show ip eigrp topology 10.20.20.0/24
EIGRP-IPv4 Topology Entry for AS(100)/ID(10.4.4.4) for 10.20.20.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25651200
Descriptor Blocks:
10.0.46.6 (Ethernet1/0), from 0.0.0.0, Send flag is 0x0
Composite metric is (25651200/0), route is Internal
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 2000 microseconds
Reliability is 255/255
Load is 12/255
Minimum MTU is 1500
Hop count is 0
Originating router is 10.4.4.4
Internal tag is 5000
R4#show pfr border routes eigrp
Flags: C - Controlled by oer, X - Path is excluded from control,
E - The control is exact, N - The control is non-exact
Flags Network Parent Tag
CE 10.20.20.0/24 10.20.0.0/16 5000
XN 10.30.30.0/24
上述情况的父路由不太具体,即10.20.0.0/16,并注入更具体的路由10.20.20.0/24,以获得预期结果。在R5上收到的任何流量都将使用以下路由重定向到R4,因此流量将根据PfRv2选择的最佳出口BR流量。
R5#show ip route 10.20.20.0
Routing entry for 10.20.20.0/24
Known via "eigrp 100", distance 90, metric 26931200
Tag 5000, type internal
Redistributing via eigrp 100
Last update from 10.0.45.4 on Tunnel10, 00:25:34 ago
Routing Descriptor Blocks:
* 10.0.45.4, from 10.0.45.4, 00:25:34 ago, via Tunnel10 // 10.0.45.4 is R4 IP.
Route metric is 26931200, traffic share count is 1
Total delay is 52000 microseconds, minimum bandwidth is 100 Kbit
Reliability 255/255, minimum MTU 1476 bytes
Loading 28/255, Hops 1
Route tag 5000
如果父路由也是/24路由,R4会以使注入的路由比父路由更优先的方式注入/24路由。
R4#show ip eigrp topology 10.20.20.0/24
EIGRP-IPv4 Topology Entry for AS(100)/ID(10.4.4.4) for 10.20.20.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25600000
Descriptor Blocks:
10.0.46.6 (Ethernet1/0), from 0.0.0.0, Send flag is 0x0
Composite metric is (25600000/0), route is Internal
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 1 microseconds // Injected route with a delay of 1.
Reliability is 255/255
Load is 102/255
Minimum MTU is 1500
Hop count is 0
Originating router is 10.4.4.4
Internal tag is 5000
10.0.45.5 (Tunnel10), from 10.0.45.5, Send flag is 0x0
Composite metric is (26931200/25651200), route is External
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 52000 microseconds
Reliability is 255/255
Load is 99/255
Minimum MTU is 1476
Hop count is 2
Originating router is 10.0.78.7
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
10.0.46.6 (Ethernet1/0), from 10.0.46.6, Send flag is 0x0 //Parent route
Composite metric is (25651200/281600), route is External
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 2000 microseconds
Reliability is 255/255
Load is 102/255
Minimum MTU is 1500
Hop count is 1
Originating router is 10.0.68.6
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
如上所示,当父路由和注入的前缀具有相同的子网掩码时,注入路由从父路由继承最低带宽、负载、可靠性、MTU等,但注入路由的延迟设置较少,因此这成为首选路由。因此,当在其他BR(即R5)上收到流量时,R5可以通过此路由发送具有更好度量的流量到R4,然后R4会按照与PfRv2一致的方式将其从送出接口发送出去。
反馈