配置PfRv2性能监控方法
简介
本文档介绍性能路由第2版(PfRv2)中用于监控分支路由器上广域网(WAN)链路性能的方法。
先决条件
要求
思科建议您具备性能路由(PfR)的基本知识。
使用的组件
本文档不限于特定的软件和硬件版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
背景信息
PfRv2使用三种方法来测量边界路由器(BR)链路的性能。主控制器(MC)使用收集到的信息来实施PfR策略。被动监控、主动监控和混合模式。
被动监控
在此模式下,BR上启用的Netflow(默认情况下使用PfR)会收集有关流量类的此信息,并将其发回主控制器。
此信息适用于通过BR的TCP流:
- 可达性:这是根据尚未收到相应TCP ACK的TCP SYN计算的。
- 延迟:TCP三次握手期间TCP SYN消息和TCP ACK消息之间计算的时间。然后总值除以二。
- 损失:根据TCP序列号进行测量。例如,当收到的TCP序列号高于或低于预期时,会报告丢失。
此信息适用于通过BR的所有流(包括TCP):
- 出口带宽:流量类的吞吐量(使用Netflow以每秒比特数计算)。
- 入口带宽:传入BR的流量类的吞吐量(使用Netflow以比特/秒计算)。
活动监控
在此模式下,BR通过其WAN接口发送IP SLA探测,以测量与流量类相关的多个参数。收集的信息会发回主控制器。测量以下参数:
- 可达性
- 延迟
- 损失
- 出口带宽
- 入口带宽
当在主控制器上配置的监控方法处于活动状态时,这些探测功能会自动生成,也可以手动配置。默认情况下,发送的探测是ICMP回应,但可以根据通过WAN链路发送的流量类型更改为TCP或UDP探测。
当Exit BR选择持续进行时,所有BR将为Netflow获取的前缀发送活动探测。选择退出BR后,其他BR将停止发送活动探测。所选BR将继续发送活动探测。
混合模式
混合模式使用Netflow统计信息和IP服务等级协议(SLA)来决定出口点(BR)和链路监控。在此模式下,IP SLA探测信息用于选择出口点,然后Netflow统计信息用于监控BR到目的地的WAN连接。
当PfR处于学习状态且尚未进入“INPOLICY”状态时,所有BR将为从Netflow收集的前缀发送活动探测。这是为了确定各自的链路条件。当MC状态更改为“INPOLICY”时,所有BR将停止发送主用探测功能,现在监控将被动完成(使用Netflow)。
配置
此图像可用作文档其余部分的示例拓扑:
网络图
相关配置
使用不同模式需要此基本配置。R3配置为MC,因此必须在R3上完成以下配置:
被动模式
pfr master
!
border 10.4.4.4 key-chain pfr
interface Ethernet0/1 external
interface Ethernet0/0 internal
!
border 10.5.5.5 key-chain pfr
interface Ethernet0/0 internal
interface Ethernet0/1 external
!
mode monitor passive
主动模式
pfr master
!
border 10.4.4.4 key-chain pfr
interface Ethernet0/1 external
interface Ethernet0/0 internal
!
border 10.5.5.5 key-chain pfr
interface Ethernet0/0 internal
interface Ethernet0/1 external
!
mode monitor active
混合模式
这是默认模式。如果未提及模式命令,则混合模式将被激活,或者命令模式监控器可同时用于启用它。
pfr master
!
border 10.4.4.4 key-chain pfr
interface Ethernet0/1 external
interface Ethernet0/0 internal
!
border 10.5.5.5 key-chain pfr
interface Ethernet0/0 internal
interface Ethernet0/1 external
验证
大多数验证命令都在MC上执行。这些命令可用于检验不同模式的工作情况。
被动模式
R3#show pfr master
<Output suppressed>
Default Policy Settings:
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
probe frequency 56
number of jitter probe packets 100
mode route control
mode monitor passive
loss relative 10
jitter threshold 20
mos threshold 3.60 percent 30
unreachable relative 50
trigger-log percentage 30
测试1 — 从服务器启动TCP数据流
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 0 10.4.4.4 Et0/1 BGP
46 46 0 0 35502 35502 2 1
N N N N N N
10.30.30.0/24 N N N N N N
INPOLICY 0 10.5.5.5 Et0/1 BGP
1 1 0 0 0 0 14 1
N N N N N N
测试2 — 从服务器启动UDP数据流
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 0 10.5.5.5 Et0/1 BGP
U U 0 0 0 0 13 0
N N N N N N
10.30.30.0/24 N N N N N N
INPOLICY 0 10.5.5.5 Et0/1 BGP
U U 0 0 0 0 14 0
N N N N N N
如前所示,对于TCP流量,您可以看到Delay和Unreachable计数器也已填充,但在UDP流的情况下,您只能看到Bandwidth计数器已填充。
主动模式
R3#show pfr master
<Output suppressed>
Default Policy Settings:
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
probe frequency 56
number of jitter probe packets 100
mode route control
mode monitor active
loss relative 10
jitter threshold 20
mos threshold 3.60 percent 30
unreachable relative 50
trigger-log percentage 30
测试 — 从服务器启动TCP数据流
在主控制器上:
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.10.20.0/24 N N N N N N
INPOLICY 0 10.4.4.4 Et0/1 BGP
N N N N N N N N
54 54 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 0 10.4.4.4 Et0/1 BGP
N N N N N N N N
54 54 0 1000 N N N N
在BR1上:
R4#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
echo 10.10.20.11 N 192.168.1.1 Et0/1 3 3
0
echo 10.30.30.12 N 192.168.1.1 Et0/1 3 3
0
在BR2上:
R5#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
echo 10.10.20.11 N 192.168.2.1 Et0/1 3 3
0
echo 10.30.30.12 N 192.168.2.1 Et0/1 3 3
0
一旦MC上的流量类进入“INPOLICY”状态,并且BR1被选为用于发送所有流量的BR,BR2将停止发送探测:
R4#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
echo 10.10.20.11 N 192.168.1.1 Et0/1 10 10
0
echo 10.30.30.12 N 192.168.1.1 Et0/1 10 10
0
R5#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
混合模式
R3#show pfr master
OER state: ENABLED and ACTIVE
<Output Suppressed>
Default Policy Settings:
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
probe frequency 56
number of jitter probe packets 100
mode route control
mode monitor both
loss relative 10
jitter threshold 20
mos threshold 3.60 percent 30
unreachable relative 50
trigger-log percentage 30
测试 — 从服务器启动TCP数据流
在测量流量类(TC)且状态尚未“INPOLICY”时,两个BR将向从Netflow收集的前缀发送活动探测。这是为了确定各自的链路条件。
在MC上:
R3#show pfr mas traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
HOLDDOWN 61 10.5.5.5Et0/1 BGP
1 1 0 0 0 0 16 1
1 1 0 0 N N N N
10.30.30.0/24 N N N N N N
HOLDDOWN 61 10.5.5.5 Et0/1 BGP
1 1 0 0 0 0 16 1
4 4 0 0 N N N N
在BR1上:
R4#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
echo 10.20.20.1 N 192.168.1.1 Et0/1 1 1
0
echo 10.30.30.1 N 192.168.1.1 Et0/1 1 1
0
在BR2上:
R5#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
echo 10.20.20.1 N 192.168.2.1 Et0/1 1 1
0
echo 10.30.30.1 N 192.168.2.1 Et0/1 1 1
在MC上,状态更改为“INPOLICY”时,两个BR将停止发送主动探测,并且各自的监控将切换到被动模式(使用Netflow)。
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 0 10.5.5.5 Et0/1 BGP
1 1 0 0 0 0 3 1
1 1 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 0 10.5.5.5 Et0/1 BGP
1 1 0 0 0 0 14 1
1 1 0 0 N N N N
如图所示,您可以看到被动和主动组件的计数器。此外,一旦TC进入“INPOLICY”状态,探测功能将停止在BR上。
R4#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
R5#show pfr border active-probes
OER Border active-probes
Type = Probe Type
Target = Target IP Address
TPort = Target Port
Source = Send From Source IP Address
Interface = Exit interface
Att = Number of Attempts
Comps = Number of completions
N - Not applicable
Type Target TPort Source Interface Att Comps
DSCP
故障排除
目前没有针对此配置的故障排除信息。
反馈