使用BGP或EIGRP配置PfRv2流量控制機制
簡介
本文檔介紹效能路由第2版(PfRv2)如何根據PfRv2策略決策控制流量。用於控制流量的方法和標準取決於通過哪個基礎協定獲知父路由。在本文檔中,當通過BGP和EIGRP獲知父路由時,將演示PfRv2流量控制操作。
必要條件
需求
思科建議您瞭解效能路由(PfR)的基本知識。
採用元件
本文件所述內容不限於特定軟體和硬體版本。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
設定
PfRv2允許網路管理員配置learn-list對流量進行分組,應用配置的策略,並選擇滿足策略中定義的特定引數集(如延遲、抖動、利用率等)的最佳邊界路由器(BR)。PfRv2控制流量的模式多種多樣,這取決於獲知目的地首碼的父路由所使用的協定。PfRv2能夠通過操縱路由協定、注入靜態路由或通過基於動態策略的路由來更改路由資訊庫(RIB)。下表重點介紹各種協定的路由控制方法。
網路圖表
本文檔將以下影象作為本文檔其餘部分的示例拓撲。
圖中所示的裝置:
R1 — 伺服器,正在發起流量。
R3- PfR主路由器。
R4&R5- PfR邊界路由器。
連線到R9和R10的客戶端是從R1伺服器接收流量的裝置。
組態
!
key chain pfr
key 0
key-string cisco
pfr master
policy-rules PFR
!
border 10.4.4.4 key-chain pfr
interface Ethernet1/0 external
interface Ethernet1/2 internal
link-group MPLS
!
border 10.5.5.5 key-chain pfr
interface Ethernet1/3 internal
interface Ethernet1/0 external
link-group INET
!
learn
traffic-class filter access-list DENY-ALL
list seq 10 refname APPLICATION-LEARN-LIST
traffic-class prefix-list APPLICATION
throughput
list seq 20 refname DATA-LEARN-LIST
traffic-class prefix-list DATA
throughput
!
pfr-map PFR 10
match pfr learn list APPLICATION-LEARN-LIST
set periodic 90
set delay threshold 25
set mode monitor active
set active-probe echo 10.20.21.1
set probe frequency 5
set link-group MPLS fallback INET
!
pfr-map PFR 20
match pfr learn list DATA-LEARN-LIST
set periodic 90
set delay threshold 25
set mode monitor active
set active-probe echo 10.30.31.1
set probe frequency 5
set link-group INET fallback MPLS
!
ip prefix-list APPLICATION: 1 entries
seq 5 permit 10.20.0.0/16
!
ip prefix-list DATA: 1 entries
seq 5 permit 10.30.0.0/16
!
驗證
案例1:通過BGP的父路由
在此案例中,兩個字首(即10.20.0.0/16和10.30.0.0/16)的父路由是透過BGP得知的。下面是來自兩個邊界路由器(R4和R5)的父路由輸出。
R4#show ip route
--output suppressed--
B 10.20.0.0/16 [20/0] via 10.0.46.6, 01:26:58
B 10.30.0.0/16 [20/0] via 10.0.46.6, 01:26:58
R5#show ip route
--output suppressed--
B 10.20.0.0/16 [20/0] via 10.0.57.7, 00:42:37
B 10.30.0.0/16 [20/0] via 10.0.57.7, 00:42:37
兩個流量類都有活動的流量流,在下面的輸出中,兩者都可以在INPOLICY狀態中看到。可以在下面看到R4被選擇用於字首10.20.20.0/24,並且已為字首10.30.30.0/24選擇R5。這是根據每個學習清單配置的鏈路組首選項進行的。
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 56 10.4.4.4 Et1/0 BGP
N N N N N N N N
1 2 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 59 10.5.5.5 Et1/0 BGP
N N N N N N N N
3 2 0 0 N N N N
由於R4已被PfRv2選為10.20.20.0/24的送出路由器,因此R4會為10.20.20.0/24注入本地優先順序較高的路由,如下所示。注入路由的屬性由父路由繼承。
R4#show ip bgp 10.20.20.0/24
BGP routing table entry for 10.20.20.0/24, version 60
Paths: (1 available, best #1, table default, not advertised to EBGP peer)
Advertised to update-groups:
10
Refresh Epoch 1
200, (injected path from 10.20.0.0/16)
10.0.46.6 from 10.0.46.6 (10.6.6.6)
Origin incomplete, metric 0, localpref 100, valid, external, best
Community: no-export
rx pathid: 0, tx pathid: 0x0
在注入路由的路由器上看不到更高的本地優先順序。相反,在通過iBGP接收此路由的其他BR上可見。以下是R5上出現的字首10.20.20.0/24的路由示例。
R5#show ip bgp 10.20.20.0/24
BGP routing table entry for 10.20.20.0/24, version 17
Paths: (1 available, best #1, table default)
Advertised to update-groups:
6
Refresh Epoch 1
200
10.0.45.4 from 10.0.45.4 (10.4.4.4)
Origin incomplete, metric 0, localpref 5000, valid, internal, best
rx pathid: 0, tx pathid: 0x0
因此,R5收到的字首10.20.20.0/24的任何流量都會路由回R4,以便流量可以退出PfRv2選擇的BR。
R4#show pfr border routes bgp
BGP table version is 60, local router ID is 10.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
OER Flags: C - Controlled, X - Excluded, E - Exact, N - Non-exact, I - Injected
Network Next Hop OER LocPrf Weight Path
*> 10.20.20.0/24 10.0.46.6 CEI 5000 0 200 ?
*>i10.30.30.0/24 10.0.45.5 XN 5000 0 300 ?
對於字首10.20.20.0/24,可以看到三個標誌。「C」(受控)意味著該途徑為區域性受控和注射。'E'(精確)表示此路由是精確的,且存在於BGP表中,並且沒有比此更具體的路由。「I」(注入)表示此路由已本地注入此路由器。
同樣地,字首10.30.30.0/24可看到兩個旗標。「X」(不包括)表明此路由不是本地注入的,而是源自我們的案例中的某些其他BR、R5。若設定「X」標誌,則可忽略「N」標誌。
要注意的重要一點是,預設情況下,注入的路由帶有本地優先值5000。因此,如果您的BGP策略已使用某個高於5000的值,則可能出現問題,並且無法預期可見的結果。可通過以下命令調整預設本地首選項值。
R3(config-pfr-mc)#mode route metric bgp local-pref
案例2:父路由通過EIGRP
請考慮以下情況:通過EIGRP獲取兩個字首(即10.20.0.0/16和10.30.0.0/16)的父路由。下面是來自兩個邊界路由器(R4和R5)的父路由輸出。 在這種情況下,這些路由是外部路由,但是根據網路設計,這些路由可能是內部eigrp父路由。
R4#show ip route
--output suppressed--
D EX 10.20.0.0/16 [170/25651200] via 10.0.46.6, 00:04:25, Ethernet1/0
D EX 10.30.0.0/16 [170/25651200] via 10.0.46.6, 00:04:25, Ethernet1/0
R5#show ip route
--output suppressed--
D EX 10.20.0.0/16 [170/25651200] via 10.0.57.7, 00:05:46, Ethernet1/0
D EX 10.30.0.0/16 [170/25651200] via 10.0.57.7, 00:05:46, Ethernet1/0
如前面的案例所示,兩個流量類別都有活動的流量流,在下面的輸出中,兩者都處於INPOLICY狀態。R4被選為字首10.20.20.0/24,R5被選為字首10.30.30.0/24。這是根據每個學習清單配置的鏈路組首選項而設定的。
R3#show pfr master traffic-class
OER Prefix Statistics:
Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms),
P - Percentage below threshold, Jit - Jitter (ms),
MOS - Mean Opinion Score
Los - Packet Loss (percent/10000), Un - Unreachable (flows-per-million),
E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable
U - unknown, * - uncontrolled, + - control more specific, @ - active probe all
# - Prefix monitor mode is Special, & - Blackholed Prefix
% - Force Next-Hop, ^ - Prefix is denied
DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix
Flags State Time CurrBR CurrI/F Protocol
PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw
ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos
--------------------------------------------------------------------------------
10.20.20.0/24 N N N N N N
INPOLICY 31 10.4.4.4 Et1/0 EIGRP
N N N N N N N N
1 2 0 0 N N N N
10.30.30.0/24 N N N N N N
INPOLICY 24 10.5.5.5 Et1/0 EIGRP
N N N N N N N N
2 2 0 0 N N N N
由於R4已被PfRv2選為10.20.20.0/24的最佳出口路由器,因此R4會注入標籤5000的更具體的路由,如下所示。即使父路由是外部路由,該注入路由始終是EIGRP內部路由。此外,如果父路由帶有標籤值,則該值不會被注入的路由繼承。
R4#show ip route 10.20.20.0 255.255.255.0
Routing entry for 10.20.20.0/24
Known via "eigrp 100", distance 90, metric 25651200
Tag 5000, type internal
Redistributing via eigrp 100
Last update from 10.0.46.6 on Ethernet1/0, 00:17:04 ago
Routing Descriptor Blocks:
* 10.0.46.6, from 0.0.0.0, 00:17:04 ago, via Ethernet1/0
Route metric is 25651200, traffic share count is 1
Total delay is 2000 microseconds, minimum bandwidth is 100 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 12/255, Hops 0
Route tag 5000
R4#show ip eigrp topology 10.20.20.0/24
EIGRP-IPv4 Topology Entry for AS(100)/ID(10.4.4.4) for 10.20.20.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25651200
Descriptor Blocks:
10.0.46.6 (Ethernet1/0), from 0.0.0.0, Send flag is 0x0
Composite metric is (25651200/0), route is Internal
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 2000 microseconds
Reliability is 255/255
Load is 12/255
Minimum MTU is 1500
Hop count is 0
Originating router is 10.4.4.4
Internal tag is 5000
R4#show pfr border routes eigrp
Flags: C - Controlled by oer, X - Path is excluded from control,
E - The control is exact, N - The control is non-exact
Flags Network Parent Tag
CE 10.20.20.0/24 10.20.0.0/16 5000
XN 10.30.30.0/24
上述情況中的父路由不太具體,即10.20.0.0/16,並且注入了更具體的路由10.20.20.0/24,從而提供了期望的結果。在R5上接收的任何流量都會使用下面的路由重定向到R4,因此流量會根據PfRv2選擇的最佳出口BR流動。
R5#show ip route 10.20.20.0
Routing entry for 10.20.20.0/24
Known via "eigrp 100", distance 90, metric 26931200
Tag 5000, type internal
Redistributing via eigrp 100
Last update from 10.0.45.4 on Tunnel10, 00:25:34 ago
Routing Descriptor Blocks:
* 10.0.45.4, from 10.0.45.4, 00:25:34 ago, via Tunnel10 // 10.0.45.4 is R4 IP.
Route metric is 26931200, traffic share count is 1
Total delay is 52000 microseconds, minimum bandwidth is 100 Kbit
Reliability 255/255, minimum MTU 1476 bytes
Loading 28/255, Hops 1
Route tag 5000
如果父路由也是/24路由,則R4將注入/24路由,使注入的路由比父路由更優先。
R4#show ip eigrp topology 10.20.20.0/24
EIGRP-IPv4 Topology Entry for AS(100)/ID(10.4.4.4) for 10.20.20.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25600000
Descriptor Blocks:
10.0.46.6 (Ethernet1/0), from 0.0.0.0, Send flag is 0x0
Composite metric is (25600000/0), route is Internal
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 1 microseconds // Injected route with a delay of 1.
Reliability is 255/255
Load is 102/255
Minimum MTU is 1500
Hop count is 0
Originating router is 10.4.4.4
Internal tag is 5000
10.0.45.5 (Tunnel10), from 10.0.45.5, Send flag is 0x0
Composite metric is (26931200/25651200), route is External
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 52000 microseconds
Reliability is 255/255
Load is 99/255
Minimum MTU is 1476
Hop count is 2
Originating router is 10.0.78.7
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
10.0.46.6 (Ethernet1/0), from 10.0.46.6, Send flag is 0x0 //Parent route
Composite metric is (25651200/281600), route is External
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 2000 microseconds
Reliability is 255/255
Load is 102/255
Minimum MTU is 1500
Hop count is 1
Originating router is 10.0.68.6
External data:
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
如上所述,當父路由和注入字首具有相同子網掩碼時,注入路由從父路由繼承最小頻寬、負載、可靠性、MTU等,但注入路由的延遲設定較少,因此這成為首選路由。因此,在其他BR(即R5)上收到流量時,R5可以使用此具有更好指標的路由將流量傳送到R4,然後R4會與PfRv2協定將其從送出介面傳送出去。
意見