Performance routing Pfr

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

• What is PfRBenefits of PfR

Why is PfR interesting now?

Example PfR deployment scenarios

• How it Works

• How to demonstrate PfR

• Example Deployments (case studies)

• Scaling, Recommended Hardware

• Summary

• Resources


• WAN performance is more critical to the enterprise than ever before

• How to engineer performance for applications?Redundant links may be idle

Degraded links may be carrying critical traffic!

• Application intelligence is needed in the networkRecognise important traffic

Recognise problems (or lack of) in the network

Send the important traffic over the best link for that type of traffic


ISRISR ASRASR

Internet

MPLSVPN

ISP 1

ISP 2

Media- andApplication- AwareRouting

Improved user experience

Improves PerformanceImproves PerformanceImproves PerformanceImproves Performance Improves ReliabilityImproves ReliabilityImproves ReliabilityImproves Reliability

High availability for DC and Cloud apps; increased uptime

Active probes for fast response

No manual Interaction

Takes action on black-holes

WAN Cost ReductionWAN Cost ReductionWAN Cost ReductionWAN Cost Reduction

Makes best use of multiple links

DSL/3G/4G

• Dynamically influence routing – before users even detect faults• Maintains user experience even in changing network conditions

Cloud EnabledBranch


• PfR reuses many existing technologies

• .. and introduces an algorithm and comms link

NetFlow

Policy Based Routing (PBR)

Routing Protocols

IP SLA

AVC (NBAR)

Border Router (BR)Master Controller (MC)

State Machines

Timers

Control Loop


• ISR G2 (1800 router upward) – Requires DATA license

• ASR 1000 – Requires AdvIp/AdvEnt

• Additional recommended licenses: SEC (required for encryption over the Internet), AVC (ideal for additional visibility/control functions)

Platform License or Image DescriptionISR G2 (1800 upwards) Data (e.g. SL-19-DATA-K9) Needed for PfR

Security (e.g. SL-19-SEC-K9) Needed for DMVPNASR 1000 Advanced Enterprise K9 or

Advanced IP K9Needed for PfR and DMVPN

FLASR1-IPSEC License for DMVPNFLASR1-AVC Recommended to use AVC at the

HQ


Cloud Lean Branch Rapid ScalabilityWorkplace Flexibility

BYOD

IPv6 Cloud AppsAuth/Encrypt

Video Smartphone AdoptionBusiness Video Immersive Video

VDI

Software Capabilities Unified FabricSave Costs

• Market transitions leading to apps in Clouds and DCs


• WAN connectivity options (e.g. DSL, 3G, 4G)DSL is more reliable than it was 5 years ago

3G offers high throughput

4G offers low latency

• Drive to remain cost-effective and maintain performanceOpportunity to reduce costs greatly; 75-90% savings in WAN costs per branch is possible with PfR


• Maintain cost-effectiveness/sustain savings moving to PfR/NGN

• Get best utilisation from 2 DSL lines

• Best user experience for business-critical apps:Protect business-critical apps

Ensure the app works, and is responsive

• Maintain app performance even if a DSL line is suffering from contention or anything else causing packet loss or delay

• Ability to handle voice and video, on the same solution, at zero additional cost

• Have a solution that will work with DMVPN, GET VPN and other features

• Something that also works with 3G, i.e. access-agnostic


Requirement: Improve user experience Solution: PfR to maintain application performanceBenefits:Per-application policies can be set using the parameters that matter for the scenarioDynamic best path determination before the user even uses the applicationVoice and video performance is dynamically maintained throughout the callSelects best path in both directions (Branch and HQ)

Requirement: Make best use of multiple links Solution: PfR to provide load balancingBenefits:The entire bandwidth of multiple links can be usedApplications will move link to meet performance needsCost minimization; load balancing takes into account ISP billing model

Requirement: Increased branch uptime Solution: PfR to control all WAN linksBenefits:Most cost-effective way of increasing uptimeNo manual interaction neededTakes action on black-holes which traditional routing will not detect


(aka External Interfaces)

• PfR controlled exits – known as Exit Links

• PfR is transport agnostic, and ISP agnostic


• Some example topologies (redundancy not shown)

• Master Controller and Border Router can be co-located

MC

BR

MC BR

Branch

BR

WAN Aggregation

MC

BR

BR

Enterprise Edge

Exit Links


• TCP/IP communication between MC and BR

• Example message flows:

Red: Setting/querying statistics via NetFlow

Green: Programming in a new path

Reporting

Database

Config

Passive DataController

Top Talker Controller

Active ProbeController

Policy Decision Point

Master Controller

NetFlow Export

Top TalkerExport

Active ProbeExport

NetFlow API

SAA API

PBR API

Policy Enforcement Point

NetFlow Client

NBAR Client

PfR Client

RP RP ESP

Border Router


• Branch to HQ direction

• HQ to Branch direction


1. Identify traffic of interest

2. Monitor the traffic

3. Compare with policy

4. Apply path enforcement

5. Control loop


Automatic LearningHighest throughput destinations

Most delay-suffering (TCP)

Manual LearningIP addresses of important destinations

Configured in prefix lists

1. Identify traffic of interest 2. Monitor the traffic 3. Compare with policy 4. Apply Path Enforcement 5. Control loop


• Several methods possible: Passive, Active and some hybrids

Some ExamplesLatency: TCP handshake

Packet loss: TCP sequence numbers

UDP, TCP, ICMP probes

RTP probes



Active mode(delay, loss, reachability, jitter, MOS)

Current exits: always

Other exits: only when current exit is OOP

‘Both’ mode Current exits: always

Other exits: only when current exit is OOP

‘Fast’ mode All exits: always

Useful for Enterprise Edge only

Allows for best path determination even without traffic

Provides additional data points

Ultra-quick best path determination

Passive mode(delay, loss, reachability, throughput)

As soon as configured (manual mode)

As soon as traffic identified (automatic mode)



• ‘Relative’ and ‘Threshold’ methods of specification are possible



A parent route needs to exist!


Inside the ASR 1000

Exact route already exists

Change local preference, or modify next-hop

Higher route exists Prefix-split injected (not sent outside AS)

More granularity needed

PBR used



Responsiveness

Prevent ‘flapping’

Allow network to ‘settle’

Hold-down timer – delay between exit changes

Back-off timer – delay if no suitable exit can be found


No

Monitor Prefixes and

Exits

Out-of-Policy

Decision

Optimal Exit

Link Selection

Change a Prefix Exit

Link

Damping

Yes No Better EL

Yes

Yes

Apply failed

• Monitoring can be passive, active (probes) or some hybrids

• What is measured passively? Throughput, TCP latency, TCP packet loss, TCP ‘reachability’(i.e. were there SYNs with no ACK?)

• What active probes are available? ICMP echo (ping) to see if the destination is alive, UDP and TCP probe, RTP probes (for jitter, latency, etc).

• How are paths enforced? – PfR will choose the best method. It can influence routing tables, or use dynamic route-maps, or static routing. There is a control loop to make sure changes are effective.

• The damping is used to ensure stability


DefaultTraffic initially identified or configured

InPolicyTraffic meets

configured policy

OOPOut-of-policy;

no routes meet the configured

policy

HolddownWait state to

prevent flapping and gather rapid measurements

InterimInterim state

while link selection is

made

UnreachableOOP

Short delayto allow

configuration to settle

Successfulexit selection

Periodic selection configured

OOP No suitable exit

Backoff timehas expired

Newexit selection Holddown time

has expired

Unreachable


• Number of traffic classes: 20k TCsTotal TC = TC per branch x number of branches

In practise, this will easily allow 300-500 branches per cluster

• Number of branches: 300 (with a high number of TCs)Realistically slightly higher should be possible with a reasonable number of TCs, but needs testing beyond 300

• IP SLA responder sizingUse Performance dashboard: http://wwwin-tools.cisco.com/CCIT/GPEOBI/saw.dll?PortalPages&PortalPath=/shared/Meteoric%20Dashboard/_portal/Meteoric%20%28ASR1k%20Performance%29

Realistically, ASR 1001 should be sufficient for most deployments

• DPI (NBAR)There is a performance hit, but realistically not all traffic needs this to identify the important traffic. ASR 1002-X has good DPI capability – 5Gbit/sec of inspected traffic

XE 3.8


• HQ MC, BRASR 1002-X or ASR 1004

• IP SLA ResponderASR 1001 or ASR 1002-X

• Branch routers1800 series upwards

Significant levels of NBAR? Pick a router model one step up


• Network ManagementPrime Infrastructure is a good for configuration of PfR (create a template)

Monitoring: Prime Infra 2.0 doesn’t really address this well

ActionPacked has already demonstrated monitoring for PfR

Plixer is another vendor with PfR monitoring capability

• Further scale improvementsCENT (Connected ENTerprise) will address this towards the end of next year


• PfR supports modern requirements – WAN performance is more critical to the enterprise today

• PfR:Improves user experience

Makes best use of multiple links and is cost effective

Greatly increases application availability and reliability

• PfR is access-agnostic, ISP-agnostic

• PfR can be combined with DMVPN, HQoS and other Cisco solutions (e.g. MediaNet)

• PfR helps combat against other vendor routers; they don’t have a good equivalent solution today

Performance routing Pfr

Technology

Transcript of Performance routing Pfr