Hi all. I was working on PfR profile phase and encountered with some issus. I have 3 routers (R1, R2 and R3) connecting through LAN, with R3 as the border that connects to R4 router. R1 is the OER master and R3 is the OER border. I creted 3 loopback interfaces on R4 with the ip addresses of 44.44.44.44/32 - 45.45.45.45/32 - 46.46.46.46/32.

I configured 2 OER Learn Lists on R1 which point to these 2 ACLs:

Extended IP access list 100
10 permit tcp any any eq 22
20 permit udp any any eq 22
Extended IP access list 101
10 permit icmp any any

my goal is configuring OER learn lists that will learn "SSH traffic to 46.46.46.46" and "ICMP traffic to 44.44.44.44". for the sake of test, I established a telnet to 45.45.45.45 that I expected to not to be learnt by PfR. besides, my PfR policies are as follows:


oer master
logging
!
learn
delay
list seq 1 refname ssh_traffic
traffic-class access-list 100
aggregation-type prefix-length 32
list seq 2 refname icmp_traffic
traffic-class access-list 101
aggregation-type prefix-length 16
no max range receive
!
oer-map icmp_map 10
match oer learn list icmp_traffic
set active-probe echo 44.44.44.44
!
oer-map ssh_map 10
match oer learn list ssh_traffic
set jitter threshold 30
set active-probe jitter 44.44.44.44 target-port 10000
!


I expected R1 to learn 2 traffic-classes as follows:

44.44.0.0/16 and 46.46.46.46/32


but when I issued "sh oer master traffic-class" command on R1, th traffic classes learnt by R1 was 45.45.45.0/24 and 46.46.46.0/24. what part of my config was wrong?

_________________
ciscoworlds.com
timaz mohsenzadeh

I don't think you are implementing the tool properly,
see here
http://www.cisco.com/en/US/docs/ios/12_ ... ervto.html

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

my focus on this config is profile phase and the problem is about learn list that seems to learn unexpected traffic. can u\anybody analyze the issue and give a solution to solve this issue?

_________________
ciscoworlds.com
timaz mohsenzadeh

Hrm, my config has a "traffic-class filter access-list xxxx" where the ACL deny's ip any any. Then my lists are defined. Maybe that's why it's picking up unintended traffic.

I reviewed many sample configs in Cisco Config Guide, but none of them had "filter" on their command lists. and another issue; do u have any idea about prefix-lengths which was learned? as I entered "aggregation-type prefix-length" command about each learn list, the prefixes was learned must be in the form of /32 and /16. but all of the learned prefixes have /24, as determined by default. !?
I put a sample config taken from Cisco PfR Config guide here:

ip access-list extended USER_DEFINED_TC
permit tcp any any 500
permit tcp any any range 700 750
permit udp any eq 400 any
permit ip any any dscp ef
exit
pfr master
learn
list seq 10 refname CUSTOM_APPLICATION_TC
traffic-class access-list USER_DEFINED_TC
aggregation-type prefix-length 24
throughput
exit
exit
pfr-map POLICY_CUSTOM_APP 10
match learn list CUSTOM_APPLICATION_TC
end

_________________
ciscoworlds.com
timaz mohsenzadeh