RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
timaz
Member
Posts:
246
Joined:
Sat May 31, 2008 2:25 pm

PfR profile phase

Wed May 09, 2012 5:32 am

Hi all. I was working on PfR profile phase and encountered with some issus. I have 3 routers (R1, R2 and R3) connecting through LAN, with R3 as the border that connects to R4 router. R1 is the OER master and R3 is the OER border. I creted 3 loopback interfaces on R4 with the ip addresses of 44.44.44.44/32 - 45.45.45.45/32 - 46.46.46.46/32.

I configured 2 OER Learn Lists on R1 which point to these 2 ACLs:

Extended IP access list 100
10 permit tcp any any eq 22
20 permit udp any any eq 22
Extended IP access list 101
10 permit icmp any any


my goal is configuring OER learn lists that will learn "SSH traffic to 46.46.46.46" and "ICMP traffic to 44.44.44.44". for the sake of test, I established a telnet to 45.45.45.45 that I expected to not to be learnt by PfR. besides, my PfR policies are as follows:


oer master
logging
!
learn
delay
list seq 1 refname ssh_traffic
traffic-class access-list 100
aggregation-type prefix-length 32
list seq 2 refname icmp_traffic
traffic-class access-list 101
aggregation-type prefix-length 16
no max range receive
!
oer-map icmp_map 10
match oer learn list icmp_traffic
set active-probe echo 44.44.44.44
!
oer-map ssh_map 10
match oer learn list ssh_traffic
set jitter threshold 30
set active-probe jitter 44.44.44.44 target-port 10000
!



I expected R1 to learn 2 traffic-classes as follows:

44.44.0.0/16 and 46.46.46.46/32


but when I issued "sh oer master traffic-class" command on R1, th traffic classes learnt by R1 was 45.45.45.0/24 and 46.46.46.0/24. what part of my config was wrong?
timaz

User avatar
ristau5741
Post Whore
Posts:
10547
Joined:
Tue Aug 21, 2007 2:15 pm
Certs:
Instanity

Re: PfR profile phase

Wed May 09, 2012 7:43 am

I don't think you are implementing the tool properly,
see here
http://www.cisco.com/en/US/docs/ios/12_ ... ervto.html
Tips of the day:
- The human mind is the ultimate creation invention.
- I have so many customers, my customers have customers.
- Sausage time
- POP, stack, and store

timaz
Member
Posts:
246
Joined:
Sat May 31, 2008 2:25 pm

Re: PfR profile phase

Wed May 09, 2012 8:31 am

my focus on this config is profile phase and the problem is about learn list that seems to learn unexpected traffic. can u\anybody analyze the issue and give a solution to solve this issue?
timaz

zerojunkie
Senior Member
Posts:
372
Joined:
Mon Jan 26, 2009 5:59 pm

Re: PfR profile phase

Wed May 09, 2012 9:56 am

Hrm, my config has a "traffic-class filter access-list xxxx" where the ACL deny's ip any any. Then my lists are defined. Maybe that's why it's picking up unintended traffic.

timaz
Member
Posts:
246
Joined:
Sat May 31, 2008 2:25 pm

Re: PfR profile phase

Wed May 09, 2012 10:22 am

zerojunkie wrote:Hrm, my config has a "traffic-class filter access-list xxxx" where the ACL deny's ip any any. Then my lists are defined. Maybe that's why it's picking up unintended traffic.


I reviewed many sample configs in Cisco Config Guide, but none of them had "filter" on their command lists. and another issue; do u have any idea about prefix-lengths which was learned? as I entered "aggregation-type prefix-length" command about each learn list, the prefixes was learned must be in the form of /32 and /16. but all of the learned prefixes have /24, as determined by default. !?
I put a sample config taken from Cisco PfR Config guide here:

ip access-list extended USER_DEFINED_TC
permit tcp any any 500
permit tcp any any range 700 750
permit udp any eq 400 any
permit ip any any dscp ef
exit
pfr master
learn
list seq 10 refname CUSTOM_APPLICATION_TC
traffic-class access-list USER_DEFINED_TC
aggregation-type prefix-length 24
throughput
exit
exit
pfr-map POLICY_CUSTOM_APP 10
match learn list CUSTOM_APPLICATION_TC
end
timaz

'

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: Bing [Bot], Yahoo [Bot] and 19 guests