cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1037
Views
0
Helpful
8
Replies

Help with PFR

ubsaccount
Level 1
Level 1

I was just curious why there is no Backup channel on some traffic class and backup channel on others.

 Exchange Application:


Dst-Site-Prefix: 192.168.0.0/6 Application: exchange DSCP: default [0] Traffic class id:48670 app_id:218103857
Clock Time: 20:44:35 (UTC) 05/28/2017
TC Learned: 00:07:24 ago
Present State: CONTROLLED
Current Performance Status: in-policy
Current Service Provider: INET1 since 00:06:53
Previous Service Provider: Unknown
BW Used: 0 Kbps
Present WAN interface: Tunnel11 in Border 172.16.1.1
Present Channel (primary): 275 INET1 pfr-label:0:11 | 0:0 [0xB0000]
Backup Channel: none
Destination Site ID bitmap: 1
Destination Site ID: X.X.X.X
Class-Sequence in use: 70
Class Name: email using policy low-latency-data
BW Updated: 00:03:24 ago
Reason for Latest Route Change: Uncontrolled to Controlled Transition
Route Change History:

LDAP Application

Dst-Site-Prefix: 192.168.0.0/16 Application: ldap DSCP: default [0] Traffic class id:48726 app_id:50332037
Clock Time: 20:50:58 (UTC) 05/28/2017
TC Learned: 00:04:15 ago
Present State: CONTROLLED
Current Performance Status: in-policy
Current Service Provider: INET1 since 00:03:44
Previous Service Provider: Unknown
BW Used: 1 Kbps
Present WAN interface: Tunnel11 in Border 172.16.1.1
Present Channel (primary): 276 INET1 pfr-label:0:0 | 0:0 [0x0]
Backup Channel: 284 INET2 pfr-label:0:0 | 0:0 [0x0]
Destination Site ID bitmap: 0
Destination Site ID: X.X.X.X
Class-Sequence in use: 10
Class Name: net-admin using policy low-latency-data
BW Updated: 00:03:49 ago
Reason for Latest Route Change: Uncontrolled to Controlled Transition
Route Change History:

8 Replies 8

Mark Malone
VIP Alumni
VIP Alumni

Are you using IWAN or standard PFR on its own ?

check the master and border router where the policies are held and pushed , you will see if there is configuration setup for a backup path for that traffic , in some cases they wont want certain traffic making use of the internet paths as they mat not be as stable as the say the MPLS , its all based on design and what traffic gets shifted where when the thresholds etc are met, they may only want exchange traffic over the primary for that reason

We are using IWAN.  The Master controller shows backup channel for exchange, but on the Spoke it does not show backup channel for exchange.  

Then you have an issue somewhere maybe on the spoke itself  , it should show its path if its setup right and the dscp markings are set for the backup path too as its the redundant path , I cant say really anything further from what's been provided  but I would look at a working application and follow it through against the exchange app and see where the diff is in config master to spoke , something has to be causing it , in pfr it doesn't just chose you set it to do that

Correction we are using IWAN

same thing were using IWAN too its just got even more config to look at unfortunately

so when you do a show domain XXXXX master traffic-class... your not seeing the backup channel on spoke at all like  below for all traffic-classes , you have setup per application on spoke side instead for all apps ?

 Present WAN interface:      Tunnel12 in Border x.x.x.x
  Present Channel (primary):  806 H2S_I pfr-label:2:12 | 0:0 [0x20C0000]
  Backup Channel:             793 H2S_M pfr-label:2:11 | 0:0 [0x20B0000]

For some destination I am seeing back channels for some  on the spoke, but not for all application. 

"you have setup per application on spoke side instead for all apps ?"

I'm not sure are you asking me if  I have to setup backup channels per application?


The HUB set all the configs automagically on the spokes

BTW how is IWAN working out for you guys?

this is difficult without seeing design and setup as IWAN Pfr can be built multiple ways ,on you're spoke sites you have 2 links yes ?

what command on the spoke sites are you using to see that the exchange traffic is not on the backup , I check mime with the command above which shows a present path for primary and backup traffic all classes not application specific , the application specific stuff is set on the master router and then the border router enforces it what's on the master

BTW how is IWAN working out for you guys?

We have had to move through multiple images to find a stable release to stop tunnels failing and we also had issues with certs authentication and DMVPN but were over the hurdle now a bit it seems , its a good technology but some of the images seem to have problems , were running .155-3.S5 on ASRs and 4331s which seems ok now , not seeing half the issues as the earlier images

Yes we have two links  on the spoke.  

The command I am using is " show domain XXX master traffic-classes | begin exchange.

Seems like we're running into the same hurdles you guys are.  

We have two data centers.  We are at the begging stages of deploying IWAN and currently testing on one spoke.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: