Pfr/OER query !

Jonn cos · ‎05-22-2011

Hi all experts.

We have 200 branches and 1 hub. Branches are using 1801 or 1841 routers with advsecurityk9. Hub is using ASR1002 15.0 IOS. Each branch has dual 1mb connectivity with hub. Now we want to optimally use the links, such that, all http traffic is traversing one link while lotusnotes, microsoft-ds traffic traverses the other link. I can easily do PBR on branch end but for the return traffic from ASR (behind which all the servers are centralized like lotusnotes, AD, etc) it will be very hactic.

I was reading about Pfr and thinking, can it do the job ? do you guys recommend such configuration with 200+ branches ?

Reza Sharifi · ‎05-22-2011

Hi John,

Have a look at the faq regarding the pfr.

the config sample is pretty complicated. Pfr had been out there since 2010 only. So it is new and I don't see a whole a lots of documentation, general knowledge and deployment scenarios for it. I would really test this in lab environment very extensively before deploying it to 200 sites.

BTW, if you have to configure it on both hub and spoke sites, pfr is not supported on the 1800 series.

Q. Can inbound traffic be optimized?

A. Yes, Performance Routing can optimize inbound traffic. Performance Routing downgrades a nonpreferred entrance by prepending Border Gateway Protocol (BGP) autonomous system numbers or by adding a community to external route advertisements associated with this entrance.

here is the faq

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/prod_qas0900aecd806c4f03.html

HTH

Reza

Luc De Ghein · ‎05-22-2011

Hi,

One correction, PfR has been out there much longer. It has been out for over 5 years. It was however called OER or Optimized Exit Routing before, but it is the same thing, only the name was changed.

Thanks,

Luc

Joseph W. Doherty · ‎05-22-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I haven't experience with ASRs, but otherwise, yes, OER/PfR can help optimize utilization of your links. Optimization can be very basic, such as just dynamically load balancing a site's WAN links, more advanced such as load balancing end-to-end, and extremely advanced, at least with PfR, also tying policy to different traffic types. OER/PfR works with outbound, but PfR (sort of version 2 OER) also supports inbound balancing, as the other poster also noted.

From the little you've described, difficult to suggest how complex an OER/PfR implementation you might best benefit from. As with much else, often you do reach a point of diminishing returns, where additional complexity offers little extra benefit.

Assuming you've also implemented some kind of QoS policy for different traffic type management, you might first just try outbound dynamic load balancing. Even something as simple as this can quickly become complex depending on whether your have OER/PfR inject known networks, dynamically split networks, or, with PfR, dynamically use PBR for different flow types.

PS:

Regarding your concern with 200 branches, since OER was originally designed, I believe, for Internet optimization, it seems to scale pretty well at least in passive analysis mode. If you enable active analysis, I've found, you may need to be a little more careful how much of that will be performed.