CONMUTACIN Y RUTEO II

Clase 3. Router Virtualization,

PBR & IP SLA
Alberto Arellano A. Ing. Msc.
aarellano@espoch.edu.ec CCNA
CCNP - CCSP

Network Virtualization
The term network virtualization refers to the creation of logical isolated network
partitions overlaid on top of a common enterprise physical network infrastructure

Evolution of Network Virtualization

It has evolved a long way from technologies like TDM (1960s)
From TDM, ATM/FR Virtual Circuits in the WAN, to
VLANs in the Campus, to
Logical/Virtual Routers on routing devices, to
Virtual Machines on server clusters in the data center

Enterprise Network Virtualization

Device Partitioning L2 & L3 technology

Virtualize at Layer 2 forwarding

Associates to one or more L2
interfaces on switch
Has its own MAC forwarding
table and spanning-tree
instance per VLAN
VLANs are extended via a
physical cable or virtual 802.1q
trunk

Virtualize at Layer 3 forwarding

Associates to one or more Layer
3 interfaces on router/switch
Each VRF has its own
Forwarding table (CEF)
Routing process (RIP,
EIGRP, OSPF, BGP)

Network Device Virtualization with VRF

A VRF instance consists of an IP routing table, a derived forwarding
table, a set of interfaces that use the forwarding table, and a set of
rules and routing protocols that determine what goes into the
forwarding table

VRF-Lite
A VRF supports its own Routing Information Base (RIB) and
Forwarding Information Base (FIB)
VRF-lite is VRF without MPLS
Leverages Virtual encapsulation for separation:
Ethernet/802.1Q, GRE, Frame Relay
Routing protocols are VRF aware
RIP/v2, EIGRP, OSPF, BGP, static (per VRF)
Layer 3 interfaces can only belong to a single VRF

VRF-Lite Configuration
1. Create and name VRFs
ip vrf VRF1
ip vrf VRF2
ip vrf VRF3
2. Attached VRFs to desired interfaces
interface FastEthernet0/0
ip vrf forwarding VRF1
ip address 10.0.0.1 255.255.255.0
no shut
3. Apply routing to specific VRF
router ospf 1 vrf VRF1
network 10.0.0.0 255.255.255.255 area 0
router ospf 2 vrf VRF2
network 10.0.0.0 255.255.255.255 area 0

Example 1. VRF-Lite OSPF

Step 1. Configure IP ADDRESS / Interface

10

Step 2. Create VRF R3, R4 & R5

11

Step 3. Assign Interface to VRFs

12

Step 3.1. Verify Assign Interface to VRFs

13

Step 3.1. Verify Assign Interface to VRFs

14

Step 4. Apply Routing Protocol

15

Step 4. Apply Routing Protocol

16

Step 5. Static Routing CE->PE

17

Lab 2. VRF-Lite

18

Concepts of Path Control

Path control tools can be used to change the default destination forwarding
and optimize the path of the packets for some specific application
Path Control is controlling the path that traffic takes through a network when
there are:
Redundant paths
Asymmetric paths (form of redundancy)
Two tools for path control are detailed:
Policy Based Routing (PBR)
IP service level agreements (SLAs)

19

Policy-Based Routing
Allows you to implement policies that selectively cause packets to take
different paths.
IP routing is destination-based
PBR is source-based routing
Is applied to incoming packets
Makes traffic marking possibility
Requires a route map to implement the policy
Matched routes are modified by set commands

Policy-Based Routing Benefits

Source-based transit provider selection
Internet service providers and other organizations can use
policy-based routing to route traffic originating from different
sets of users through different Internet connections across the
policy routers

QoS
Organizations can provide QOS to differentiated traffic
bysetting the precedence or type of service (TOS) values in the
IP packet headers at the periphery of the network and
leveraging queuing mechanisms to prioritize traffic in the core
or backbone of the network

Cost savings
Organizations
can
achieve
cost
savings
by distributing interactive and batch traffic among lowbandwidth, low-cost permanent paths and high-bandwidth,
high-cost, switched paths

Steps to Implement Path Control

1. Match traffic to manipulate the path
2. Define the action for matched traffic
3. Apply path control to traffic
To incoming traffic
To traffic local to the router
4. Verify path control results

Match Options (a sample)

Router(config-route-map)#match length min max

Matches the Layer 3 length of the packet.

Router(config-route-map)# match ip address {accesslist-number | name} [...access-list-number | name]

Matches the source and destination IP address that is

permitted by one or more standard or extended access lists.
If you do not specify a match command, the route map
applies to all packets.

23

Set Options (a sample)

Router(config-route-map)#set ip precedence [number | name]
Sets precedence value in the IP header. You can specify either the precedence
number or name.
Router(config-route-map)#set ip next-hop ip-address [... ipaddress]
Sets next hop to which to route the packet (the next hop must be adjacent).
Router(config-route-map)#set interface interface-type interfacenumber [... type number]
Sets output interface for the packet.
Router(config-route-map)#set ip default next-hop ip-address
[...ip-address]
Sets next hop to which to route the packet, if there is no explicit route for this
destination.
Router(config-route-map)#set default interface interface-type
interface-number [... type ...number]
Sets output interface for the packet, if there is no explicit route for this
destination.

24

Requirements for Policy Based Routing

1.1.1.0

1.1.2.0

Match packets with the origin network 1.1.1.0 and 1.1.2.0 and
the destination network 7.7.7.0 and forward them to the next hop
6.6.6.6
Match packets between 3 and 200 bytes in size and forward
them to the interface Ethernet 0
Apply the route map to the incoming interfaces
Verify the configuration

Matching the Traffic (Step 1)

R2(config)#

route-map espoch permit 10

Configure a route map

R2(config-route-map)#

match ip address 10

Matches IP addresses for policy routing

Access list 10 is used to match the IP address
R2(config-route-map)#

match length 3 200

Matches the Layer 3 length of the packet for policy routing

Packets between 3 and 200 bytes long are matched

Policy Routing set Commands (Step 2)

R2(config-route-map)#

set ip next-hop 6.6.6.6

This command defines where to forward packets that pass a

match clause of a route map for policy routing.
Packets that pass the match clause are forwarded to the
router at IP address 6.6.6.6.
R2(config-route-map)#

set interface ethernet 0

This command also defines where to forward packets that

pass a match clause of a route map for policy routing.
Packets that pass the match clause are forwarded to the
Ethernet 0 interface.

Apply Route Maps for PBR (Step 3)

R2(config-if)#

ip policy route-map espoch

This command specifies the route map to use for policy

routing on an incoming interface that is receiving packets that
need to be policy-routed.
R2(config)#

ip local policy route-map espoch

Specifies the route map to use for policy routing of all packets
that originate on the router.

Verifying Policy-Based Routing (Step 4)

R1#

show ip policy

Displays route maps that are configured on the interfaces.

R1#

show route-map [map-name]

Displays a route map.

Example 1. PBR

Traffic from 192.168.10.0/24 forward R3

Traffic from 192.168.11.0/24 forward R5
Traffic from 192.168.12.0/24 forward R4
30

Example 1. PBR

R2

R6

31

Example 1. PBR

32

Example 1. PBR

33

Example 1. PBR

34

Lab 3. PBR

35

Multihomed Scenario
ISP 1
Branch Site

R2
10.1.1.0

.1

Internet
R1

172.16.1.0
.1

ISP 2
R3

Assume that R1 has a multihomed connection to the Internet through ISP1

and ISP2.
Two equal cost default static routes on R1 enable the Cisco IOS to load
balance over the two links on a per-destination basis.
R1 can detect if there is a direct failure on the link to one ISP, and in that case use
the other ISP for all traffic.

Multihomed Scenario Problem !!!!

ISP 1
Branch Site

R2
10.1.1.0

.1

Internet
R1

172.16.1.0

ISP 2

.1

R3

However, what would happen if a link within the ISP 1 provider infrastructure
were to fail?
The link from R1 to R2 would still remain up and the R1 would continue to use that
link because the static default route would still be valid.

How can this situation be corrected?

Dynamic routing between R1 and the ISP networks; not practical !!!!

Multihomed Scenario
ISP 1
Branch Site

R2
10.1.1.0

.1

Internet
R1

172.16.1.0

ISP 2

.1

R3

Another solution is to use either static routes or PBR on R1,

but make them subject to reachability tests toward critical
destinations, such as the DNS servers within the ISP.
If the DNS servers in one of the ISPs go down or are unreachable, the
static route toward that ISP would be removed.

These reachability tests can be performed with IP SLAs.

IP SLA can be configured on R1 to probe the DNS servers frequently.
The IP SLA probes are attached to the static routes.

IP SLAs
The information collected can measure:
Network resource availability
Response time
One-way latency
Jitter (interpacket delay variance)
Packet loss
Voice-quality scoring
Application performance
Server response time

HUAWEI Network Quality Analisys (NQA)

The Network Quality Analysis (NQA) technology measures network performance and
Collects statistics on the delay, jitter, and packet loss ratio.
NQA monitors network quality of service (QoS) in real time and locates and diagnoses
network faults.

40

JUNIPER Real-Time Perfomance Monitor (RPM)

Real-time performance monitoring (RPM) allows you to perform service-level monitoring.
When RPM is configured on a device, the device calculates network performance based
on packet response time, jitter, and packet loss.
These values are gathered by Hypertext Transfer Protocol (HTTP) GET requests,
Internet Control Message Protocol (ICMP) requests, and TCP and UDP requests,
depending on the configuration.

41

IP SLAs Operations
There are two types of IP SLAs
operations:
Those in which the target device is
not running the IP SLAs responder
component (such as a web server
or IP host).

IP SLAs
Source

Generated ICMP traffic to measure network response

R1

DNS
Server

R2

Mostly ICMP generated traffic.

Those in which the target device is

running the IP SLAs responder
component (such as a Cisco
router).
Measurement accuracy is improved
when the target is a responder.
Additional statistics can be
gathered.

IP SLAs
Source

Generated traffic to measure the network

R1

IP SLAs
Responder

R2
MIB data retrieved via SNMP

IP SLA Configuration

43

Define an IP SLA Operation

Define an IP SLA object and enter IP SLA configuration mode.
Router(config)#

ip sla operation-number

The operation-number is the identification number of the IP

SLAs operation you want to configure.
Once entered, the router prompt changes to IP SLA configuration
mode.

ip sla Command Example

R1(config)# ip sla 1
R1(config-ip-sla)# ?
IP SLAs entry configuration commands:
dhcp
DHCP Operation
dns
DNS Query Operation
exit
Exit Operation Configuration
frame-relay Frame-relay Operation
ftp
FTP Operation
http
HTTP Operation
icmp-echo
ICMP Echo Operation
icmp-jitter ICMP Jitter Operation
path-echo
Path Discovered ICMP Echo Operation
path-jitter Path Discovered ICMP Jitter Operation
slm
SLM Operation
tcp-connect TCP Connect Operation
udp-echo
UDP Echo Operation
udp-jitter
UDP Jitter Operation
voip
Voice Over IP Operation

Defining an IP SLAs ICMP Echo Operation

Define an ICMP echo operation from source to non-responder target.
Router(config-ip-sla)#

icmp-echo {destination-ip-address | destination-hostname}

[source-ip {ip-address | hostname} | source-interface
interface-name]
Parameter

Description

destination-ip-address |
destination-hostname

Destination IPv4 or IPv6 address or hostname.

source-ip {ip-address |
hostname}

source-interface
interface-name

(Optional) Specifies the source IPv4 or IPv6 address or

hostname.
When a source IP address or hostname is not specified, IP
SLAs chooses the IP address nearest to the destination.
(Optional) Specifies the source interface for the operation.

icmp-echo Command Example

R1(config-ip-sla)# icmp-echo
R1(config-ip-sla-echo)# ?

209.165.201.30

IP SLAs echo Configuration Commands:

default
Set a command to its defaults
exit
Exit operation configuration
frequency
Frequency of an operation
history
History and Distribution Data
no
Negate a command or set its defaults
owner
Owner of Entry
request-data-size Request data size
tag
User defined tag
threshold
Operation threshold in milliseconds
timeout
Timeout of an operation
tos
Type Of Service
verify-data
Verify data
vrf
Configure IP SLAs for a VPN Routing/Forwarding in-stance
R1(config-ip-sla-echo)#

icmp-echo Sub-Commands
Router(config-ip-sla-echo)#

frequency seconds
Set the rate at which a specified IP SLAs operation repeats.
The seconds parameter is the number of seconds between the IP
SLAs operations with the default being 60 seconds.

Router(config-ip-sla-echo)#

timeout milliseconds
Set the amount of time a Cisco IOS IP SLAs operation waits for a
response from its request packet.
The milliseconds parameter is the number of milliseconds (ms) the
operation waits to receive a response from its request packet.

Schedule an IP SLA Operation

Schedule an IP SLA operation.
Router(config)#

ip sla schedule operation-number [life {forever |

seconds}] [start-time {hh:mm[:ss] [month day | day
month] | pending | now | after hh:mm:ss}] [ageout
seconds] [recurring]]

The ip sla schedule Command Parameters

Parameter

Description

operation-number

Number of the IP SLAs operation to schedule.

life forever

(Optional) Schedules the operation to run indefinitely.

life seconds

(Optional) Number of seconds the operation actively collects information.

The default is 3600 seconds (one hour).

start-time

(Optional) Time when the operation starts.

hh:mm[:ss]

Specifies an absolute start time using hour, minute, and (optionally) second.
Use the 24-hour clock notation.

month

(Optional) Name of the month to start the operation in.

If month is not specified, the current month is used.

day

(Optional) Number of the day (in the range 1 to 31) to start the operation on.
If a day is not specified, the current day is used.

pending

(Optional) No information is collected. This is the default value.

now

(Optional) Indicates that the operation should start immediately.

after hh:mm:ss

(Optional) Indicates that the operation should start this amount of time after this
command was entered.

ageout seconds

(Optional) Number of seconds to keep the operation in memory when it is not

actively collecting information (default is 0 seconds which means it never ages out).

recurring

(Optional) Indicates that the operation will start automatically at the specified time and
for the specified duration every day.

Configure IP SLA Object Tracking

Define tracking objects, to track the state of IP SLAs operations.
Router(config)#

track object-number ip sla operation-number {state |

reachability}
Parameter

Description

object-number

Object number representing the object to be tracked.

The range is from 1 to 500.

operation-number

Number used for the identification of the IP SLAs operation you

are tracking.

state

Tracks the operation return code.

reachability

Tracks whether the route is reachable.

Static Routing and IP SLAs

Configure a static route for IP SLAs tracking.
Router(config)#
ip route prefix mask address interface dhcp distance name
next-hop-name permanent track number tag tag
Parameter
prefix mask
address

Description
The IP network and subnet mask for the remote network to be entered into the IP
routing table.
The IP address of the next hop that can be used to reach the destination
network.

interface

The local router outbound interface to be used to reach the destination network.

dhcp

(Optional) Enables a DHCP server to assign a static route to a default gateway.

distance

(Optional) The administrative distance to be assigned to this route.

name next-hop-name

(Optional) Applies a name to the specified route.

permanent

(Optional) Specifies that the route will not be removed from the routing table
even if the interface associated with the route goes down.

track number

(Optional) Associates a track object with this route.

Valid values for the number argument range from 1 to 500.

tag tag

(Optional) A value that can be used as a match value in route maps.

Verifying IP SLAs
Command
show ip sla
configuration
[operation]

Description
Display configuration values including all defaults for all
Cisco IOS IP SLAs operations, or for a specified operation.
The operation parameter is the number of the IP SLAs
operation for which the details will be displayed.

show ip sla
Display the current operational status and statistics of all
statistics [operationnumber | details]

Cisco IOS IP SLAs operations, or of a specified operation.

Example IP SLA
OSPF 10

Example IP SLA

Example IP SLA
1

Example IP SLA
5

Taller. PBR &IP SLA