This chapter starts by discussing path control fundamentals. Three tools for path control are detailed: offset lists, Cisco IOS IP service level agreements (SLAs), and policy-based routing (PBR). The chapter concludes with a discussion of advanced path control tools.
Understanding Path Control
This section introduces path control performance issues and introduces the tools available to control path selection.
Assessing Path Control Network Performance
This chapter is concerned with controlling the path that traffic takes through a network. In some cases, there might be only one way for traffic to go. However, many networks include redundant paths, by having redundant devices or redundant links. In these cases, the network administrator may want to control which way certain traffic flows.
The choice of routing protocol or routing protocols used in a network is one factor in defining how paths are selected; for example, different administrative distances, metrics, and convergence times may result in different paths being selected. As described in Chapter 4, “Manipulating Routing Updates,” when multiple routing protocols are implemented, inefficient routing may result. For example, two-way multipoint redistribution requires careful planning and implementation to ensure that traffic travels the optimal way, and that there are no routing loops.
When a network includes redundancy, other considerations include the following:
-
Resiliency— Having redundancy does not guarantee resiliency, the ability to maintain an acceptable level of service when faults occur. For example, having redundant links between two sites does not automatically result in the backup link being used if the primary link fails. Configuration is necessary to implement failover, and to use the backup link for load sharing if that is desired. (Even if failover is configured correctly, the redundant link may not operate when needed; for example, if it uses the same physical infrastructure as the primary link.)
-
Availability— The time required for a routing protocol to learn about a backup path when a primary link fails is the convergence time. If the convergence time is relatively long, some applications may time out. Thus, using a fast-converging routing protocol, and tuning parameters to ensure that it does converge fast, is crucial for high-availability networks.
-
Adaptability— The network can also be configured to adapt to changing conditions. For example, a redundant path could be brought up and used when the primary path becomes congested, not just when it fails.
-
Performance— Network performance can be improved by tuning routers to load share across multiple links, making more efficient use of the bandwidth. For example, route advertisements for specific prefixes can be advertised on one link to change the balance of bandwidth use relative to other links.
-
Support for network and application services— More advanced path control solutions involve adjusting routing for specific services, such as security, optimization, and quality of service (QoS). For example, to optimize traffic via a Cisco Wide Area Application Services (WAAS) Central Manager, traffic must be directed to flow through the Cisco WAAS device.
| Note | Cisco WAAS is a WAN optimization and application acceleration solution that optimizes application and video delivery over a WAN, and is illustrated briefly in the “Cisco Wide Area Application Services” section, later in this chapter. |
-
Predictability— The path control solution implemented should derive from an overall strategy, so that the results are deterministic and predictable. For example, traffic is bidirectional by nature; for every packet that goes out, a reply typically must come back. When configuring a routing protocol to deploy a path control strategy, consider both upstream and downstream traffic. For example, changing or tuning downstream advertisements toward a server farm could adversely affect upstream traffic flows from the server farm.
-
Asymmetric traffic— Asymmetric traffic, traffic that flows one on path in one direction and on a different path in the opposite direction, occurs in many networks that have redundant paths. Asymmetry, far from being a negative trait, is often desirable network trait, because it uses available bandwidth effectively, such as on an Internet connection on which downstream traffic may require higher bandwidth than upstream traffic. Border Gateway Protocol (BGP) includes a good set of tools to control traffic in both directions on an Internet connection. However, in most routing protocols, there are no specific tools to control traffic direction.
In a part of a network that includes devices or services such as stateful firewalls, Network Address Translation (NAT) devices, and voice traffic, which require symmetrical routing, traffic symmetry must be enforced or the services must be tuned to accommodate asymmetry. For example, asymmetry in voice networks may introduce jitter and QoS issues. In other areas of the network, though, it might be inefficient and undesirable to try to engineer artificial symmetry.
Optimal routing in terms of network utilization within specific requirements is typically a design goal. Those requirements should be considered within the context of the applications in use, the user experience, and a comprehensive set of performance parameters. These parameters include delay, bandwidth utilization, jitter, availability, and overall application performance. Even if the routing table on the routers includes the necessary prefixes, applications might still fail if the performance requirements are not met.
Path Control Tools
Unfortunately there is not a “one-command” solution to implement path control. Instead, many tools are available.
Path control tools include the following:
-
A good addressing design: A good design should include summarizable address blocks and classless interdomain routing (CIDR) that align with the physical topology. These aspects are key to a stable network. As discussed in Chapter 1, “Routing Services,” summarization hides addressing details, isolates routing issues, and defines failure domains. Controlling summarization in strategic areas of the network affects path control. For example, in the network in Figure 5-1, the 10.0.0.0/8 summary is advertised from both routers, and the more specific route for 10.1.80.0/24 is advertised from the router on the right, providing direct access to that subnet. The resulting traffic flows are deterministic and more resilient.
Figure 5-1: Advertising Summaries and More-Specific Routes Affects Traffic Flow.
-
Redistribution and other routing protocol characteristics— The capabilities of the routing protocol used can help implement a path control strategy more effectively, as summarized in Table 5-1. For example, Enhanced Interior Gateway Routing Protocol (EIGRP) automatically summarizes on network boundaries, and Open Shortest Path First (OSPF) can summarize only on Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). Metrics can be changed and external routes can be tagged during redistribution between protocols. When multiple routing protocols are used, routes must be redistributed between them carefully, as detailed in Chapter 4.
Table 5-1: Routing Protocol Characteristics
Open table as spreadsheet | Characteristic | OSPF | EIGRP |
| Route marking | Tags for external routes can be added at distribution points. | Tags for all routes can be configured. |
| Metric | Can be changed for external routes at redistribution points. | Can be set using route maps. |
| Next hop | Can be changed for external routes at redistribution points. | Can be set for all routes under various conditions. |
| Filtering | Summary information can be filtered at ABRs and ASBRs. | Can be configured anywhere for any routes. |
| Route summarization | Can be configured only on ABRs and ASBRs. | Can be configured anywhere for any routes. Autosummarization is on by default.[1] |
| Unequal-cost load balancing | Not available. | Available, with variance command. |
| |
-
Passive interfaces— As also described in Chapter 4, passive interfaces prevent a routing protocol’s routing updates from being sent through the specified router interface.
Other tools include the following:
-
Distribute lists
-
Prefix lists
-
Administrative distance
-
Route maps
-
Route tagging
-
Offset lists
-
Cisco IOS IP SLAs
-
PBR
The first five of these tools were covered in Chapter 4; the others are the focus of the rest of this chapter.
| Note | Three other tools are covered in the “Advanced Path Control Tools” section, at the end of the chapter. |
You can use all of these tools as part of an integrated strategy to implement path control, as illustrated in Figure 5-2. It is important to have a strategy before implementing specific path control tools and technologies.
For example, filters allow specific control of routing updates and provide security mechanisms to hide specific destinations. In contrast, PBR can bypass the routing table and define a path based on static or dynamic information, forcing traffic to specific destinations such as security appliances, NAT devices, and WAN optimization elements.
As another example, by controlling and filtering routing updates in one direction, you can affect traffic flowing in the opposite direction and prevent that traffic from reaching those destinations
By tagging routes by using route maps, you can define priorities for specific destinations along multiple paths, allowing those paths to be used in a deterministic order. For example, on an Internet connection when multiple exit points exist out of a network, route maps can be used to tag and define priorities for specific destinations.
Implementing Path Control Using Offset Lists
This section introduces offset lists and how to configure and verify path control using offset lists.
Using Offset Lists to Control Path Selection
An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via EIGRP or Routing Information Protocol (RIP). (Offset lists are only used for distance vector routing protocols.) Optionally, an offset list can be limited by specifying either an access list or an interface.
Configuring Path Control Using Offset Lists
To add an offset to incoming and outgoing metrics to routes learned via EIGRP or RIP, use the offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interface-number] router configuration command, as explained in Table 5-2.
Table 5-2: offset-list Command
Open table as spreadsheet | Parameter | Description |
| access-list-number | access-list-name | Standard access list number or name to be applied. Access list number 0 indicates all access lists. If the offset value is 0, no action is taken. |
| in | Applies the access list to incoming metrics. |
| out | Applies the access list to outgoing metrics. |
| offset | Positive offset to be applied to metrics for networks matching the access list. If the offset is 0, no action is taken. |
| interface-type interface-number | (Optional) Interface type and number to which the offset list is applied. |
The offset value is added to the routing metric. An offset list that specifies an interface type and interface number is considered to be an extended list and takes precedence over an offset list that is not extended. Therefore, if an entry passes the extended offset list and a normal offset list, the offset of the extended offset list is added to the metric.
Figure 5-3 illustrates an example network in which an organization is using RIP and is connected to the Internet service provider (ISP) via edge Routers R4 and R5. A subset of routes is received from each of the edge routers. The metric between Routers R2 and R5 is smaller than the metric between Routers R2 and R4, because it is only one hop. However, this is very slow link. An offset list can be used on Router R2 so that it prefers the path toward the edge Router R4 for a specific set of destinations.
A partial configuration of Router R2 is shown in Example 5-1. In this example, the offset-list 21 in 2 serial 0/0 command adds an offset of 2 to the metric of routes learned from interface serial 0/0 (connected to Router R5) that are permitted by access list 21. Access list 21 permits a specific set of routes (any in the 172.16.0.0/16 network) being learned from Router R5. This command is entered in RIP configuration mode on Router R2. This configuration results in the path toward Router R4 being considered better for the set of selected routes; R4 becomes the preferred way out toward the ISP for these routes.
Example 5-1: Offset List Configuration for Router R2 in Figure 5-3
router rip
offset-list 21 in 2 serial 0/0
!
access-list 21 permit 172.16.0.0 0.0.255.255
Verifying Path Control Using Offset Lists
You can use the traceroute EXEC to verify that an offset list is affecting the path that traffic takes.
The routing table, viewed with the show ip route command, identifies the metrics for learned routes. You should compare these metrics to what was expected by the offset list configuration. For EIGRP, the EIGRP topology table can be examined using the show ip eigrp topology command. The topology table contains all routes learned from the router’s EIGRP neighbors, and includes the metric information for those routes, including the best route and any other feasible routes that the router has learned about.
| Note | Recall that only successor and feasible successor routes are displayed with the show ip eigrp topology command. Add the all-links keyword to display all routes, including those not eligible to be successor or feasible successor routes. |
You can use debug commands, such as debug ip rip and debug ip eigrp, to view the real-time processing of incoming and outgoing RIP routing updates, to ensure that the metric is being processed appropriately.
| Caution | Use caution when executing debug commands because they may consume a lot of router resources and could cause problems in a busy production network. Debugging output takes priority over other network traffic; too much debug output might severely reduce the performance of the router or even render it unusable in the worst case. |
0 comments
Post a Comment