BRKAPP-2030
Cisco Public
Understand the
traffic pattern to
control congestion
BRKAPP-2030
Cisco Public
Assess the
traffic
condition
BRKAPP-2030
Control the
rate of traffic
Cisco Public
AGENDA
BRKAPP-2030
Cisco Public
Related Sessions
Cisco Public
BRKAPP-2030
Cisco Public
Public/Hybrid
Cloud
SaaS/IaaS
Users/
Machines
Proliferation
of Devices
Storage
THE
NETWORK
Private Cloud
VDI | IaaS
Database
How Application
applications
Type of applications
are
areConsumed
Delivered
BRKAPP-2030
Cisco Public
Multiple entities
involved in delivering
applications
Understand application
performance from end users
perspective
BRKAPP-2030
Cisco Public
Cisco Public
10
BRKAPP-2030
Cisco Public
ISR G2
ASR1K
ISR G2
ASR1K
NFv9/IPFIX
ISR G2
App
BW
Transaction
Time
ASR1K
WebEx
3 Mb
150 ms
High
Citrix
10 Mb
500 ms
Med
Low
Reporting Tools
Application
Recognition
Identify applications
using L3-L7
information
BRKAPP-2030
Reporting
Perf. Tool
Collection
Management
Tool
&
Exporting
ISR G2 & ASR
collect application
bandwidth and
response time
metrics, and export
to management tool
Advanced reporting
tool aggregates and
reports application
performance
Cisco Public
Control
Control application
usage in the network
to maximize
application
performance
12
ISR G2
ASR1K
ISR G2
ASR1K
NFv9/IPFIX
ISR G2
App
BW
Transaction
Time
ASR1K
WebEx
3 Mb
150 ms
High
Citrix
10 Mb
500 ms
Med
Low
Reporting Tools
Application
Recognition
NBAR2
BRKAPP-2030
Reporting
Perf. Tool
Collection
&
Exporting
FNF
ART
MMON
Management
Tool
Cisco Prime
Infrastructure
3rd Party
Cisco Public
Control
QoS
PfR
13
AVC Technologies
ISR G2
ASR1K
Application Recognition
Application
Recognition
Identify applications
using L3-L7
information
BRKAPP-2030
Cisco Public
15
What is An Application?
HTTP
80
Are these
applications?
FTP
20/21
POP3
110
IMAP
143
Or just ports?
HTTPS
443
SMTP
25
BRKAPP-2030
Cisco Public
16
Application
Monitoring
bittorrent
rtp
gtalk
netflix
skype
webex
unknown?
http?
BRKAPP-2030
Cisco Public
17
+1000 Signatures
Advanced Classification
Techniques
+150 Signatures
Innovations
Native IPv6 Classification
Open API
NBAR2
New DPI engine provides Advanced Application Classification and Field Extraction
Capabilities from SCE
Protocol Pack allows adding more applications without upgrading or reloading IOS
NBAR2 Protocol List http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
BRKAPP-2030
Cisco Public
18
BRKAPP-2030
Cisco Public
19
Parameter
--------Blog
Document
Admin
Calendar
file-transfer
search-file-name
file-transfer
text-chat
payload-type
video
audio
payload-type
video
audio
file-transfer
file-transfer
file-transfer
app
ica-tag
mime
content-encoding
location
Parameter type
-------------enum
enum
enum
enum
enum
regexp
regexp
regexp
multi
enum
enum
multi
enum
enum
regexp
regexp
regexp
regexp
integer
regexp_url
regexp_url
regexp_url
router(config)#class-map share-point
router(config-cmap)#match protocol share-point ?
Admin
Match Administrator related actions
Blog
Match Blog related actions
Calendar Match Calendar related actions
Document Match File Download and Upload
Parameter Type
enum: List of possible values
regexp: Regular expression
multi: String
integer: Number
regexp_url: Regular expression
Cisco Public
20
Interim
Application
Final
Application
Netflix
HTTP
Youtube
HTTP
TCP
Return by NBAR2
Telepresencemedia
RTP
RTP
BRKAPP-2030
Cisco Public
21
Add new applications recognized by NBAR2 without IOS upgrade or router reload
New protocol pack is published every two months on CCO
Single IOS CLI to enable the protocol pack
BRKAPP-2030
Cisco Public
22
pp-adv-asr1k-152-4.S-13-2.1.0.pack
Protocol pack version
<Major>.<Minor>
Platform Type
isrg2 or asr1k
router#show
ip nbar version
13
(..snip..)
BRKAPP-2030
Cisco Public
23
-rw-
188131
pp-adv-asr1k-15.2(04)S-13-1.1(0).pack
BRKAPP-2030
Cisco Public
24
Sub-category
Application-group
P2P-technology?
Encrypted?
Tunneled?
BRKAPP-2030
Cisco Public
25
NBAR2 Attributes
BRKAPP-2030
Cisco Public
26
For Your
Reference
NBAR2 Sub-category
browsing
authentication-services
business-and-productivity-tools
backup-systems
email
client-server
file-sharing
commercial-media-distribution
gaming
control-and-signaling
industrial-protocols
database
instant-messaging
epayement
internet-privacy
file-sharing
layer2-non-ip
inter-process-rpc
layer3-over-ip
internet-privacy
location-based-services
license-manager
net-admin
newsgroup
obsolete
other
trojan
voice-and-video
BRKAPP-2030
naming-services
network-management
network-protocol
other
p2p-file-transfer
p2p-networking
remote-access-terminal
rich-media-http-content
routing-protocol
storage
streaming
terminal
tunneling-protocols
voice-video-chat-collaboration
skype-group
smtp-group
snmp-group
sqlsvr-group
stun-group
telepresence-group
tftp-group
vmware-group
vnc-group
wap-group
webex-group
windows-live-messangergroup
xns-xerox-group
yahoo-messenger-group
P2P
Technology
n
y
unassigned
Cisco Public
Encrypted
Tunnel
n
y
unassigned
n
y
unassigned
28
Cisco Public
29
Configure NBAR attribute-map and associate with a particular application using attribute-set
router(config)#ip nbar attribute-map payroll_custom_attr
router(config-attribute-map)#attribute category business-and-productivity-tools
router(config-attribute-map)#attribute encrypted encrypted-yes
router(config-attribute-map)#exit
router(config)#ip nbar attribute-set my_payroll payroll_custom_attr
NBAR2 Application
Before: Default, Pre-assigned attributes
router#show ip nbar protocol-attribute
my_payroll
Protocol Name : my_payroll
category : other
sub-category : other
application-group : other
p2p-technology : p2p-tech-unassigned
tunnel : tunnel-unassigned
encrypted : encrypted-unassigned
BRKAPP-2030
Cisco Public
30
Port
Payload
HTTP URL
TCP or UDP
16 static ports per
application
Range of ports (1000
maximum)
URI regex
Host regex
BRKAPP-2030
Cisco Public
New
31
Length
HTTP URL
HTTP Host
50
HTTP User-agent
200
HTTP Referer
RTSP Host
50
SMTP Server
50
SMTP Sender
50
POP3 Server
50
50
50
50
BRKAPP-2030
Cisco Public
32
:
:
:
:
:
:
1000000
367001 KBytes
0
43712 KBytes
1223
43712 Kbytes
Cisco Public
33
BRKAPP-2030
Cisco Public
34
ISR G2
ASR1K
NFv9/IPFIX
Reporting Tools
Reporting
Perf. Tool
Collection
&
Exporting
ISR G2 & ASR
collect application
bandwidth and
response time
metrics, and export
to management tool
BRKAPP-2030
Cisco Public
35
Advanced
Monitoring
Basic Monitoring
HTTP
BRKAPP-2030
HTTP
Cisco Public
36
Monitoring
Feature
Traditional
Netflow
Flexible Netflow
MMON
ART
Need by AVC
Export
Protocol
BRKAPP-2030
Netflow
Version 5
Netflow
Version 9
Cisco Public
IPFIX
37
Flexible NetFlow
Extensible to support new and future metrics
L3 and L4
L2
L3 and L4
L7
(NBAR)
Network Metrics
(QoS)
Performance Metrics
(MMON, ART)
Other
Metrics
Flexible Netflow
Netflow to FNF Migration Guide:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html
BRKAPP-2030
Cisco Public
38
Netflow Version 9
Flow record
Exporter
Collector
Exporter
Flow record
Flow record A
Flow record A
Flow record
Flow record B
BRKAPP-2030
Collector
Flow record
collector
Cisco Public
39
www.cisco.com
www.cisco.com
www.iamthelongestdomainoftheworld.com
www.iamthelongestdomainoftheworld.com
BRKAPP-2030
Cisco Public
40
FNF
Cache
Non-Keyed Fields
Keyed Fields
Src IP Dst IP App
ID
BRKAPP-2030
Pkt
Byte
Input
If
10
2000
Fa0/0
10000
Fa0/0
15
15000
Fa0/1
20
2000
Fa0/1
10
500
Fa0/0
Cisco Public
41
Key Fields
Key Fields
Source IP
3.3.3.3
Destination IP
4.4.4.4
Destination port
443
TCP - 6
Layer 3 Protocol
TCP - 6
TOS Byte
Source IP
1.1.1.1
Destination IP
2.2.2.2
Destination port
80
Layer 3 Protocol
TOS Byte
Non-key Fields
Non-key Fields
Length
Length
1250
Key fields
519
Non-key fields
FNF Cache
Cache Before
After Packet
FNF
Packet1 1
Source IP Dest. IP
Dest Prt
Protocol
TOS
Bytes
Source IP
Dest. IP
Dest Prt
Protocol
TOS
Bytes
3.3.3.3
4.4.4.4
443
519
1.1.1.1
2.2.2.2
80
10000
11250
1.1.1.1
2.2.2.2
80
11250
BRKAPP-2030
Cisco Public
42
my-record
match ipv4 destination address
match ipv4 source address
collect counter bytes
Cisco Public
43
BRKAPP-2030
Cisco Public
44
For Your
Reference
Option Template
Definition
application-table
application-attributes
c3pl-class-table
c3pl-policy-table
interface-table
sub-application-table
vrf-table
queue-id (hidden)
BRKAPP-2030
Cisco Public
45
SYN
unknown
SYN-ACK
ACK
GET URL
unknown
200 OK
HTTP
Interface
App.ID
Packets
Eth0
Unknown
Eth0
HTTP
BRKAPP-2030
Interface
App.ID
Packets
Eth0
HTTP
Cisco Public
46
BRKAPP-2030
Cisco Public
47
BRKAPP-2030
Cisco Public
48
Usage Record
Transaction
Record
BRKAPP-2030
Cisco Public
49
For Your
Reference
Transaction Records
flow record tr-record
match connection transaction-id
collect ipv4 version
collect ipv4 protocol
collect ipv4 source address
collect ipv4 destination address
collect transport source-port
collect transport destination-port
collect interface input
collect interface output
collect flow direction
collect flow sampler
collect counter bytes long
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
collect flow end-reason
collect connection initiator
Tracking unique
transaction
Correlate bi-direction
flows belong to the
same session
Cisco Public
50
Fixed Platform
Throughput
(Mbps)
Modular
Platform
Throughput
(Mbps)
888-EA (ATM)
1941
48
888-EA (EFM)
10
2921
61
898-EA (EFM)
20
2951
78
892-FSP
20
3945
119
3925E
185
BRKAPP-2030
Cisco Public
51
ASR1000 ESP
Max BW
[Gbps]
Max PPS
[MPPS]
Max IP
Flows [M]
Max
CPS
[KF/S]
Typical
L7 BW
[Gbps]
ESP5
TBD
0.75
TBD
2.5
ESP10
10
3.5
1.65
150
ESP20
20
3.5
200
10
ESP40
20
3.5
200
10
Cisco Public
52
Active Monitoring
Router 1
Router 2
Active Probing
IPSLA Sender
IPSLA Responder
MMON
ART
FNF
BRKAPP-2030
Cisco Public
53
Your network is
slow
End Users
Increased
Latency
I do not see
anything
wrong
ping OK
show ip route - OK
traceroute - OK
show interface - OK
WAN Problem
Application
Problem
Server
Problem
User Problem
Network
Admin
BRKAPP-2030
Cisco Public
54
How do I
ensure
my SLA is
met
My email
is slow!
WAN
My query
is taking
long time!
NFv9/IPFIX
Branch
Data Center
Reporting Tool
Key Features
Benefits
Cisco Public
55
Clients
Response
Client
Network
Application Servers
Server
Network
Client Network
Delay (CND)
Server Network
Delay (SND)
Application
Delay (AD)
Cisco Public
56
Server
SYN
SND
CND
SYN-ACK
ACK
Request 1
ACK
Request
Quantify User
Experience
Request 1 (Cont)
RT
TT
ACK 3
X
ACK 6
DATA
DATA
DATA
DATA
DATA
DATA
DATA
1
2
3
4
5
3
4
Retransmission
DATA 6
Quantify User
Experience
ND = CND + SND
Identify
Server
Performance
Issue
AD = RT SND
Request 2
BRKAPP-2030
Cisco Public
57
Input/Output LZ Bytes
BRKAPP-2030
For Your
Reference
ART Metrics
CND - Client Network Delay (min/max/sum)
SND Server Network Delay (min/max/sum)
ND Network Delay (min/max/sum)
AD Application Delay (min/max/sum)
Total Response Time (min/max/sum)
Total Transaction Time (min/max/sum)
Number of New Connections
Number of Late Responses
Number of Responses by Response Time
(7-bucket histogram)
Number of Retransmissions
Number of Transactions
Client/Server Bytes
Client/Server Packets
Cisco Public
58
For Your
Reference
ART Metrics
CND - Client Network Delay (min/max/sum)
SND Server Network Delay (min/max/sum)
ND Network Delay (min/max/sum)
AD Application Delay (min/max/sum)
Total Response Time (min/max/sum)
Total Transaction Time (min/max/sum)
Number of New Connections
Number of Late Responses
Number of Responses by Response Time
BRKAPP-2030
(7-bucket histogram)
Number of Retransmissions
Number of Transactions
Client/Server Bytes
Client/Server Packets
Cisco Public
59
1
What metric to collect
ISR G2
ASR1K
Create flow
record type
mace
Create flow
record type
performancemonitor
BRKAPP-2030
2
Where to
export info
Define flow
exporter
Define flow
exporter
3
Create
monitoring
context
Create flow
monitor type
mace
Create flow
monitor type
performancemonitor
5
Attach the
monitor to
policy
6
Attach policy
to interface
Attach flow
monitor type
mace to policy
Configure
mace enable
on interface
Attach flow
monitor type
performancemonitor to
policy
4
Filter what to
monitor
Cisco Public
60
Key Differences
Flow record type
Monitoring policy
Number of policies
supported
Attachment to
interface
Key fields
BRKAPP-2030
For Your
Reference
ISR G2
Type mace
Type mace with mandatory
name mace_global
One
ASR1K
Type performance-monitor
Type performance-monitor
Mace enable
Service-policy type
performance-monitor applied
to both in and out direction
Flexible as defined by users
Multiple
Cisco Public
61
For Your
Reference
Record for PA
Flow monitor
Cisco Public
62
For Your
Reference
Application Performance
ASR1K Example
Export
With
option
templates
ART Record
BRKAPP-2030
collect
collect
late
collect
collect
collect
collect
collect
collect
collect
collect
collect
collect
collect
collect
Flow monitor
flow monitor type mace ART-MONITOR
record ART-RECORD
exporter ART-EXPORTER
cache entries 35000
cache timeout synchronized 60
Cisco Public
63
For Your
Reference
BRKAPP-2030
Cisco Public
64
www.youtube.com
www.facebook.com
http://www.youtube.com/ciscolivelondon
http://www.youtube.com/olympic
http://www.cnn.com/US
http://www.cnn.com/US
http://www.cnn.com/WORLD
BRKAPP-2030
http://www.facebook.com/farmville
http://www.facebook.com/farmville
http://www.facebook.com/farmville
http://www.facebook.com/cisco
Field Name
Field ID
Value
45003
www.cnn.com
42125
US\02WORLD\01
9282
Cisco Public
65
Cisco Public
66
Policy-map QoS_Policy
Accurately report application class of service
class REALTIME
priority percent 33
Which QoS class my WebEx application falls into
class CONTROL
bandwidth
percent 7
Correlate application performance problem with network
congestion
class CRITICAL-DATA
How many queue drops do I have for my SAP application
bandwidth percent 35
RTP
REALTIME
CONTROL
Field Name
Field ID
Value
41000
QoS_Policy|CRITICA
L-DATA
application id
96
SAP
42128
CRITICAL-DATA
CLASS-DEFAULT
BRKAPP-2030
Cisco Public
67
What application
68
Enable
Synchronized
thru NTP
Enable
Compare latency metric require same collection period across all devices
Configure cache type synchronized turn on this behavior
All devices require time synchronization
All devices start collection and export from top of the hour
BRKAPP-2030
Cisco Public
69
IOS XE (ASR1K)
Data is as of
IOS 15.2(4)M2
and
IOS XE 3.8S
Cisco Public
70
BW
Transaction
Time
WebEx
3 Mb
150 ms
Citrix
10 Mb
500 ms
Management
Tool
Advanced reporting
tool aggregates and
reports application
performance
BRKAPP-2030
Cisco Public
71
Service Assurance
Lifecycle
Accelerate Troubleshooting
Proactive monitoring and resolution
of network issues
Visibility into application and voice
traffic
Wired/Wireless Network
BRKAPP-2030
Cisco Public
72
Configuration of AVC
features
Network Monitoring
Service Monitoring
Reporting and Trends
Multi-NAM Manager
Packet and Flows Analysis
Application Response Time
BRKAPP-2030
Cisco Public
73
Interface Utilization
BRKAPP-2030
Cisco Public
74
Cisco Public
75
Top Talkers
Application Throughput
Cisco Public
76
Conversation List
Cisco Public
77
NBAR2
Cisco Prime
Infrastructure
v2.0 (Q2CY13)
IOS
ActionPacked
LiveAction
v2.6
IOS
Plixer Scrutinizer
IOS
XE
XE
XE
Living Objects
IOS
Field
Extraction
URL Hit
Count
MMON
ART
PfR
XE
Insight Reporter
v4.0
IOS
XE
BRKAPP-2030
Cisco Public
78
ISR G2
ASR1K
High
Med
Low
Control
Control application
usage in the network
to maximize
application
performance
BRKAPP-2030
Cisco Public
79
WAN
LAN
WAN
LAN
BRKAPP-2030
80
QoS
WAN
BRKAPP-2030
LAN
Cisco Public
81
Guarantee
Bandwidth
Limit Max
Bandwidth
Minimize Latency
BRKAPP-2030
Bandwidth action
Police action
Priority action
Change Flow
Properties
Reduce Burst
Shape action
Cisco Public
82
Committed BW
(50% of the line)
Excess BW
(50% of the line)
Application
BW
Priority
Business Critical
Committed 50%
High
Browsing
Normal
Internal Browsing
Remaining
Normal
policy-map internal-browsing-policy
class internal-browsing
bandwidth remaining percent 60
policy-map my-network-policy
class business-critical
priority percent 50
class browsing
bandwidth remaining percent 30
service-policy internal-browsing-policy
Business-Critical:
High Priority
50% committed
interface Serial0/0/0
service-policy output my-network-policy
BRKAPP-2030
Remaining:
70% of Excess
BW
(=35% of line)
Browsing:
Cisco Public
83
Cisco Public
84
AS
64501
AS
64502
Peer Site A
Cisco Public
85
Problem
- Application latency
- WAN Bandwidth inefficiencies
Solution
- Reduce load
Bandwidth4
(Mbps)
160
3.5
140
3
2.5
Latency
(Seconds)
- Application Optimization
fewer protocol messages, Meta data
caching, ...
80
1.5
60
40
0.5
20
BRKAPP-2030
180
87
Gi0/1
Gi0/0
WAN
Gi0/1
Uncompress
WAN
Compress
Before WAAS
results
LAN in traffic > WAN out traffic
LAN out traffic > WAN in traffic
WAAS requires FNF on both ingress and
Cisco Public
88
Gi0/1
WAN
Gi0/0
Gi0/1
WAN
BRKAPP-2030
Cisco Public
89
NAM
FA
API
FA
WAAS
NFv9
WAAS
WAN
WAAS Express
Collect and
report metrics
for both
optimized and
unoptimized
segments
WAAS Flow Agent (FA)
Client
Segment
(Unoptimized)
BRKAPP-2030
WAN
Segment
(Optimized)
2013 Cisco and/or its affiliates. All rights reserved.
Server
Segment
(Unoptimized)
Cisco Public
90
For Your
Reference
BRKAPP-2030
Cisco Public
91
Client LAN
WAN
Server LAN
WAN
Client
BRKAPP-2030
HTTP Server
Cisco Public
92
BRKAPP-2030
Cisco Public
93
Pkt
Pkt
NBAR
LAN
QoS
Marking
WCCP
WCCP
NBAR
WAN
WAN
QoS
Pkt
NBAR
WAN
Pkt
Pkt
NBAR
LAN
WCCP
Cisco Public
94
4-Class Model
EF
CS5
CS4
Realtime
Control
Critical Data
Best Effort
LAN QoS
can use NBAR
Pkt
Pkt
Unoptimized
traffic
WAN
Optimized
traffic
Mark traffic on the LAN using NBAR so it falls into the right
queue. WAAS preserves DSCP marking.
BRKAPP-2030
Cisco Public
95
pfr master
border 192.168.254.2 key-chain pfr-keychain
interface GigabitEthernet0/2 external
max-xmit-utilization percentage 80
link-group secondary
interface GigabitEthernet0/1.34 internal
interface GigabitEthernet0/1.32 internal
interface Tunnel0 internal
interface Tunnel2 internal
BRKAPP-2030
Cisco Public
96
Summary
Key Takeaways
Classification
NBAR2 is the next generation DPI
Leave the application classification tasks to the network
Management
Cisco Prime Infrastructure
3rd Party Support starts and more is coming
Control
NBAR2 makes QoS application-aware
Performance Routing (PfR)
BRKAPP-2030
Cisco Public
98
BRKAPP-2030
Cisco Public
99
BRKAPP-2030
Cisco Public
100
Call to Action
BRKAPP-2030
Cisco Public
101
BRKAPP-2030
Cisco Public
102
Next steps
See a demo of AVC at the World of Solution
Visit us at http://www.cisco.com/go/avc
Investigate further to find out:
What do you have running in your network?
Are you using your bandwidth efficiently?
What is the performance of your critical applications as experienced by the end
users?
BRKAPP-2030
Cisco Public
103
Backup Slides
Packet on
Input
One packet
signature
and field
extraction
Multiple
packet
signature
Classified!
Packet
sorted into
flow
Custom
signatures
Behavioral
or statistical
matching
Port-based
signature
BRKAPP-2030
Cisco Public
106
NBAR2 Highlight
Number of Applications Supported
1200
Domain
name
1000
1000+
URI
Browser
Type
800
NBAR1
600
NBAR2
400
200
0
NBAR1
NBAR2
107
BRKAPP-2030
Cisco Public
108
URL
Custom App
Server
URI
BW
Resp. Time
My Payroll
server1.example.com
2M
100ms
My Doc. Mgmt.
server2.example.com
/doc
1M
250ms
My Software Rep.
server2.example.com
/software
5M
30sec
and/or Host
Custom Application
Definition & Report
server1.example.com
server2.example.com
/doc Documentation
/software - Software
BRKAPP-2030
Cisco Public
109
Parameter
--------sender
server
server
source
destination
host
group-name
referer
user-agent
host
url
ID
-4666370
4666369
2176001
4273154
4273153
3945473
1848321
209924
209923
209922
209921
Application
0x473402
0x473401
0x213401
0x413402
0x413401
0x3C3401
0x1C3401
0x033404
0x033403
0x033402
0x033401
ID (Hex)
Cisco Public
110
Se0/0/0
(IP=192.168.100.100)
collect application
http url
collect application
http user-agent
www.cnn.com
(IP=157.166.255.18)
collect application
http referer
BRKAPP-2030
Cisco Public
111
Traditional NetFlow
Version 5: Good Information, But Not Enough for Today Applications
Flow Key vs. Non-Key Field
Usage
Time
of Day
Port
Utilization
Packet count
Byte count
Source IP address
Destination IP address
Start sysUpTime
End sysUpTime
Input ifIndex
Output ifIndex
Type of service
QoS
From/to
TCP flags
Application
Protocol
Collect layer 3 to 4 information. Static and not extensible
BRKAPP-2030
Cisco Public
112
Fields
a
Record1
Monitor1
Exporter1
c
d
Interface
Fields
Z
X
Record2
Exporter1
Monitor2
V.
Exporter2
f
g
Fields
e
f
Record3
Exporter2
Policy-map
Monitor3
BRKAPP-2030
Cisco Public
113
IPV4 DST
========
10.0.1.2
10.0.1.2
10.0.1.2
APP NAME
========
nbar sqlnet
nbar citrix
nbar FTP
DSCP
====
0x12
0x12
0xA
Cisco Public
114
For Your
Reference
1 byte
3 bytes
Engine ID
Selector ID
appID Name
----- ---13:495 ms-office-365
13:497 ms-update
Description
----------Microsoft Office 365
Microsoft Update Service
(..snip..)
BRKAPP-2030
Cisco Public
115
For Your
Reference
4 bytes
2 bytes
NBAR App ID
Sub App ID
Extracted Value
0x0D000050
0x3402
www.cisco.com
Extracted value
NBAR Sub-application ID from show ip nbar parameters extraction
and sub-application-table option template. Only take the last two
bytes, 0x3402 = HTTP Host
NBAR Application ID, i.e.
0x0D000050 = HTTP
BRKAPP-2030
Cisco Public
116
For Your
Reference
Template FlowSet #0
(Version,
# Packets,
Sequence #,
Source ID)
Template Record
Template ID #256
(Specific Field
Types and Lengths)
Template Record
Template ID #257
(Specific Field
Types and Lengths)
Flows from
Interface A
Flows from
Interface B
Data FlowSet
Data FlowSet
FlowSet ID #256
FlowSet ID #257
Data Record
Data Record
Data Record
(Field Values)
(Field Values)
(Field Values)
Option
Template
FlowSet
#1
Template ID
258
(Specific
Field Types
and Lengths)
Option
Data Record
Option
Data Record
Data Records:
provides information about an IP flow or an event that exists on the device
Matching ID numbers are the way to associate template to the data records
FlowSets:
Template FlowSet and Data FlowSet
Aggregation of different templates and data
BRKAPP-2030
Cisco Public
117
Se0/0/0
(IP=192.168.100.100)
cisco.webex.com
(IP=66.114.168.178)
Flow
Record
Src IP
Dst IP
Dst Port
App ID
Resp Time
192.168.100.100
66.114.168.178
443
100
Src IP
Dst IP
Dst Port
App ID
Resp Time
192.168.100.100
66.114.168.178
443
0x0D00019E
100
With NBAR
Indicate this is
webex application
BRKAPP-2030
Cisco Public
118
Management Tool
FNFv9
Alarm
Syslog
Voice/video
Endpoints
FNFv9
Alarm
Syslog
Voice/video
Endpoints
WAN
Media Monitoring
Key Features
Benefits
Proactive troubleshooting
Validate SLA
BRKAPP-2030
Cisco Public
119
Default RTP
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport rtp ssrc
collect routing forwarding-status
collect ipv4 dscp
collect ipv4 ttl
collect transport packets expected counter
collect transport packets lost counter
collect transport packets lost rate
collect transport event packet-loss counter
collect transport rtp jitter mean
collect transport rtp jitter minimum
collect transport rtp jitter maximum
collect interface input
collect interface output
collect counter bytes
collect counter packets
collect counter bytes rate
collect timestamp interval
collect application media bytes counter
collect application media bytes rate
collect application media packets counter
collect application media packets rate
collect application media event
collect monitor event
BRKAPP-2030
Cisco Public
120
Cisco Public
121
AVC 1.0
NetFlow v9 Export
IPFIX Export
Duplication of metrics
Inconsistent features
Inconsistent show o/p
BRKAPP-2030
FNF
PerfMon
Cisco Public
PA
(ART)
QoS
PfR
122
NetFlow v9 Export
IPFIX Export
Export
BRKAPP-2030
NBAR2
FNF
PerfMon
Cisco Public
PA
(ART)
QoS
PfR
123
Client2
Client2
Unified
Provisioning
Producer1
Producer2
Producer3
ConnectedApps
EEM
eEdge
BRKAPP-2030
Cisco Public
124
MMA
Flow Record
FNF
Exporter
xN
MMA
Flow Monitor
FNF
Sampler
ACL
xN
MMA
Policy-map
xN
xN
Class-map
xN
Monitor Metrics
xN
BRKAPP-2030
xN
Interface / Direction
Cisco Public
125
RTP SSRC
Media Event
Collection interval
TCP MSS
Other Metrics
L3 counter (bytes/packets)
Flow event
Flow direction
Transport information
Number of Retransmissions
Number of Transactions
Client/Server Bytes
Client/Server Packets
All performance metrics are consolidated into one flow record type performance-monitor
BRKAPP-2030
Cisco Public
126
Traffic Statistics
Application Usage
per client
IP/subnet/site
Top clients per
application
BRKAPP-2030
Application Response
Time
Per-application endto-end latency
Application
response time &
transaction time
Application
processing time
Top conversation
per application
Media Performance
URL Visibility
Cisco Public
127
Collect ART
Collect ART
Cisco Public
128
Performance Agent
Perfmon
flow record type performance-monitor
medianet-record
match ipv4 source address
collect transport rtp-jitter
(..)
!
flow monitor type performance-monitor
medianet-mon
(..)
!
policy-map type performance-monitor
medianet
class rtp-traffic
flow monitor medianet-mon
!
interface Gi0/0/1
service-policy type performance-monitor
input medianet
service-policy type performance-monitor
output medianet
Cisco Public
129
Cisco Public
130
Assurance
Improve Enterprise Operational Excellence
Network Performance
Visibility
BRKAPP-2030
Cisco Public
131
Response Time
Server Delay
Network Latency
Cisco Public
132
Response Time
Server Delay
Network Latency
BRKAPP-2030
Cisco Public
133
For Your
Reference
BRKAPP-2030
Cisco Public
134
Games ,
15%
Voice, 30%
P2P, 15%
Teacher
15M
50M
Student
Critical Data,
30%
policy-map teacher-policy
class voice
priority level 1
police rate percent 30
class critical-data
bandwidth percent 30
fair-queue
class games
bandwidth percent 15
fair-queue
class p2p
bandwidth percent 15
fair-queue
class class-default
bandwidth percent 10
BRKAPP-2030
10M
policy-map HQoS_Parent_1
class class-default
shape average 50000000
service-policy HQoS_Per_Branch
!
policy-map HQoS_Per_Branch
class teacher
shape average 15000000
service-policy teacher-policy
class student
shape average 10000000
service-policy student-policy
2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
135
Application
Path Control
WAN 1
High SLA
PfR
WAN 2
Med SLA
Internet
No SLA
WAN
BRKAPP-2030
LAN
Cisco Public
136
MC
PE3
PE1
Site #1
Site #2
BR
How is traffic on my
route?
MC/BR
PE2
PE4
Cisco Public
137
BRKAPP-2030
Type
Example
10.0.0.0/8
Destination Prefix
20.1.1.0/24
ACL
Application
Well-Known
NBAR
Cisco Public
10.1.1.0/24 dscp ef
10.1.1.0/24 dst-port 50
10.1.1.0/24 telnet
20.1.0.0/16 ssh
10.1.1.0/24 nbar RTP
20.1.1.0/24 nbar citrix
138
Internet
Detect high
jitter
Cloud Service
WAN
VDI
ISP-2 (Secondary)
BRKAPP-2030
Cisco Public
139
HQ
MC
BR
BR
WAN1
(IP-VPN)
WAN2
(IPVPN, DMVPN)
MC/BR
MC/BR
MC/BR
BR
BRKAPP-2030
Cisco Public
140
Learn Applications
on the Network
Measure
Application
Performance
Cisco Public
141
pfr master
learn
list seq 10 refname AUDIO
traffic-class application nbar rtp-audio filter BRANCH
thoughput
list seq 20 refname CRITICAL
traffic-class application nbar citrix filter BRANCH
thoughput
Cisco Public
142
Enforcing Path
Traffic Class
Prefix
Prefix
BGP AS Community
Prefix
Prefix
Unmanaged Routing
Protocol (OSPF )
Application
PBR
NBAR Application
NBAR/CCE
Cisco Public
143
For Your
Reference
N
N tcp
INPOLICY
96
0
U
0
1-65535
143-143 0.0.0.0/0
0
192.168.253.1 Gi0.37
0
77272
77272
1
0
N
N
N
Route
Control
PBR
2
N
If learn list matches on NBAR application, CCE is used for route control
If learn list matches on non-L3 application, i.e. L4 ACL, DSCP, dynamic
PBR is used for route control
BRKAPP-2030
Cisco Public
144
WAAS
Express
Branch Office
Branch Office
WAAS
Service
Module
WAN
Data Center or
Private Cloud
Server
VMs
vWAAS
WAE
Nexus 1000v
vPATH
Branch Office
WAAS
Appliance
Internet
WAAS
Appliance
Regional Office
BRKAPP-2030
Cisco Public
145
For Your
Reference
BRKAPP-2030
Cisco Public
146