More Related Content Similar to ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar (20) ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar1. WELCOME!
Thank You for Attending
Cisco Application Visibility and Control Webinar
Our Session Will Begin Shortly
4. Agenda
• Introduction
• Application Visibility and Control Presentation
• Questions and Answers
*A recording of this session will be posted on www.actionpacked.com
5. Kangwarn Chinthammit – CCIE #11715
Technical Marketing Engineer
Cisco Systems
July 2012
© 2010 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 5
6. Drastic Change in Application Type, Delivery, and Consumption
Public/Hybrid
Cloud
SaaS/IaaS Storage
Users/
Machines THE Private
Cloud
Proliferation
NETWORK
VDI | IaaS
of Devices
Database
60% of IT professional cites performance as key
challenge for cloud
© 2012 Cisco and/or its affiliates. All rights reserved.
How Application are Consumed
How applications are Delivered
Type of applications All specifications subject to change without notice 6
7. Application complexity Cloud and Virtualization Multiple entities
increases centralize application involved in delivering
delivery applications
Identify growing applications Understand application Problem isolation to minimize
using more than just port performance from end users downtime and business
number perspective impact
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 7
8. App Visibility &
ISR G2 User Experience Report ISR G2
ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low
Reporting Tools
Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool
ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 8
9. App Visibility &
ISR G2 User Experience Report ISR G2
ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low
Reporting Tools
Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool
ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 9
10. What about these?
HTTP 80
FTP
Are these 20/21
applications?
POP3 110
IMAP 143
Or just ports?
HTTPS 443
SMTP 25
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 10
11. ISR G2: 15.2(2)T1
ASR1K: 3.4S
SCE Classification
+1000 Signatures Innovations
IOS NBAR Advanced Classification
Techniques Native IPv6
+150 Signatures Classification
Open API
NBAR2
• New DPI engine provides Advanced Application Classification and Field Extraction
Capabilities from SCE
• Protocol Pack allows adding more applications without upgrading or reloading IOS
• NBAR2 Protocol List -
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 11
12. 1. Discover applications going across interfaces
ip nbar protocol-discovery CLI
2. Match applications or groups of applications in QoS class-map to take
action, i.e. shape, police, remark
match protocol CLI in QoS class-map
3. With Flexible Netflow (FNF) or other performance reporting features to
report application name
match or collect application name CLI
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 12
13. Simplify application management
Grouping of Apps based on various characteristics/properties
Pre-defined attributes can be used for reporting and QoS (match
protocol)
Category, sub-category, application-group, p2p, tunnel, encrypted
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 13
14. • Attribute based selection enables
matching multiple applications of the
same type
WAN1
(IP-VPN)
‘file-sharing’ includes FTP, CIFS,
Bittorrent, Winmx, etc.
HQ WAN2
(IPVPN, DMVPN)
class-map my-class
match protocol attribute category file-sharing
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 14
15. App Visibility &
ISR G2 User Experience Report ISR G2
ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low
Reporting Tools
Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool
ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 15
16. • Integrated performance monitoring available for different type of applications and use
cases
New
Advanced Voice and Video Performance Critical Applications Performance
Monitoring (Media Monitoring) (Performance Agent)
30% of traffic is 40% of traffic is
voice and video critical applications
What applications, how much bandwidth, flow direction?
Basic Monitoring
(Flexible Netflow and NBAR/NBAR2)
HTTP HTTP
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 16
17. • Evolution from Traditional Netflow (TNF)
• Feature to collect and export network information and statistics
Backward compatible with TNF records
Flexibility in defining fields and flow record format
Utilize Netflow Version 9 Format which is extensible
UDP-based transport
• Consist of data collection (flow monitor) and data export (flow export)
• Flow export format can be Netflow version 9 (RFC 3954) or IPFIX (RFC 5101)
• Is required to collect application info from NBAR/NBAR2
• TNF to FNF migration guide -
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_
c11-545581.html
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 17
18. Link Layer
MAC
Header Flexible NetFlow
ToS
IP Header Protocol Monitors data from layer 2 thru 7
Source
IP Address Determines applications by
Destination combination of port and payload
IP Address NetFlow
TCP/UDP Source Flow information who,
Header Port what, when, where
Destination
Port Flexible NetFlow allows your own
select of key fields
Data Packet Deep Packet
(Payload)
Inspection FNF +
NBAR2
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 18
19. 2 1 2 1
• Key fields are unique per record
Key Fields Packet 1
Match statement in the CLI Key Fields Packet 2
Source IP 1.1.1.1 • Non-key fields are attributes or Source IP 3.3.3.3
Destination IP 2.2.2.2 characteristics of a packet Destination IP 4.4.4.4
Destination port 80 Collect statement in the CLI Destination port 443
Layer 3 Protocol TCP - 6 Layer 3 Protocol TCP - 6
• If packet key fields are unique, new
TOS Byte 0 TOS Byte 0
entry is created
Non-key Fields Packet 1 Non-key Fields Packet 2
Length 1250 • Otherwise, update the non-key fields, Length 519
i.e. packet count
Key fields Non-key fields Netflow Cache After Packet 2
Netflow Cache After Packet 1 1
Before Packet
Source IP Dest. IP Dest Prt Protocol TOS … Bytes
Source IP Dest. IP Dest Prt Protocol TOS … Bytes 3.3.3.3 4.4.4.4 443 6 0 … 519
1.1.1.1 2.2.2.2 80 6 0 … 10000
11250 1.1.1.1 2.2.2.2 80 6 0 … 11250
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 19
20. flow exporter insight
destination 10.35.89.59
source GigabitEthernet0/0/1
transport udp 2055
option interface-table timeout 3600
option sampler-table timeout 3600
option application-table timeout 3600
• Use for exporting non-traffic
related information to netflow router#show flow exporter insight templates
Flow Exporter insight:
collector or reporting tools. Client: Option options interface-table
Exporter Format: NetFlow Version 9
Template ID : 256
Source ID : 6
Record Size : 104
Template layout
---------------------------------------------------
| Field | Type | Offset | Size |
---------------------------------------------------
| v9-scope system | 1 | 0 | 4 |
| interface input snmp | 10 | 4 | 4 |
| interface name | 82 | 8 | 32 |
| interface description | 83 | 40 | 64 |
---------------------------------------------------
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 20
21. For Your
Reference
1. Configure the Exporter
Router(config)# flow exportersent?
Where do I want my data my-exporter
Router(config-flow-exporter)# destination 1.1.1.1
2. Configure the Flow Record
What data do I want to meter?
Router(config)# flow record my-record
Router(config-flow-record)# match ipv4 destination address
Router(config-flow-record)# match ipv4 source address
Router(config-flow-record)# collect counter bytes
3. Configure the Flow Monitor
Router(config)# flow monitor my-monitor
How do I want to cache information
Router(config-flow-monitor)# exporter my-exporter
Router(config-flow-monitor)# record my-record
4. Apply to an Interface
Router(config)# interface want to monitor?
Which interface do I s3/0
Router(config-if)# ip flow monitor my-monitor input
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 21
22. Check out this webinar
Cisco Media Monitoring
http://actionpacked.com/cisco-medianet
For more information
Cisco Media Monitoring @ Cisco Website
http://www.cisco.com/en/US/solutions/ns340/
ns857/ns156/ns1094/media_monitoring.html
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 22
23. What the users see What network admins see What can happen
Increased
Your network is Latency
so slow I cannot
get any work WAN
done today
ping?
Problem
I do not see
anything show ip route? Application
wrong traceroute? Problem
End Users show interface?
Server
Problem
User
Problem
Network
Admin
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 23
24. ISR G2: 15.2(4) M
ASR1K: Future
How do I
ensure
my SLA
My email
is slow!
IOS PA is met
My query
WAN
is taking
long time!
NFv9
Branch Data Center Collector or
Netflow
Mangement Tool
Key Features Benefits
Application Response Time (ART) Measurement Visibility into application usage and performance
Interact with NBAR2 Quantify user experience
Standard NFv9 export Troubleshoot application performance
Application Usage (BW, Top N) Track service levels for application delivery
Metric aggregation reduces number of flow
records across WAN
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 24
25. Request Application Servers
Clients Client IOS Server
Network PA Network
Client Network Server Network Application
Response
Delay (CND) Delay (SND) Delay (AD)
Network Delay (ND)
Total Delay
• Separate application delivery path into multiple segments
• Server Network Delay (SND) approximates WAN Delay
• Latency per application
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 25
26. For Your
Reference
IOS PA
Client Server Quantify User
SYN
SND
SYN-ACK
Experience
CND
• Response Time (RT)
ACK
Request 1 t(First response pkt) – t(Last request pkt)
ACK
Request
Quantify User
Request 1 (Cont)
RT Experience
• Transaction Time (TT)
TT DATA 1
DATA
DATA
2
3
t(Last response pkt) – t(First request pkt)
ACK 3 X
DATA 4
X DATA 5
• Network Delay (ND)
DATA 3
Identify
Response
DATA 4
ND = CND + SND Server
Retransmission
Performance
ACK 6 • Application Delay (AD) Issue
DATA 6
AD = RT – SND
Request 2
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 26
27. For Your
Reference
Netflow Metrics ART Metrics
• Application ID (from NBAR2) • CND - Client Network Delay (min/max/sum)
• Client/Server Bytes • SND – Server Network Delay (min/max/sum)
• Client/Server Packets • ND – Network Delay (min/max/sum)
• Source MAC Address • AD – Application Delay (min/max/sum)
• Input/Output Interface • Total Response Time (min/max/sum)
• IP DSCP • Total Transaction Time (min/max/sum)
• Number of New Connections
WAAS Express Metrics • Number of Late Responses
• Input/Output Bytes • Number of Responses by Response Time
• WAAS Connection Mode (7-bucket histogram)
TFO, TFO/LZ, TFO/DRE, • Number of Retransmissions
TFO/LZ/DRE • Number of Transactions
• Input/Output DRE Bytes
• Client/Server Bytes
• Input/Output LZ Bytes
• Client/Server Packets
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 27
28. flow record type mace pa-record interface Serial0/0/0
collect application name ip nbar protocol-discovery
collect art all mace enable
https://cisco.webex.com Se0/0/0
(IP=192.168.100.100) IOS PA cisco.webex.com
(IP=66.114.168.178)
• „collect application name‟ exports application ID field to reporting tool
Without NBAR
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0 100
Flow
Record With NBAR
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0x0D00019E 100
Indicate this is
© 2012 Cisco and/or its affiliates. All rights reserved. webex application All specifications subject to change without notice 28
29. For Your
Reference
Collect application name flow exporter pa-export
provided by NBAR2 destination 172.30.104.128
transport udp 9991
Configuration Steps !
flow record type mace pa-record
collect application name
1. Configure flow exporter collect art all
collect (..)
2. Configure flow record type mace !
flow monitor type mace pa-monitor
record pa-record
3. Configure flow monitor type mace exporter pa-export
!
4. Configure class-map access-list 100 permit tcp any host
10.0.0.1 eq 80
class-map match-any pa-traffic
5. Configure policy-map type mace – policy must match access-group 100
be named mace_global !
policy-map type mace mace_global
class pa-traffic
6. Configure mace enable on interface flow monitor pa-monitor
!
interface Serial0/0/0
Optionally Enable NBAR2 to ip nbar protocol-discovery
identify applications mace enable
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 29
30. App Visibility &
ISR G2 User Experience Report ISR G2
ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low
Reporting Tools
Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool
ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 30
31. LiveAction: Visual Management of Cisco Networks
QoS Monitor QoS Configure IP SLA Flow LAN Routing
A “best practice” approach for QoS, NetFlow, LAN, Routing and IP SLA using a patented, expert graphical interface.
• QoS Monitoring and Configuration
• Visualize end-to-end flows, policies, routes and QoS performance
• Flexible NetFlow
• Application Response Time (ART) New!
• NBAR/NBAR2 New!
• Medianet Media Monitoring
• IP SLA capacity planning with full configuration and monitoring
• Campus LAN visualization and L2 QoS monitoring
32. • Report application information
provided by NBAR2
• Report the Application Response
Time (ART) metrics provided by
Performance Agent
• Problem in the network (per-application
retransmission) How is Google cloud services
• Application efficiency (L7 throughput) performing in my network?
• Per-application latency
• Total connections
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 32
33. • Monitor Google Cloud Service
• Monitor L7 throughput per application
• L7 Volume/Transaction Time
• Client and Server Network Delay
• Number of TCP sessions per application
• Traffic Volume
• Retransmission count
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 33
34. © 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 34
35. App Visibility &
ISR G2 User Experience Report ISR G2
ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low
Reporting Tools
Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool
ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 35
36. •
Guarantee • Bandwidth action
Bandwidth
Limit Max • Police action
Bandwidth
Minimize Latency • Priority action
Change Flow • Set action, i.e. set dscp
Properties
Reduce Burst • Shape action
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 36
37. class-map match-all business-critical
match protocol citrix Application BW Priority
match access-group 101 Committed BW
(50% of the line)
Business Critical Committed 50% High
class-map match-any browsing Browsing 30% (=15% of the line) Normal
match protocol attribute category browsing
Excess BW Internal 60% (Out of Browsing)
(50% of the line)
class-map match-any internal-browsing Browsing
match protocol http url “*myserver.com*” Remaining 70% (=35% of the line) Normal
policy-map internal-browsing-policy
class internal-browsing
bandwidth remaining percent 60
policy-map my-network-policy
class business-critical
priority percent 50
Remaining:
class browsing Business-Critical: 70% of Excess
bandwidth remaining percent 30 High Priority BW
service-policy internal-browsing-policy 50% committed
Browsing: of line)
(=35%
Internal-Browsing: 30% of Excess BW
interface Serial0/0/0 60% of Browsing (=15% of the line)
service-policy output my-network-policy
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 37
38. policy-map my-network-policy
class business-critical
priority percent 50
class browsing
bandwidth remaining percent 30
service-policy internal-browsing-policy
Match on NBAR2
attribute,
category = browsing
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 38
39. Create policy
class-map match-all NBAR_P2P_Bittorrent
match protocol attribute p2p-technology p2p-tech-yes
policy-map MonitorUsingNbar_GI01_In
class NBAR_P2P_Bittorrent
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 39
40. Police Bittorrent
Bittorrent
class-map match-all NBAR_P2P_Bittorrent
match protocol attribute p2p-technology p2p-tech-yes
policy-map control-policy
class NBAR_P2P_Bittorrent
police 8000 conform-action transmit exceed-action drop
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 40
41. Cisco ISR G2 Cisco ASR1K
Your Network Is Your Network Probe
• Leverage the monitoring capabilities embedded in your WAN
platforms
Identify Applications in Today Network
• Deep Packet Inspection – NBAR and NBAR2
Proactively Monitoring Application Performance
• Application Response Time (ART) engine in Performance Agent
Granular Control of Application Performance
• Application-aware QoS
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 41
42. • Cisco Cloud Connected Solution
http://www.cisco.com/en/US/solutions/ns1015/ns1184/cloud_connected_solution.html
• Application Visibility and Control (AVC)
http://www.cisco.com/go/avc
• Cisco Prime Assurance
http://www.cisco.com/go/pam
• AVC Installation and Deployment Guide on ASR1K
http://www.cisco.com/en/US/products/ps11009/prod_troubleshooting_guides_list.html
• AVC Installation and Deployment Guide on ISR G2 using Performance Agent (Coming
Soon)
http://www.cisco.com/en/US/products/ps11671/index.html
• Performance Routing
http://www.cisco.com/go/pfr
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 42
44. IP Header TCP/UDP Header Data Payload
Source Dest Src Dst
ToS Protocol Sub-Port/Deep Inspection
IP Addr IP Addr Port Port
• Identifies applications
Statically assigned
Dynamically assigned during connection establishment
• Non-TCP and non-UDP IP protocols
• Heuristics Classification:
Data packet inspection for application traffic patterns
Header classification and data packet inspection
• Statefull inspection
Inspect bi-directional application traffic and maintain state
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 44
45. For Your
Reference
ip access-list extended all-traffic-acl policy-map type mace mace_global
permit ip any any class all-traffic
! flow monitor traffic-art-monitor
class-map match-any all-traffic !
match access-group name all-traffic-acl interface Serial0/0/0
! ip nbar protocol-discovery
flow exporter pa-export mace enable
destination 172.30.104.128
transport udp 9991
!
flow record type mace traffic-art-record
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
!
flow monitor type mace traffic-art-monitor
record traffic-art-record
exporter pa-export
!
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 45
46. For Your
Reference
Match on protocol (application) or pre-defined attributes
class-map match-any p2p-class
match protocol attribute application-group bittorrent-group
match protocol kazaa2
match protocol attribute sub-category p2p-networking
I want to exclude Viber and Skype from sub-category voice-video-chat-collaboration
class-map match-any excluded-apps
match protocol skype
match protocol viber
class-map match-all voice-video-chat-app
match protocol attribute sub-category voice-video-chat-collaboration
match not class-map excluded-apps
© 2012 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 46
51. Download Free Trial of LiveAction® 2.5
http://www.actionpacked.com/liveactiondownload
Watch a replay of this webinar:
http://www.actionpacked.com/ciscoavcwebinar
For More Information on ActionPacked! Networks Contact:
Steve Adams Keith Parsons
Sales Engineering & Solutions Delivery
+1-704-953-2269 mobile +1-205-514-9634 mobile
sadams@actionpacked.com kparsons@actionpacked.com
http://www.actionpacked.com
Editor's Notes Looking at the other side of the equation, cloud and virtualization completely changed the paradigm of where the application could be sitting. It was no longer tied to a specific server. It could move around or be in a public cloud. All of sudden you couldn’t rely on that application being exactly in the location you expected it to be. Mention about when it is available, and on whatAdvanced classification technique (multipacket engine, behavioral)IPv6 support nativelyTooling for protocol library management and 3rd party signature developmentOpen API for 3rd party Business Logic integration – OnePFoundation for application awareness across multiple Cisco solution (APM, Security)Common Protocol Library for NBAR2 across platforms, platform independent signatureYour existing policy/config using NBAR still continue to workProtocol pack Example is netflix, webex, and youtube share the same category voice-and-videoNetflix and youtube share the same sub-category streamingFilter by encryption, p2p protocol, or tunneling protocols FNF is opened standard. Cisco publishes the spec. Explain the difference between FNF and traditional netflowTraditional netflow has fixed fieldsWith FNF, we can choose the fields that we are interested in. The format of the flow record is communicated to the reporting toolReporting tool understands what is being sentFNF has what is called option templateExport non-traffic information such as interfaceList of VRFs, application ID to name mapping, list of interfaces FNF has two type of fields – keyed and non-keyed fields Challenge: Network admin is reactive because the lack of tool to proactively monitor network and application performanceWhen users call to complain about problem with the application, network admin starts troubleshooting the networkIn reality, problem may or may not be in the network. It will get worse when we start using cloud services which is off premiseWhat can we enable in the network to help the network admin better get the handle of network and application performance ART measurement is technology we brings from NAM which provides about 37 related latency metrics, in addition to typical netflow metrics such as byte count, packet count, DSCP, input/output interfacesIt can ask NBAR for the application information and populate the flow recordAnother great feature, PA does aggregation of metric inside the router. This will reduce the # of flow records. FNF normally uses 5-tuple, while PA is 4-tuple (no source port). Latency metrics can be used for troubleshoot network issue, or quantify the application performance Metrics collected by PA can be used to quantify user experienceCND and SND are calculated during 3-way handshakeRT is typically also driven by network latencyToo many retransmission indicated network problemsResponse Time => From the time you click a link, when does the page start loadingTransaction Time => how long to download an object?Application Delay => How long does the server take to process a request. The server farm may have some issue if AD is too high. These are metrics reported by IOS PA, i.e. other interesting one is # of retransmissionsRetransmissions = how congest the network is Show command to show the app ID <-> app Name mapping is ‘show flow exporter application table’. The output format will be something like X:Y, for example. The App ID is 4-byte field encoded as follow | 1-byte engine ID | 3-byte selector ID |In the output below, for example, IPSec has 13:9 which translates to 0x0D000009, when 0x0D = 13, and 0x000009 = 9Engine: cisco (CISCO_L7_GLOBAL, ID: 13)appID Name Description----- ---- -----------13:0 unclassified Unclassified traffic13:1 unknown Unknown application13:9 ipsecIPSec traffic13:12 cuseeme CU-SeeMe desktop video conference13:13 dhcp Dynamic Host Configuration Protocol13:21 kerberosKerberos13:26 netbiosnetbios13:32 pcanywhere Symantec pcANYWHERE PA config is called MACE (Measurement Aggregation and Corelation Engine)Config is very similar to perf-mon that it uses C3PL to define what to monitor, so we can selectively choose the subnet to monitor both traffic volume and ART, and then for the rest of the traffic, just monitor traffic volumeCurrently, if you want to export app id value, then NBAR has to be enabled. In 15.2(4)M or PI19, ‘collect application name’ will auto enable NBAR, the same way FNF works.You configure ‘mace enable’ which in turn attach two service policies in in and out directions. Multi-step analysis and verification using QoS, NetFlow, Routing and IPSLA provides a “best-practice” approach incorporated with a patented expert graphical interface.Interactive QoS Visualization, Configuration, Monitoring and ValidationExpert, rules-based QoS proactively identifies and corrects problemsEliminates need to use error-prone Command Line Interface Integrated NetFlow and IP SLA functionality for “through-the-network” flow visualization, response testing, and performance verification Real-time Monitoring and Alerting on policy issuesUnique “Event Playback” forensic visualizations Comprehensive Reporting Explain how we want to carve out the pipe for various applicationsThis example shows percentage, but absolute is also supportedWe want to guarantee 50% to business critical trafficWhatever is leftover, guarantee 30% to web browsingWithin the leftover 30%, 60% is guaranteed for intranet Access to all available QoS actions are supported Access to all available QoS actions are supported