ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

WELCOME!
Thank You for Attending
Cisco Application Visibility and Control Webinar

Our Session Will Begin Shortly

ActionPacked! Webinar Series

Cisco Application Visibility and Control

About our Presenter

Kangwarn Chinthammit
Double CCIE #11715
(Routing & Switching, Security)
Cisco Technical Marketing Engineer

Agenda

• Introduction
• Application Visibility and Control Presentation
• Questions and Answers

*A recording of this session will be posted on www.actionpacked.com

Kangwarn Chinthammit – CCIE #11715
Technical Marketing Engineer

Cisco Systems

July 2012

© 2010 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 5

Drastic Change in Application Type, Delivery, and Consumption

Public/Hybrid
Cloud
SaaS/IaaS Storage

Users/
Machines THE Private
Cloud
Proliferation
NETWORK
VDI | IaaS
of Devices

Database

60% of IT professional cites performance as key
challenge for cloud

© 2012 Cisco and/or its affiliates. All rights reserved.
How Application are Consumed
How applications are Delivered
Type of applications All specifications subject to change without notice 6

Application complexity Cloud and Virtualization Multiple entities
increases centralize application involved in delivering
delivery applications

Identify growing applications Understand application Problem isolation to minimize
using more than just port performance from end users downtime and business
number perspective impact


App Visibility &
ISR G2 User Experience Report ISR G2

ASR1K
ISR G2 App BW Transaction …
ASR1K
Time
ASR1K
SAP 3M 150 ms … High
Sharepoint 10M 500 ms …
Med
NFv9/IPFIX
Low

Reporting Tools

Application Reporting Tool
Perf. Collection & Management
Control
Recognition Exporting Tool

ISR G2 & ASR Advanced reporting Use QoS or PfR to
Identify applications collect application tool aggregates control application
using L3 to L7 performance and reports network usage to
information metrics, and export application improve application
to management tool performance performance

App Visibility &

ASR1K
ASR1K
Time
ASR1K
Med
NFv9/IPFIX
Low

Reporting Tools

Control


What about these?
HTTP 80

FTP
Are these 20/21
applications?
POP3 110

IMAP 143
Or just ports?
HTTPS 443

SMTP 25


ISR G2: 15.2(2)T1
ASR1K: 3.4S

SCE Classification
+1000 Signatures Innovations
IOS NBAR Advanced Classification
Techniques Native IPv6
+150 Signatures Classification
Open API

NBAR2

• New DPI engine provides Advanced Application Classification and Field Extraction
Capabilities from SCE
• Protocol Pack allows adding more applications without upgrading or reloading IOS

• NBAR2 Protocol List -
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html


1. Discover applications going across interfaces
ip nbar protocol-discovery CLI

2. Match applications or groups of applications in QoS class-map to take
action, i.e. shape, police, remark
match protocol CLI in QoS class-map

3. With Flexible Netflow (FNF) or other performance reporting features to
report application name
match or collect application name CLI


 Simplify application management
 Grouping of Apps based on various characteristics/properties
 Pre-defined attributes can be used for reporting and QoS (match
protocol)
Category, sub-category, application-group, p2p, tunnel, encrypted

• Attribute based selection enables
matching multiple applications of the
same type
WAN1
(IP-VPN)

‘file-sharing’ includes FTP, CIFS,
Bittorrent, Winmx, etc.

HQ WAN2
(IPVPN, DMVPN)

class-map my-class
match protocol attribute category file-sharing


App Visibility &

ASR1K
ASR1K
Time
ASR1K
Med
NFv9/IPFIX
Low

Reporting Tools

Control


• Integrated performance monitoring available for different type of applications and use
cases
New
Advanced Voice and Video Performance Critical Applications Performance
Monitoring (Media Monitoring) (Performance Agent)
30% of traffic is 40% of traffic is
voice and video critical applications
What applications, how much bandwidth, flow direction?
Basic Monitoring
(Flexible Netflow and NBAR/NBAR2)

HTTP HTTP


• Evolution from Traditional Netflow (TNF)
• Feature to collect and export network information and statistics
Backward compatible with TNF records
Flexibility in defining fields and flow record format
Utilize Netflow Version 9 Format which is extensible
UDP-based transport

• Consist of data collection (flow monitor) and data export (flow export)
• Flow export format can be Netflow version 9 (RFC 3954) or IPFIX (RFC 5101)
• Is required to collect application info from NBAR/NBAR2
• TNF to FNF migration guide -
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_
c11-545581.html


Link Layer
MAC
Header Flexible NetFlow
ToS
IP Header Protocol  Monitors data from layer 2 thru 7
Source
IP Address  Determines applications by
Destination combination of port and payload
IP Address NetFlow
TCP/UDP Source  Flow information who,
Header Port what, when, where
Destination
Port  Flexible NetFlow allows your own
select of key fields
Data Packet Deep Packet
(Payload)
Inspection FNF +
NBAR2


2 1 2 1
• Key fields are unique per record

Key Fields Packet 1
Match statement in the CLI Key Fields Packet 2
Source IP 1.1.1.1 • Non-key fields are attributes or Source IP 3.3.3.3
Destination IP 2.2.2.2 characteristics of a packet Destination IP 4.4.4.4
Destination port 80 Collect statement in the CLI Destination port 443
Layer 3 Protocol TCP - 6 Layer 3 Protocol TCP - 6
• If packet key fields are unique, new
TOS Byte 0 TOS Byte 0
entry is created
Non-key Fields Packet 1 Non-key Fields Packet 2
Length 1250 • Otherwise, update the non-key fields, Length 519
i.e. packet count
Key fields Non-key fields Netflow Cache After Packet 2
Netflow Cache After Packet 1 1
Before Packet
Source IP Dest. IP Dest Prt Protocol TOS … Bytes
Source IP Dest. IP Dest Prt Protocol TOS … Bytes 3.3.3.3 4.4.4.4 443 6 0 … 519
1.1.1.1 2.2.2.2 80 6 0 … 10000
11250 1.1.1.1 2.2.2.2 80 6 0 … 11250


flow exporter insight
destination 10.35.89.59
source GigabitEthernet0/0/1
transport udp 2055
option interface-table timeout 3600
option sampler-table timeout 3600
option application-table timeout 3600
• Use for exporting non-traffic
related information to netflow router#show flow exporter insight templates
Flow Exporter insight:
collector or reporting tools. Client: Option options interface-table
Exporter Format: NetFlow Version 9
Template ID : 256
Source ID : 6
Record Size : 104
Template layout
---------------------------------------------------
| Field | Type | Offset | Size |
---------------------------------------------------
| v9-scope system | 1 | 0 | 4 |
| interface input snmp | 10 | 4 | 4 |
| interface name | 82 | 8 | 32 |
| interface description | 83 | 40 | 64 |
---------------------------------------------------


For Your
Reference

1. Configure the Exporter
Router(config)# flow exportersent?
Where do I want my data my-exporter
Router(config-flow-exporter)# destination 1.1.1.1

2. Configure the Flow Record
What data do I want to meter?
Router(config)# flow record my-record
Router(config-flow-record)# match ipv4 destination address
Router(config-flow-record)# match ipv4 source address
Router(config-flow-record)# collect counter bytes

3. Configure the Flow Monitor
Router(config)# flow monitor my-monitor
How do I want to cache information
Router(config-flow-monitor)# exporter my-exporter
Router(config-flow-monitor)# record my-record

4. Apply to an Interface
Router(config)# interface want to monitor?
Which interface do I s3/0
Router(config-if)# ip flow monitor my-monitor input


Check out this webinar
Cisco Media Monitoring
http://actionpacked.com/cisco-medianet

For more information
Cisco Media Monitoring @ Cisco Website
http://www.cisco.com/en/US/solutions/ns340/
ns857/ns156/ns1094/media_monitoring.html


What the users see What network admins see What can happen
Increased
Your network is Latency
so slow I cannot
get any work WAN
done today
ping?
Problem
I do not see
anything show ip route? Application
wrong traceroute? Problem
End Users show interface?
Server
Problem
User
Problem
Network
Admin


ISR G2: 15.2(4) M
ASR1K: Future

How do I
ensure
my SLA
My email
is slow!
IOS PA is met

My query
WAN
is taking
long time!

NFv9
Branch Data Center Collector or
Netflow
Mangement Tool

Key Features Benefits
Application Response Time (ART) Measurement Visibility into application usage and performance
Interact with NBAR2 Quantify user experience
Standard NFv9 export Troubleshoot application performance
Application Usage (BW, Top N) Track service levels for application delivery
Metric aggregation reduces number of flow
records across WAN

Request Application Servers
Clients Client IOS Server
Network PA Network

Client Network Server Network Application
Response
Delay (CND) Delay (SND) Delay (AD)

Network Delay (ND)

Total Delay

• Separate application delivery path into multiple segments
• Server Network Delay (SND) approximates WAN Delay
• Latency per application

For Your
Reference

IOS PA
Client Server Quantify User
SYN
SND
SYN-ACK
Experience
CND
• Response Time (RT)
ACK
Request 1 t(First response pkt) – t(Last request pkt)
ACK
Request
Quantify User
Request 1 (Cont)
RT Experience
• Transaction Time (TT)
TT DATA 1
DATA
DATA
2
3
t(Last response pkt) – t(First request pkt)
ACK 3 X
DATA 4
X DATA 5
• Network Delay (ND)
DATA 3
Identify
Response
DATA 4
ND = CND + SND Server
Retransmission
Performance
ACK 6 • Application Delay (AD) Issue
DATA 6
AD = RT – SND
Request 2


For Your
Reference
Netflow Metrics ART Metrics
• Application ID (from NBAR2) • CND - Client Network Delay (min/max/sum)
• Client/Server Bytes • SND – Server Network Delay (min/max/sum)
• Client/Server Packets • ND – Network Delay (min/max/sum)
• Source MAC Address • AD – Application Delay (min/max/sum)
• Input/Output Interface • Total Response Time (min/max/sum)
• IP DSCP • Total Transaction Time (min/max/sum)
• Number of New Connections
WAAS Express Metrics • Number of Late Responses
• Input/Output Bytes • Number of Responses by Response Time
• WAAS Connection Mode (7-bucket histogram)
TFO, TFO/LZ, TFO/DRE, • Number of Retransmissions
TFO/LZ/DRE • Number of Transactions
• Input/Output DRE Bytes
• Client/Server Bytes
• Input/Output LZ Bytes
• Client/Server Packets


flow record type mace pa-record interface Serial0/0/0
collect application name ip nbar protocol-discovery
collect art all mace enable

https://cisco.webex.com Se0/0/0

(IP=192.168.100.100) IOS PA cisco.webex.com
(IP=66.114.168.178)

• „collect application name‟ exports application ID field to reporting tool
Without NBAR
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0 100
Flow
Record With NBAR
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0x0D00019E 100

Indicate this is
© 2012 Cisco and/or its affiliates. All rights reserved. webex application All specifications subject to change without notice 28

For Your
Reference
Collect application name flow exporter pa-export
provided by NBAR2 destination 172.30.104.128
transport udp 9991
Configuration Steps !
flow record type mace pa-record
collect application name
1. Configure flow exporter collect art all
collect (..)
2. Configure flow record type mace !
flow monitor type mace pa-monitor
record pa-record
3. Configure flow monitor type mace exporter pa-export
!
4. Configure class-map access-list 100 permit tcp any host
10.0.0.1 eq 80
class-map match-any pa-traffic
5. Configure policy-map type mace – policy must match access-group 100
be named mace_global !
policy-map type mace mace_global
class pa-traffic
6. Configure mace enable on interface flow monitor pa-monitor
!
interface Serial0/0/0
Optionally Enable NBAR2 to ip nbar protocol-discovery
identify applications mace enable


App Visibility &

ASR1K
ASR1K
Time
ASR1K
Med
NFv9/IPFIX
Low

Reporting Tools

Control


LiveAction: Visual Management of Cisco Networks

QoS Monitor QoS Configure IP SLA Flow LAN Routing

A “best practice” approach for QoS, NetFlow, LAN, Routing and IP SLA using a patented, expert graphical interface.

• QoS Monitoring and Configuration
• Visualize end-to-end flows, policies, routes and QoS performance
• Flexible NetFlow
• Application Response Time (ART) New!
• NBAR/NBAR2 New!
• Medianet Media Monitoring
• IP SLA capacity planning with full configuration and monitoring
• Campus LAN visualization and L2 QoS monitoring

• Report application information
provided by NBAR2
• Report the Application Response
Time (ART) metrics provided by
Performance Agent
• Problem in the network (per-application
retransmission) How is Google cloud services
• Application efficiency (L7 throughput) performing in my network?
• Per-application latency
• Total connections


• Monitor Google Cloud Service
• Monitor L7 throughput per application
• L7 Volume/Transaction Time
• Client and Server Network Delay
• Number of TCP sessions per application
• Traffic Volume
• Retransmission count


App Visibility &

ASR1K
ASR1K
Time
ASR1K
Med
NFv9/IPFIX
Low

Reporting Tools

Control


•

Guarantee • Bandwidth action
Bandwidth
Limit Max • Police action
Bandwidth
Minimize Latency • Priority action
Change Flow • Set action, i.e. set dscp
Properties
Reduce Burst • Shape action


class-map match-all business-critical
match protocol citrix Application BW Priority
match access-group 101 Committed BW
(50% of the line)
Business Critical Committed 50% High
class-map match-any browsing Browsing 30% (=15% of the line) Normal
match protocol attribute category browsing
Excess BW Internal 60% (Out of Browsing)
(50% of the line)
class-map match-any internal-browsing Browsing
match protocol http url “*myserver.com*” Remaining 70% (=35% of the line) Normal
policy-map internal-browsing-policy
class internal-browsing
bandwidth remaining percent 60

policy-map my-network-policy
class business-critical
priority percent 50
Remaining:
class browsing Business-Critical: 70% of Excess
bandwidth remaining percent 30 High Priority BW
service-policy internal-browsing-policy 50% committed
Browsing: of line)
(=35%
Internal-Browsing: 30% of Excess BW
interface Serial0/0/0 60% of Browsing (=15% of the line)
service-policy output my-network-policy


policy-map my-network-policy
class business-critical
priority percent 50

class browsing
bandwidth remaining percent 30
service-policy internal-browsing-policy

Match on NBAR2
attribute,
category = browsing


Create policy

class-map match-all NBAR_P2P_Bittorrent
match protocol attribute p2p-technology p2p-tech-yes
policy-map MonitorUsingNbar_GI01_In
class NBAR_P2P_Bittorrent


Police Bittorrent

Bittorrent

class-map match-all NBAR_P2P_Bittorrent
match protocol attribute p2p-technology p2p-tech-yes
policy-map control-policy
class NBAR_P2P_Bittorrent
police 8000 conform-action transmit exceed-action drop


Cisco ISR G2 Cisco ASR1K

Your Network Is Your Network Probe
• Leverage the monitoring capabilities embedded in your WAN
platforms
Identify Applications in Today Network
• Deep Packet Inspection – NBAR and NBAR2

Proactively Monitoring Application Performance
• Application Response Time (ART) engine in Performance Agent

Granular Control of Application Performance
• Application-aware QoS


• Cisco Cloud Connected Solution
http://www.cisco.com/en/US/solutions/ns1015/ns1184/cloud_connected_solution.html
• Application Visibility and Control (AVC)
http://www.cisco.com/go/avc
• Cisco Prime Assurance
http://www.cisco.com/go/pam
• AVC Installation and Deployment Guide on ASR1K
http://www.cisco.com/en/US/products/ps11009/prod_troubleshooting_guides_list.html
• AVC Installation and Deployment Guide on ISR G2 using Performance Agent (Coming
Soon)
http://www.cisco.com/en/US/products/ps11671/index.html
• Performance Routing
http://www.cisco.com/go/pfr


IP Header TCP/UDP Header Data Payload

Source Dest Src Dst
ToS Protocol Sub-Port/Deep Inspection
IP Addr IP Addr Port Port

• Identifies applications
Statically assigned
Dynamically assigned during connection establishment
• Non-TCP and non-UDP IP protocols
• Heuristics Classification:
Data packet inspection for application traffic patterns
Header classification and data packet inspection
• Statefull inspection
Inspect bi-directional application traffic and maintain state


For Your
Reference
ip access-list extended all-traffic-acl policy-map type mace mace_global
permit ip any any class all-traffic
! flow monitor traffic-art-monitor
class-map match-any all-traffic !
match access-group name all-traffic-acl interface Serial0/0/0
! ip nbar protocol-discovery
flow exporter pa-export mace enable
destination 172.30.104.128
transport udp 9991
!
flow record type mace traffic-art-record
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
!
flow monitor type mace traffic-art-monitor
record traffic-art-record
exporter pa-export
!


For Your
Reference

 Match on protocol (application) or pre-defined attributes

class-map match-any p2p-class
match protocol attribute application-group bittorrent-group
match protocol kazaa2
match protocol attribute sub-category p2p-networking

 I want to exclude Viber and Skype from sub-category voice-video-chat-collaboration

class-map match-any excluded-apps
match protocol skype
match protocol viber
class-map match-all voice-video-chat-app
match protocol attribute sub-category voice-video-chat-collaboration
match not class-map excluded-apps


Question:
Do we need a router reload for recognizing new
applications?

Question:
If I’m using AVC, do I still need to use the Medianet
functionality?

Question:
How do I control the applications discovered with AVC?

Download Free Trial of LiveAction® 2.5
http://www.actionpacked.com/liveactiondownload

Watch a replay of this webinar:
http://www.actionpacked.com/ciscoavcwebinar

For More Information on ActionPacked! Networks Contact:
Steve Adams Keith Parsons
Sales Engineering & Solutions Delivery
+1-704-953-2269 mobile +1-205-514-9634 mobile
sadams@actionpacked.com kparsons@actionpacked.com
http://www.actionpacked.com

ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

Similar to ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar (20)

Recently uploaded

Recently uploaded (20)

ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

Editor's Notes