ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

WELCOME!

Thank You for Attending

Cisco Application Visibility and Control Webinar

Our Session Will Begin Shortly

ActionPacked! Webinar Series

Cisco Application Visibility and Control

About our Presenter

Kangwarn ChinthammitDouble CCIE #11715 (Routing & Switching, Security)Cisco Technical Marketing Engineer

Agenda

• Introduction• Application Visibility and Control Presentation• Questions and Answers

*A recording of this session will be posted on www.actionpacked.com

© 2010 Cisco and/or its affiliates. All rights reserved. All specifications subject to change without notice 5

Kangwarn Chinthammit – CCIE #11715Technical Marketing Engineer

Cisco Systems

Application Visibility and Control (AVC)

July 2012


Proliferationof Devices

Users/Machines

VDI | IaaS

Private Cloud

Public/Hybrid Cloud

SaaS/IaaS

NETWORKTHE

Storage

Database

How Application are ConsumedHow applications are DeliveredType of applications

Business and IT are Changing Like Never BeforeDrastic Change in Application Type, Delivery, and Consumption

60% of IT professional cites performance as key challenge for cloud


Network Needs To Evolve to Support These Transitions

Application complexityincreases

Identify growing applications using more than just port

number

Cloud and Virtualization centralize application

delivery

Understand application performance from end users

perspective

Multiple entities involved in delivering

applications

Problem isolation to minimize downtime and business

impact

http://www.ppcgeeks.com/wp-content/uploads/2010/04/apps.jpg




Use QoS or PfR to control application network usage to

improve application performance

ASR1K

ISR G2

Control

High

Med

Low

Advanced reporting tool aggregates

and reports application

performance

App Visibility & User Experience Report

Management Tool

ISR G2 & ASR collect application

performance metrics, and export to management tool

ASR1K

ISR G2

Reporting Tool Perf. Collection & Exporting

Reporting Tools

NFv9/IPFIX

App BW Transaction Time

…

SAP 3M 150 ms …

Sharepoint 10M 500 ms …

Identify applications using L3 to L7 information

ASR1K

ISR G2

ApplicationRecognition

What is Application Visibility and Control (AVC) Solution

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ












ASR1K

ISR G2

Control

High

Med

Low



performance


Management Tool



ASR1K

ISR G2


Reporting Tools

NFv9/IPFIX


…

SAP 3M 150 ms …



ASR1K

ISR G2


Application Recognition











What is An Application?

HTTP

FTP

SMTP

POP3

IMAP

HTTPS

Are these applications?

Or just ports?

80

20/21

25

110

143

443

What about these?


NBAR2

IOS NBAR+150 Signatures

SCE Classification+1000 Signatures

Advanced Classification Techniques

InnovationsNative IPv6

Classification

Open API

Next Generation NBAR (NBAR2)

• New DPI engine provides Advanced Application Classification and Field Extraction Capabilities from SCE

• Protocol Pack allows adding more applications without upgrading or reloading IOS

• NBAR2 Protocol List - http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

ISR G2: 15.2(2)T1ASR1K: 3.4S

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

http://images.google.fr/imgres?imgurl=http://www.clikphoto.com/2003/Customers/images/Siebel.Logo.JPG&imgrefurl=http://www.clikphoto.com/2003/Customers/links.html&usg=__dY-YhzjlqXwgaBUa3GI7LkIC8nE=&h=137&w=363&sz=4&hl=fr&start=1&sig2=jRZ_dNmSZXrDAJLEkmINsA&um=1&tbnid=q54bb4J2TD1_uM:&tbnh=46&tbnw=121&prev=/images?q=siebel+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=CeHBSv6xGdi7jAfDrYHfBQ


http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ

http://images.google.fr/imgres?imgurl=http://www.nowhereelse.fr/wp-content/docs/youtube-logo5.jpg&imgrefurl=http://www.nowhereelse.fr/youtube-live-video-streaming-12525/&usg=__MyBsEJIR3joE8gm-rBq5Wel1qGA=&h=428&w=570&sz=33&hl=fr&start=1&sig2=z2krQGjzyqJMHPDfVwLLvg&um=1&tbnid=RKDnixEb39ds5M:&tbnh=101&tbnw=134&prev=/images?q=video+streaming+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=0czJSp79EcSD4QaBkoTHAQ








Different Ways to Use NBAR

1. Discover applications going across interfacesip nbar protocol-discovery CLI

2. Match applications or groups of applications in QoS class-map to take action, i.e. shape, police, remark

match protocol CLI in QoS class-map

3. With Flexible Netflow (FNF) or other performance reporting features to report application name

match or collect application name CLI


NBAR2 Application Attributes

Simplify application management

Grouping of Apps based on various characteristics/properties

Pre-defined attributes can be used for reporting and QoS (match protocol)Category, sub-category, application-group, p2p, tunnel, encrypted


Simplify QoS Policies Using NBAR2 Attributes• Attribute based selection enables

matching multiple applications of the same type

WAN1(IP-VPN)

WAN2(IPVPN, DMVPN)

HQ

class-map my-class match protocol attribute category file-sharing

‘file-sharing’ includes FTP, CIFS, Bittorrent, Winmx, etc.




ASR1K

ISR G2

Control

High

Med

Low



performance


Management Tool



ASR1K

ISR G2


Reporting Tools

NFv9/IPFIX


…

SAP 3M 150 ms …



ASR1K

ISR G2


Performance Collection & Exporting











What applications, how much bandwidth, flow direction?(Flexible Netflow and NBAR/NBAR2)

Basic Monitoring

Performance Collection & Exporting – What is it?

• Integrated performance monitoring available for different type of applications and use cases

HTTP HTTP

Voice and Video Performance(Media Monitoring)

Advanced Monitoring

30% of traffic is voice and video

Critical Applications Performance(Performance Agent)

40% of traffic is critical applications

New


Flexible Netflow (FNF)

• Evolution from Traditional Netflow (TNF)

• Feature to collect and export network information and statisticsBackward compatible with TNF recordsFlexibility in defining fields and flow record formatUtilize Netflow Version 9 Format which is extensibleUDP-based transport

• Consist of data collection (flow monitor) and data export (flow export)

• Flow export format can be Netflow version 9 (RFC 3954) or IPFIX (RFC 5101)

• Is required to collect application info from NBAR/NBAR2

• TNF to FNF migration guide - http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html




FNF +NBAR2

MAC

Source IP Address

SourcePortDestinationPort

Gaining Full Visibility with Flexible Netflow

Flexible NetFlow Monitors data from layer 2 thru 7

Determines applications by combination of port and payload

Flow information who, what, when, where

Flexible NetFlow allows your own select of key fields

Protocol

Link Layer Header

Deep Packet (Payload) Inspection

ToS

NetFlowDestination IP Address

IP Header

TCP/UDP Header

Data Packet


Flexible Netflow Key Fields Vs. Non-key Fields

• Key fields are unique per record

Match statement in the CLI

• Non-key fields are attributes or characteristics of a packet

Collect statement in the CLI

• If packet key fields are unique, new entry is created

• Otherwise, update the non-key fields, i.e. packet count

Key Fields Packet 1

Source IP 1.1.1.1

Destination IP 2.2.2.2

Destination port 80

Layer 3 Protocol TCP - 6

TOS Byte 0

Non-key Fields Packet 1

Length 1250

12 12

Key Fields Packet 2

Source IP 3.3.3.3

Destination IP 4.4.4.4

Destination port 443

Layer 3 Protocol TCP - 6

TOS Byte 0

Non-key Fields Packet 2

Length 519

Source IP Dest. IP Dest Prt Protocol TOS … Bytes

1.1.1.1 2.2.2.2 80 6 0 …

Source IP Dest. IP Dest Prt Protocol TOS … Bytes

3.3.3.3 4.4.4.4 443 6 0 … 519

1.1.1.1 2.2.2.2 80 6 0 … 11250

Netflow Cache Before Packet 1Netflow Cache After Packet 2Key fields Non-key fields

1000011250

Netflow Cache After Packet 1


FNF Option Template

• Use for exporting non-traffic related information to netflow collector or reporting tools.

flow exporter insight destination 10.35.89.59 source GigabitEthernet0/0/1 transport udp 2055 option interface-table timeout 3600 option sampler-table timeout 3600 option application-table timeout 3600

router#show flow exporter insight templatesFlow Exporter insight: Client: Option options interface-table Exporter Format: NetFlow Version 9 Template ID : 256 Source ID : 6 Record Size : 104 Template layout --------------------------------------------------- | Field | Type | Offset | Size | --------------------------------------------------- | v9-scope system | 1 | 0 | 4 | | interface input snmp | 10 | 4 | 4 | | interface name | 82 | 8 | 32 | | interface description | 83 | 40 | 64 | ---------------------------------------------------


What data do I want to meter?Router(config)# flow record my-record Router(config-flow-record)# match ipv4 destination addressRouter(config-flow-record)# match ipv4 source addressRouter(config-flow-record)# collect counter bytes

Which interface do I want to monitor?

Where do I want my data sent?Router(config)# flow exporter my-exporterRouter(config-flow-exporter)# destination 1.1.1.1

How do I want to cache informationRouter(config)# flow monitor my-monitorRouter(config-flow-monitor)# exporter my-exporterRouter(config-flow-monitor)# record my-record

Router(config)# interface s3/0Router(config-if)# ip flow monitor my-monitor input

1. Configure the Exporter

2. Configure the Flow Record

3. Configure the Flow Monitor

4. Apply to an Interface

Flexible NetFlow (FNF) ConfigurationFor YourReference


Monitor Voice and Video Performance

Check out this webinarCisco Media Monitoring

http://actionpacked.com/cisco-medianet

For more informationCisco Media Monitoring @ Cisco Website

http://www.cisco.com/en/US/solutions/ns340/ns857/ns156/ns1094/media_monitoring.html







Why Should I Care About Application Performance?

Increased

Latency

WAN

Problem

Application Problem

Server

Problem

User

Problem

Your network is so slow I cannot

get any work done today

I do not see anything wrong

End Users

Network Admin

What the users see What network admins see What can happen

ping?show ip route?

traceroute?show interface?


Monitor Application Performance with Performance Agent

Key FeaturesApplication Response Time (ART) Measurement

Interact with NBAR2

Standard NFv9 export

Application Usage (BW, Top N)

Metric aggregation reduces number of flow records across WAN

BenefitsVisibility into application usage and performance

Quantify user experience

Troubleshoot application performance

Track service levels for application delivery

My query is taking

long time!

My email is slow!

Branch Data Center

How do I ensure my SLA is met

Netflow Collector or Mangement Tool

WAN

NFv9

ISR G2: 15.2(4) MASR1K: Future

IOS PA

http://images.google.com/imgres?imgurl=http://www.mobiletown.com/images/index.php1.gif&imgrefurl=http://www.mobiletown.com/whatisit_us.php&h=132&w=137&sz=4&hl=en&start=3&um=1&tbnid=G6PNLs4aF7kOLM:&tbnh=90&tbnw=93&prev=/images?q=microsoft+exchange+logo&um=1&hl=en&sa=X


Application Delivery Path Network Segment Breakdown

• Separate application delivery path into multiple segments

• Server Network Delay (SND) approximates WAN Delay

• Latency per application

Application Servers

Total Delay

ClientNetwork

Clients

Client Network Delay (CND)

ApplicationDelay (AD)

Network Delay (ND)

IOS PA

ServerNetwork

Request

ResponseServer Network

Delay (SND)


Understand IOS PA Metrics Calculation

Server

• Response Time (RT)

t(First response pkt) – t(Last request pkt)

• Transaction Time (TT)

t(Last response pkt) – t(First request pkt)

• Network Delay (ND)

ND = CND + SND

• Application Delay (AD)

AD = RT – SND

Response

Quantify User Experience

Identify Server

Performance Issue

TT

ClientIOS PA

X

SYN

SYN-ACK

ACK 6

Request 1ACK

DATA 4

DATA 3

DATA 5DATA 3

Request 1 (Cont)

X

DATA 4

DATA 1

Request 2

DATA 6

DATA 2

ACK 3

ACK

SNDCND

Request

Retransmission

RT

Quantify User Experience

For YourReference


List of Metrics reported by IOS PA

Netflow Metrics• Application ID (from NBAR2)• Client/Server Bytes• Client/Server Packets• Source MAC Address• Input/Output Interface• IP DSCP

ART Metrics• CND - Client Network Delay (min/max/sum)• SND – Server Network Delay (min/max/sum)• ND – Network Delay (min/max/sum)• AD – Application Delay (min/max/sum) • Total Response Time (min/max/sum)• Total Transaction Time (min/max/sum)• Number of New Connections• Number of Late Responses• Number of Responses by Response Time

(7-bucket histogram)• Number of Retransmissions• Number of Transactions• Client/Server Bytes• Client/Server Packets

WAAS Express Metrics• Input/Output Bytes• WAAS Connection Mode

TFO, TFO/LZ, TFO/DRE, TFO/LZ/DRE

• Input/Output DRE Bytes• Input/Output LZ Bytes

For YourReference


Performance Agent & NBAR Interaction

• ‘collect application name’ exports application ID field to reporting tool

flow record type mace pa-record collect application name collect art all

interface Serial0/0/0 ip nbar protocol-discovery mace enable

Src IP Dst IP Dst Port App ID Resp Time …

192.168.100.100 66.114.168.178 443 0 100

cisco.webex.com(IP=66.114.168.178)

https://cisco.webex.com

IOS PA

Se0/0/0

(IP=192.168.100.100)

Src IP Dst IP Dst Port App ID Resp Time …

192.168.100.100 66.114.168.178 443 0x0D00019E 100

Without NBAR

With NBAR

Indicate this is webex application

FlowRecord


IOS PA Deployment with NBAR2flow exporter pa-export destination 172.30.104.128 transport udp 9991!flow record type mace pa-record collect application name collect art all collect (..)!flow monitor type mace pa-monitor record pa-record exporter pa-export!access-list 100 permit tcp any host 10.0.0.1 eq 80

class-map match-any pa-traffic match access-group 100!policy-map type mace mace_global class pa-traffic flow monitor pa-monitor!interface Serial0/0/0 ip nbar protocol-discovery mace enable

Configuration Steps

1. Configure flow exporter

2. Configure flow record type mace

3. Configure flow monitor type mace

4. Configure class-map

5. Configure policy-map type mace – policy must be named mace_global

6. Configure mace enable on interface

Optionally Enable NBAR2 to identify applications

Collect application name provided by NBAR2

For YourReference




ASR1K

ISR G2

Control

High

Med

Low



performance


Management Tool



ASR1K

ISR G2


Reporting Tools

NFv9/IPFIX


…

SAP 3M 150 ms …



ASR1K

ISR G2


Management Tool










LiveAction: Visual Management of Cisco Networks

A “best practice” approach for QoS, NetFlow, LAN, Routing and IP SLA using a patented, expert graphical interface.

QoS Monitor QoS Configure IP SLA Flow LAN Routing

• QoS Monitoring and Configuration• Visualize end-to-end flows, policies, routes and QoS performance• Flexible NetFlow • Application Response Time (ART)• NBAR/NBAR2• Medianet Media Monitoring• IP SLA capacity planning with full configuration and monitoring• Campus LAN visualization and L2 QoS monitoring

New!New!


Using LiveAction to Monitor Application Performance

• Report application information provided by NBAR2

• Report the Application Response Time (ART) metrics provided by Performance Agent

• Problem in the network (per-application retransmission)

• Application efficiency (L7 throughput)

• Per-application latency

• Total connections

How is Google cloud services performing in my network?


Monitor Application Performance Over Time

• Monitor Google Cloud Service

• Monitor L7 throughput per application

• L7 Volume/Transaction Time

• Client and Server Network Delay

• Number of TCP sessions per application

• Traffic Volume

• Retransmission count


End-to-end Application Performance Visualization




ASR1K

ISR G2

Control

High

Med

Low



performance


Management Tool



ASR1K

ISR G2


Reporting Tools

NFv9/IPFIX


…

SAP 3M 150 ms …



ASR1K

ISR G2


Control











The Role of QoS for Control

Guarantee Bandwidth

• Bandwidth action

Limit Max Bandwidth

• Police action

Minimize Latency • Priority action

Change Flow Properties

• Set action, i.e. set dscp

Reduce Burst • Shape action


class-map match-all business-criticalmatch protocol citrixmatch access-group 101

class-map match-any browsingmatch protocol attribute category browsing

class-map match-any internal-browsing

match protocol http url “*myserver.com*” policy-map internal-browsing-policy

class internal-browsingbandwidth remaining percent 60

policy-map my-network-policyclass business-critical

priority percent 50

class browsingbandwidth remaining percent 30service-policy internal-browsing-policy

interface Serial0/0/0service-policy output my-network-policy

Application BW Priority

Business Critical Committed 50% High

Browsing 30% (=15% of the line) Normal

Internal Browsing

60% (Out of Browsing)

Remaining 70% (=35% of the line) Normal

Application-aware QoS Example

Internal-Browsing: 60% of Browsing

Browsing:30% of Excess BW(=15% of the line)

Remaining:70% of Excess BW(=35% of line)

Business-Critical:High Priority50% committed

Committed BW (50% of the line)

Excess BW (50% of the line)


Application Aware QoS with LiveActionpolicy-map my-network-policy

class business-criticalpriority percent 50

class browsing

bandwidth remaining percent 30service-policy internal-browsing-

policy

Match on NBAR2 attribute, category = browsing


Example: Stop P2P Applications

class-map match-all NBAR_P2P_Bittorrent match protocol attribute p2p-technology p2p-tech-yespolicy-map MonitorUsingNbar_GI01_In class NBAR_P2P_Bittorrent

Create policy


Example: Stop P2P Applications (Cont.)

class-map match-all NBAR_P2P_Bittorrent match protocol attribute p2p-technology p2p-tech-yespolicy-map control-policy class NBAR_P2P_Bittorrent police 8000 conform-action transmit exceed-action drop

Bittorrent

Police Bittorrent


Key Takeaways

Your Network Is Your Network Probe

• Leverage the monitoring capabilities embedded in your WAN platforms

Identify Applications in Today Network

• Deep Packet Inspection – NBAR and NBAR2

Proactively Monitoring Application Performance

• Application Response Time (ART) engine in Performance Agent

Granular Control of Application Performance

• Application-aware QoS

Cisco ISR G2 Cisco ASR1K


Resources

• Cisco Cloud Connected Solutionhttp://www.cisco.com/en/US/solutions/ns1015/ns1184/cloud_connected_solution.html

• Application Visibility and Control (AVC)http://www.cisco.com/go/avc

• Cisco Prime Assurancehttp://www.cisco.com/go/pam

• AVC Installation and Deployment Guide on ASR1Khttp://www.cisco.com/en/US/products/ps11009/prod_troubleshooting_guides_list.html

• AVC Installation and Deployment Guide on ISR G2 using Performance Agent (Coming Soon)

http://www.cisco.com/en/US/products/ps11671/index.html

• Performance Routinghttp://www.cisco.com/go/pfr

http://www.cisco.com/en/US/solutions/ns1015/ns1184/cloud_connected_solution.html

http://www.cisco.com/go/avc

http://www.cisco.com/go/pam

http://www.cisco.com/en/US/products/ps11009/prod_troubleshooting_guides_list.html

http://www.cisco.com/en/US/products/ps11671/index.html

http://www.cisco.com/go/pfr


NBAR/NBAR2 – How It Works?

• Identifies applicationsStatically assigned

Dynamically assigned during connection establishment

• Non-TCP and non-UDP IP protocols

• Heuristics Classification:Data packet inspection for application traffic patterns

Header classification and data packet inspection

• Statefull inspectionInspect bi-directional application traffic and maintain state

ToS SourceIP Addr

DestIP Addr

IP Header TCP/UDP Header

SrcPort

Data Payload

Sub-Port/Deep InspectionDstPortProtocol


IOS PA for Visibility and Performance ip access-list extended all-traffic-acl permit ip any any!class-map match-any all-traffic match access-group name all-traffic-acl!flow exporter pa-export destination 172.30.104.128 transport udp 9991!flow record type mace traffic-art-record collect datalink mac source address input collect ipv4 dscp collect interface input collect interface output collect application name collect counter client bytes collect counter server bytes collect counter client packets collect counter server packets collect art all!flow monitor type mace traffic-art-monitor record traffic-art-record exporter pa-export!

policy-map type mace mace_global class all-traffic flow monitor traffic-art-monitor!interface Serial0/0/0 ip nbar protocol-discovery mace enable

For YourReference


How to use NBAR2 Attributes in QoS Class-map

Match on protocol (application) or pre-defined attributes

class-map match-any p2p-class match protocol attribute application-group bittorrent-group match protocol kazaa2 match protocol attribute sub-category p2p-networking

I want to exclude Viber and Skype from sub-category voice-video-chat-collaboration

class-map match-any excluded-apps

match protocol skype

match protocol viber

class-map match-all voice-video-chat-app

match protocol attribute sub-category voice-video-chat-collaboration

match not class-map excluded-apps

For YourReference

Questions and Answers

Question:Do we need a router reload for recognizing new

applications?

Question:If I’m using AVC, do I still need to use the Medianet

functionality?

Question:How do I control the applications discovered with AVC?

Steve AdamsSales+1-704-953-2269 [email protected]

Keith ParsonsEngineering & Solutions Delivery+1-205-514-9634 [email protected]

For More Information on ActionPacked! Networks Contact:

http://www.actionpacked.com

Download Free Trial of LiveAction® 2.5http://www.actionpacked.com/liveactiondownload

Watch a replay of this webinar:http://www.actionpacked.com/ciscoavcwebinar

THANK YOU!

ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar

Technology

Transcript of ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar