Local Edition
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Local Edition
Application Visibility and Control:What’s in Your Network?Bob Nusbaum
Senior Product Manager, Enterprise Networking Group
Cisco
<SESSION ID>
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Network Needs To Evolve
Application complexityincreases
“I know it’s HTTP – but what application is it?
Cloud and Virtualization centralize application
delivery
“From here it looks like it’s running just fine”
Multiple entities involved in delivering
applications
“It’s from an outside cloud! How do you expect me to
fix it?”
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Real-Life Example: The iOS 7 Storm
Source: An actual customer’s branch WANGraphs from Cisco Prime Infrastructure 2.0
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Application Experience(AVC and WAAS)
• “What’s in Your Network?”‒“What applications make up my traffic load?”‒“What are end users experiencing?”‒“Where is the slow-down?”‒“What traffic is slowing down my critical apps?”
• “What are You Going to DO About It?”‒“Prioritize important applications; control the others”‒“Choose a path based on current application performance”‒“Optimize traffic to reduce latency and bandwidth usage”
Introducing Cisco Application Visibility and Control (AVC)
The Next Stage in the Evolution of Your Network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
AVC Major Components
TrafficE
xp
ort
N
etF
low
NetFlow Collector / Mgmt App
Monitor by app
Apply policy
Business AnalyticsCrunch
Control
Con
trol
Classify
ProtocolPacks
Pro
toco
lD
efinitio
ns
What are the apps?
Basic TrafficART
Media
BandwidthRoute choice
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is An Application?
HTTP
FTP
SMTP
POP3
IMAP
HTTPS
Are these applications?
80
20/21
25
110
143
443
What about these?
Or just ports?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Based Application Recognition v2(NBAR2)
• Cisco standard protocol classification mechanism
• > 1400 protocols vs. ~150 with original NBAR
• Backwards compatible with original NBAR
• Upgrade protocols with no OS upgrade
• NBAR2 supported protocol list online at:‒ http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bullet
in_c25-627831.html
NBAR2
Integrated feature in IOS and IOS XE
>1000 Signatures
Advanced Classification Techniques
Deep Packet Inspection (DPI)
Native IPv6 ClassificationCustom application profiles
Supports >1,000 protocols and
sub-classification
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
NBAR2 Highlights
• More than 1000 applications support and growing
• Categorization to simplify application management
• In-service signature update through Protocol Pack
• Field Extraction – collect application specific information in addition to identify applications
• NBAR2 sub-classification features - Dynamic payload types, SSL sub classification, PCoIP sub classification etc.
NBAR1 NBAR20
200
400
600
800
1000
1200
Number of Applications Supported
Number of Applica-tions Supported
1000+
HTTP URI
HTTP Hostname Browser Type
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplify Application Management with NBAR2 Attributes
11
• NBAR2 attributes provide grouping of similar types of applications
• Use attributes to report on group of applications or to simplify QoS classification
• 6 pre-defined attributes per application (can be reassigned by users)
Category First level grouping of applications with similar functionalities
Sub-category Second level grouping of applications with similar functionalities
Application-group Grouping of applications based on brand or application suite
P2P-technology? Indicates application is peer-to-peer
Encrypted? Indicates application is encrypted
Tunneled? Indicates application uses tunneling technique
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR2 Application CategoriesPredefined and customizable to simplify config and reporting
NBAR2 Category NBAR2 Sub-category NBAR2 Application Group P2P Technology Encrypted Tunnelbrowsing authentication-services apple-talk-group skype-group n n n
business-and-productivity-tools backup-systems banyan-group smtp-group y y yemail client-server bittorrent-group snmp-group unassigned unassigned unassigned
file-sharing commercial-media-distribution corba-group sqlsvr-groupgaming control-and-signaling edonkey-emule-group stun-groupindustrial-protocols database fasttrack-group telepresence-groupinstant-messaging epayement flash-group tftp-groupinternet-privacy file-sharing fring-group vmware-grouplayer2-non-ip inter-process-rpc ftp-group vnc-grouplayer3-over-ip internet-privacy gnutella-group wap-grouplocation-based-services license-manager gtalk-group webex-group
net-admin naming-services icq-groupwindows-live-messanger-group
newsgroup network-management imap-group xns-xerox-group
obsolete network-protocol ipsec-group yahoo-messenger-groupother other irc-grouptrojan p2p-file-transfer kerberos-groupvoice-and-video p2p-networking ldap-group
remote-access-terminal netbios-grouprich-media-http-content nntp-grouprouting-protocol npmp-groupstorage otherstreaming p2p-file-transferterminal pop3-grouptunneling-protocols prm-group
voice-video-chat-collaboration skinny-group
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Define Your Own Application in NBAR2
Port• TCP or UDP• 16 static ports per
application• Range of ports (1000
maximum)
Payload• Search the first 255
bytes of TCP or UDP payload
• ASCII (16 characters)• Hex (4 bytes)• Decimal
(1-4294967295)• Variable (4 bytes Hex)
HTTP URL• URI regex• Host regex
ISR G2: 15.2(4)M2ASR1K: 3.8S
L3/4 Based Definition
Coming in XE 3.12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
ip nbar custom 001-payroll http host server1.example.com id 60001
ip nbar custom 002-doc http url doc host server2.example.com id 60002
ip nbar custom 003-soft http url software host server2.example.com id 60003
14
NBAR2 Custom Application Enhancement
Custom App Server URI BW Resp. Time
My Payroll server1.example.com - 2M 100ms
My Doc. Mgmt. server2.example.com /doc 1M 250ms
My Software Rep. server2.example.com /software 5M 30sec
• Custom application match on HTTP URL and/or Host
Custom Enterprise Application
server1.example.com
/doc – Documentation/software - Software
Cisco Prime Infrastructure
Cust
om A
pplic
ation
Defi
nitio
n &
Rep
ort
server2.example.com
• All the NBAR commands are under “ip nbar…” it is completely unrelated to the IP version.
• Custom application attribute value is set to ‘other’ and ‘unassigned’ by default
ISR G2: 15.2(4)M2ASR1K: 3.8S
Custom App Selector ID
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR2 Field Extraction SupportNot just what – but who and where?
URL?
Hostname?
Referrer?
User agent?
Sender?
Server?
Business Analytics
Cru
nch
NetFlow Collector / Mgmt App
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR2 Field ExtractionOverview
16
• Ability to look into specific applications for additional field information
• NBAR2 extracted fields from HTTP, RTP, PCOIP, etc… for QoS configuration
• HTTP Header Fields
• Eases classification of voice and video traffic‒ VoIP, streaming/real time video, audio/video conferencing, Fax over IP
‒ Distinguishes between RTP packets based on payload type and CODECS
• Some extracted fields within Flexible NetFlow and Unified Monitoring
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
NBAR2 Field ExtractionHTTP Example
GET /weather/getForecast?time=37&&zipCode=95035 HTTP/1.1Host: svcs.cnn.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveReferer: http://www.cnn.com/US/
www.cnn.com(IP=157.166.255.18)
http://www.cnn.com/US Se0/0/0
(IP=192.168.100.100)
Extracting information from HTTP message
collect application http url
collect application http host
collect application http user-agent
collect application http referer
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Sub ClassificationNBAR RTP Payload Type Classification
• Eases classification of voice and video traffic
‒ VoIP, streaming/real time video, audio/video conferencing, Fax over IP
• Distinguishes between RTP packets based on payload type and CODECS
• New in PP 7.0
‒ audio/video parameters will match not only if the PT is in the known static range of audio or video, but also if it’s in the dynamic range
• Future: audio/video granularity will be not a sub-classification but an actual protocol, so the report will show it well.
CODEC Payload Type
G.711 (Audio) 0 (mu-law) 8 (a-law)
G.721 (Audio) 2
G.722 (Audio) 9
G.723 (Audio) 4
G.728 (Audio) 15
G.729 (Audio) 18
H.261 (Video) 31
MPEG-1 (A/V)
MPEG-2 (A/V)14 (Audio), 32 (Video), 33 (A-V)
Dynamic 96–127
Router(config-cmap)# match protocol rtp ? audio match voice packets payload-type match an explicit PT (Payload Type) video match video packets
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
What applications, how much bandwidth, flow direction?(Flexible Netflow and NBAR / NBAR2)
Basic Monitoring
Integrated Performance Collection & Exporting
HTTP HTTP
Voice and Video PerformanceAdvanced Monitoring
30% of traffic is voice and video
Transactional Application Performance
40% of traffic is critical applications
Simpler for configuration, collection, analysis, and troubleshooting
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
More Metrics with Flexible Netflow
Bytes, Packets, Routing Info (L3 to L4) Flexible NetFlow
Performance Metrics
(e.g. media, transactional)
Network Metrics(e.g. QoS)
Derived Metrics(e.g. URL Hit
count)
Other Metrics(e.g. PfR)
Unified Monitoring
Network latency
Response Time
Jitter
Retransmission
QoS policy/class-map
Netflow to FNF Migration Guide: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html
Application ID (L3 to L7)Flexible
NetFlow + NBAR
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Foundation: Exporting ProcessNetFlow v9 and IPFIX
Flow record
Flow record
Flow record
Flow record
Describe flow format A
Describe flow format B
Flow record A
Flow record A
Flow record B
Expo
rter
Colle
ctor
Expo
rter
Colle
ctor
• Fixed number of fields (18 fields)
e.g. source/destination IP & port, input/output interfaces, packet/byte count, ToS
NetFlow Version 5 NetFlow v9 / IPFIX
• Users define flow record format
• Flow format is communicated to collector
Flexible & Extensible Flow Export Format Static Flow Export Format
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Foundation: Exporting ProcessAvailable Option Templates
Option Template Definition
application-table NBAR Application ID to name mapping
application-attributes Application attributes definition per application
c3pl-class-table QoS class-map ID to name mapping
c3pl-policy-table QoS policy-map ID to name mapping
exporter-stats Exporter Statistics Option
interface-table Interface SNMP ifIndex to name mapping
Sampler-table Export Sampler Option
sub-application-table NBAR Sub-application ID to name mapping
vrf-table VRF ID to name mapping
queue-id (hidden) Queue index and queue drop information
Note: Check the IOS release for exact support
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
1. Traffic Statistics: Application Usage
ASR
HQ
ISR ISR ISRISR
Reporting Tool
ASR
Key Features Feature to collect and export network information
and statistics Flexibility in defining fields and flow record format NBAR2 Integration
Examines data from Layers 3 thru 7 Utilizes Layers 3 and 4 plus packet inspection for
classification Stateful inspection of dynamic-port traffic
IOS: FNF, PA or MMA IOS-XE: FNF or MMA Export: NFv9 or IPFIX
Benefits Visibility into application usage Monitors data in Layers 2 thru 7 Capacity Planning Top-N applications Top-N clients and servers
WAN1(IP-VPN)
WAN2(IPVPN, DMVPN)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
2. URL CollectionTop Domain, hit counts
Key Features Provide web browsing activity report Standard IPFIX export IOS: PA or MMA IOS-XE: MMA Utilize IPFIX Format which is extensible
Benefits Visibility into top domains Monitors data in Layers 2 thru 7 Most visited web site Most visited URL per site How many hits for a particular domain – extracted from
HTTP request message
http://www.cnn.com/UShttp://www.cnn.com/UShttp://www.cnn.com/WORLD
www.cnn.com www.facebook.comwww.youtube.com
http://www.youtube.com/ciscolivelondonhttp://www.youtube.com/olympic
http://www.facebook.com/farmvillehttp://www.facebook.com/farmvillehttp://www.facebook.com/farmvillehttp://www.facebook.com/cisco
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Example: URL Hit Count Report
Courtesy of LivingObjects
How many hits for a particular domain – extracted from HTTP request message
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
3. Application Response Time Measurement
ASR
HQ
ISR ISR ISRISR
Reporting Tool
PA
ASR
Key Features 27 Application Response Time (ART) Metrics Interact with NBAR2 for Application ID IOS: PA or MMA IOS-XE: MMA Export: NFv9 and IPFIX export
Benefits Visibility into application usage and performance Quantify user experience Troubleshoot application performance Track service levels for application delivery
PA PAPA
My email is
slow!
How do I ensure my SLA is met
Bran
ch D
elay
Net
wor
k D
elay
Dat
acen
ter D
elay
My query is taking long
time!
WAN1(IP-VPN)
WAN2(IPVPN, DMVPN)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Delivery Path Breakdown
• Separate application delivery path into multiple segments
• Server Network Delay (SND) approximates WAN Delay
• Latency per application
Application Servers
Total Delay
ClientNetwork
Clients
Client Network Delay (CND)
ApplicationDelay (AD)
Network Delay (ND)
IOSServer
Network
Request
ResponseServer Network
Delay (SND)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Application Response Time Measurement
Screenshots: courtesy LivingObjects
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Media Performance Metrics
ASR1kcollect routing vrf inputcollect interface inputcollect application namecollect ipv4 dscpcollect datalink source-vlan-idcollect connection initiatorcollect counter packetscollect counter bytes longcollect connection new-connectionscollect ipv4 ttlcollect transport rtp payload-typecollect transport rtp jitter mean sumcollect transport rtp jitter maximumcollect transport packets lost countercollect timestamp sys-uptime firstcollect timestamp sys-uptime last
match ipv4 protocolmatch ipv4 source addressmatch ipv4 destination addressmatch transport source-portmatch transport destination-portmatch transport rtp ssrcmatch routing vrf outputmatch interface output
Key Fields
Non-Key Fields
What are my key network metrics for each media application?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Sample AVC Monitoring PolicyEnterprise Voice & Video Match enterprise subnet Match RTP traffic
Enterprise TCP Apps Match datacenter subnet Match TCP
Enterprise Cloud Apps Match SFDC Match Office 365
Web Browsing Match HTTP
Rest of traffic Match any
Collect Media Performance
Collect Traffic Statistics
Collect ART Collect Traffic Statistics
Collect ART Collect Traffic Statistics
Collect URL Sample
Collect Traffic Statistics
Collect Traffic Statistics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
ezPM – Simplified Configuration for AVC Monitoring
33
• Equivalent to ~650 lines of configuration
• Records/Monitors/Class-maps/Policy-map pre-defined
! User defined ezPM contextperformance monitor context my-visibility profile application-experience exporter destination 10.10.10.10 source GigabitEthernet0/0/1 traffic-monitor all!! Attach the context to the interfaceinterface GigabitEthernet0/0/2 performance monitor context my-visibility!
IOS-XE: 3.10IOS 15.4(1)T
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
AVC Configuration via Prime Infrastructure
• Enable AVC features with just ON/OFF button
• With Cisco Prime Infrastructure 2.0
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
AVC ConfigurationPrime AVC One-Click
• Enable AVC in one click
‒ One device at a time
• Two simple steps
1. Select interface(s)
2. Enable
1
2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
AVC Control Options
• Guarantee bandwidth to protect critical applications from network congestion
• Provide low latency to delay sensitive applications
• Stop or limit unwanted applications from using WAN resources
Application Bandwidth Control
WAN LAN
• Application routing based-on real-time performance Information
• Intelligent load sharing provides resiliency and fully utilizes all available WAN resources
• Improve performance of voice, video, and critical applications
Application Path Selection
InternetNo SLA
WAN 1High SLA
WAN 2Med SLA
WAN LAN
HTTP
HTTP
QoS PfR
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
class-map match-any bittorrent match protocol attribute sub-category p2p-file-transfer match protocol bittorrent-networking match protocol dhtpolicy-map drop-bittorrent class bittorrent police 8000 conform-action drop exceed-action drop violate-action dropinterface GigabitEthernet0/0/0 service-policy input drop-bittorrent service-policy output drop-bittorrent
37
Example: Stop P2P Applications with AVC
After apply control policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Performance Optimization• Visualize application paths and problems with AVC & Medianet
• Alert on application performance with AVC
• QoS control using NBAR2 to optimize application performance
38
NBAR appls
© 2014 ActionPacked Networks, Inc. All Rights Reserved. Proprietary and Confidential.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
QoS Monitoring & Configuration
39
Once the Policy is applied to Police Interactive Video to 512 Kbps, LiveAction can monitor to see how policy has taken effect
Impact of QoS Policy
Visualize QoS Performance QoS Policy Editor
QoS Marking
Congestion Indicator(amber color)
• Visualize & Track: QoS Performance• Monitor & Alert: Voice/Video Quality• Control & Fix: Full MQC QoS• Verify & Validate: Audit, Templates
Application Performance Optimization• Visualize application paths and problems with AVC & Medianet• Alert on application performance with AVC• QoS control using NBAR2 to optimize application performance
40
NBAR appls
© 2014 ActionPacked Networks, Inc. All Rights Reserved. Proprietary and Confidential.
41
QoS Monitoring & Configuration
41
Once the Policy is applied to Police Interactive Video to 512 Kbps, LiveAction can monitor to see how policy has taken effect
Impact of QoS Policy
Visualize QoS Performance QoS Policy Editor
QoS Marking
Congestion Indicator(amber color)
• Visualize & Track: QoS Performance• Monitor & Alert: Voice/Video Quality• Control & Fix: Full MQC QoS• Verify & Validate: Audit, Templates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
PrivateCloud
Intelligent Path Control with PfRVoice and Video use-case
MPLS
Internet
• PfR monitors network performance and routes applicationsbased on application performance policies
• PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth
VirtualPrivate Cloud
Other traffic is load balanced to maximize bandwidth
Branch
Voice/Video will be rerouted if the current path degrades below policy thresholds
Voice/Video take the best delay, jitter, and/or loss path
LiveAction For Cisco Intelligent Path Control
• PfR path change visualization• Alert and report on PfR Out of Policy events• Reports on traffic class/application path changes
Out-Of-PolicyThreshold Crossing Alert
© 2014 ActionPacked Networks, Inc. All Rights Reserved. Proprietary and Confidential.
Cisco AVC Management SolutionsEnterprise Solutions
Managed Service Provider Solutions
PrimeInfrastructure
Top Related