• Share
  • Email
  • Embed
  • Like
  • Private Content
Application Visibility and Control (AVC) Overview
 

Application Visibility and Control (AVC) Overview

on

  • 1,405 views

As business and IT demands and requirements change, the network needs to evolve to support these transitions. Learn about the specific elements of the Application Visibility and Control solution and ...

As business and IT demands and requirements change, the network needs to evolve to support these transitions. Learn about the specific elements of the Application Visibility and Control solution and the associated technologies that you can use in your network today.

Statistics

Views

Total Views
1,405
Views on SlideShare
1,402
Embed Views
3

Actions

Likes
0
Downloads
76
Comments
2

1 Embed 3

https://twitter.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Application Visibility and Control (AVC) Overview Application Visibility and Control (AVC) Overview Presentation Transcript

    • Application Visibility and ControlOverviewJean-Marc Barozet (jmb@cisco.com)Technical LeaderNetwork Operating Systems Technology GroupNovember 2012© 2012 Cisco and/or its affiliates. All rights reserved. 1
    • Drastic Change in Application Type, Delivery, and Consumption Public/Hybrid Cloud SaaS/IaaS Storage Users/ Machines THE Private Cloud Proliferation NETWORK of Devices VDI | IaaS Database 60% of IT professional cites performance as key challenge for cloud How applications are Delivered and Consumed© 2012 Cisco and/or its affiliates. All rights reserved. Type of Applications 2
    • Application complexity Cloud and Virtualization Multiple entities increases centralize application involved in delivering delivery applications Identify growing applications Understand application Problem isolation to minimize using more than just port performance from end users downtime and business number perspective impact© 2012 Cisco and/or its affiliates. All rights reserved. 3
    • App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction … ASR1K Time ASR1K SAP 3M 150 ms … High Sharepoint 10M 500 ms … Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool ISR G2 & ASR Advanced reporting Use QoS or PfR to Identify applications collect application tool aggregates control application using L3 to L7 performance and reports network usage to information metrics, and export application improve application to management tool performance performance© 2012 Cisco and/or its affiliates. All rights reserved. 4
    • App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction … ASR1K Time ASR1K SAP 3M 150 ms … High Sharepoint 10M 500 ms … Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool •  FNF •  Cisco Prime •  NBAR2 •  NBAR2 •  ART Infrastructure QoS •  MMON •  Cisco Insight •  PfR •  3rd Party Tools© 2012 Cisco and/or its affiliates. All rights reserved. 5
    • ISR G2 ASR1K AGENDA Application Classification Deep Packet Inspection engine (NBAR2) identifies applications using L7 signatures© 2012 Cisco and/or its affiliates. All rights reserved. 6
    • What about these? HTTP 80 FTP Are these 20/21 applications? POP3 110 IMAP 143 Or just ports? HTTPS 443 SMTP 25© 2012 Cisco and/or its affiliates. All rights reserved. 7
    • SCE Classification +1000 Signatures IOS NBAR Advanced Classification Innovations Supports ~1400 +150 Signatures Techniques Native IPv6 Classification protocols and sub- Open API 3rd Party Integration.. classification NBAR2•  NBAR2 is a complete rebuild and the next generation in classification engine development New DPI component which provide Advanced Application Classification and Field Extraction Capabilities taken from SCE•  NBAR2 is adopted as a Cisco cross platform protocol classification mechanism•  Backward compatibility to preserve existing NBAR investments•  In-service field upgradable Protocol Definition – no IOS upgrade required•  NBAR application library: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html© 2012 Cisco and/or its affiliates. All rights reserved. 8
    • Categorization of protocols into meaningful terms simplifies config and report aggregation P2P NBAR2 Category   NBAR2 Sub-category   NBAR2 Application Group   Technology   Encrypted   Tunnel   browsing   authentication-services   apple-talk-group   skype-group   n   n   n   business-and-productivity-tools   backup-systems   banyan-group   smtp-group   y   y   y   email   client-server   bittorrent-group   snmp-group   unassigned   unassigned  unassigned   file-sharing   commercial-media-distribution   corba-group   sqlsvr-group   gaming   control-and-signaling   edonkey-emule-group   stun-group   industrial-protocols   database   fasttrack-group   telepresence-group   instant-messaging   epayement   flash-group   tftp-group   internet-privacy   file-sharing   fring-group   vmware-group   layer2-non-ip   inter-process-rpc   ftp-group   vnc-group   layer3-over-ip   internet-privacy   gnutella-group   wap-group   location-based-services   license-manager   gtalk-group   webex-group   net-admin   naming-services   icq-group   windows-live-messanger-group   newsgroup   network-management   imap-group   xns-xerox-group   obsolete   network-protocol   ipsec-group   yahoo-messenger-group   other   other   irc-group   trojan   p2p-file-transfer   kerberos-group   voice-and-video   p2p-networking   ldap-group   remote-access-terminal   netbios-group   rich-media-http-content   nntp-group   routing-protocol   npmp-group   storage   other   streaming   p2p-file-transfer   terminal   pop3-group   tunneling-protocols   prm-group   voice-video-chat-collaboration   skinny-group  © 2012 Cisco and/or its affiliates. All rights reserved. 9
    • •  Ability to extract certain fields out of protocol Protocol Fields Length FNF Configuration Syntax HTTP URL * collect application http url HTTP Host 50 collection application http host HTTP User-agent 200 collection appllication http user-agent HTTP Referer * collect application http referer RTSP Host 50 collection application rtsp host-name SMTP Server 50 collect application smtp server SMTP Sender 50 collect application smtp sender POP3 Server 50 collect application pop3 server NNTP Group Name 50 collect application nntp group-name SIP Source Domain 50 collect application sip source SIP Destination Domain 50 collect application sip destination© 2012 Cisco and/or its affiliates. All rights reserved. 10
    • http://www.cnn.com/US Se0/0/0 (IP=192.168.100.100) www.cnn.com (IP=157.166.255.18)   Ability to extract information from HTTP message collect application GET /weather/getForecast?time=37&&zipCode=95035 HTTP/1.1 http url Host: svcs.cnn.com collect application http host User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/ 20100101 Firefox/14.0.1 collect application Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ http user-agent *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www.cnn.com/US/ collect application http referer© 2012 Cisco and/or its affiliates. All rights reserved. 11
    • HQ   ASR-1000#sh ip nbar protocol-discovery top-n ! ! GigabitEthernet0/0/2 ! [snip]!•  Discover application protocols transiting an interface, Input Output ! and populate CISCO-NBAR-PROTOCOL-DISCOVERY- ----- ------ ! MIB Protocol interfacePacket Count GigabitEthernet0/0/2! ip nbar protocol-discovery! Packet Count ! Byte Count Byte Count ! 5min Bit Rate (bps) 5min Bit Rate (bps) !•  Supports both input and output traffic 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) ! BR BR ------------------------ ------------------------ ------------------------!•  Detection of IPv6 in IPv4 traffic (ISATAP, Teredo,6to4,..) itunes 1352704 413286 ! 2042671577 28254387 !•  Stateful application classification for IPv6 in IPv4 traffic 3395000 18000 ! 15000000 208000 ! secure-http 584678 330847 ! 640511303WAN1   76683682 WAN2   ! 2357000 (IP-­‐VPN)   196000 (IPVPN,  DMVPN)  ! 8847000 353000 ! youtube 139631 66440 ! 207492818 3869014 ! 1296000 17000 ! 3575000 80000 ! bittorrent 37186 82432 ! MC/BR 11025469 MC/BR 113101301 MC/BR ! BR 81000 248000 ! 84000 2465000 !© 2012 Cisco and/or its affiliates. All rights reserved. 12
    • router#sh ip nbar protocol-pack active ! ! ACTIVE protocol pack: ! PDLM ! e.g. NBAR2 Name: Default Protocol Pack!ip nbar pdlm <path_to_pdlm_file>! Version: 1.0! bittorrent.pdlm Publisher: Cisco Systems Inc.! citrix.pdlm ! router#! Protocol Packip nbar protocol-pack router#show ip nbar protocol-pack active! PDLM PDLM PDLM<path_to_protocol_pack>! ! ACTIVE protocol pack: ! Name: Advanced Protocol Pack! Version: 3.0! Publisher: Cisco Systems Inc.! •  New IOS and IOS XE release ship with new PDLs – File: flash:pp-adv-asr1k-15.2 Protocol Description Language (show ip nbar version) (04)S-13-1.1(0).pack! •  PDLM defines an update to or new application (PDLM can be downloaded from CCO) •  Bundle of multiple PDLMs will be released as protocol pack (show ip nbar protocol-pack) © 2012 Cisco and/or its affiliates. All rights reserved. 13
    • IOS PA ISR G2 FNF ISR G2 ASR1K ASR1K FNFv9 IPFIX AGENDA Reporting Tools Application Reporting Tool Perf. Collection Classification & Exporting ISR G2 & ASR Deep Packet collect application Inspection engine bandwidth and (NBAR2) identifies response time applications using metrics, and export L7 signatures to management tool© 2012 Cisco and/or its affiliates. All rights reserved. 14
    • •  Integrated performance monitoring available for different type of applications and use casesAdvanced Voice and Video Performance Critical Applications PerformanceMonitoring (Media Monitoring) (Performance Agent) 30% of traffic is 40% of traffic is voice and video critical applications What applications, how much bandwidth, flow direction?Basic Monitoring (Flexible Netflow and NBAR/NBAR2) HTTP HTTP© 2012 Cisco and/or its affiliates. All rights reserved. 15
    •   Applica(ons     Performance   HQ     Security     Billing     …  •  Evolution from Traditional Netflow (TNF)•  Feature to collect and export network information and statistics NetFlow   Backward compatible with TNF records Export  Packets:   NetFlow 1.  Templates   BR BR Collector Flexibility in defining fields and flow record format 2.  Data  Records     Utilize Netflow Version 9 Format which is extensible UDP-based transport•  Consist of data collection (flow monitor) and data export WAN1   WAN2   (flow export) (IP-­‐VPN)   (IPVPN,  DMVPN)  •  Flow export format can be Netflow version 9 (RFC 3954) or IPFIX (RFC 5101)•  Open-standard, can be analyzed by Cisco Insight, Cisco Prime NAM, Cisco Prime Assurance Manager, and 3rd MC/BR MC/BR MC/BR BR Party Tools•  Is required to collect application info from NBAR2© 2012 Cisco and/or its affiliates. All rights reserved. 16
    • 2 1 •  Key fields are unique per flow record 2 1 (match statement) Key Fields Packet 1 •  Non-key fields are attributes or Key Fields Packet 2 Source IP 1.1.1.1 characteristics of a flow (collect Source IP 3.3.3.3 Destination IP 2.2.2.2 statement) Destination IP 4.4.4.4 Source port 23 •  If packet key fields are unique, new Source port 80 Destination port 22078 entry in flow record is created Destination port 22079 Layer 3 Protocol TCP - 6 Layer 3 Protocol TCP - 6 •  Otherwise, update the non-key TOS Byte 0 TOS Byte 0 fields, i.e. packet count Non-key Fields Packet 1 Non-key Fields Packet 2 Length 1250 Length 519 Netflow Cache After Packet 2 Netflow Cache After Packet 1 Source IP Dest. IP Dest. I/F Protocol TOS … Pkts Source IP Dest. IP Dest. I/F Protocol TOS … Pkts 3.3.3.3 4.4.4.4 E1 6 0 … 50 1.1.1.1 2.2.2.2 E1 6 0 … 11000 1.1.1.1 2.2.2.2 E1 6 0 … 11000© 2012 Cisco and/or its affiliates. All rights reserved. 17
    • To Support Technologies Such as Flows from Flows from MPLS or Multicast, This Export Format Can Interface A Interface B Be Leveraged to Easily Insert New Fields Template FlowSet #0 Data FlowSet Data FlowSet Option Option Data FlowSet Template FlowSet ID #256 FlowSet ID #257 Template Record Template Record FlowSet FlowSet ID #1 (Version, Template ID #254 Template ID #257 Data Record Data Record # Packets, Data Record Template ID Option Option (Specific Field (Specific Field 258 Data Record Data RecordSequence #, Source ID) Types and Lengths) Types and Lengths) (Specific (Field Values) (Field Values) (Field Values) Field Types (Field Values) (Field Values) and Lengths) •  Matching ID numbers are the way to associate template to the data records •  The header follows the same format as prior NetFlow versions so collectors will be backward compatible •  Each data record represents one flow •  If exported flows have different fields, they cannot be contained in the same template record (i.e., BGP next hop cannot be combined with MPLS-aware, NetFlow records)© 2012 Cisco and/or its affiliates. All rights reserved. 18
    • Link Layer Interface Header NetFlow ToS NetFlow   Monitors data in Layers 2 thru 4 Protocol   Determines applications by combination of IP Header Source Port or Port/IP Addressed IP Address   Flow information who, Destination IP Address what, when, where Source NBAR TCP/UDP Port Header Destination   Examines data from Port Layers 3 thru 7   Utilizes Layers 3 and 4 plus packet inspection for classification   Stateful inspection of Deep Packet Data Packet (Payload) dynamic-port traffic Inspection   Packet and byte counts NBAR© 2012 Cisco and/or its affiliates. All rights reserved. 19
    • For Your Reference Configure  the  Exporter   flow exporter my-exporter! destination 1.1.1.1 ! Configure  the  Flow  Record   Configure  the  interface   flow record my-record ! int s3/0! match ipv4 destination address! ip flow monitor my-monitor input! match ipv4 source address! collect counter bytes! Configure  the  Flow  Monitor   flow monitor my-monitor! exporter my-exporter! record my-record!© 2012 Cisco and/or its affiliates. All rights reserved. 20
    • For Your Reference Usage record is aggregated by application, flow direction, and interface flow record RECORD-FNF-NBAR-INGRESS! flow exporter EXPORTER! match interface input! destination 10.151.1.131! match flow direction! source loopback0! Record for match application name account-on-resolution! transport udp 9991! collect interface output!ingress traffic option interface-table timeout 3600! collect counter bytes long! option sampler-table timeout 3600! collect counter packets! option application-table timeout 3600! (..)! flow monitor MONITOR-FNF-NBAR-INGRESS! record RECORD-FNF-NBAR-INGRESS! flow record RECORD-FNF-NBAR-EGRESS! exporter EXPORTER! match interface output! match flow direction! match application name account-on-resolution! flow monitor MONITOR-FNF-NBAR-EGRESS! Record for collect interface input! record RECORD-FNF-NBAR-EGRESS!egress traffic collect counter bytes long! exporter EXPORTER! collect counter packets! (..)! interface GigabitEthernet0/0/1! ip flow monitor MONITOR-FNF-NBAR-INGRESS input! ip flow monitor MONITOR-FNF-NBAR-EGRESS output! © 2012 Cisco and/or its affiliates. All rights reserved. 21
    • What the users see What network admins see What can happen Increased Your network is so Latency slow I cannot get any work done today ping? WAN Problem I do not see show ip route? anything wrong traceroute? Application show interface? ProblemEnd Users Server Problem Network Admin User Problem© 2012 Cisco and/or its affiliates. All rights reserved. 22 22
    • HQ   How do I ensure my SLA is met Key Features   27 Application Response Time (ART) Metrics   Interact with NBAR or NBAR2 for Application ID Reporting   Standard NFv9 and IPFIX export ASR ASR Tool   In ISR G2, provide by Performance Agent (PA)   In ASR1K, ART is part of unified monitoring policy WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Benefits   Visibility into application usage and performance   Quantify user experience PA   PA   PA   PA     Troubleshoot application performance ISR ISR ISR ISR   Track service levels for application delivery My query My is taking email is long time! slow!© 2012 Cisco and/or its affiliates. All rights reserved. 23
    • Clients Request Client IOS Server Application Servers Network ART Network Response Client Network Server Network Delay Application Delay (CND) (SND) Delay (AD) Network Delay (ND) Total Delay•  Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation•  Separate application delivery path into multiple segments•  Server Network Delay (SND) approximates WAN Delay•  Latency per application© 2012 Cisco and/or its affiliates. All rights reserved. 24
    • For Your Reference IOS PA Client Server SYN SND SYN-ACK CND ACK •  Response Time (RT) Request 1 t(First response pkt) – t(Last request pkt) ACK Request Quantify User Request 1 (Cont) •  Transaction Time (TT) Experience RT t(Last response pkt) – t(First request pkt) TT DATA 1 DATA 2 •  Network Delay (ND) DATA 3 ACK 3 X DATA 4 ND = CND + SND X DATA 5 Identify Server DATA 3 Response •  Application Delay (AD) Performance Issue DATA 4 AD = RT – SND Retransmission ACK 6 DATA 6 Request 2© 2012 Cisco and/or its affiliates. All rights reserved. 25
    • flow record type mace pa-record! collect application name! collect art all! https://cisco.webex.com Se0/0/0 (IP=192.168.100.100) IOS PA cisco.webex.com (IP=66.114.168.178) •  ‘collect application name’ exports application ID field to reporting tool Without NBAR Src IP Dst IP Dst Port App ID Resp Time … 192.168.100.100 66.114.168.178 443 0 100 FlowRecord With NBAR Src IP Dst IP Dst Port App ID Resp Time … 192.168.100.100 66.114.168.178 443 0x0D00019E 100 Indicate this is webex© 2012 Cisco and/or its affiliates. All rights reserved. application 26
    • HQ   Key Features   Monitor media performance metrics, i.e. jitter, loss   Integrate with NBAR2 to identify applications Reporting   Setting threshold and generating alert/alarm ASR ASR Tool   Standard FNFv9 export WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Benefits   Real-time monitoring of voice and video performance across network   Accelerate troubleshooting – identify what, where, when is the problem ISR ISR ISR ISR   Proactive troubleshooting   Validate SLA© 2012 Cisco and/or its affiliates. All rights reserved. 27
    • NBAR2 NBAR2 NBAR2 PA ART PerfMon (ART) MMA PerfMon QoS Agent QoS FNF FNF•  Consistent provisioning and correlation across multiple clients•  Alert architecture – syslog, SNMP etc NetFlow v9•  Export architecture – v9 and IPFIX IPFIX•  Scalable database – multi tier database model Cisco Prime Infrastructure•  Aggregation mode – flexible match and collect aggregation NetFlow Partners•  API driven provisioning - On demand provisioning© 2012 Cisco and/or its affiliates. All rights reserved. 28
    • For Your Reference Flexible  NetFlow   Perfmon   Performance  Agent  flow record FNF-RECORD! flow record type performance-monitor flow record type mace mace-record! match ipv4 source address! medianet-record! collect art all! match ipv4 destination address! match ipv4 source address! (..)! match application name! collect transport rtp-jitter! !! collect counter bytes long! (..)! flow monitor type mace ios-pa! (..)! !! (..)!!! flow monitor type performance-monitor !!flow monitor FNF-MONITOR! medianet-mon! policy-map mace_global! (..)! (..)! class http-traffic!!
 !
 flow monitor type mace ios-pa!interface Gi0/0/1! policy-map type performance-monitor !! ip flow monitor FNF-MONITOR input! medianet! interface Gi0/0/1! ip flow monitor FNF-MONITOR output! class rtp-traffic! mace enable! flow monitor medianet-mon! !! !! interface Gi0/0/1! Flow byte-count, interface, etc. service-policy type performance-monitor input medianet! App. Response Time, etc. service-policy type performance-monitor output medianet! Voice/video RTP metrics, jitter, etc. © 2012 Cisco and/or its affiliates. All rights reserved. 29
    • Define  Flow  Monitors   flow monitor type performance-monitor rtp-mon! Policy-driven monitoring – what to monitor, (..)! flow monitor type performance-monitor app-mon! what to collect in single policy (..)! ! Define  Flow  Records   flow record type performance-monitor rtp-record! match ipv4 source address! Filter  what  traffic  to  monitor   match ipv4 destination address! match application name! collect transport rtp-jitter! policy-map type performance-monitor avc! (..)! class rtp-traffic! flow record type performance-monitor art-record! flow monitor rtp-mon! match ipv4 source address! class tcp-app! match ipv4 destination address! flow monitor app-mon! match application name! (..)! collect art all! !! (..)! interface Gi0/0/1! service-policy type performance-monitor input avc! service-policy type performance-monitor output avc! Flow byte-count, interface. Voice/video RTP metrics, jitter. App. Response Time, etc.© 2012 Cisco and/or its affiliates. All rights reserved. 30
    • For Your Reference Media Monitoring Application Response Time Other Metrics•  RTP SSRC •  CND - Client Network Delay (min/max/ •  L3 counter (bytes/packets) sum) •  Flow event•  RTP Jitter (min/max/mean) •  SND – Server Network Delay (min/max/ •  Flow direction•  Transport Counter (expected/loss) sum)•  Media Counter (bytes/packets/rate) •  Client and server address •  ND – Network Delay (min/max/sum)•  Media Event •  Source and destination address •  AD – Application Delay (min/max/sum)•  Collection interval •  Transport information •  Total Response Time (min/max/sum)•  TCP MSS •  Input and output interfaces •  Total Transaction Time (min/max/sum) •  L3 information (TTL, DSCP, TOS, etc.)•  TCP round-trip time •  Number of New Connections •  Application information (from NBAR2) •  Number of Late Responses •  Monitoring class hierarchy •  Number of Responses by Response Time (7-bucket histogram) •  Number of Retransmissions •  Number of Transactions •  Client/Server Bytes •  Client/Server Packets•  All performance metrics are consolidated into one flow record type performance-monitor © 2012 Cisco and/or its affiliates. All rights reserved. 31
    • Application Media Traffic Statistics URL Visibility Response Time Performance •  Application •  Per-application •  Per-stream jitter •  Most visited web- Usage per client end-to-end and packet loss site IP/subnet/site latency •  RTP •  Per-URL •  Top clients per •  Application conversations application application response time & response time transaction time •  Application processing time •  Top conversation per application© 2012 Cisco and/or its affiliates. All rights reserved. 32
    • AVC Monitoring Policy Enterprise Voice & Video  Match enterprise subnet Collect Media Collect Traffic  Match RTP traffic Performance Statistics Enterprise TCP Apps  Match datacenter subnet Collect Traffic Collect ART  Match TCP Statistics Enterprise Cloud Apps  Match SFDC Collect Traffic Collect ART  Match Office 365 Statistics Web Browsing Collect Traffic  Match HTTP Collect URL Sample Statistics Rest of traffic Collect Traffic  Match any Statistics© 2012 Cisco and/or its affiliates. All rights reserved. 33
    • IOS PA ISR G2 FNF ISR G2 ISR G2 ASR1K ASR1K ASR1K High FNFv9 Med IPFIX Low AGENDA Reporting Tools Application Reporting Tool Perf. Collection Classification & Exporting Control ISR G2 & ASR collect application Use QoS or PfR to Deep Packet bandwidth and control application Inspection engine response time network usage to (NBAR2) identifies metrics, and export improve applications using application L7 signatures to management tool performance© 2012 Cisco and/or its affiliates. All rights reserved. 34
    • Application Bandwidth Control Application Path Control WAN 1 Email High SLA WAN 2 Med SLA Internet HTTP No SLA WAN LAN WAN LAN •  Guarantee bandwidth to protect •  Application routing based-on real- critical applications from network time performance Information congestion •  Intelligent load sharing provides •  Provide low latency to delay resiliency and fully utilizes all sensitive applications available WAN resources •  Stop or limit unwanted applications •  Improve performance of voice, from using WAN resources video, and critical applications© 2012 Cisco and/or its affiliates. All rights reserved. 35
    • HQ   •  Statefull classification for creating policies irrespective of v4/v6 traffic, simplifying policy management IPv4 Native IPv6 •  Discover applications using NBAR2 •  Supports both input and output traffic BR BR class-map match-any peer2peer! class-map peer2peer! match protocol kazaa2! match protocol attribute category <name>!What Traffic? match protocol gnutella! WAN1   WAN2   match protocol fastrack! (IP-­‐VPN)   (IPVPN,  DMVPN)   policy-map limit-p2p! WAN2  HOW to treat class DMVPN)   (IPVPN,   peer2peer!the traffic? bandwidth percent 10! Where to MC/BR MC/BR MC/BR BR apply? interface Serial1! service-policy input limit-p2p! © 2012 Cisco and/or its affiliates. All rights reserved. 36
    • Internet Presence & Enterprise WAN Internet   ISP-­‐1                                ISP-­‐2   MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR HQ   MC/BR •  The Decision Maker: Master Controller (MC) Apply policy, verification, reporting Optimize by: No packet forwarding/ inspection required Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost •  The Forwarding Path: Border Router (BR) Learn, measure, enforcement© 2012 Cisco and/or its affiliates. All rights reserved. 37
    • Protecting critical applications while Maximizing bandwidth utilization Detect loss > 10% Detect high jitter WAN Internet Cloud Service Voice&Video VDI Best Effort traffic Best Effort traffic ISP-1 (Primary) ISP-2 (Secondary) SP-A (MPLS VPN) SP-B (MPLS VPN) Cloud Service & Load Balancing Policy Multimedia & Critical Data Policy•  Protect business Cloud applications from network •  Protect voice and video quality brownout Latency > 200ms; Jitter > 30ms Loss > 10% •  Protect VDI applications from brownouts•  Cloud Service preferred path – ISP1 Loss > 5%•  Maximize all ISP bandwidth by load sharing other •  Voice & Video preferred path SP-A Internet traffic •  VDI preferred path SP-B •  Maximize utilization by load sharing© 2012 Cisco and/or its affiliates. All rights reserved. 38
    • HQ   Traffic Classes MC Learning Voice - Video   Prefixes BR BR   ACL Critical Application   DSCP Based   Applications Rest of the Traffic WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)  •  Globally•  Or per group (link-group, similar to class-maps for QoS) MC/BR MC/BR MC/BR BR 3© 2012 Cisco and/or its affiliates. All rights reserved. 39
    • HQ   Passive Traffic MC Classes Reachability Delay Loss Passive Performance Egress BW Ingress BW Metrics BR BR   PfR Netflow Monitoring NetFlow   Flows Need not be symmetrical Cache WAN1   WAN2   Active (IP-­‐VPN)   (IPVPN,  DMVPN)   Reachability Delay Loss Jitter MOS   PfR enables IP SLA feature   Probes sourced from BR MC/BR MC/BR MC/BR BR   ICMP probes learned or configured   TCP, UDP, JITTER need ip sla responder 4© 2012 Cisco and/or its affiliates. All rights reserved. 40
    • HQ   Traffic Classes MC Link Application Performance   Load balancing   Reachability   Max utilization   Delay BR BR   Link grouping   Loss Voice, Video, The Rest of the Critical Traffic   $Cost   MOS   Jitter WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)  •  Global policies – for all traffic classes•  Or policies per application group Voice/video: link-group, jitter, delay, loss MC/BR MC/BR MC/BR BR Critical: link-group, delay, loss Rest: load-balancing 4© 2012 Cisco and/or its affiliates. All rights reserved. 41
    • HQ   MC Destination Prefix Application   BGP   Dynamic PBR -  Egress: route injection or   NBAR/CCE Modifying the BGP Local BR BR Voice, Video, The Rest of the Preference attribute Critical Traffic -  Ingress: BGP AS-PATH Prepend or AS Community   EIGRP Route Control WAN1   WAN2     Static Route Injection (IP-­‐VPN)   (IPVPN,  DMVPN)     PIRO MC/BR MC/BR MC/BR BR 4© 2012 Cisco and/or its affiliates. All rights reserved. 42
    • HQ  •  Multisite MC Peering Framework MC•  MC to MC Peering Framework can be used to exchange policies, services and feedback BR BR•  Remote Site Discovery Simplifies Configuration – prefix and target discovery Probing Efficiency – sharing of probe data across policies WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   MC/BR MC/BR MC/BR BR 4© 2012 Cisco and/or its affiliates. All rights reserved. 43
    • IOS PA App Visibility & ISR G2 FNF ISR G2 User Experience Report ISR G2 ASR1K App BW Transaction … ASR1K Time ASR1K High WebEx 3 Mb 150 ms … FNFv9 Med Citrix 10 Mb 500 ms … IPFIX Low AGENDA Reporting Tools Application Reporting Tool Perf. Collection & Exporting Control Reporting Tool Classification ISR G2 & ASR collect application Use QoS or PfR to Deep Packet Advanced bandwidth and control application Inspection engine reporting tool response time network usage to (NBAR2) identifies aggregates and metrics, and export improve applications using reports application application L7 signatures to management tool performance performance© 2012 Cisco and/or its affiliates. All rights reserved. 44
    • •  Configuration of AVC features (2.0) •  Network Monitoring •  Service Monitoring •  Reporting and Trends •  Multi-NAM Manager •  Packet and Flows Analysis •  Application Response Time •  Voice and Video Metrics •  Operates Standalone or Cisco Prime NCS •  Distributed SNMP and Flexible Netflow Collection 4© 2012 Cisco and/or its affiliates. All rights reserved. 45
    • Which site is slowest? How is the Server performing? How is user experience at a site?© 2012 Cisco and/or its affiliates. All rights reserved. 46
    • Company Product Use Cases Status PAM Network and App Monitoring. PAM 2.0 – Adding PfR, new Control GUI (future) metrics in XE 3.8S Gomez & APM combined with App- Adding NBAR2, PA, WAAS DynaTrace aware Network Monitoring 5View App-aware Network Already support WAAS Monitoring Adding NBAR2, PA LiveAction Control (QoS) GUI, App-aware Already supports medianet Network Monitoring Adding NBAR2, PA, PfR Scrutinizer App-aware Network Already support PfR, medianet Monitoring Adding NBAR2, PA Others: Living Object, Insight, CA© 2012 Cisco and/or its affiliates. All rights reserved. 47
    • © 2012 Cisco and/or its affiliates. All rights reserved. 48
    • Internet Edge & Managed Service Enterprise WAN SP Edge Provider   Branch and WAN aggregation   Discover application usage on   Provide value added services deployment Internet router from the same CPE used for   Application-aware Network   Traffic shaping limit recreational, connectivity Performance Monitoring bandwidth hogging application,   Application visibility and   Application-aware QoS and i.e. P2P application performance report intelligent path selection   GUI for reporting and   3rd Party Reporting tool   Integration with enterprise configuration integration infrastructure, i.e. switch, wireless IOS XE 3.4S (Q4CY11) IOS 15.2(4)M2 (Q4CY12) IOS XE 3.8S (Q4CY12) IOS 15.2(4)M2 (Q4CY12)© 2012 Cisco and/or its affiliates. All rights reserved. 49
    • Internet Router + App Visibility + QoS Internet Router NBAR2, FNF, and QoS Instrumentation NFv9/IPFIX Reporting Tool Cisco Prime Infrastructure 2.0 Cisco Insight 4.0 Application Monitoring Application Control Network Management•  NBAR2 recognizes application •  NBAR2 and QoS controls •  Cisco Insight or Cisco Prime•  FNF exports application application bandwidth usage receives NFv9 or IPFIX usage information using NFv9 and prioritization •  Cisco Prime provides or IPFIX configuration GUI*© 2012 Cisco and/or its affiliates. All rights reserved. 50
    • Customer Portal Top N App •  Application usage App Transaction Time •  Top talkers NFv9/IPFIX •  URL hit count •  Network performance SP Cloud CSR in CSP data center (future) Application Monitoring Control Network Management•  NBAR2 provides application •  Application-aware QoS in VPN •  Multi-tenant 3rd party tool with recognition service service pre-provisioned by MSP customer portal access, e.g.•  FNF & PA for tier monitoring Living Object, Insight, InfoVista, service export NFv9 or IPFIX CA records© 2012 Cisco and/or its affiliates. All rights reserved. 51
    • Prime Infrastructure NFv9/IPFIX Branch Data Center ISR XE ASR1K WAN Branch ASR1K ISR G2 Internet Application Monitoring Control & Optimization Network Management•  NBAR2 for Visibility with field •  Application-aware QoS •  Cisco Prime Infrastructure 2.x extraction •  Intelligent path selection with •  Identity Service Engine 1.1•  Performance Metrics and PfR (Optional) Export using NFv9/IPFIX •  Optimization with WAAS© 2012 Cisco and/or its affiliates. All rights reserved. 52
    • Platform Today Future•  Insight license (FLASR1- NSIGHT-RTU) - $6000 per 800* AdvIPServices - $150 No change install•  *880 (non 3G) and 3900E will support AVC starting 15.2 1900 Data License - $600 No change (4)M 2900 Data License - $700 No change 3900* Data License - $1000 No change AIS/AES - $10000 Starting XE 3.8S ASR1K FLASR1-AVC-RTU - Proposed tier pricing based $10000 on session count© 2012 Cisco and/or its affiliates. All rights reserved. 53
    • Thank you.