Benefits of Application Visibility and Control (AVC) Webinar
 

Benefits of Application Visibility and Control (AVC) Webinar

on

  • 4,495 views

Cisco Application Visibility and Control (AVC) solution is a suite of services in Cisco network devices that provides application-level classification, monitoring, and traffic control to improve ...

Cisco Application Visibility and Control (AVC) solution is a suite of services in Cisco network devices that provides application-level classification, monitoring, and traffic control to improve business-critical application performance, facilitate capacity management and planning, and reduce network operating costs.

The Cisco AVC solution is provided within the Cisco Integrated Services Routers Generation 2 (ISR G2) and the Cisco ASR 1000 Series Aggregation Service Routers (ASR 1000s). We will cover the technologies used in AVC and will provide tested use cases and deployment scenarios.

The slides are for anyone who wants to understand and deploy Cisco Application Visibility and Control. Download the replay at: https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=67199202&rKey=bf684a3d88833e37

Statistics

Views

Total Views
4,495
Views on SlideShare
4,490
Embed Views
5

Actions

Likes
0
Downloads
146
Comments
0

3 Embeds 5

https://twitter.com 3
http://moderation.local 1
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Benefits of Application Visibility and Control (AVC) Webinar Benefits of Application Visibility and Control (AVC) Webinar Presentation Transcript

  • Benefits of Application Visibilityand Control (AVC)Jean-Marc Barozet (jmb@cisco.com)Technical Leader – Application Visibility and ControlKarthik Dakshinamoorthy (karthikd@cisco.com)Product Manager – Application Visibility and ControlApril 2013© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  • Speakers PanelistsKarthik Dakshinamoorthy Jean-Marc Barozet Bob Nusbaum Shabaz Yousaf Patrick Charretour Product Manager Technical Leader Product Manager Technical Marketing Eng Consulting Engineer karthikd@cisco.com jbarozet@cisco.com bonusbau@cisco.com syousaf@cisco.com pcharret@cisco.com© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Please complete the post-event survey •  Join us May 1st for our next TechAdvantage Webinar: L2VPN in the Data Center www.cisco.com/go/techadvantage© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • Drastic Change in Application Type, Delivery, and Consumption Users/ Machines Proliferation of Devices© 2013 Cisco and/or its affiliates. All rights reserved. How Application are Consumed Cisco Public 4
  • Drastic Change in Application Type, Delivery, and Consumption Storage Users/ Private Machines Cloud Proliferation of Devices VDI | IaaS Database© 2013 Cisco and/or its affiliates. All rights reserved. How applications are Delivered Cisco Public 5
  • Drastic Change in Application Type, Delivery, and Consumption Public/Hybrid Cloud SaaS/IaaS Storage Users/ Private Machines Cloud Proliferation of Devices VDI | IaaS Database© 2013 Cisco and/or its affiliates. All rights reserved. Type of applications Cisco Public 6
  • Drastic Change in Application Type, Delivery, and Consumption Public/Hybrid Cloud SaaS/IaaS Storage Users/ Machines THE Private Cloud Proliferation NETWORK of Devices VDI | IaaS Database 60% of IT professional cites performance as key challenge for cloud© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • What the users see ? IT team The Network administrator My applications are so slow I My servers work fine, it must be I do not see anythingcannot get any work done today the network wrong Where does the problem come from ? Increased Latency, WAN, Application, Server, PC, User © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • Management and Policy Users Cloud Services Cloud Connectors Collaboration Web Cloud 3rd Party Survivability Security Storage Network Services for Cloud Visibility Optimization Security Collaboration App Hosting Cloud Intelligent Platforms Branch ISR G2 ASR 1K CSR 1KV Private/Public/Hybrid OS Branch Office Campus / Data Center Cloud© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • Performance with Concurrent Services Converged Application Centric Scalable Services Network Services Networking without Compromise Unified Data Plane Services L4-L7 App Services Network Service Consolidation WE ARE HERE Evolution of Routing© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • Application Visibility and Control Internal Resources Access WAAS Router Firewall Corporate Firewall Internet and VPN WAN Path Network Control© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • Internal Resources Corporate Firewall Internet Network© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • One Network L4-L7 UNIFIED SERVICES Application Services L2-L3 Transport Simplify Application Delivery Routing Redefined© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  • Visibility One Network L4-L7 UNIFIED SERVICES Application Control Services Optimization Security L2-L3 Transport Simplify Routing Application Delivery Routing Redefined© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • Discover: 1000+ applications categorized to simplify management HTTP Performance Collection: Enhanced application performance reports, url hit counts, top applications … HTTP HTTP Control: Apply QoS, Acceleration and Path Control according to company performance expectations Application Visibility and Natively Integrated into Simple to Enable Control Cisco Routers© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction … ASR1K Time ASR1K SAP 3M 150 ms … High Sharepoint 10M 500 ms … Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool Advanced reporting Identify applications Collect application Control application tool aggregates using L3 to L7 performance network usage to and reports information metrics, and export improve application application to management tool performance performance© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction … ASR1K Time ASR1K SAP 3M 150 ms … High Sharepoint 10M 500 ms … Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool •  Unified Monitoring -  Traffic Statistics •  NBAR2 •  Cisco Prime -  Response Time •  QoS (w/ NBAR2) •  Metadata -  Voice/Video Infrastructure •  PfR Monitoring •  3rd Party Tools -  URL Collection© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • Internet Edge Managed Service Enterprise WAN Provider §  Discover application usage on §  Provide value added services §  Branch and WAN aggregation Internet router from the same CPE used for deployment §  Traffic shaping limit recreational, connectivity §  Application-aware Network bandwidth hogging application, i.e. §  Application visibility and Performance Monitoring P2P application performance report §  Application-aware QoS and §  GUI for reporting and §  3rd Party Reporting tool intelligent path selection configuration integration §  Integration with enterprise infrastructure, i.e. switch, wireless© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • What about these? HTTP 80 FTP Are these 20/21 applications? POP3 110 IMAP 143 Or just ports? HTTPS 443 SMTP 25© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • ACL, DPI and Metadata ACL and NBAR2 Interact with application to go deeper into the end user flows Port based (ACL) +1000 signatures embedded in ISR and ASR1k +1000 signatures embedded in Up to Layer 4 analysis ISR and ASR1k Up to the application level Up to the application level Adding support on Unified Access (Wireless controller, 3850)© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • Top Talkers Latency Bandwidth Capacity Planning netflow-v9 IPFIX L7 Classification Performance Collection Monitoring & Collect traffic statistics and 50+ Troubleshooting Integrated DPI engine (NBAR2) performance metrics recognizes 1000+ applications Export information using open export In-service application signature protocols such as netflow-v9 and update IPFIX http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • Number of Applications HTTP URI Supported 1200 1000+ HTTP Hostname Browser Type 1000 800 600 NBAR1 400 NBAR2 200 0 NBAR1 NBAR2 •  More than 1000 applications support and •  Field Extraction – collect application growing specific information in addition to •  Categorization to simplify application identify applications management •  Sub-port Classification – match •  In-service signature update through Protocol parameters of the applications Pack© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • •  NBAR2 attribute provides grouping of similar types of applications•  Use attributes to report on group of applications or to simplify QoS classification•  6 pre-defined attributes per application (can be reassigned by users) Category First level grouping of applications with similar functionalities Sub-category Second level grouping of applications with similar functionalities Application-group Grouping of applications based on brand or application suite P2P-technology? Indicate application is peer-to-peer Encrypted? Indicate application is encrypted Tunneled? Indicate application uses tunnelling technique© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • NBAR2 Attributes© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • •  Global Application Id: a unique Id per application reported of all DPI engines in Cisco IOS ISR, IOS-XE ASR1k, Network Analysis Module, IOS Firewall Future: WAAS Express, etc…•  An Cisco proprietary format, based on 1 byte 3 bytes On a L4 protocol, i.e. the IANA well known ports On a L3 protocol, i.e. the IANA protocol type Engine ID Selector ID On a L2 protocol, i.e. the Ethertype On a L7 application/protocol: proprietary assignments (NO IANA registry for L7)•  Going to the IETF with this application id encoding “Export of Application Information in IPFIX”, RFC 6759© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • Port Payload HTTP URL New •  TCP or UDP •  Search the first 255 bytes •  URI regex •  16 static ports per of TCP or UDP payload •  Host regex application •  ASCII (16 characters) •  Range of ports (1000 •  Hex (4 bytes) maximum) •  Decimal (1-4294967295) •  Variable (4 bytes Hex)© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 27
  • •  Ability to look into specific applications for additional field information•  NBAR2 extracted fields from HTTP, RTP, Citrix, etc… for QoS configuration•  HTTP Header Fields•  Eases classification of voice and video traffic VoIP, streaming/real time video, audio/video conferencing, Fax over IP Distinguishes between RTP packets based on payload type and CODECS•  Some extracted fields within Flexible NetFlow and Unified Monitoring© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  • http://www.cnn.com/US Se0/0/0 (IP=192.168.100.100) www.cnn.com (IP=157.166.255.18) §  Ability to extract information from HTTP message collect application GET /weather/getForecast?time=37&&zipCode=95035 HTTP/1.1 http url Host: svcs.cnn.com collect application http host User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/ 20100101 Firefox/14.0.1 collect application Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ http user-agent *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive collect application Referer: http://www.cnn.com/US/ http referer© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • •  Protocol Discovery – “ip nbar protocol-discovery” CLI Discovers and provides real time statistics on applications Accounting: per-interface, per-application, bi-directional statistics: Bit rate (bps), Packet counts and Byte counts Information available in the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB•  Invoke ‘match protocol’ CLI in C3PL/MQC (class-map) CLI Application optimization Used in a number of different IOS functions (QoS, performance monitor, IOS FW)•  With Flexible NetFlow (regardless of QoS) Invoke ‘match|collect application name’ fields in flexible netflow (FNF) Application name/ID is included in NetFlow export reports© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • HQ  •  Discover application protocols transiting an interface, and populate CISCO-NBAR-PROTOCOL-DISCOVERY- MIB interface GigabitEthernet0/0/2! ip nbar protocol-discovery!•  Supports both input and output traffic BR BR•  Stateful application classification for IPv6 in IPv4 traffic IPv6 in IPv4•  Detection of IPv6 in IPv4 traffic (ISATAP, Teredo,6to4,..) ISATAP WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   With IPv6 tunnel inspection turn ON, NBAR classifies this flow as “HTTP” interface Gi1/1 ip nbar classification tunneled-traffic ? MC/BR MC/BR MC/BR BR ipv6inip Tunnel type ISATAP, 6to4 and 6RD teredo Tunnel type TEREDO© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • PP1 (Major) PP2 (Major) 1M PP1.1 (Minor) 1M 1M PP2.1 (Minor) •  protocols~ 10 •  Bug fixes •  Protocols~10 •  Bug fixes •  updates and fixes •  small updates •  updates and fixes •  small updates •  Standard Protocol Pack Includes only subset of protocols NBAR2 No Support for Traffic categorization and Attributes Available (as Default Protocol pack) in IP Base image Protocol Pack No periodic releases and SLA Protocol1 Protocol2 Protocoln •  Advanced Protocol Pack Includes all supported Protocols / Applications Support Traffic categorization and Attributes Available (as Default protocol pack) in DATA image Periodic releases and Offers SLA© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  • •  NBAR2 Protocol Pack FAQ http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/qa_C67-723689.htm Standard Protocol Pack Advanced Protocol Pack •  Include only subset of applications •  Full applications (1000+) (85) •  Full access to NBAR2 attributes •  No NBAR2 attributes •  Protocol Pack update every month •  No periodic Protocol Pack update ISR G2 IPbase License Datak9 License FPI Feature License AVC Feature License ASR1K© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  • •  Add new applications recognized by NBAR2 without IOS upgrade or router reload•  New protocol pack is published every two months on CCO•  Single IOS CLI to enable the protocol pack© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  • Metadata DB Metadata producer NBAR2 : Metadata producer (1st:WebEx client Router (config-cmap)# match Q1 CY12) application webex-meeting version X Metadata DB Metadata DB 10.1.1.2 Metadata announcement •  Metadata protocol: announces flow parameters and attributes to network nodes along a path •  Metadata flow DB: maintains flow attribute information, and coordinates metadata producers/consumers. Producer: creates metadata information Consumer: utilizes metadata information •  QoS can match metadata attributes •  Nodes that do not support metadata will pass it silently© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  • End point/application Release/Timeframe Status Cisco WebEx Meeting Applications WebEx Business Suite - WBS28 or Higher Shipped Cisco Telepresence EX series TE 6.0 Shipped Cisco Jabber for Windows UC 9.0(1) or Higher Shipped Cisco Telepresence TX 9000 series TX 6.0 Shipped Cisco Telepresence TX 1300 series TX 6.0 Shipped Cisco Telepresence Profile series TC 6.0 Shipped Cisco Telepresence MX series TC 6.0 Shipped Cisco Telepresence SX series TC 6.0 Shipped Cisco Telepresence Integrator C series TC 6.0 Shipped Cisco VXC client 1H CY 2013 Planned - 1H CY 2013© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  • •  Integrated performance monitoring available for different type of applications and use casesPerformance Voice and Video Performance Critical Applications PerformanceCollection (Media Monitoring) (Application Response Time) 30% of traffic is 40% of traffic is voice and video critical applicationsApplication What applications, how much bandwidth, flow direction?Statistics (Flexible Netflow and NBAR2) HTTP HTTP© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  • Set of fields which identify unique entry to track Define which information to collect FNF Cache Keyed Fields Non-Keyed Fields Src IP Dst IP App … Pkt Byte Input … ID If 1.1.1.1 2.2.2.2 0x10 10 2000 Fa0/0 1.1.1.1 3.3.3.3 0x10 9 10000 Fa0/0 2.2.2.2 1.1.1.1 0x10 15 15000 Fa0/1 3.3.3.3 4.4.4.4 0x11 20 2000 Fa0/1 1.1.1.1 2.2.2.2 0x20 10 500 Fa0/0© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  • •  If packet key fields are unique, 2 1 new entry in flow record is 2 1 created Key Fields Packet 1 First packet of a flow will create the Key Fields Packet 2 Source IP 1.1.1.1 Flow entry using the Key Fields” Source IP 3.3.3.3 Destination IP 2.2.2.2 Remaining packets of this flow will only Destination IP 4.4.4.4 Source port 23 update statistics (bytes, counters, Source port 80 Destination port 22078 timestamps) Destination port 22079 Layer 3 Protocol TCP - 6 Layer 3 Protocol TCP - 6 •  Otherwise, update the non-key TOS Byte 0 TOS Byte 0 fields, i.e. packet count Non-key Fields Packet 1 Non-key Fields Packet 2 Length 1250 Length 519 Netflow Cache After Packet 2 Netflow Cache After Packet 1 Source IP Dest. IP Dest. I/F Protocol TOS … Pkts Source IP Dest. IP Dest. I/F Protocol TOS … Pkts 3.3.3.3 4.4.4.4 E1 6 0 … 50 1.1.1.1 2.2.2.2 E1 6 0 … 11000 1.1.1.1 2.2.2.2 E1 6 0 … 11000© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  • Traffic Flow Flow Monitor 1 Monitor 2 Non-Key Fields Non-Key Fields Key Fields Packet 1 Key Fields Packet 1 Packets Packets Source IP 3.3.3.3 Source IP 3.3.3.3 Bytes Timestamps Destination IP 2.2.2.2 Destination IP 2.2.2.2 Timestamps Source Port 23 Input Interface Gi0/1 Next Hop Address Destination Port 22078 SYN Flag 0 Layer 3 Protocol TCP - 6 TOS Byte 0 Input Interface Ethernet 0 Traffic Analysis Cache Security Analysis Cache Source Dest. Source Dest. Input Source Dest. Protocol TOS … Pkts Input I/F Flag … Pkts IP IP Port Port I/F IP IP 3.3.3.3 2.2.2.2 23 22078 6 0 E0 … 1100 3.3.3.3 2.2.2.2 Gi0/1 0 … 11000© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  • Application Media Traffic Statistics URL Visibility Response Time Performance •  Application •  Most visited web- •  Per-application •  Per-stream jitter Usage per client site end-to-end and packet loss IP/subnet/site •  Per-URL latency •  RTP •  Top clients per application •  Application conversations application response time response time & transaction time •  Application processing time •  Top conversation per application© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  • Flexible Bytes, Packets, Routing Info (L3 to L4) NetFlow Flexible Network latency Application ID (L3 to L7) NetFlow + NBAR2 Response Time Performance Metrics Network Metrics Unified (e.g. MMON, ART) (e.g. QoS) Monitoring Derived Metrics Other Metrics Jitter QoS policy/class-map (e.g. URL Hit count) (e.g. PfR) Retransmission© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  • Define  Flow  Monitors   flow monitor type performance-monitor rtp-mon! Policy-driven monitoring – what to monitor, (..)! flow monitor type performance-monitor app-mon! what to collect in single policy (..)! ! Define  Flow  Records   flow record type performance-monitor rtp-record! match ipv4 source address! Filter  what  traffic  to  monitor   match ipv4 destination address! match application name! collect transport rtp-jitter! policy-map type performance-monitor avc! (..)! class rtp-traffic! flow record type performance-monitor art-record! flow monitor rtp-mon! match ipv4 source address! class tcp-app! match ipv4 destination address! flow monitor app-mon! match application name! (..)! collect art all! !! (..)! interface Gi0/0/1! service-policy type performance-monitor input avc! service-policy type performance-monitor output avc! Flow byte-count, interface. Voice/video RTP metrics, jitter. App. Response Time, etc.© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  • Enable AVC with just ON/OFF button© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  • Then deploy on all platforms© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  • HQ   Key Features §  Feature to collect and export network information and statistics §  Flexibility in defining fields and flow record format Reporting ASR ASR Tool §  Standard FNFv9 or IPFIX export WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Benefits §  Visibility into application usage §  Monitors data in Layers 2 thru 7 §  Capacity Planning ISR ISR ISR ISR §  Top-N applications §  Top-N clients and servers© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  • Integration Link Layer Interface Header NetFlow ToS NetFlow ü  Monitors data in Layers 2 thru 4 Protocol ü  Determines applications by combination of IP Header Source Port or Port/IP Addressed IP Address ü  Flow information who, Destination IP Address what, when, where Source NBAR TCP/UDP Port Header Destination ü  Examines data from Port Layers 3 thru 7 ü  Utilizes Layers 3 and 4 plus packet inspection for classification ü  Stateful inspection of Deep Packet Data Packet (Payload) dynamic-port traffic Inspection ü  Packet and byte counts NBAR2© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  • News flow record app_record! Key Fields Packet #1 Key Fields Packet #2 match ipv4 source address! Source IP 10.1.1.1 match ipv4 destination address! Source IP 10.1.1.1 Destination IP 173.194.34.134 match …..! Destination IP 72.163.4.161 match application name! Source Port 20457 ! Source Port 30307 Destination Port 23 Destination Port 80 Layer 3 protocol 6 Layer 3 protocol 6 TOS byte 0 TOS byte 0 Ingres Interface Ethernet 0 Ingres Interface Ethernet 0 NetFlow cache Src. IP Dest. IP Dest. IP Src. Port Dest. Port Dest. Port Layer 3 Prot. Layer 3 Prot. TOS Byte TOS Byte Ingress Intf. Ingress Intf. App Name Timesta Byttes Packets mps 10.1.1.1 173.194.34.134. 20457 80 6 0 Ethernet 0 10.1.1.1 173.194.34.134 20457 80 6 0 Ethernet 0 HTTP 10.1.1.1 72.163.4.161 30307 80 6 0 Ethernet 0 Youtube First packet of a flow will create the Flow entry using the Key Fields” Remaining packets of this flow will only update statistics (bytes,© 2013 Cisco and/or its affiliates. All rights reserved. counters, timestamps) Cisco Public 50
  • bittorrent unknown Netflix http share-point gtalk-voip https google-docs Applications ica rtpApplications sip cirix dns Ssl cifs sip hsrp skype webex-meeting icmp https ldap flash-video msnp dns sap facebook Gigabytes Megabytes Cisco AVC with NBAR2 Provides Deep Packet Inspection at the Application Level © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  • Key Features www.cnn.com www.youtube.com www.facebook.com §  Provide web browsing activity report §  Utilize IPFIX Format which is extensible §  Standard IPFIX export http://www.youtube.com/ciscolivelondon http://www.youtube.com/olympic Benefits http://www.cnn.com/US http://www.facebook.com/farmville http://www.cnn.com/US http://www.facebook.com/farmville §  Visibility into top domains http://www.cnn.com/WORLD http://www.facebook.com/farmville http://www.facebook.com/cisco §  Monitors data in Layers 2 thru 7 §  Most visited web site §  Most visited URL per site §  How many hits for a particular domain – extracted from HTTP request message© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  • www.cnn.com www.youtube.com www.facebook.com http://www.youtube.com/ciscolivelondon http://www.youtube.com/olympic http://www.cnn.com/US http://www.facebook.com/farmville http://www.cnn.com/US http://www.facebook.com/farmville http://www.cnn.com/WORLD http://www.facebook.com/farmville http://www.facebook.com/cisco© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  • HQ   Datacenter Delay How do I ensure my SLA is met Key Features §  27 Application Response Time (ART) Metrics §  Interact with NBAR2 for Application ID Reporting §  Standard NFv9 and IPFIX export ASR ASR Tool Network Delay WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Benefits §  Visibility into application usage and performance §  Quantify user experience PA   PA   PA   PA   Branch Delay §  Troubleshoot application performance ISR ISR ISR ISR §  Track service levels for application delivery My email is slow! My query is taking long time!© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  • Clients Request Client IOS PA Server Application Servers Network Network Response Client Network Server Network Delay Application Delay (CND) (SND) Delay (AD) Network Delay (ND) Total Delay•  Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation•  Separate application delivery path into multiple segments•  Server Network Delay (SND) approximates WAN Delay•  Latency per application© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  • is in the correct CoSy application ?osts, static TCP/UDP ports, DSCP values te business vs leisure useportsdate ?n my network ?sers ?pplication name discoveredonloy specific appliance for Xrk and how it’s  classifiedcts 19LivingObjects 18 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  • •  Accurately report application class of service Which QoS class my WebEx application falls into•  Correlate application performance problem with network congestion How many queue drops do I have for my SAP application RTP REALTIME Policy-map QoS_Policy class REALTIME CONTROL priority percent 33 class CONTROL bandwidth percent 7 CRITICAL-DATA class CRITICAL-DATA bandwidth percent 35 CLASS-DEFAULT© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
  • HQ   Key Features §  Monitor media performance metrics, i.e. jitter, loss Network nodes are able §  Integrate with NBAR2 to identify applications to discover & validate Reporting §  Setting threshold and generating alert/alarm RTP, TCP and IP-CBR ASR ASR Tool traffic on hop by hop §  Standard FNFv9 or IPFIX export basis WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Benefits §  Real-time monitoring of voice and video performance across network §  Accelerate troubleshooting – identify what, where, when is the problem ISR ISR ISR ISR §  Proactive troubleshooting §  Validate SLA© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  • Active Monitoring Router 1 Router 2 Active Probing IPSLA Sender IPSLA Responder Passive Monitoring Flexible PerfMon Netflow Flow Record Enhanced RTP and TCP metrics reporting Filtering and classification (based on existing C3PL model) Flow Record© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
  • Stop bittorrent and netflix. Prioritize salesforce, oracle WAN1 Backup WAN2 Application-aware QoS Intelligent Path Selection Identify 1000+ applications using Deliver critical applications over the NBAR2 and control bandwidth with path which can meet application Cisco industry leading QoS performance requirement using PfR Limit unwanted traffic and prioritize Automatic load share to maximize critical applications bandwidth use on available links© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
  • HQ   •  Statefull classification for creating policies irrespective of v4/v6 traffic, simplifying policy management IPv4 Native IPv6 •  Discover applications using NBAR2 •  Supports both input and output traffic BR BR class-map match-any peer2peer! match protocol kazaa2! What Traffic? match protocol gnutella! WAN1   WAN2   match protocol fastrack! (IP-­‐VPN)   (IPVPN,  DMVPN)   policy-map limit-p2p! WAN2   HOW to treat class DMVPN)   (IPVPN,   peer2peer! the traffic? bandwidth percent 10! Where to MC/BR MC/BR MC/BR BR apply? interface Serial1! service-policy input limit-p2p!© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
  • HQ   •  Discover applications using NBAR2 •  Category, sub-category, device-type … BR BR What Traffic? class-map my-class! match protocol attribute category filesharing! WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   policy-map limit-p2p! WAN2   HOW to treat class DMVPN)   (IPVPN,   peer2peer! the traffic? bandwidth percent 10! Where to MC/BR MC/BR MC/BR BR apply? interface Serial1! service-policy input limit-p2p!© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
  • After apply control policy class-map match-all p2p-app! match protocol attribute p2p-technology p2p-tech-yes! policy-map control-policy! class p2p-app! police 8000 conform-action transmit exceed-action drop !© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
  • Monitor QoS Performance •  Top Application over Time •  QoS Class Map Statistics, Queue Drops, Pre/Post Traffic Rate, from CBWFQ MIBS© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
  • •  Full utilization of expensive WAN bandwidth ü  Efficient distribution of traffic based upon load, circuit cost and path preference•  Improved Application Performance ü  Per application best path based on delay, loss, jitter measurements•  Increased Application Availability ü  Protection from carrier black holes and brownouts Email Path PfR MCs Video Path Internet WAE ASR1K DMVPN Branch Cluster ISR G2 ASR1K PfR Email VMs MC/BR PfR BRs SP A Headquarter MPLS ASR1K SP B ASR1K GETVPN Master Controller (MC) MPLS Border Router (BR) GETVPN© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
  • Optimize by: •  Reachability, Loss, •  Delay, Jitter, MOS, Internet Edge •  Throughput, Load, and/or $Cost Enterprise WAN Branch   ISP1 ISP2 MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR MC/BR HQ  © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
  • •  The Decision Maker: Master Controller (MC) MC Apply policy, verification, reporting No packet forwarding/ inspection required •  The Forwarding Path: Border Router (BR) Gain network visibility in forwarding path (Learn, measure) Enforce MC’s decision (path enforcement) BR BR •  Optimize by: Reachability, Delay, Loss, Jitter, MOS, WAN1 WAN2 Throughput, Load, and/or $Cost© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
  • HQ   Traffic Classes MC Learning §  Prefixes Static BR BR §  ACL §  DSCP Based Automatic §  Applications WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Learning Monitoring (Passive – Active) MC/BR MC/BR MC/BR BR Choosing Your Policies Enforcing the Path© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
  • HQ   •  PfR determines the traffic classes from the traffic Traffic Classes MC flowing through the border routers using NetFlow •  Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes BR BR Voice, Video, The Rest of the Critical Traffic Dest. IP DSCP Delay Loss Jitter BW 10.2.2.0/24 - 0 … … Prefixes WAN1   WAN2   … … … … … (IP-­‐VPN)   (IPVPN,  DMVPN)   or Dest. IP DSCP AppID Delay Loss Jitter BW 10.2.2.0/24 EF 0 … … … … … … …Applications MC/BR MC/BR MC/BR BR Dest. IP DSCP AppID Delay Loss Jitter BW 10.2.2.0/24 AF31 0 … … … … … … … 10.1.1.0/24 10.2.1.0/24 10.1.2.0/24 … © 2013 Cisco and/or its affiliates. All rights reserved. 10.2.9.0/24 Cisco Public 74
  • HQ   MC Voice - Video BR BR Critical Application Voice, Video, Learn Critical The Rest of the Traffic Rest of the Traffic WAN1   WAN2  •  Define Application Groups (IP-­‐VPN)   (IPVPN,  DMVPN)  •  Aka Similar to the class-map concept in QoS Allows to define: specific policies per group MC/BR MC/BR MC/BR BR Specific thresholds per group Specific monitoring mode per group© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
  • HQ   Passive Traffic MC Classes Reachability Delay Loss Passive Performance Egress BW Ingress BW Metrics NetFlow BR BR NetFlow §  PfR Netflow Monitoring Cache Cache §  Flows Need not be symmetrical WAN1   WAN2   Active (IP-­‐VPN)   (IPVPN,  DMVPN)   Reachability Delay Loss Jitter MOS §  PfR enables IP SLA feature §  Probes sourced from BR MC/BR MC/BR MC/BR BR §  ICMP probes learned or configured §  TCP, UDP, JITTER need ip sla responder© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
  • HQ   Traffic Classes MC Link Application Performance §  Load balancing §  Reachability BR BR Voice, Video, The Rest of the §  Max utilization §  Delay Critical Traffic §  Link grouping §  Loss §  $Cost §  MOS WAN1   WAN2   §  Jitter (IP-­‐VPN)   (IPVPN,  DMVPN)   Learning Monitoring (Passive – Active) MC/BR MC/BR MC/BR BR Choosing Your Policies Enforcing the Path© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
  • HQ   MC Destination Prefix Application §  BGP §  Dynamic PBR -  Egress: route injection or §  NBAR/CCE Modifying the BGP Local BR BR Voice, Video, The Rest of the Preference attribute Critical Traffic -  Ingress: BGP AS-PATH Prepend or AS Community §  EIGRP Route Control WAN1   WAN2   §  Static Route Injection (IP-­‐VPN)   (IPVPN,  DMVPN)   §  PIRO Learning MC/BR MC/BR MC/BR BR Monitoring (Passive – Active) Choosing Your Policies Enforcing the Path© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
  • Internet Edge Branch   ISP1 ISP2 MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR MC/BR HQ  © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
  • HQ   Learning Dest Prefixes (NetFlow) R3 Monitoring Passive – Global iBGP Egress BW Ingress BW R4 R5 eBGP 55% 45% eBGP Policies Load-Balancing (range) Path Enforcement BGP Inject BGP Route ISP1 ISP2 BGP Local Pref ISP3 AS-PATH Prepend ISP5 ISP4 Community© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
  • ISP-­‐1                                ISP-­‐2   MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR HQ   MC/BR Voice - Video Critical Application Rest  of  the  Traffic  © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
  • HQ   Traffic Classes MC Learning Applications (NetFlow) Voice/Video SLA Critical Apps BE BR BR Voice, Video, The Rest of the Critical Traffic Monitoring Active – Voice/Video Active – Critical Apps WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Passive – Global Policies Voice/Video – Jitter/Delay/Loss Critical – Delay/Loss MC/BR MC/BR MC/BR BR Global – Load-balancing Path Enforcement PBR 10.10.1.0/24 10.20.1.0/24 10.10.2.0/24 …© 2013 Cisco and/or its affiliates. All rights reserved. 10.20.9.0/24 Cisco Public 82
  • HQ  •  Multisite MC Peering Framework MC•  MC to MC Peering Framework can be used to exchange policies, services and feedback BR BR•  Remote Site Discovery Simplifies Configuration – prefix and target discovery Probing Efficiency – sharing of probe data across policies WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   MC/BR MC/BR MC/BR BR 8© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
  • IETF Scope NetFlow v5, NetFlow v8, NetFlow v9, IPFIX Capacity Planning Security Performance Analysis Visibility Metering Process Export Process© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
  • Netflow Version 5 Netflow v9 / IPFIX Flow record Describe flow format A Describe flow format B Flow record Collector Collector Exporter Exporter Flow record A Flow record Flow record A Flow record Flow record B •  Fixed number of fields (18 fields) •  Users define flow record format e.g. source/destination IP & port, input/output •  Flow format is communicated to collector interfaces, packet/byte count, ToS© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
  • Traffic Analysis Denial of Service BillingMore info: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/ © 2013 Cisco and/or its affiliates. All rights reserved. 87
  • Company Product Use Cases Cisco Prime Network and App Monitoring. Infrastructure Gomez & APM combined with App-aware DynaTrace Network Monitoring 5View App-aware Network Monitoring LiveAction Control (QoS) GUI, App-aware Network Monitoring Scrutinizer App-aware Network Monitoring LivingObjects App-Aware Network Monitoring, URL Collection and hit counts Proxy Reporter App-aware Network Monitoring© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
  • © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
  • What can AVC do for me? How? Identify various applications in NBAR2 uses DPI to identify my network 1000+ applications Collect traffic information and Embedded monitoring exports performance metrics without information in standard NFv9 or hardware probe IPFIX format Provide data for proactive Both Cisco Prime Infrastructure monitoring and troubleshooting and 3rd party are supported Application-aware QoS Tune my network to improve leveraging NBAR2 to identify application performance applications – PfR Path Control© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
  • Introducing the ISRApplication Experience License IP Base Security AX U.C.Extends and replaces the Data license withapplication router services. All previous Data licensefeatures included.All Application Visibility and Control (AVC) App & Security includedfeatures included. Enables powerful, comprehensive with the ISR-AX!application monitoring and management.Right-To-Use license for WAAS. License enablesWAAS Express, WAAS SRE, or WAAS on UCS-Ewith no additional software cost.© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
  • Platform License Cisco Prime Advanced IP license Infrastructure 800 (advipservices) Assurance License1 AX License2 1900 AX License2 2900 AX License2 Or 3900 Any AVC supported Advanced IP (AIP) or Advanced NetFlow collector ASR1k Enterprise (AES) + FLASR1-AVC-RTU 1.  See Cisco Prime Infrastructure ordering guide at http://www.cisco.com/go/primeinfrastructure 2.  AX license (New) includes data license and WAAS right-to-use license© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
  • •  Application Visibility and Control http://www.cisco.com/go/avc http://www.cisco.com/go/pfr•  Docwiki.cisco.com AVC: http://docwiki.cisco.com/wiki/AVC:Home PfR: http://docwiki.cisco.com/wiki/PfR:Home•  AVC Solution Guide for IOS-XE 3.8 http://www.cisco.com/en/US/docs/ios/solutions_docs/avc/ios_xe3_8/avc_soln_guide_iosxe3_8.html•  NBAR http://www.cisco.com/en/US/partner/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html•  AVC Cisco Developer Network (CDN) http://developer.cisco.com/web/avc© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
  • •  Thank you! •  Please complete the post-event survey •  Join us May 1st for our next webinar: L2VPN in the Data Center Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
  • Thank you.