• Share
  • Email
  • Embed
  • Like
  • Private Content
Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)
 

Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

on

  • 2,047 views

Providing functions to application traffic requires the network to classify, share information and understand the traffic. Application Visibility and Control (AVC) technologies address the needs for ...

Providing functions to application traffic requires the network to classify, share information and understand the traffic. Application Visibility and Control (AVC) technologies address the needs for application classification, monitoring activities and network policies enforcement (QoS, Performance Routing, etc.), allowing for simplified, accelerated and scalable deployments.

Statistics

Views

Total Views
2,047
Views on SlideShare
2,047
Embed Views
0

Actions

Likes
1
Downloads
56
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies) Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies) Presentation Transcript

    • Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies Jean Charles Griviaud and Ken Briley We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started.© 2012 Cisco and/or its affiliates. All rights reserved. 1
    • Speakers Panelists Jean-Charles Griviaud Ken Briley Ina Singh Madhavan Arunachalam Product Manager Technical Leader Technical Leader Software Engineer jgriviau@cisco.com Technical Marketing Engineering Engineering kbriley@cisco.com inasingh@cisco.com marunach@cisco.com© 2010 Cisco and/or its affiliates. All rights reserved. 2
    • • Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists • For Webex audio, select COMMUNICATE > Join Audio Broadcast • For Webex call back, click ALLOW Phone button at the bottom of Participants side panel • Where can I get the presentation? https://communities.cisco.com/docs/DOC-29594 Or send email to: ask_iosadvantage@cisco.com • Please complete the post-event Survey • Join us on July 11 for our next IOS Advantage Webinar: Flow Metadata for Enhanced Application Awareness© 2010 Cisco and/or its affiliates. All rights reserved. 3
    • • Introduction• Use Case Deep Dive Visibility into WAN usage and application performance Non-business Traffic Impact Business Critical Applications Maximize Utilization and Availability of Internet Presence Maximize Utilization and Reliability of Applications over the WAN• Summary© 2010 Cisco and/or its affiliates. All rights reserved. 4
    • SaaS IaaS/PaaS 80% OF NEW APPS XAAS MARKET 300% GROWTH 5 DEVICES PER WEB ENABLED GROWING TO $241B BY IN VIDEO USER BY 2016 2020 TRAFFIC Ensuring Application Performance Regardless of Location And Device Type Is More Important Than Ever© 2010 Cisco and/or its affiliates. All rights reserved. 5
    • “I want to stop unauthorized applications from using mynetwork bandwidth” “I could have avoided the down time if I know what is running in my network”“We do not know how many are experiencing performanceissues “ “We initially cannot tell if the issue is in the client, the network, or in the backend server”“We lack historical data to proactively detect unwantedperformance trend and their root causes” “I need to know if my SLA is being met”© 2010 Cisco and/or its affiliates. All rights reserved. 6
    • Make the Network Application Aware Gain visibility into application running in the Intelligently prioritize and control application network, performance trend, and user traffic to maximize user experience experiences© 2010 Cisco and/or its affiliates. All rights reserved. 7
    • IOS PA App Visibility & ISR G2 FNF User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction … ASR1K Time ASR1K WebEx 3 Mb 150 ms … High Citrix 10 Mb 500 ms … Med NFv9 Low Reporting Tools Application Reporting Tool Perf. Collection & Management Control Recognition Exporting Tool ISR G2 & ASR Advanced reporting Use QoS or PfR to Identify applications collect application using L7 signatures tool aggregates control application bandwidth and and reports network usage to (NBAR2) or response time metadata application improve application metrics, and export performance performance to management tool© 2010 Cisco and/or its affiliates. All rights reserved. 8
    • SCE Classification +1000 Signatures Innovations IOS NBAR Advanced Classification IPv6 Classification +150 Signatures Techniques Nested Classification Application Categorization Open API 3rd Party Integration.. NBAR2• List of protocols and applications supported by NBAR2 http://wwwin.cisco.com/ios/tech/collateral/90364_product_bulletin_c25-627831.pdf• Enhanced reporting with additional field extraction – top browsing domain, top URL, browser type (Future)• In-service Protocol Definition Update – no IOS upgrade required© 2010 Cisco and/or its affiliates. All rights reserved. 9
    • Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage and •Lack of cost effective visibility tools NBAR2, PAapplication performance •Insufficient information to PAM troubleshoot application performanceNon-business Traffic Impact •Control non-business critical NBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and •Complex and manual configuration PfR – Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and •Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WAN •Utilize all the available WAN links© 2010 Cisco and/or its affiliates. All rights reserved. 10
    • 11© 2010 Cisco and/or its affiliates. All rights reserved. 11
    • Layer 4 Monitoring Visibility for Today Network bittorrent rtp gtalk netflix skype webex unknown? http?© 2010 Cisco and/or its affiliates. All rights reserved. 12
    • What the users see What network admins see What can happen Increased Your network is Latency so slow I cannot get any work WAN done today ping? Problem I do not see anything show ip route? Application wrong traceroute? ProblemEnd Users show interface? Server Problem User Problem Network Admin © 2010 Cisco and/or its affiliates. All rights reserved. 13 1
    • ISR G2: Today ASR1K: XE 3.8S How do I ensure my SLA My email is met is slow! My query WAN is taking long time! NFv9 Branch Data Center Reporting ToolKey Features BenefitsApplication Usage (BW, Top N) Visibility into application usage and performanceApplication Response Time (ART) Measurement Quantify user experienceInteract with NBAR or NBAR2 Troubleshoot application performanceStandard NFv9 export (future – IPFIX) Track service levels for application deliveryMetric aggregation reduces number of flowrecords across WAN© 2010 Cisco and/or its affiliates. All rights reserved. 14
    • Request Application Servers Clients Client IOS Server Network PA Network Client Network Server Network Application Response Delay (CND) Delay (SND) Delay (AD) Network Delay (ND) Total Delay • Separate application delivery path into multiple segments • Server Network Delay (SND) approximates WAN Delay • Latency per application© 2010 Cisco and/or its affiliates. All rights reserved. 15
    • Users make 2 requests to http://sharepoint.cisco.com (IP=10.0.0.1) sharepoint.cisco.com (IP=1.1.1.1) Source IP Source Port Dest IP Dest Port Protocol Application Bytes 10.0.0.1 13352 1.1.1.1 80 TCP Sharepoint 15000 1.1.1.1 80 10.0.0.1 13352 TCP Sharepoint 100000 10.0.0.1 13353 1.1.1.1 80 TCP Sharepoint 30000 1.1.1.1 80 10.0.0.1 13353 TCP Sharepoint 200000 What PA stores Source IP Dest IP Dest Port Protocol Application Clnt Bytes Svr Bytes 10.0.0.1 1.1.1.1 80 TCP Sharepoint 45000 300000 • What server and application user accesses and performance metrics© 2010 Cisco and/or its affiliates. All rights reserved. 16
    • Collect Traffic Volume using FNF Collect Traffic Volume using PArouter#show flow exporter statistics router#show flow exporter statisticsFlow Exporter fnf-export: Flow Exporter pa-export: Packet send statistics (last cleared Packet send statistics (last cleared 4d23h ago): 4d23h ago): Client send statistics: Client send statistics: Client: Flow Monitor fnf Client: MACE EXPORTER GROUP MACE-EXP-1 Records added: 3708444 Records added: 883751 - sent: 3708443 - sent: 883751 Bytes added: 218798196 Bytes added: 55676313 - sent: 218798137 - sent: 55676313  Data from Cisco alpha network show 75% reduction in flow records © 2010 Cisco and/or its affiliates. All rights reserved. 17
    • For Your Reference Traditional FNF Metrics ART Metrics • Application ID (from NBAR2) • CND - Client Network Delay (min/max/sum) • Client/Server Bytes • SND – Server Network Delay (min/max/sum) • Client/Server Packets • ND – Network Delay (min/max/sum) • Source MAC Address • AD – Application Delay (min/max/sum) • Input/Output Interface • Total Response Time (min/max/sum) • IP DSCP • Total Transaction Time (min/max/sum) • Number of New Connections WAAS Express Metrics • Number of Late Responses • Input/Output Bytes • Number of Responses by Response Time • WAAS Connection Mode (7-bucket histogram) TFO, TFO/LZ, TFO/DRE, • Number of Retransmissions TFO/LZ/DRE • Number of Transactions • Input/Output DRE Bytes • Client/Server Bytes • Input/Output LZ Bytes • Client/Server Packets© 2010 Cisco and/or its affiliates. All rights reserved. 18
    • IOS PAClient Server Quantify User SYN SND SYN-ACK Experience CND • Response Time (RT) ACK Request 1 t(First response pkt) – t(Last request pkt) ACKRequest Quantify User Request 1 (Cont) RT Experience • Transaction Time (TT) TT DATA 1 DATA DATA 2 3 t(Last response pkt) – t(First request pkt) ACK 3 X DATA 4 X DATA 5 • Network Delay (ND) DATA 3 Identify Response DATA 4 ND = CND + SND Server Retransmission Performance ACK 6 • Application Delay (AD) Issue DATA 6 AD = RT – SND Request 2© 2010 Cisco and/or its affiliates. All rights reserved. 19
    • For Your Reference Collect application name flow exporter pa-export provided by NBAR2 destination 172.30.104.128 transport udp 9991 Configuration Steps ! flow record type mace pa-record 1. Configure flow exporter collect application name collect art all 2. Configure flow record type mace collect (..) ! flow monitor type mace pa-monitor 3. Configure flow monitor type mace record pa-record exporter pa-export 4. Configure class-map ! access-list 100 permit tcp any host 5. Configure policy-map type mace – policy must 10.0.0.1 eq 80 be named mace_global class-map match-any pa-traffic match access-group 100 ! 6. Configure mace enable on interface policy-map type mace mace_global class pa-traffic Enable NBAR2 to flow monitor pa-monitor ! identify applications, interface Serial0/0/0 not require after 15.2(4)M ip nbar protocol-discovery mace enable© 2010 Cisco and/or its affiliates. All rights reserved. 20
    • Protocol discovery not required after 15.2(4)M flow record type mace pa-record interface Serial0/0/0 collect application name ip nbar protocol-discovery collect art all mace enable https://cisco.webex.com Se0/0/0 (IP=192.168.100.100) IOS PA cisco.webex.com (IP=66.114.168.178) • ‘collect application name’ exports application ID field to reporting tool Without NBAR Src IP Dst IP Dst Port App ID Resp Time … 192.168.100.100 66.114.168.178 443 0 100 FlowRecord With NBAR Src IP Dst IP Dst Port App ID Resp Time … 192.168.100.100 66.114.168.178 443 0x0D00019E 100 Indicate this is© 2010 Cisco and/or its affiliates. All rights reserved. webex application 21
    • For Your Reference Before 15.2(4)M 15.2(4)M and later Do not need NBAR AppID Do not configure ‘collect Do not configure ‘collect export application name’ in flow application name’ in flow record type mace record type mace Need NBAR AppID export Configure ‘collect Configure ‘collect application name’ in flow application name’ in flow record type mace record type mace Enable ‘ip nbar protocol- discovery’ on the interface© 2010 Cisco and/or its affiliates. All rights reserved. 22
    • flow record type mace mace-record collect datalink mac source address input collect ipv4 dscp collect interface input collect interface output collect application name collect counter client bytes collect counter server bytes Who sends Bittorrent? collect counter client packets collect counter server packets collect art all Collect Traffic Volume Information© 2010 Cisco and/or its affiliates. All rights reserved. 23
    • Discover Top Users for the Application Discover Application Per-user© 2010 Cisco and/or its affiliates. All rights reserved. 24
    • Which site is slowest? How is the Server performing? How is user experience at a site?© 2010 Cisco and/or its affiliates. All rights reserved. 25
    • • What metrics do I need to look at to detect these problems? Application 1. Application Server(s) Problem Server Problem 2. Increased Network Latency Network Problem 3. Increased Packet Loss© 2010 Cisco and/or its affiliates. All rights reserved. 26
    • Response Time I know exactly what is going on Your network Application Server Need to Network is so slow I Latency cannot get Delay understand any work done relationship today between these Network metrics Admin Transaction Traffic Time VolumeEnd Users © 2010 Cisco and/or its affiliates. All rights reserved. 27
    • Transaction Time Response Time Network seems fine Server Delay Network Latency  End user experience is impacted because application server is slow© 2010 Cisco and/or its affiliates. All rights reserved. 28
    • Transaction Time Response Time Server Delay Network Latency • Increased network latency impacts response time and transaction time© 2010 Cisco and/or its affiliates. All rights reserved. 29
    • Transaction Time Response Time Traffic volume goes down while transaction time goes up Server Delay Network Latency • Transaction time shoots up when other metrics remain the same© 2010 Cisco and/or its affiliates. All rights reserved. 30
    • Use Cases/Scenarios ISR G2 ASR1K Management Identify custom enterprise 15.2(4)M1 XE 3.8S PAM 2.0 application based on URL Per network segment application Today XE 3.8S PAM 2.X performance report Identify which QoS class traffic 15.2(4)M1 XE 3.9S PAM 2.1 flows into and the queue drop Customers already have 15.2(4)M1 XE 3.8S Working with performance monitoring tool and 3rd party tool want to use with AVC Customers need IPFIX support 15.2(4)M1 XE 3.8S PAM 2.0 NBAR2 Visibility into WAAS Roadmap XE 3.9S N/A compressed traffic Internet Edge Visibility (SCEASR) XE 3.8S PAM 2.0© 2010 Cisco and/or its affiliates. All rights reserved. 31
    • ASR1K: XE 3.8S ISR G2: 15.2(4)M1 PAM 2.0 Custom Enterprise Application App Server URI BW Resp. TimeEnable enterprise application Payroll server1.example.com - 2M 100msmonitoring and management Doc. Management server2.example.com /doc 1M 250ms Software Rep. server2.example.com /software 5M 30sec• Today: NBAR supports custom app by Cisco Prime Assurance port or values in payload Custom Application Definition & Report server1.example.com• New: Custom application match on HTTP URL• Configuration through PAM server2.example.com• Recognize custom app for reporting and for QoS policy /doc – Documentation /software - Software © 2010 Cisco and/or its affiliates. All rights reserved. 32
    • Future Office 365 is slow WAN Internet Client Headend NFv9/ Application IPFIX Server Delay Latency Break-down Report Application = Branch WAN Headend Internet Server Office 365 = 5 ms = 50 ms = 10 ms = 70 ms = 20 ms • Faster problem resolution by providing break down network latency • All devices report response time and latency metrics to PAM • PAM correlates all metrics and provide end-to-end latency view of application delivery© 2010 Cisco and/or its affiliates. All rights reserved. 33 3
    • Company Product Use Cases Status PAM Network and App Monitoring. PAM 2.0 – Adding PfR, new Control GUI (future) metrics in XE 3.8S Gomez & APM combined with App- Adding NBAR2, PA, WAAS DynaTrace aware Network Monitoring 5View App-aware Network Already support WAAS Monitoring Adding NBAR2, PA LiveAction Control (QoS) GUI, App-aware Already supports medianet Network Monitoring Adding NBAR2, PA, PfR Scrutinizer App-aware Network Already support PfR, medianet Monitoring Adding NBAR2, PA Others: Living Object, Insight, CA© 2010 Cisco and/or its affiliates. All rights reserved. 34
    • • NBAR2 support for QoS config and monitoring• New application performance report workflow from PA data© 2010 Cisco and/or its affiliates. All rights reserved. 35
    • Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage and •Lack of cost effective visibility tools NBAR2, PAapplication performance •Insufficient information to PAM troubleshoot application performanceNon-business Traffic Impact •Control non-business critical NBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and •Complex and manual configuration PfR – Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and •Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WAN •Utilize all the available WAN links© 2010 Cisco and/or its affiliates. All rights reserved. 36
    • © 2010 Cisco and/or its affiliates. All rights reserved. 37
    • Minimum Bandwidth • Bandwidth action Maximum Bandwidth • Police action Minimize Latency • Priority action Change Flow Properties • Set action, i.e. set dscp Reduce Burst • Shape action© 2010 Cisco and/or its affiliates. All rights reserved. 38
    • IOS XE 3.4 S 15.2(2)T Match on applications or pre-defined attributes class-map match-any p2p-class match protocol attribute application-group bittorrent-group match protocol kazaa2 match protocol attribute sub-category p2p-networking I want to exclude Viber and Skype from sub-category voice-video-chat- collaboration class-map match-any excluded-apps Future: Custom application attributes match protocol skype XE 3.8S, 15.2(4)M1 match protocol viber class-map match-all voice-video-chat-app match protocol attribute sub-category voice-video-chat-collaboration match not class-map excluded-apps Support information: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html© 2010 Cisco and/or its affiliates. All rights reserved. 39
    • Monitor QoS Performance • Top Application over Time • QoS Class Map Statistics, Queue Drops, Pre/Post Traffic Rate, from CBWFQ MIBS QoS Config GUI planned for PAM 2.1© 2010 Cisco and/or its affiliates. All rights reserved. 40
    • IOS XE 3.4 S 15.2(2)T policy-map wan_remaining% policy-map Shape_150M class Voice-Bearer class class-default priority percent 25 shape average 150000000 600000 0 class HD-Video service-policy wan_remaining% priority percent 20 class Network-control interface Gig x/y bandwidth remaining percent 15 queue-limit 100 description **** CIR = 150Mbps **** class Voice-Signaling bandwidth 150000 bandwidth remaining percent 15 service-policy output Shape_150M queue-limit 100 class SD-Video bandwidth remaining percent 20 No guarantee for queue-limit 200 business critical http class Business bandwidth remaining percent 15 queue-limit 250 class Bulk bandwidth remaining percent 10 queue-limit 200 class class-default bandwidth remaining percent 25 queue-limit 400© 2010 Cisco and/or its affiliates. All rights reserved. 41
    • WAN Policy for Browsing Traffic Egress Application BW Priority Browsing 5% (Remaining BW) N/A class-map match-any browsing match protocol attribute category browsing Committed BW (50% of the line) class-map match-any Business-browsing Business 80% (Out of Browsing) Business match protocol http url “*myserver.com*” match protocol http url “*salesforce.com*” Browsing policy-map Business-browsing-policy Excess BW Other Browsing 20% (Out of Browsing) Default class Business-browsing (50% of the line) bandwidth remaining percent 80 set dscp af 21 class class-default bandwidth remaining percent 20 set dscp default policy-map wan_remaining% <snip> class Business bandwidth remaining percent 11 Remaining queue-limit 250 class browsing Allocations are bandwidth remaining percent 5 service-policy Business-browsing-policy Class-Default: shown in original class class-default bandwidth remaining percent 24 Low Priority policy queue-limit 400 25% committed Browsing: interface Gig X/Y Business- 5% BW service-policy output wan_remaining% Browsing: 80% of all Browsing© 2010 Cisco and/or its affiliates. All rights reserved. 42
    • After apply control policy Cisco Prime NAM Top Application Chart class-map match-all p2p-app match protocol attribute p2p-technology p2p-tech-yes policy-map control-policy class p2p-app police 8000 conform-action transmit exceed-action drop© 2010 Cisco and/or its affiliates. All rights reserved. 44
    • class-map high 3 match protocol sharepoint match protocol attribute application-group webex-group class-map medium match protocol attribute category net-admin class-map low match protocol attribute category file-sharing ! policy-map my-priority-policy class high priority percent 50 class medium bandwidth remaining percent 50 class low bandwidth remaining percent 30 ! policy-map my-network-policy class class-default 1 shape average 50000000 2 service-policy my-priority-policy ! interface GigabitEthernet0/0/2 service-policy output my-network-policy© 2010 Cisco and/or its affiliates. All rights reserved. 45
    • 1 2 3 Re-prioritize No Shaping Apply queuing High priority App shaping Without proper Application Transaction Time Bandwidth prioritization, users may suffer poor application High Priority App, e.g. Noresponsein change time Sharepoint application BW After re-prioritize high usage even with changes app, its priority in QoS response time policy Low significantly Priority improves App, e.g. Windows Low priority app Update response time is worse as it is being moved to lower priority traffic queue© 2010 Cisco and/or its affiliates. All rights reserved. 46
    • Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage and •Lack of cost effective visibility tools NBAR2, PAapplication performance •Insufficient information to PAM troubleshoot application performanceNon-business Traffic Impact •Control non-business critical NBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and •Complex and manual configuration PfR – Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and •Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WAN •Utilize all the available WAN links© 2010 Cisco and/or its affiliates. All rights reserved. 47
    • © 2010 Cisco and/or its affiliates. All rights reserved. 48
    • Protecting critical applications while Maximizing bandwidth utilization Detect loss > 10% Detect high jitter WAN Internet Cloud Service Voice & Video VDI Best Effort traffic Best Effort traffic ISP-1 (Primary) ISP-2 (Secondary) SP-A (MPLS VPN) SP-B (MPLS VPN) Cloud Service & Load Balancing Policy Multimedia & Critical Data Policy• Protect business Cloud applications from network • Protect voice and video quality brownout Latency > 200ms; Jitter > 30ms Loss > 10% • Protect VDI applications from brownouts• Cloud Service preferred path – ISP1 Loss > 5%• Maximize all ISP bandwidth by load sharing other • Voice & Video preferred path SP-A Internet traffic • VDI preferred path SP-B • Maximize utilization by load sharing© 2010 Cisco and/or its affiliates. All rights reserved. 49
    • Passive Link Destination Prefix Reachability Delay Loss  Load balancing  BGP - Egress: route injection or  Max utilization Modifying the BGP Local Egress BW Ingress BW Learning  Link grouping Preference attribute  PfR Netflow Monitoring - Ingress: BGP AS-PATH Prepend Prefixes  $Cost or AS Community  Flows Need not be symmetrical ACL  EIGRP Route Control DSCP Based  Static Route Injection Active Applications Application  PIRO Reachability Delay Loss Performance Jitter MOS  Reachability  PfR enables IP SLA feature Application  Delay  Probes sourced from BR  Dynamic PBR  Loss  ICMP probes learned or  NBAR/CCE configured  MOS  TCP, UDP, JITTER need ip sla  Jitter responder© 2010 Cisco and/or its affiliates. All rights reserved. 50 50
    • HQ • PfR used to load balance the traffic MC • New default policies based on load-balancing iBGP • Cisco ASR1k is typical BR/MC with BR BR BR terminating WAN connections eBGP eBGP 1GE 100M 15% 60% • BGP routing 35% 10% • BRs must be iBGP peers • Default routing or ISP1 ISP2 • Partial routes or • Full routes ISP3 • PfR can actively manage up to 20k Prefixes ISP4 ISP5 concurrently (with ASR1000) • 12.4T/15.0.1M ISP6 • IOS-XE 3.3.0 Manual tuning using BGP Egress – Local Preference Ingress – AS-PATH Prepend + specific routes© 2010 Cisco and/or its affiliates. All rights reserved. 51 51
    • HQ MC iBGP Learning Dest Prefixes (NetFlow) BR BR Monitoring Passive – Global eBGP 55% 45% eBGP Egress BW ISP1 ISP2 Policies Load-Balancing (range) ISP3 Path Enforcement BGP ISP4 ISP5 Inject BGP Route ISP6 BGP Local Pref© 2010 Cisco and/or its affiliates. All rights reserved. 52 52
    • HQ MC iBGP Learning Inside Prefixes (BGP) BR BR Monitoring Passive – Global eBGP eBGP Ingress BW 20% 17% ISP1 ISP2 Policies Load-Balancing (range) ISP3 Path Enforcement BGP ISP4 ISP5 BGP AS-PATH Prepend ISP6 BGP Community© 2010 Cisco and/or its affiliates. All rights reserved. 53 53
    • HQ Ingress Egress MC Destination Delay Loss BR Exit Prefix BW BW Traffic 10.1.1.1/32 60 0 20 40 BR1 Gi1/1 Classes 10.1.10.0/24 110 0 52 60 BR1 Gi1/2 NetFlow NetFlow BR BR … 89 1 34 10 BR2 Gi1/1 Cache Cache BR Links Ingress Egress BR1 Gig1/1 200 40 Exits BR2 Gig1/2 130 60 ISP1 ISP2 Border routers collect and report passive monitoring ISP3 statistics to the master controller approximately once ISP4 ISP5 per minute. BRs gather performance measurements using Netflow ISP6 BRs report Performance Metrics for Traffic Classes to the Master Controller© 2010 Cisco and/or its affiliates. All rights reserved. 54 54
    • Link Range Utilization • Keep the usage on a set of exit links within a certain percentage range of each other pfr master max-range-utilization percent 10 logging Max Link Utilization ! • Upper threshold on the amount of border 10.4.5.4 key-chain pfr traffic a specific link can carry interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! border 10.4.5.5 key-chain pfr Max Prefixes interface Ethernet0/0 internal • Limit the number of prefixes to 1000 interface Ethernet0/1 external • Delete Prefix if not relearned in 60 max-xmit-utilization percentage 90 Minutes ! ! learn prefixes 1000 expire after time 60 Global Policies ! • Load Balancing enabled by default ! • Link OOP if : periodic 600 • % Util > Lowest + 10 ! • % Util > 90 • Revaluate Exit every 10 Minutes© 2010 Cisco and/or its affiliates. All rights reserved. 55 55
    • HQ MC#sh pfr master traffic-class MC OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms), iBGP MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe all BR BR # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is denied eBGP 55% 45% eBGP DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 10.1.1.0/24 N N N N NN 58 INPOLICY 60 0 0 0 0 10.4.5.5 Et0/1 0 66 7 BGP ISP1 ISP2 U U 0 0 N N N N ISP3 10.1.2.0/24 N N N N NN INPOLICY 0 10.4.5.4 Et0/1 BGP 210 210 0 0 0 0 16 2 U U 0 0 N N N N ISP4 ISP5 [SNIP] 10.1.3.0/24 N N N N NN ISP6 INPOLICY 0 10.4.5.5 Et0/1 BGP 59 60 0 0 0 0 61 7 U U 0 0 N N N N MC#© 2010 Cisco and/or its affiliates. All rights reserved. 56 56
    • HQ R3#sh pfr master exits ============================================================================================== MC PfR Master Controller Exits: General Info: ============= E - External iBGP I - Internal N/A - Not Applicable Up/ ID Name Border Interface ifIdx IP Address Mask Policy Type Down BR --- ------------ --------------- ----------- ----- --------------- ---- ----------- ---- ---- BR 2 10.5.5.5 Et0/1 2 100.5.82.5 24 Util E UP 1 10.4.4.4 Et0/1 2 100.4.81.4 24 Util E UP Global Exit Policy: =================== eBGP 55% 45% eBGP Range Egress: In Policy - Max difference 4% between Exits 2 & 1 - Policy 10% Range Ingress: Out of Policy - Max difference 10% between Exits 2 & 1 - Policy 0% Util Egress: In Policy Util Ingress: In Policy Cost: In Policy Exits Performance: ================== Egress Ingress ---------------------------------------------------- ------------------------------------ ISP1 ISP2 ID Capacity MaxUtil Usage % RSVP POOL OOP Capacity MaxUtil Usage % OOP --- -------- -------- -------- --- -------------- ----- -------- -------- -------- --- ----- 2 3000 2700 1033 34 1 3000 2700 1161 38 N/A N/A 3000 3000 N/A N/A 3000 3000 1 0 N/A 321 10 N/A ISP3 TC and BW Distribution: ======================= # of TCs BW (kbps) Name/ID Current Controlled InPolicy Controlled Probe Active Total Failed Unreach ISP4 ISP5 (count) (fpm) ---- ---------------------------- ---------------------- ------ -------- 2 26 26 26 1035 1033 0 0 1 20 20 20 1088 1161 0 0 Exit Related TC Stats: ISP6 ====================== Priority highest nth ------------------ Number of TCs with range: 1 45 Number of TCs with util: 0 46 Number of TCs with cost: 0 0 Total number of TCs: 46 R3#© 2010 Cisco and/or its affiliates. All rights reserved. 57 57
    • HQ MC Voice - Video Critical Application BR BR Rest of the Traffic Voice, Video, The Rest of the Critical Traffic  Application based optimization  Voice and Video traffic: primary path, check delay, WAN1 WAN2 (IP-VPN, DMVPN) (IPVPN, DMVPN) loss, jitter – fallback secondary  Business Applications: primary path, check loss, utilization – fallback secondary  Data Applications: load balanced across SPs or use MC/B MC/B MC/B BR the secondary path R R R  Target Discovery will be used© 2010 Cisco and/or its affiliates. All rights reserved. 58 58
    • HQ MC Learning Prefixes Traffic Classes BR BR Prefixes + DSCP Applications WAN1 WAN2 (IP-VPN, DMVPN) (IPVPN, DMVPN) Monitoring Fast – Voice/Video Active – Critical Apps Passive – Rest MC/B MC/B MC/B BR R R R BR© 2010 Cisco and/or its affiliates. All rights reserved. 59 59
    • HQ MC Policies BR BR Voice, Video, The Rest of the 1. Link-Group Critical Traffic 2. Loss Voice - Video 3. Jitter WAN1 WAN2 4. Delay (IP-VPN, DMVPN) (IPVPN, DMVPN) 1. Link-Group Critical Application 2. Loss 4. Delay MC/B MC/B MC/B BR R R R Rest of the Traffic Load-Balancing© 2010 Cisco and/or its affiliates. All rights reserved. 60 60
    • HQ Traffic Classes MCDestination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW10.1.1.1/32 EF 60 0 20 40 BR1 Gi1/1 BR BR10.1.10.0/24 AF31 110 0 52 60 BR1 Gi1/2 … - 89 1 34 10 BR2 Gi1/1 WAN1 WAN2 (IP-VPN, DMVPN) (IPVPN, DMVPN)  BRS gather performance measurements using IP SLA probes ‒ The performance metrics of the synthetic traffic are measured MC/B MC/B MC/B BR ‒ The results are applied to the traffic class R R R BR entry in the Master Controller database  BRs report Performance Metrics for Traffic Classes© 2010 Cisco and/or its affiliates. All rights reserved. 61 61
    • HQ MCDestination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW10.1.1.1/32 60 0 20 40 BR1 Gi1/110.1.10.0/24 110 0 52 60 BR1 Gi1/2 BR BR NetFlow NetFlow … 89 1 34 10 BR2 Gi1/1 Cache Cache TrafficClasses BR Links Ingress Egress Exits BR1 Gig1/1 200 40 WAN1 WAN2 BR2 Gig1/2 130 60 (IP-VPN, DMVPN) (IPVPN, DMVPN)  Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. MC/B MC/B MC/B BR  BRs gather performance measurements using Netflow R R R BR  BRs report Performance Metrics for Traffic Classes to the Master Controller© 2010 Cisco and/or its affiliates. All rights reserved. 62 62
    • Learningpfr master • No need for learn-list per branch. Only one! learn-list for voice/video because Target learn Discovery is used throughput • Automatically learn based on DSCP values ! for Voice, Video and Critical Applications list seq 10 refname LEARN_VIDEO • Rest of the Traffic falls under global learning (kind of “default class) traffic-class access-list VOICE filter BRANCH_PREFIX (traffic-class application nbar rtp-audio filter BRANCH) aggregation-type prefix-length 32 throughput ! list seq 20 refname LEARN_CRITICAL traffic-class access-list CRITICAL filter BRANCH_PREFIX (traffic-class application nbar citrix filter BRANCH) throughput Global Policies ! • Apply for the rest of the traffic • Load Balancing enabled by default !! mode route protocol pbr! IOS 15.2(3)T © 2010 Cisco and/or its affiliates. All rights reserved. 63 63
    • MC#sh pfr master learn list Learn-List seq 20 refname LEARN_CRITICAL Learn-List seq 10 refname LEARN_VIDEO Configuration: Configuration: Traffic-Class Access-list: BUSINESS Traffic-Class Access-list: VOICE Aggregation-type: prefix-length 24 Filter: BRANCH1_PREFIX Learn type: throughput Aggregation-type: prefix-length 32 Session count: 50 Max count: 100 Learn type: throughput Policies assigned: 20 Session count: 1000 Max count: 1000 Status: ACTIVE Stats: Policies assigned: 10 Traffic-Class Count: 37 Status: ACTIVE Traffic-Class Learned: Stats: Appl Prefix 20.20.14.0/24 af31 256 Traffic-Class Count: 4 Appl Prefix 20.20.6.0/24 af31 256 Traffic-Class Learned: Appl Prefix 30.30.5.0/24 af31 256 Appl Prefix 20.20.0.12/32 ef 256 Appl Prefix 20.20.8.0/24 af31 256 Appl Prefix 20.20.0.14/32 ef 256 Appl Prefix 30.30.14.0/24 af31 256 Appl Prefix 30.30.0.11/32 ef 256 Appl Prefix 30.30.0.13/32 ef 256 [SNIP]© 2010 Cisco and/or its affiliates. All rights reserved. 64 64
    • HQ pfr-map MYMAP 10 match pfr learn list LEARN_LIST_VIDEO_BRANCH1 set periodic 90 set delay threshold 200 set loss threshold 50000 MC Active set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 Fast set resolve jitter priority 3 variance 5 set resolve delay priority 4BR variance 5 BR Active Throughput no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000  TCP, UDP, JITTER probe need ip sla responder WAN1 WAN2  What’s needed: (IP-VPN) (IPVPN, DMVPN) ‒ Configure a pfr-map that matches prefixes or applications @ Remote-site1 ‒ Define the policies ‒ Define the jitter probes MC/B MC/B MC/B BR R R R  And REPEAT for each remote site© 2010 Cisco and/or its affiliates. All rights reserved. 65 65
    • HQ MC Active Fast BR BR Active Throughput WAN1 WAN2  PfR becomes multi-site aware (IP-VPN) (IPVPN, DMVPN)  PfR utilizes a Peering between the Master Controllers  Enables Automatic discovery of Branch router, prefixes and probe target MC/B R MC/B R MC/B R BR  Simplify the Active mode with Jitter probes© 2010 Cisco and/or its affiliates. All rights reserved. 66 66
    • HQ Site HQ Publish MC Prefix H1, H2, H3 Active Responder H Fast BR BR Active Throughput WAN1 WAN2 • Each MC announces its inside prefixes, (IP-VPN) (IPVPN, DMVPN) together with probe target address and site names MC/B MC/B MC/B BR Site 1 Site 2 Site 3 R R R Publish Publish Publish Prefix A Prefix B Prefix C, D, E Responder 1 Responder 2 Responder 3, 4© 2010 Cisco and/or its affiliates. All rights reserved. 67 67
    • HQ MC Prefixes Responders Sites Prefix A Responder1 Site 1 Prefix B Responder2 Site 2 BR BR Prefix C, D, E Responder3, 4 Site 3 WAN1 WAN2  Mapping table built on each site (IP-VPN) (IPVPN, DMVPN)  Allows automatic jitter probe configuration  Allows automatic probe generation MC/B MC/B MC/B BR R R R© 2010 Cisco and/or its affiliates. All rights reserved. 68 68
    • pfr-map MAP-TEST3 10match pfr learn list LEARN_LIST_BRANCH1 pfr masterset periodic 90 policy-rules MYMAPset mode route control mc-peer head-end Loopback1set delay threshold 200set loss threshold 50000 target-discoveryset jitter threshold 30 [SNIP]set mode monitor fast !set resolve loss priority 2 variance 5 pfr-map MYMAP 10set resolve jitter priority 3 variance 5set resolve delay priority 4 variance 5 match pfr learn list LEARN_LIST_BRANCHno set resolve range set periodic 90no set resolve utilization set delay threshold 200set probe frequency 4set active-probe jitter 20.9.9.9 target-port 2000 set loss threshold 50000 pfr-map MAP-TEST3 15 pfr-map MAP-TEST3 15 pfr-map MAP-TEST3 15 match pfr learn list LEARN_LIST_BRANCH2 pfr-map MAP-TEST3 15 match pfr learn list LEARN_LIST_BRANCH2 set jitter threshold 30 pfr-map MAP-TEST3 15 set periodic pfr learn list LEARN_LIST_BRANCH2 match 90 pfr-map MAP-TEST3 15 set periodic pfr learn list LEARN_LIST_BRANCH2 match 90 set delayperiodic pfr200MAP-TEST3 15 15 pfr-map set threshold learn list LEARN_LIST_BRANCH2 match 90 set mode monitor fast set delayperiodic pfr200MAP-TEST3 15 pfr-map set threshold learn list LEARN_LIST_BRANCH2 match 90 set delayperiodic pfr200MAP-TEST3 15 pfr-map set threshold learn list LEARN_LIST_BRANCH2 match 90 set loss threshold match pfr learn list LEARN_LIST_BRANCH2 50000 set delayperiodic 90 set thresholdpfr-map MAP-TEST3 set loss threshold match 200learn list LEARN_LIST_BRANCH2 50000 set loss threshold match 200MAP-TEST3 15 15 set 30 50000 pfr-map set delayperiodic pfr pfr-map threshold 90 set jitter threshold set periodic pfr learn MAP-TEST3 15 set resolve loss priority 2 variance 5 set threshold 50000 200MAP-TEST3 set loss delay threshold pfr-map 90 list LEARN_LIST_BRANCH2 set jitter threshold 30 periodic 90 learn list LEARN_LIST_BRANCH2 set mode monitor setsetsetmatch pfrpfrpfr learn list LEARN_LIST_BRANCH2 set jitter threshold 30 periodic 200learn list LEARN_LIST_BRANCH2 set loss fast threshold set threshold 50000 delay set loss fast 30 match set jitter threshold setmatch 9090 set mode monitor set delayperiodic 200 delay threshold threshold 50000 set resolve losssetset lossvariance50000 200 loss threshold 5 threshold set jitter threshold setset periodic priority fast 30 threshold set mode monitor set delayperiodic 90200 2 set resolve jitter priority 3 variance 5 set mode monitor threshold 50000 90 set jitter threshold 30 set resolve loss priority fastdelay threshold lossvariance 5 2 set resolve jitter prioritysetsetsetset 303050000 200 set resolve lossset 3 variancemode5route control priority threshold 50000 set jitter threshold 5 set mode monitor fastdelay threshold 200 set jitter 3 2 variance set mode monitor threshold loss 2 variance threshold set resolve loss priority fast set resolve jitter prioritysetvariance 5 30 5 set resolve delay priority 4 variance 5 set resolve delayjitter modevariance variance50000 200 set mode 4 priority threshold loss set resolve priorityjittersetsetfast 5 30 5 set monitor 2 5 loss threshold set resolve priority 3 variance threshold delay set resolve delayjitter modevariance variance50000 monitor threshold loss 2 set resolve priorityjitter 3 variance 5 30 5 set resolve priority threshold set set 4 priority fast loss monitor 5 5 set resolve priorityjitter 3 variance 5 30 5 set resolve priority threshold set set 4 priority fast set resolve delayjitter modevariance variance50000 lossset loss threshold no set resolve range resolve loss priority fast 2 no set resolve range set set set jitter threshold monitor 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range resolve loss priority fast no set resolveresolve resolve modepriorityvariance30 5 5 5 set utilization setsetset 4 variance fast 5 delay priority monitor 2 5 no set resolveresolve resolve jitter priority variance set set range jitter priority 3 no set resolve range jitter loss threshold 5 no set resolveresolve resolve modeloss priority variance set set set utilization monitor 2 3 variance delay priority 4 variance set probe frequencyutilizationresolve priority priority variance 5 5 set set set no set resolveresolve resolve modeloss 3 variance 5 no set resolve rangeset set4 set set delayjitter 2 priority 4 variance 5 no set resolveresolve resolve jitter priorityfast variance no set resolve range jitter monitor set probe frequencyutilization resolve priority 3 variance 5 5 4resolve delay priorityvariance 5 5 delay priority 4 2 no set resolve utilization set active-probe jitterset resolveresolve jitter priorityvariance 5 5 no set resolve setsetset set 4 4 3 resolve target-port loss variance variance no set 20.9.9.9 range set probe frequencyutilization resolve 2000 priority variance 2 set active-probe no set resolve range priority 4 3 no set jitter 20.9.9.9 range priority 4 variance 5 no set resolve delay resolve utilization set probe frequency 4 set 4 target-port 2000 set active-probe jitterset resolve delayjitter 2000 variance 5 5 5 set probe frequencyutilization no set resolve set resolve no 20.9.9.9 target-port priority variance set active-probe jitterset resolve delay priority 4 3 variance set no set resolve 4 range resolve set probe frequencyutilization 20.9.9.9 target-port 2000 set probe frequency 4 no set resolve 4 range no resolve set probe frequencyutilization set active-probe jitterset resolve delay priority 4 variance 5 20.9.9.9 target-port 2000 noset resolve target-port 2000 set active-probe jitter 20.9.9.9 range set probe frequencyutilization no set resolve 4 set probe frequencyutilization no set resolve 4 set active-probe jitter 20.9.9.9 range target-port 2000 set active-probeset resolve nono jitter 20.9.9.9 target-port 2000 set probe frequencyutilization set resolve 4 set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000 setno set resolve20.9.9.9 target-port 2000 utilization probe frequency 4 set active-probe jitter set active-probe jitter 20.9.9.9 target-port 2000 setset probe frequency 4 active-probe jitter 20.9.9.9 target-port 2000 © 2010 Cisco and/or its affiliates. All rights reserved. set active-probe jitter 20.9.9.9 target-port 2000 69
    • HQ 10.10.0.0/16 R3 LISTEN! MC 10.3.3.3pfr master policy-rules MYMAPmc-peer head-end Loopback0target-discovery <responder-list HQ_TARGET> <inside- prefixes HQ_PREFIX> BR BR Voice, Video, The Rest of theborder 10.4.4.4 key-chain pfr Critical Traffic interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP1 ! WAN1 WAN2 border 10.5.5.5 key-chain pfr (IP-VPN, DMVPN) (IPVPN, DMVPN) interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP2 R10! SETUP The peering to the head-endpfr master MC/B MC/B MC/B BRpolicy-rules MYMAP R 30.10.10.10 R 20.9.9.9 R IOS 15.2(3)Tmc-peer 10.3.3.3 Loopback0target-discovery 30.30.0.0/16 20.20.0.0/16© 2010 Cisco and/or its affiliates. All rights reserved. 70 70
    • HQ 10.10.0.0/16 MC 10.3.3.3R3#sh pfr master target-discoveryPfR Target-Discovery ServicesMode: Static Domain: 59501Responder list: HQ_TARGET Inside-prefixes list: HQ_PREFIXSvcRtg: client-handle: 7 sub-handle: 6 pub-seq: 1 BR BR Voice, Video, The Rest of thePfR Target-Discovery Database (local) Critical TrafficLocal-ID: 10.3.3.3 Desc: R3 Target-list: 10.4.5.5, 10.4.5.4 WAN1 WAN2 Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24 (IP-VPN, DMVPN) (IPVPN, DMVPN)PfR Target-Discovery Database (remote)MC-peer: 30.10.10.10 Desc: R10 Target-list: 30.30.0.10 Prefix-list: 30.30.0.0/16 MC/B MC/B MC/B BRMC-peer: 20.9.9.9 Desc: R9 R 30.10.10.10 R 20.9.9.9 R Target-list: 20.20.0.9 Prefix-list: 20.20.0.0/16R3# 30.30.0.0/16 20.20.0.0/16 © 2010 Cisco and/or its affiliates. All rights reserved. 71 71
    • HQ 10.10.0.0/16R3#sh pfr master active-probes target-discovery MC 10.3.3.3PfR Master Controller active-probes (TD)Border = Border Roter running this probeMC-Peer = Remote MC associated with this targetType = Probe TypeTarget = Target Address BR BRTPort = Target Port Voice, Video, The Rest of theN - Not applicable Critical TrafficDestination Site Peer Addresses:MC-Peer Targets WAN1 WAN230.10.10.10 30.30.0.10 (IP-VPN, DMVPN) (IPVPN, DMVPN)20.9.9.9 20.20.0.9The following Probes are running:Border Idx State MC-Peer Type Target TPort10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 500010.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 500010.5.5.5 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 MC/B MC/B MC/B BR10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 R 30.10.10.10 R 20.9.9.9 R10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 500010.5.5.5 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000R3# 30.30.0.0/16 20.20.0.0/16 © 2010 Cisco and/or its affiliates. All rights reserved. 72 72
    • HQ 10.10.0.0/16 MC 10.3.3.3R10#sh pfr master target-discoveryPfR Target-Discovery ServicesMode: Dynamic Domain: 59501SvcRtg: client-handle: 2 sub-handle: 1 pub-seq: 1 BR BR Voice, Video, The Rest of thePfR Target-Discovery Database (local) Critical TrafficLocal-ID: 30.10.10.10 Desc: R10 Target-list: 30.30.0.10 Prefix-list: 30.30.0.0/16 WAN1 WAN2 (IP-VPN, DMVPN) (IPVPN, DMVPN)PfR Target-Discovery Database (remote)MC-peer: 20.9.9.9 Desc: R9 Target-list: 20.20.0.9 Prefix-list: 20.20.0.0/16MC-peer: 10.3.3.3 Desc: R3 MC/B MC/B MC/B BR Target-list: 10.4.5.5, 10.4.5.4 R 30.10.10.10 R 20.9.9.9 R Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24R10# 30.30.0.0/16 20.20.0.0/16 © 2010 Cisco and/or its affiliates. All rights reserved. 73 73
    • Policies Thresholds pfr-map MYMAP 10 • Applied to the voice and video traffic match pfr learn list LEARN_VIDEO • Loss, delay and jitter Monitor mode fast set delay threshold 200 • Actively probe all exits to get performance set loss threshold 50000 metrics set jitter threshold 30 Policies Definition set mode monitor fast • List all policies • Assign priority set resolve loss priority 2 variance 5 • Administrative policy: SP1 is the primary set resolve jitter priority 3 variance 5 path, fallback to SP2 if OOP set resolve delay priority 4 variance 5 set link-group SP1 fallback SP2 Jitter Probe set probe frequency 4 • Target Discovery is used set periodic 90 • No need to manually define the probe target IOS 15.2(3)T© 2010 Cisco and/or its affiliates. All rights reserved. 74 74
    • Policies Thresholds pfr-map MYMAP 20 • Applied to the voice and video traffic match pfr learn list LEARN_CRITICAL • Loss, delay and jitter set delay threshold 120 Monitor mode Active set loss threshold 200000 • Actively probe all exits to get performance metrics set mode monitor active throughput Policies Definition set resolve delay priority 1 variance 20 • List all policies set resolve loss priority 5 variance 10 • Assign priority set link-group SP1 fallback SP2 • Administrative policy: SP1 is the primary path, fallback to SP2 if OOP set probe frequency 4 set periodic 90 Active Probes • Automatic configuration and generation of probes IOS 15.2(3)T© 2010 Cisco and/or its affiliates. All rights reserved. 75 75
    • ! Link Range Utilization pfr master • Keep the usage on a set of exit links policy-rules MYMAP within a certain percentage range of max-range-utilization percent 22 each other ! mc-peer head-end Loopback0 target-discovery ! logging ! ! Default Policies ! Global Policies mode route protocol pbr • Apply for the rest of the traffic ! • Load Balancing enabled by default IOS 15.2(3)T© 2010 Cisco and/or its affiliates. All rights reserved. 76 76
    • © 2010 Cisco and/or its affiliates. All rights reserved. 77
    • The Key Takeaways of this presentation were:• NBAR2 and PA can be deployed to provide visibility at the remote branches, and provide tool to proactively monitor application performance• Implement application-aware QoS to better control application usage and maximize performance of critical applications• PfR simplifies Internet Presence load balancing operation• PfR protects critical applications from WAN brownout and maximize utilization of available WAN links© 2010 Cisco and/or its affiliates. All rights reserved. 78