11. Next Generation Networking requires New Era of
Analytics Infrastructure
Right data at the right time with the right context would help generate actionable
business insights on wireless issues
Right Data
Right Time
Right
Context
Legacy Telemetry in traditional Network
Monitoring Tools
• CPU intensive raw data (~10 times more*)
• Multiple data sources needed for end to
end coverage
Contextual and Anomaly driven Telemetry
for DNA Assurance
• Optimized export with programmability
and JSON encoding
• Unified telemetry for heterogeneous
data sources
• Push based model
• Real-time notifications (~as low as 5 sec)
• Pull based model
• No real-time notifications (~ 15-30 mins)
• Network centric view with limited client context
• No events leading to false alarms
• Visibility into Client, App and Network traffic
• 240+ Client Onboarding issues defined as Events
*External reports, under evaluation
47. Client on Boarding and Connectivity Insights
Wireless
client
Onboarding
Network
services
RF
connectivity
DNS
AAA
DHCP
Internet service
Association
Roaming
Wired
client
Onboarding
Network
services
First hop
connectivity
DNS
AAA
DHCP
Internet service
…
Wireless client on-boarding score Wired client on-boarding score
48
50. Issues - Client Boarding Issue
Client on-
boarding
Network
services
(raise these
issues only
if no RF
connectivity
issues)
RF
connectivity
DNS
AAA
DHCP
Network
connectivity
Association
WebAuth
RF Link
Health
On-going
49
51. Issues - Client Boarding Issue
Client on-
boarding
Network
services
(raise these
issues only
if no RF
connectivity
issues)
RF
connectivity
DNS
AAA
DHCP
Network
connectivity
Association
WebAuth
WF1 Failed to obtain IP address – pool exhausted (1) (Issue)
WF1 Failed to obtain IP address – No response from DHCP server (1) (Issue)
WF1 Failed 802.11 Authentication & Key Exchange – Invalid username / pwd (1) (Issue)
WF1 Failed 802.11 Authentication & Key Exchange – too many failed auth (1) (Issue)
WF1 Failed 802.11 Authentication & Key Exchange – Misconfigured PSK (1) (Issue)
WF1 Failed 802.1x Authentication & Key Exchange – Incorrect EAP method (2) (Issue)
WF1 Failed 802.11 Authentication & Key Exchange – Expired RSA certificate (2) (Trend)
WF1 Failed 802.11 Authentication & Key Exchange – Active Directory (2) (Issue)
WF1 Failed 802.11 Association – Mac Authentication / RADIUS Server (2) (Issue)
WF1 Failed 802.11 Association – Mac Authentication / WLC (2) (Issue)
WF1 Failed Authentication & Key exchange – Various reasons (2) (Issue)
(e.g.unexpected response from RADIUS)
Cannot reach DNS server ( reachability – cannot ping DNS server ) (1) (Issue)
DNS server not responding ( can ping DNA server, but no response from DNS server,
config error, or server issue ) (1) (Issue)
Identify guest issues: 1) Local WLC, 2) External Web server, 3) ISE/RADIUS
Cannot reach user specified intranet service (1) (Issue)
Cannot reach user specified internet service (1) (Issue)
RF Link
Health
On-going
User has poor RF connection for a sustained period of time (1) RSSI > 70 dBm
/ SNR > 20 dB, 2) MCS consistent with signal, 3) Retries below < 15%,
4) Cell channel utilization < 50%) (1) (Issue)
WF2 Misbehaving – Dual band capable client preferring 2.4 GHz when 5.0 GHz is available
RF association failed ( specifically, step 2 or 3 ) (2) (Issue)
52
53. Issues -Wireless Connected Categories
Client
experience
Roaming issues
after client has
successfully on
boarded
WF2 Misbehaving – Roaming failed (1) (Issue)
WF2 Misbehaving – Sticky client (1) (FYI)
WF2 Misbehaving – 802.11r Capable client roaming slow (1) (FYI)
WF2 Misbehaving – 802.11i Capable client roaming slow (3) (FYI)
WF2 Misbehaving – Dual band capable client connects to 2.4 GHz when 5.0 GHz is available
during roam (1) (FYI)
WF2 Misbehaving – Ping pong client (AP/AP) (1) (FYI)
WF2 Misbehaving – Ping pong client (SSID/SSID) (1) (FYI)
WF2 Misbehaving – Ping pong client (2.4GHz / 5 GHz) (1) (FYI)
Issue - Roaming failed counts by AP (current) (by WLC-future)
Issue - Roaming failed counts by location (floor, building, and site) (current)
Issue - Roaming failed counts by client type (current)
Issue - Roaming failed counts per client (current)
Issue - Roaming failed counts over time (current)
Issue - Roaming times longer than normal by AP (current+1)
Issue - Roaming times longer than normal by location (floor, building, and site) (current+1)
Issue - Roaming times longer than normal by client type (current+1)
Issue - Roaming times longer than normal per client (current+1)
Issue - Roaming times longer than normal over time (current+1)
Trends: For each above issue as trends (future)
Prediction: Roaming times and roaming failure counts (future)
Kairos
BRKEWN-2032 54
54. Issues -Wireless Connected Categories
Client
experience
Throughput
Issue: Throughput significant drop or spike for overall (all applications) by location (current)
Issue: Throughput significant drop or spike for overall (all applications) by AP (current)
Issue: Throughput significant drop or spike for overall (all applications) by client type (current)
Issue: Throughput significant drop or spike from normal per application by location (floor, building, and site)
(current+1)
Issue: Throughput significant drop or spike from normal per application by AP (current+1) (by WLC - future)
Issue: Throughput significant drop or spike from normal per application by client type (current+1)
Trends: For each above issue as trends (future)
Prediction: Throughput 1-5 hours in advance for significant drops or spikes for overall (all applications) by AP
(current)
Prediction: Throughput 1-5 hours in advance for significant drops or spikes for overall (all applications) by
application (current+1)
Prediction: Throughput 1-5 hours in advance for significant drops or spikes for overall (all applications) by client
type (future)
Kairos
BRKEWN-2032 55
Too many tools
Reactive systems
Limited insights
The market has been providing visibility tools since the inception of networks, and we have dozens of vendors providing visibility, but little has changed the predicament of IT regarding user experience issues
What is the problem
Where is the problem
How to fix the problem?
DOCKER AND Kubernetes
Design: We help you build the network hierarchy, set up the image repository, and configure network settings and profiles.
Policy: Our team makes it possible for you to manage the network from a single place, create virtual networks, and successfully configure your access control, application priority, and application registry.
Provisioning: We show you how to enable world-class prescription configuration and automation for device onboarding, device inventory, and fabric administration.
Assurance: Leverage our deep knowledge to transform the network with actionable insights, strategic simplicity, end-to-end visibility, predictive performance, closed-loop automation, and streaming telemetry.
All modern WLC
8.5 code
BASELINE THRESHOLD
FIX ANIMATION !
Similar in design to the AP-3800 the AP-4800 has these additional Hardware components.
As you can see on the left, we have integrated the best features from the AP-3800 (Macro/Micro cell antennas) into the AP-4800. We have also made enhancement to the Hyperlocation Antenna Array, it can now digitally switch from location tracking to Omni-Directional for security and analytics monitoring.
Let’s see in detail. It starts from traditional network time travel view that shows any past historical capture data for this particular client device.
There is one button that can initiate full packet capture easily. No complex filter rule or separate screen is needed.
In the left hand side, Live Onboard event viewer shows client onboard status in real-time. whenever there are failure discovered we can zoom in and discover what happened on that clientright side of screen shows client movement and it shows current and last 1min of client location trails which colored by client RF conditions. Admin can choose RSSI, SNR, Data Rate or packet loss to trackclient device condition in real-time.
Bottom screen section shows client onboard packet analysis. It shows each packets onboarding step, RSSI and Interpacket gap, that shows delay per each handshake.
Here are detailed features of Intelligent Capture. It provides lot of powerful, comprehensive On-demand troubleshooting features such as Real-time event On Board event viewer, automated filtered packet capture
Packet capture is done from multiple APs in parallels and automatically decrypted when it get captured. Especially in case of AP4800, it uses 3rd radio to capture entire radio packets in real time and can send it to DNAC in just single mouse click. DNA center offers real-time application analysis while packet get captured. Admin can always download this full packet capture data to analyze it in offline.
DNA Center also offers integrated spectrum analysis, using spectrum data from Intelligent Capture.
On-demand analysis can be done in automated fashion using scheduling and DNA Center will store scheduled iCapture result for 14 days.
When full packet capture is coming through DNA Center, DNA can relay this packet stream into external vNAM and results are coming back to DNA Center to visualize result.
vNAM analyze 802.11 radio header information to show applications that currently running and also shows layer 2, WMM UP value as well as layer 4 DSCP value. Admin can easily checkwhether there is any mistakes is QoS tagging across 802.11 and IP packets.
Not only that it shows Wireless Delay, Packet loss and Jitter between client and access point.
Finally, Intelligent Capture is not all about packet capture. It also send various Client and AP RF Stats in real time as well as Spectrum Expert view from DNA Center.
Network admin can select multiple APs to capture detailed RF statistics and spectrum data
All Webhook configuration can be done from the GUI as well as the CLI. First lets look at the GUI configuration and discuss the prerequisites
DX or Data Externalization is the process which allows the WLC to access information from the internal datastores, process it, and make it available externally. It must be enabled on the CLI and does require a reboot to take effect. Most controllers will already have DX enabled by default
For data publishing settings, we can enable or disable differential snapshots. When enabled, the differential snapshot or payload received contains only data the has changed since the previous snapshot or payload. When set to disabled, a full payload it sent everytime.
The URL and Auth-token must also be set which specifies where the data is sent to. This should be set to the IP or DNS name of the 3rd party server. In this configuration, we are using the ELK stack, so we set this to the IP of Logstash.
The subscription configuration section details the topics that can be subscribed to, that are backed by the Yang models. Choose individual topics or enable all if desired.
Under Data Publish Status the last error and last success is displayed so we can easily see the status of other connection.
Webhook is different from traditional API. Webhook is what’s called a pub/sub model, where we subscribe to the topic of our interest and the data will be published periodically or on event changes.
We no longer poll the WLC for information, instead, it is pushed out to us at predefinded intervals: currently that’s within 30 seconds or fixed at every 5 minutes.
What the Webhook allows us to do is get access to data about what’s happening within the WLC.
The data shown here isn’t very meaningful until we slice and dice or process it to get the bits that are interesting to us. For example, we can take the raw data and draw a line chart showing the number of DHCP acknowledgements that WLC processes, or, look at all of the Rogue SSID’s that are being detected, as shown in the two examples.
As there are several different datasets that are available, we can chose to subscribe to some or all in order to build the visaulizations or get insights that we are interested in
Moving back to AireOS 8.7, there are 7 topics that we can subscribe to, the data that is externalized is defined in YANG models
These YANG models ship with the WLC Code and is posted to CCO. You can analyze the yang files to better understand the data that is posted.
The models are text so can be easily read with a text editor, or by using a tool like PYANG to better visualize the models
The topics that are available to subscribe to are: AP, Client, Interferer, MapServer, Network, Rogue, and System.
AP, Client, System and Network are the most subscribed to topics as they provide the bulk of the interesting data that is most used.
When looking at Rogues or Interferrence, enable those topics
The MapServer topic details the Fabric Enabled Wireless datasets that are posed, and do not have details of Location or CMX or MSE type of capabilities
The YANG models can be analyzed to understand the detail of the data contained and exposed by them.
Here is a summary of the WLC-Ops-Network-stats. yang model. This shows details of the network topic subscription that contains counters and statistics for Radius, TACACS, and DHCP and CDP information.
With this data, we can build visualizations to see, for example, spikes or dips in the number of RADIUS Requests, or the number of DHCP Declines that the WLC is processing
Kibana is User Interface where we can really start to see that data. Here we create a Pie chart against the ‘header-xpath-keyword” field, which gives us a breakdown of which subscription topic is providing the most payloads.