10. Application aware networks - cisco.com · •Search the first 255 bytes of ... streaming/real time video, audio/video conferencing, ... Gaining Full Visibility with Flexible Netflow

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2013 Cisco and/or its affiliates. All rights reserved.

Application aware networks Detekce a řízení aplikačních toků v moderních sítích

Praha, hotel Clarion

10. – 11. dubna 2013

ARCH4/L2

Miroslav Brzek - Cisco Adrian Čech - NextiraOne

Agenda

Why we need Application-awareness in Enterprise WAN?

What is AVC?

AVC Technologies

Application Recognition (NBAR2)

Performance Monitoring (FNF, ART)

Management Tool

Control (QoS, PfR)

Conclusion

AVC management with Cisco Prime Assurance – demo ukázka

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

Why Application Visibility and Control in Enterprise WAN?

Business and IT are Changing Like Never Before Network Needs To Evolve To Support These Transitions

Application

complexity

increases

Identify growing applications

using more than just port

number

Cloud and Virtualization

centralize application

delivery

Understand application

performance from end users

perspective

Multiple entities

involved in

delivering

applications

Problem isolation to minimize

downtime and business impact

http://www.ppcgeeks.com/wp-content/uploads/2010/04/apps.jpg

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5

How Do I Design My Network Infrastructure To Granularly identify the

applications

Understand the user

experience

Understand the network

condition and capacity

Deliver consistent performance

to critical applications

Maximize use of available

resources

Control unwanted traffic

Typical Use Cases for Application-aware network deployment

What applications do I have running on my network?

I want to monitor branch user experiences accessing Oracle application in my Data Center

Users call about application problem, how do I isolate the problem

Unwanted applications like YouTube and BitTorrent are taking over my network


What is Application Visibility and Control (AVC)?

What is Application Visibility and Control?

Gain visibility into application running in the network, performance trend, and user

experiences

Intelligently prioritize, control, or direct application traffic to maximize user

experience

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ



Introduce Application Visibility and Control (AVC) Solution

Branch Office Data Center

Email

Servers Web

Servers

DPI

Performance

Monitoring

Appliance

Before AVC Solution

Branch Office Data Center

Email

Servers Web

Servers

AVC

AVC

Management Management

Integrated Solution

• Provide 1000+ application recognition natively within ISR G2 and ASR1K

• Simple software activation

Rich Monitoring and Control Capabilities

• Comprehensive traffic statistics – response time, bandwidth

• Feature-rich IOS control capabilities (HQoS, PfR)

Flexible Deployment

• Branch, WAN aggregation, Data center, Internet edge

• Support Cisco and 3rd party management tool


AVC – How the Solution works

Use QoS or PfR to control

application network usage

to improve application

performance

ASR1K

ISR G2

Control

High

Med

Low

Advanced reporting tool

aggregates and reports

application performance

(Cisco Prime Infrastructure

3rd Party Tools)

App Visibility &

User Experience Report

Management Tool

ISR G2 & ASR collect

application bandwidth and

response time metrics, and

export to management tool

(FNF, ART, MMON)

ASR1K

ISR G2

NFv9/IPFIX

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

3

App BW Transaction

Time

…

WebEx 3 Mb 150 ms …

Citrix 10 Mb 500 ms …

Identify applications using

L3 to L7 information

(NBAR2)

ASR1K

ISR G2

Application

Recognition




AVC Technologies


Application Recognition

Identify applications using

L3 to L7 information

(NBAR2)

ASR1K

ISR G2

Application

Recognition


HTTP became a NEW transport protocol

Must go into the payload to clearly identify the application

Skype, Bittorent, Apple Applications, Games, etc.

Need statefull inspection for dynamically assigned TCP and UDP port numbers

Application consists of multiple sessions (Video, Voice, Data)

Must also identify some “application extracted fields”

RTP Payload Type Classification eases classification of voice and video traffic

Should identify the “application transport”

tunneled applications, IPv6 in IPv4

How to Identify Applications?

Access Control List based on IP address, protocol type and port number is no longer enough

What is Really in Your Network? Port

Monitoring

Application

Monitoring

bittorrent rtp

gtalk

netflix

skype

webex

unknown?

http?


NBAR: Deep Packet Inspection (DPI) Stateful and Dynamic Inspection

• Classification of L3-L7 Application traffic

• Identifies applications

Statically assigned

Dynamically assigned during connection establishment

• Non-TCP and non-UDP IP protocols

• Statefull inspection

Snooping bi-directional application traffic as it flows through the network

• Provides Advanced Application Classification and Field Extraction capabilities

• Support of IPv4, IPv6 and nested traffic (IPv6 transition method, ...)

• Classification per Categories, Sub-Categories and Attributes

ToS Source IP Addr

Dest IP Addr

IP Packet TCP/UDP Packet

Src Port

Data Packet

Sub-Port/Deep Inspection Dst Port

Protocol

NBAR 1000+ Application Recognition

List of protocols and applications supported by NBAR

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

NBAR Protocol Pack allows adding more applications without upgrading or reloading IOS

Supported devices: ISR-G2, ASR1000, adding support on unified access (WLAN controller, AP’s, Cat3850)

Roadmap

(Cloud & enterprise apps)

HTTP HTTP

HTTP

Examples of apps recognized by NBAR2 as of XE 3.6S and 15.2(3)T






Define Your Own Application in NBAR2

Port • TCP or UDP

• 16 static ports per application

• Range of ports (1000 maximum)

Payload • Search the first 255 bytes of

TCP or UDP payload

• ASCII (16 characters)

• Hex (4 bytes)

• Decimal (1-4294967295)

• Variable (4 bytes Hex)

HTTP URL • URI regex

• Host regex


User-Defined Application Example

ip nbar user-defined lunar_light

8 ascii Moonbeam tcp

range 8000 8001

class-map solar_system

match protocol lunar_light

policy-map astronomy

class solar_system

set ip dscp AF21

interface Serial1

service-policy output

astronomy

• Name (“lunar light”) - Name the match criteria up to 24 characters

• Offset (Skip first “8” bytes) - Specify the beginning byte of string or value to be matched in the data packet, counting from zero for the first byte

• Format (“ascii”) - Define the format of the match criteria ASCII, hex or decimal

• Value(“Moonbeam”) - Should match with the value in the packet . If ASCII, up to 16 characters

• [Source or destination port] (“[source | destination]”) - Optionally restrict the direction of packet inspection; defaults to both directions if not specified

• TCP or UDP (“tcp”) - Indicate the protocol encapsulated in the IP packet

• Range or selected port number(s) (“range 2000 2999”) - “range” with “start” and “end” port numbers, up to 1,000 one to sixteen individual port numbers

ToS Source IP Addr

Dest IP Addr

IP Packet TCP/UDP Packet

Src Port

Data Packet

FFFF0000MoonbeamFFFF Dst Port

Protocol

NBAR2 Field Extraction Support • Ability to look into specific application information

• NBAR extract fields from HTTP, RTP, Citrix, etc… for QoS configuration

• HTTP Header Fields example

• NBAR RTP Payload Type Classification

Eases classification of voice and video traffic

VoIP, streaming/real time video, audio/video conferencing, Fax over IP

Distinguishes between RTP packets based on payload type and CODECS

Router(config-cmap)# match protocol http ?

content-encoding Encoding mechanism used to package entity body

from E-mail of human controlling the user-agent

host Host name of Origin Server containing resource

location Exact location of resource from request

mime Content-Type of entity body

referer Address the resource request was obtained from

server Software used by Origin Server handling request

url Uniform Resource Locator path

user-agent Software used by agent sending the request

Different Ways to Use NBAR

1. Discover applications going across interfaces

ip nbar protocol-discovery CLI

2. Match applications or groups of applications in QoS class-map to

take action, i.e. shape, police, remark

match protocol CLI in QoS class-map

3. With Flexible Netflow (FNF) or other performance reporting

features to report application name

match or collect application name CLI

© 2011 Cisco and/or its affiliates. All rights reserved.

Performance Collection & Exporting

ISR G2 & ASR collect

application bandwidth and

response time metrics, and

export to management tool

(FNF, ART, MMON)

ASR1K

ISR G2

NFv9/IPFIX

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

Performance Collection & Exporting – What is it? Rich Monitoring from the Network without Additional Hardware Probe

What applications, how much bandwidth, flow direction?

(Flexible Netflow and NBAR/NBAR2) Basic Monitoring

HTTP HTTP

Voice and Video Performance

(Media Monitoring) Advanced

Monitoring

30% of traffic is

voice and video

Critical Applications Performance

(Performance Agent)

40% of traffic is

critical applications

Flexible Netflow

• Feature to collect and export network information and statistics Flexibility in defining fields and flow record format

Utilize Netflow Version 9 Format

UDP-based transport

• Consist of data collection (flow monitor) and data export (flow export)

• Can be used for collecting application info from NBAR2 and statistics along with other network information

• Open-standard, can be analyzed by Cisco Insight, Cisco Prime NAM, Cisco Prime Assurance Manager, and 3rd Party Tools


FNF +

NBAR2

MAC

Source IP Address

Source Port

Destination Port

Gaining Full Visibility with Flexible Netflow + NBAR2

Monitors data from layer 2 thru 7

Determines applications by combination of port and payload

Flow information who, what, when, where

Flexible NetFlow allows your own select of key fields

Statefull inspection of dynamic-port traffic

Packet and byte counts

Protocol

Link Layer

Header

Deep Packet (Payload) Inspection

ToS

NetFlow Destination IP Address

IP Header

TCP/UDP

Header

Data Packet


Flexible NetFlow Records for AVC Discovery Application Bandwidth Usage and Top Talker

• What applications do I have?

• What are connection durations?

• What is the total number of application flows?

Usage Record

• Top N clients and servers

• Top server ports and applications

Transaction Record

When users complain about Application Problem

Increased Latency

WAN Problem

Application Problem

Server Problem

User Problem

Your network is

slow

I do not see

anything

wrong End Users

Network Admin

What the users see What network admins see What can happen

ping – OK

show ip route - OK

traceroute - OK

show interface - OK

Application Response Time (ART) Measurement

Key Features

27 Application Response Time (ART) Metrics

Interact with NBAR2 for Application ID and field

extraction information

In ISR G2, provide by Performance Agent (PA)

In ASR1K, ART is part of unified monitoring

Benefits

Visibility into application usage and performance

Quantify user experience

Troubleshoot application performance

Track service levels for application delivery

My query

is taking

long

time!

My email

is slow!

Branch Data Center

How do I

ensure

my SLA

is met

Reporting Tool

WAN

NFv9/IPFI

X

http://images.google.com/imgres?imgurl=http://www.mobiletown.com/images/index.php1.gif&imgrefurl=http://www.mobiletown.com/whatisit_us.php&h=132&w=137&sz=4&hl=en&start=3&um=1&tbnid=G6PNLs4aF7kOLM:&tbnh=90&tbnw=93&prev=/images?q=microsoft+exchange+logo&um=1&hl=en&sa=X

Application Response Time (ART) Measurement Application Delivery Path Network Segment Breakdown

Application Servers

Total Delay

Client

Network Clients

Client Network

Delay (CND) Application

Delay (AD)

Network Delay (ND)

Server

Network

Request

Response Server Network

Delay (SND)

• Separate application delivery path into client and server segments

• Server Network Delay (SND) approximates WAN Delay

• Latency per application

Understand ART Metrics Calculation Server

Response

TT

Client

X

SYN

SYN-ACK

ACK 6

Request 1

ACK

DATA 4

DATA 3

DATA 5

DATA 3

Request 1 (Cont)

X

DATA 4

DATA 1

Request 2

DATA 6

DATA 2

ACK 3

ACK

SND

CND

Request

Retransmission

RT

• Response Time (RT)

t(First response pkt) – t(Last request pkt)

• Transaction Time (TT)

t(Last response pkt) – t(First request pkt)

• Network Delay (ND)

ND = CND + SND

• Application Delay (AD)

AD = RT – SND

Response

Quantify User

Experience

Identify

Server

Performance

Issue

Quantify User

Experience


List of ART Metrics Supported Traditional FNF Metrics

• Application ID (from NBAR2)

• Client/Server Bytes

• Client/Server Packets

• Source MAC Address

• Input/Output Interface

• IP DSCP

ART Metrics

• CND - Client Network Delay (min/max/sum)

• SND – Server Network Delay (min/max/sum)

• ND – Network Delay (min/max/sum)

• AD – Application Delay (min/max/sum)

• Total Response Time (min/max/sum)

• Total Transaction Time (min/max/sum)

• Number of New Connections

• Number of Late Responses

• Number of Responses by Response Time

‒ (7-bucket histogram)

• Number of Retransmissions

• Number of Transactions

• Client/Server Bytes

• Client/Server Packets

WAAS Express Metrics

• Input/Output Bytes

• WAAS Connection Mode

‒ TFO, TFO/LZ, TFO/DRE,

TFO/LZ/DRE

• Input/Output DRE Bytes

• Input/Output LZ Bytes


Cisco Prime Infrastructure (PI) 3rd Party Network Management

Advanced reporting tool

aggregates and reports

application performance

(Cisco Prime Infrastructure

3rd Party Tools)

App Visibility &

User Experience Report

Management Tool


Cisco Prime Infrastructure – Assurance Manager

• Configuration of AVC features

• Network Monitoring

• Service Monitoring

• Reporting and Trends

• Multi-NAM Manager

• Packet and Flows Analysis

• Application Response Time

• Voice and Video Metrics

• Distributed SNMP and Netflow Collection


How to use PI-AM to Monitor Application Usage? flow record type mace mace-record

collect datalink mac source address input

collect ipv4 dscp

collect interface input

collect interface output

collect application name

collect counter client bytes

collect counter server bytes

collect counter client packets

collect counter server packets

collect art all

Collect Traffic Volume Information

Who sends Bittorrent?


How to use PI-AM to Monitor Application Usage?

Discover Top Users for the Application Discover Application Per-user


Monitor Application Performance Across Multiple Sites

How is the Server performing?

Which site is slowest?

How is user experience at a site?

How to use PI-AM to Monitor and Troubleshoot Application Performance

Response Time

Network Latency

Traffic Volume

Transaction Time

Application Server Delay

• Need to understand relationship

between these metrics

Your network

is so slow I

cannot get any

work done

today

I know exactly what

is going on

End Users

Network Admin


1. Detect Application Server Problem

End user experience is impacted because application server is slow

Transaction Time Response Time

Server Delay Network Latency

Network seems fine


2. Detect Network Inefficiency (Packet Loss)

• Transaction time shoots up when other metrics remain the same

Server Delay Network Latency

Response Time Transaction Time

Traffic volume goes down

while transaction time goes

up

AVC Management Tool Integration Company Product Use Cases Status

PAM Network and App Monitoring. Control

GUI (future)

PAM 2.0 – Adding PfR, new metrics in

XE 3.8S

Gomez &

DynaTrace

APM combined with App-aware

Network Monitoring

Adding NBAR2, PA, WAAS

5View App-aware Network Monitoring Already support WAAS

Adding NBAR2, PA

LiveAction Control (QoS) GUI, App-aware

Network Monitoring

Already supports medianet

Adding NBAR2, PA, PfR

Scrutinizer App-aware Network Monitoring Already support PfR, medianet

Adding NBAR2, PA

Others: Living Object, Insight, CA


Quality of Service (QoS) Performance Routing (PfR)

Use QoS or PfR to control

application network usage to

improve application

performance

ASR1K

ISR G2

Control

High

Med

Low



AVC Control Options

• Guarantee bandwidth to protect critical applications from network congestion

• Provide low latency to delay sensitive applications

• Stop or limit unwanted applications from using WAN resources

• Application routing based-on real-time performance Information

• Intelligent load sharing provides resiliency and fully utilizes all available WAN resources

• Improve performance of voice, video, and critical applications

Application Bandwidth Control Application Path Control

WAN LAN

Internet

No SLA

WAN 1

High SLA

WAN 2

Med SLA

WAN LAN


The Role of QoS for Control

• Bandwidth action Guarantee Bandwidth

• Police action Limit Max Bandwidth

• Priority action Minimize Latency

• Set action, i.e. set dscp Change Flow Properties

• Shape action Reduce Burst

SiSi

Application Path Control with PfR

SP B

MPLS

GETVPN

ASR1K

PfR MCs

SP A

MPLS

GETVPN

ASR1K

ASR1K

Branch

PfR BRs

PfR MC/BR

ASR1K

Enterprise Apps (High priority)

Netflix (Low priority)

WebEx (High priority)

Internet Router

• Performance Routing (PfR) provides intelligent load balancing and application control natively within the WAN infrastructure

Routing decision is based on real-time performance metrics, i.e. loss, jitter, latency

• Example: Send Enterprise Apps and WebEx over primary link, and send recreational traffic to secondary link

PfR Use Case Examples Protecting critical applications while Maximizing bandwidth utilization

• Protect business Cloud applications from network brownout Loss > 10%

• Cloud Service preferred path – ISP1

• Maximize all ISP bandwidth by load sharing other Internet traffic

Cloud Service & Load Balancing Policy

ISP-1 (Primary) ISP-2 (Secondary)

Detect loss > 10%

Cloud Service

Best Effort traffic

Internet

• Protect voice and video quality

Latency > 200ms; Jitter > 30ms

• Protect VDI applications from brownouts

Loss > 5%

• Voice & Video preferred path SP-A

• VDI preferred path SP-B

• Maximize utilization by load sharing

Multimedia & Critical Data Policy

SP-A (MPLS VPN) SP-B (MPLS VPN)

VDI

Detect high jitter

Voice&Video

Best Effort traffic

WAN


Conclusion

AVC Solution Benefits

Improve Application, Voice, and Video Performance

Identify Performance Issues Before They Occur

Minimize Downtime by Accelerating Troubleshooting

Better Application Visibility

and Control

Proactive Monitoring,

Performance Threshold

End-to-end Network

Visibility, Historical Data

What Benefits? How?

• Cisco 800 with Advanced IP services license

• Cisco 19/29/39xx with Data or Application Experience license

• Cisco ASR 1000 with Advanced IP services + AVC Feature License

What is required to use AVC?

• + Cisco Prime Infrastructure Management


AVC management with Cisco Prime Assurance

Adrian Čech - NextiraOne


AVC topologie

Topologie AVC


AVC spuštění v Cisco PAM Spuštění AVC

• Výběr menu Deploy - Configuration Tasks - Collecting Traffic Statistics

• Výběr zařízení

• Zařízení je ASR1k anebo ISR G2 směrovač

• Výběr hodnot a potvrzení konfigurace Apply


AVC vytvoření infrastruktury

Vytvoření struktury

• Výběr menu Design - Site Map Design

• Výběr New Campus

• Nastavení jména pobočky a Next

• Opakovat pro další pobočky


AVC asociace ze zařízením

Vytvoření asociace struktury a reálných zařízení

• Výběr menu Design - Endpoint-Site Association

• Výběr Add Row

• Přiřazení zařízení k pobočkám


AVC přehled provozu

Přehled provozu

• Výběr Operate - Detail Dashboards

• Výběr Site


AVC vytvoření grafu

Výběr grafu

• Výběr na ikoně vpravo Add Dashlet(s)

• Výběr grafu podle potřeby např. ‘Top Application Traffic over Time’


AVC ATR Výběr grafu

• Výběr na ikoně vpravo Add Dashlet(s)

• Výběr grafu Transaction Times

• Výběr filtru pro konkrétní aplikaci

© 2011 Cisco and/or its affiliates. All rights reserved. 57 Cisco Connect 57 © 2013 Cisco and/or its affiliates. All rights reserved.

Otázky a odpovědi

Zodpovíme též v “Ptali jste se” v sále LEO v 17:45 – 18:30

e-mail: [email protected]

mailto:[email protected]



© 2011 Cisco and/or its affiliates. All rights reserved. 58 Cisco Connect 58 © 2013 Cisco and/or its affiliates. All rights reserved.

Prosíme, ohodnoťte tuto přednášku.


Děkujeme za pozornost.

Documents

10. Application aware networks - cisco.com · •Search the first 255 bytes of ... streaming/real time video, audio/video conferencing, ... Gaining Full Visibility with Flexible Netflow