Enhancing Media Awareness with Media Services Proxy Webinar (IOS Advantage Webinar)

© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco TechAdvantage Webinars Enhancing Media Awareness with Media Services Proxy (MSP)

Karthik Dakshinamoorthy

We’ll get started a few minutes past the top of the hour.

Note: you may not hear any audio until we get started.

Follow us @GetYourBuildOn


Register for a Technical Seminar with our Cisco Software SMEs: http://www.ciscolive.com/london/registration-packages/

Session Title Session Number

Advanced LISP Techtorial TECIPM-3191 Advanced Network Automation TECNMS-3601

Application Awareness in the network; the Route to Application Visibility and Control TECRST-2672

Converged Access: Wired/Wireless System Architecture, Design and Operations TECCRS-2678

Enterprise QoS Design Strategy TECRST-2501

IP Mobility Deep Dive TECSPG-3668

IPv6 for Dummies: An Introduction to IPv6 TECMPL-2192

IPv6 Security TECRST-2680

Scaling the IP NGN with Unified MPLS TECNMS-3601

Software Defined Networking and Use Cases TECSPG-2667

Understanding and Deploying IP Multicast Networks TECIMP-1008


Panelist

Speaker

Karthik Dakshinamoorthy Product Manager

Engineering [email protected]

Balaji B L Principal Engineer

Engineering [email protected]


•  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists

•  Please complete the post-event survey

•  For Webex audio, select COMMUNICATE > Join Audio Broadcast

•  Where can I get the presentation? Or send email to: [email protected]

•  Join us December 5th for our next TechAdvantage Webinar: Preparing for BYOD and IPv6 with a Single Security Policy www.cisco.com/go/techadvantage

•  For Webex call back, click ALLOW phone button at the bottom of participants side panel


•  What is MSP: User Stories, Problem Space

•  MSP Solutions: Use Cases, How they work

•  Customer & Partner Benefits with MSP

•  Metadata as an MSP service: How can Metadata be leveraged for applications?

•  MSP Status and Roadmap


• Architectural play - Intelligent endpoints + intelligent network

• Core to Cisco’s video strategy

• Multiple video & voice, business critical applications intelligently sharing the same IP Network

•  Integration with key network services

Enable Rich Media

Solutions

Optimize User Experience

Media Aware Routing

Resource Control

Media Monitoring

Media Optimization

Medianet Services Interface APIs

Cisco Video & Voice Applications

webex

Seamless Security

SAF

PfR

RSVP

Multicast

QoS

NetFlow

IPSLA

Flow Metadata

Media Services Proxy

MSP is a solution to enable plug and play deployments of Media end points into the network by offering integration with many network based services in a simple, intuitive manner

© 2012 Cisco and/or its affiliates. All rights reserved. 7 © 2012 Cisco and/or its affiliates. All rights reserved. 7

Media Services Proxy: User Stories & Solutions


Multi Vendor Environment

Multi Application Environment

Multi Services Environment

Media Monitoring Netflow QoS

How do I manage these variations and diversity in the network?? With Medianet: Metadata + Media Services Proxy MSP !!!


Auto device detection with MSP

Third Party support with MSP:

Metadata:

QoS, Netflow and Monitoring. MSP produces Metadata !


With Metadata,

• • • • Intelligent, automatic QoS remarking for

soft-phones with Metadata

Metadata“device-class” or

“application”


Media Services Proxy (MSP) Overview, Use Cases & Solutions


  Would work with non-Cisco end points also as long as they support the set of standard protocols for device and flow identification

  Position at user edge (access)

  MSP 1.0 initial focus –  Access (Cat4k & ISR-G2) –  Group video conferencing and IP surveillance applications

MSP

Identification

MSP provides a subset of Medianet services on behalf of media end points supporting a range of standard protocols

H323/ RAS

DHCP SIP/SDP snooping

RTSP

Netflow

ASP

RSVP

Flow Metadata

QoS/C3PL

mDNS

Services

MSP is a network-based solution where the switches and routers automatically identify end points and applications, flows coming from them and provide the right set of network services to them automatically


MSP : Apps à Services

End point Identification

Network Services

Flow Identification

mDNS SIP

SIP/SDP snooping H.323 RTSP/SDP

H.323 Gateway Discovery

QoS Auto Smart Ports

Metadata RSVP CAC


G 3/1

G 5/1 G 4/1

Device/End Point/Application Identification by MSP. Apply ASP on the port based on downloaded profile for the device

Learn: Device Type Name Version Application AppID Version

• QoS configuration • High availability - (spanning-tree portfast) • Port security • Put port into certain VLAN • Enable multicast • EnergyWise - Power reporting, prioritization


G 3/1

G 5/1 G 4/1

Device/Flow Identification by MSP. Learn flow bandwidth parameters needed for RSVP reservations

Initiate RSVP reservation for the flow locally and downstream

RSVP Reservation RSVP CAC

Learn: Bandwidth IP Dst Address/Port IP Src Address/Port MTU

IP Header, Prot=46 RSVP Header MsgType=PATH TTL=255

HOP Object Policy Object: App=TP Tspec

Session=IP=A,Prot=17,Port=30000 SenderTemplate:sIP,sPort

RSVP Packet is formed and sent downstream

with learnt flow parameters and

bandwidth


1.1.1.1 10.1.1.1 2134 80 http

10.76.109.45 10.76.109.51 1200 2000 Telepresence

10.76.109.45 10.76.109.50 450 5060 SIP

30.1.1.1 135.1.1.1 1500 1600 Telepresence

20.1.1.1 125.1.1.1 1500 1600 Surveillance

Metadata Database

G 3/1

G 5/1 G 4/1

Device/Flow Identification by MSP. Update Metadata in local node

Propagate Metadata to downstream nodes: Metadata Proxy

Metadata Signaling RSVP

Transport


•  App-ID , Sub App ID •  App-Name •  App-Version •  App-Vendor

•  Clock Frequency •  Global Session ID •  Multi Party ID •  SSRC

•  End Point Model •  Application Group •  Application Category •  Device Class

•  Media Type •  Bandwidth •  Device Name •  End Point IP address •  End point Software Version •  SIP User Name •  SIP Email ID •  Audio/Video Codec •  Payload Type •  SDP Session ID •  Domain name •  SIP proxy server IP Address •  H.323/SCCP DN


Network Traffic

IT-supported UC Clients

Best-effort Applications

MSP on Switch identifies CUCM applications, remarks packets

•  Common challenge is to have the DSCP of soft phone remarked at the edge to offer good quality of experience for IT enabled soft phones

•  Today all traffic from untrusted devices like laptops marked to best effort and no easy way to remark based on intelligent policies

•  MSP Metadata helps identify soft phones automatically and remark based on easy global policies

All packets marked into the same queue


•  Enhance Per-Port value with value added services (auto device and flow detection, auto service instantiation with Metadata proxy, CAC support, QoS capabilities)

•  No end point upgrades, secures investment protection for the customer. Network oriented feature allowing customers to benefit from MSP with a network IOS upgrade

•  Easy deployment and management of video end points, mitigates admin complexities

•  Covers for most standard protocols in conferencing and IP surveillance space, thereby supporting all equipments supporting those protocols


•  Seamless end point integration with the Pervasive Cisco Network

•  No end point upgrades, no additional development for the partner

•  Network oriented feature allowing customers to benefit from MSP with a network IOS upgrade (that benefits numerous connected end points)

•  Ability to get their traffic prioritized or “visible” in the Cisco network, key differentiator

•  Can address the huge installed base unlike many new features that are operational only on new deployments

•  MSP based on open & standard protocols, no proprietary implementations

•  Easy deployment and management of video end points, mitigates admin complexities: One of the key current challenges in surveillance and conferencing space


MSP : How does it work?


Device Class Device Identification Attributes Used Flow Identification Attributes Used

IP Surveillance Camera

mDNS Authoritative Nameservers info

RTSP/SDP Request/Response/Session (RTSP), Media description field (SDP)

Video Conferencing unit

H.323, SIP H.225 RAS “endPoint Vendor” field, H.225 sourceInfo vendor field, SIP “User Agent” field

SIP/SDP, H.225/ H.245

Media attribute/description field, openLogicalChannel

Protocol Standard IP Standard port

mDNS 224.0.0.251 5353

SIP N/A 5060

H.323 Gateway Discovery 224.0.0.41 1719

H.225 (RAS) N/A 1718

H.225 (Signaling) N/A 1720

RTSP N/A 554


Protocol Metadata Attributes Values Priority

mDNS Device-class (surveillance) “video” or “rtsp” or “IP Camera” Mandatory

“surveillance” Optional SDP (RTSP & SIP) Application Name m=<media> <port> <proto> <fmt> Mandatory

Media Type m=<media> <port> <proto> <fmt> Mandatory Mime-Type a=rtpmap:<payload type> <encoding name>/

<clock rate> Mandatory Payload-Type a=rtpmap:<payload type> <encoding name>/

<clock rate> Mandatory Bandwidth b=<bwtype>:<bandwidth> Mandatory Clock Frequency a=rtpmap:<payload type> <encoding name>/

<clock rate> Mandatory SIP Register Device-class (Video-conference)

User Agent: Mandatory

User Agent: video-conference Optional H.323 RAS Device-class (Video-conference)

Terminal Type: Mandatory

Terminal Type: video-conference Optional H.245 OpenlogicalChannel

Media Type dataType Mandatory Payload-Type dynamicRTPPayloadType Mandatory Bandwidth maxBitRate Mandatory


MSP

•  mDNS compatible devices will send mDNS messages for DNS service discovery to multicast IP address(224.0.0.251) on standard mDNS port 5353

•  MDNS client module on switch will listen to this standard UDP port and receive this mDNS message.

•  For example, we want to use the following PTR record from mDNS packet for pelco camera –pelco-skewer._tcp.local: type PTR, class IN, IP Camera - CIVS-IPC-ABBBB34._pelco-skewer._tcp.local

mDNS messages sent by client

IP Camera

Snoop mDNS on standard IP/port to know device info from PTR

record Or answer/query fields

VSM / Media server

Interface Device Attributes

G 4/1 Axis IP Camera Model: 233D - 00408C9412D3

Gather device info into device classifier through mDNS

MPEG-4/RTSP capable


MSP

•  H.225 RAS client registration message is used for H.323 based device discovery

•  “endpoint Vendor” field in the H.225 RAS message is interpreted to identify the device class, vendor and version details

•  Following fields are considered: productId: HDX 7000, versionId: HF - 2.5.0.6_00_Cisco-3966

H.323 Based conferencing

Snoop H.225 RAS on standard port 1718 to know device info

from endPointVendor field


G 4/1 Polycom HDX Video conferencing

Dev name: HDX 7000

Gather device info into device classifier through H.323 RAS

Version: HF-2.5.0.6_Cisco-3966


G 3/1

G 4/1

Device Initialization

SIP Register

SIP 200 OK

REGISTER sip:engineering.cisco.com SIP/2.0 Via: SIP/2.0/TCP u2.engineering.cisco.com:5060; From: <sip:[email protected]>;tag=0015629 To: <sip:[email protected]> Call-ID: [email protected] CSeq: 973 REGISTER User-Agent: Cisco-CP7971G-GE/8.0 Contact: <sip:[email protected]:5060; transport=tcp>”

SIP/2.0 200 OK Via: SIP/2.0/TCP u2.engineering.cisco.com:5060; branch=z9hG4bKcc06d1ec From: <sip:[email protected]>;tag=0015629 To: <sip:[email protected]> >;tag=0088629 Call-ID: [email protected] Contact: <sip:[email protected]:5060; transport=tcp>”

Leverage SIP/SDP Data exchanged


G 4/1 Round Table Video Phone DEV_NAME, DEV_VER

Branch, Contact field updates


•  Session Description Protocol is used as a message body in many protocols like RTSP (for IP surveillance) and SIP (for conferencing) and is used to carry session related info like IP address and port numbers in addition to other Metadata

•  Wide variety of MSP 1.0 devices support SDP in the message body. A wide spread way for flow detection is hence to learn and parse SDP content

•  Media Description field in SDP has the port numbers for audio and video

•  Media Attribute field has details of the format of video and codec type

•  Bandwidth field has information about flow bandwidth


H.323 Protocols

Purpose

H.225 Registration, Admission and Status (RAS)

Used between an H.323 endpoint and a Gatekeeper to provide address resolution and admission control services.

H.225 Call Signaling Used between any two H.323 entities I

n order to establish communication. This happens over port 1720 and is of interest as it would provide the necessary metadata required to establish CAC or a metadata session.

H.245 control protocol for multimedia communication

Describes the messages and procedures used for capability exchange, opening and closing logical channels for audio, video and data, control and indications. This will happen in parallel in a separate TCP session, but on a dynamic port.


Event Action

On System Start UP Open 1720 globally (Src & Dest Port)

On Receiving Connect on 1720 Open H.245 Ports (Derived from connect)

On OpenLogicalChannelsACK •  Open (RTCP) Monitoring •  Create RSVP/Metadata Session based on policy

The following fields from H.225 can be used for flow and Metadata Detection:

destCallsignalAddress sourceCallSignalAddress h245Address destinationInfo mediaControlChannel


SIP Invite Message

User Agent field contains Vendor, Model

MSP Looks for User Agent Field in SIP Invite Messages


SIP Register Message


MSP Looks for User Agent Field in SIP Register Messages


SIP OK Message


MSP Looks for User Agent Field in SIP OK Messages


SIP/SDP Message

Session ID for the flow

MSP Looks for Session ID in SDP contained in SIP INVITE Messages


SIP/SDP Message in OK

Flow Based Metadata

MSP Looks for Bandwidth Info, Media Description and Media Attribute elements in SDP to extract Flow Metadata (for BOTH AUDIO & VIDEO streams)

Bandwidth App-ID, L4 Ports

Codec, Clock Frequency

Bandwidth

App-ID, L4 Ports

Codec, Clock Frequency Flow Based Metadata

Session ID/Name


SIP/SDP Message in ACK

MSP Looks for Bandwidth Info, Media Description and Media Attribute elements in SDP to extract Flow Metadata (for BOTH AUDIO & VIDEO streams)

Bandwidth

App-ID, L4 Ports Codec, Clock Frequency

Bandwidth App-ID, L4 Ports

Codec, Clock Frequency

Flow Based Metadata

Session ID/Name


Metadata Alignment: MSP as a Producer

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 37

•  Metadata is an architecture that enables end-to-end signaling of flow parameters and attributes to the network •  Metadata can be explicitly produced by the end user, implicitly produced by the network DPI engine or indirectly produced by a proxy (e.g. Call manager)

•  Metadata used by various network services like QoS, Netflow, Media monitoring, PBR etc to facilitate application aware deployments •  Metadata would produce a set of “attributes” that the network can use for traffic classification and export •  Leverage RSVP to became the Metadata transport protocol for L2 switches and L3 router

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 38

Important charter in the App-Velocity space, enabling network as a platform for delivering intelligent network services for a multitude of applications

M M WAN

1.1.1.1 10.1.1.1 2134 80 http

10.76.109.45 10.76.109.51 1200 2000 WebEx Video

10.76.109.45 10.76.109.50 450 5060 SIP

30.1.1.1 135.1.1.1 1500 1600 WebEx Video

20.1.1.1 125.1.1.1 1500 1600 Surveillance

Metadata Database

Build Infrastructure Expand Production

Expand Consumption

Network Readiness: ISRG2, Cat3k, Cat4k, ASR1k, Cat6k

MSI Based End points (WebEx, VXI, TP), MSP, NBAR

Video Monitoring, QoS, FNF, PBR, PfR

WebEx

VXI/VNA

TP/Tandberg

Video Monitoring

PfR/PBR

Netflow QoS

NBAR and MSP Producing Metadata


WAN1 (IP-‐VPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

Branch

IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Dial From Dial To User

Flow Identifier Metadata

MSI from endpoint

10.1.1.1 125.1.1.1 90 4080 1234 telepresence Cisco

MSP at Access

rtp 1001 2002 Bob

NBAR at Edge

telepresence-video

App-Layer

Priority-1

Priority-2 Priority-3



Flow Identifier Metadata

telepresence-video Cisco

rtp 1001 2002 Bob

telepresence

App-Layer

Priority-1


match succeeds for telepresence-video due to Priority-1

policy-map P1 class-map C1 match application rtp class-map C2 match application telepresence-video

10.1.1.1 125.1.1.1 90 4080 1234

Packet

match fails!! match pass!!

Prioritizes more granular MSI classification BY DEFAULT in case of conflict

MSI

MSP

NBAR



Flow Identifier

Metadata

telepresence-video Cisco

rtp 1001 2002 Bob

telepresence

App-Layer

Priority-1


match succeeds for telepresence-video due to Priority-1

policy-map P1 class-map C1 match application rtp source msp

10.1.1.1 125.1.1.1 90 4080 1234

Packet

match pass!!

Prioritizes user specific source for backward compatibility


Metadata and MSP : Deployability, Status and Roadmap


CYQ1 ‘10

CYQ2 ‘10

CYQ3 ‘10

CYQ4 ‘10

CYQ1 ‘11

CYQ2 ‘11

CYQ3 ‘11

CYQ4 ‘11

CYQ1 ‘12

CYQ2 ‘12

CYQ1 ‘13

Cat4k ISRG2

• Surveillance End Points suport (RTSP) • Group VC solution support (SIP/H.323) • Softphones (SIP/H.323) • Device Identification support • Flow Identification support • Services:

• RSVP Proxy, Metadata Proxy, ASP, QoS services (Trusted Application Recognition)

MSP 1.0 Deliverables Note: MSP 1.0 works on basis of a stateful inspection model, where selected protocol packets would be intercepted/parsed to arrive at conclusions on device and flow types. The solution would ideally work with any device supporting this list of protocols. However it is to be noted that the solution would be tested and validated only against some end points and models

CYQ2 ‘13

Cat3k


•  MSP

•  NBAR

•  MSI Producers

•  QoS/C3PL

•  Flexible Netflow

•  Performance Monitoring • 

PBR/PfR

Services

Metadata needs to be produced by the end point or the network, and there should be network services ready to act on it for making the solution deployable

Supported from/on:

ISRG2, March 2012 Catalyst 4k, May 2012

ISRG2, July 2012 ASR1k, TBD Various collaboration /conferencing clients

ISRG2, March 2012 Catalyst 4k, May 2012 ASR1k, XE 3.7, July 2012 Cat6k/sup-2T, Nov 2012

ISRG2, March 2012

TBD

TBD


MSP Configurations


Step 1: Enabling Media Services Proxy (MSP) functionality Router(config)#profile flow

Step 2: Creating a profile Router(config)#media services profile video_cisco_msp

Router(config-ms)# rsvp Enable RSVP

Router(config-ms-rsvp)#exit

Router(config-ms)# metadata Enable Metadata

Router(config-ms-md)#exit

Router(config)#exit


•  Configuration [no] profile flow [protocol { sip | h323 | rtsp | mdns } ]

E.g.:To enable flow/device detection for SIP protocol:

Router(config)#profile flow protocol sip.


The user can specify RSVP params to be used in RSVP signaling.

•  Create RSVP params list

Router(config)#media services rsvp <name>

•  Add RSVP attribute and corresponding value.

Router(config-ms-rsvp)#bandwidth <1-10000000> (kbps)

Router(config-ms-rsvp)# max-burst <1-65535> (KB)

Router(config-ms-rsvp)#peak-rate <1-10000000> (kbps)

Router(config-ms-rsvp)# priority defending <1-7>

Router(config-ms-rsvp)# priority preemption <1-7>


•  Create metadata params list

Router(config)#media services metadata <name>

•  Add metadata attribute and corresponding value.

Router(config-ms-md)#ssrc <0-4294967295>

Router(config-ms-md)#bandwidth < 1-10000000> (kbps)

Router(config-ms-md)#payload-type <0-127>

Router(config-ms-md)#clock-frequency <0-4294967295>

Router(config-ms-md)#domain-name <WORD> 24 characters.

Router(config-ms-md)#mime-type <WORD> 16 characters.

Router(config-ms-md)#session-id <WORD> 80 characters

Router(config-ms-md)# email <word> 24 characters.

Router(config-ms-md)#username <word> 16 characters.

Router(config-ms-md)#application name <name> [ vendor <name> version <number>]

.


•  Attach a media service profile globally: Router(config)#media services <name>

•  Attach a media service profile to an interface: Router(config)#interface gig1/14

Router(config-if)#media services <name>


Show Device Information:

msp-cat4k1#sh profile device

MAC Address Interface Device class Device Name Device Vendor

0040.8ca2.0615 Gi2/12 Surveillance-Camera AXIS-Camera AXIS COMMUNICATIONS


•  show profile flow

Displays the flows and attached profiles

Router#show profile flow

Source-IP sPort Dest-IP dPort protocol Media Services profile

1.1.1.1 2000 2.2.2.2 2001 UDP msp_service_A

1.1.1.4 3000 2.2.2.4 2001 UDP msp_service_B


•  show profile flow statistics <int>

Displays the profile statistics. (Platform specific output)

Router#show profile flow statistics interface gi1/0/41

Protocol Input Pkts OutPut Pkt InputDrops OutDrops Policed

SIP 100 100 2 1 0

H.323 200 100 2 1 0

RTSP 0 0 0 0 0


Debugging flow profiling

debug profile flow [error | events]

debug profile flow stateful-inspection [api | error | events]

debug profile flow protocol [sip | H.323 | rtsp] [event | error]

Conditions for debugging

debug condition profile flow source-ip <ip addr>

debug condition profile flow dest-ip <ip addr>

debug condition profile flow interface <interface-name>


•  With Metadata, its now possible to Know characteristics of the flow passing through the network Configure QoS policies based on wider set of classification parameters Export application specific information via Netflow/FNF Ability to route traffic with PfR based on application aware criteria Enable performance monitor on only the necessary applications

•  With MSP, its now possible to Automatically detect a wide range of media end points, mainly third party conferencing and surveillance devices, and know about their attributes (device + flow) Render intelligent and relevant network services like Metadata, CAC, QoS to applications based on easy intuitive config Proxy for end points not having MSI and for network nodes not capable of generating info themselves


•  Thank you! •  Please complete the post-event survey •  Join us December 5th for our next webinar:

Preparing for BYOD and IPv6 with a Single Security Policy Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn

Technology

Enhancing Media Awareness with Media Services Proxy Webinar (IOS Advantage Webinar)