10. application aware networks - cisco.com · •search the first 255 bytes of ... streaming/real...
TRANSCRIPT
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2013 Cisco and/or its affiliates. All rights reserved.
Application aware networks Detekce a řízení aplikačních toků v moderních sítích
Praha, hotel Clarion
10. – 11. dubna 2013
ARCH4/L2
Miroslav Brzek - Cisco Adrian Čech - NextiraOne
Agenda
Why we need Application-awareness in Enterprise WAN?
What is AVC?
AVC Technologies
Application Recognition (NBAR2)
Performance Monitoring (FNF, ART)
Management Tool
Control (QoS, PfR)
Conclusion
AVC management with Cisco Prime Assurance – demo ukázka
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect
Why Application Visibility and Control in Enterprise WAN?
Business and IT are Changing Like Never Before Network Needs To Evolve To Support These Transitions
Application
complexity
increases
Identify growing applications
using more than just port
number
Cloud and Virtualization
centralize application
delivery
Understand application
performance from end users
perspective
Multiple entities
involved in
delivering
applications
Problem isolation to minimize
downtime and business impact
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5
How Do I Design My Network Infrastructure To Granularly identify the
applications
Understand the user
experience
Understand the network
condition and capacity
Deliver consistent performance
to critical applications
Maximize use of available
resources
Control unwanted traffic
Typical Use Cases for Application-aware network deployment
What applications do I have running on my network?
I want to monitor branch user experiences accessing Oracle application in my Data Center
Users call about application problem, how do I isolate the problem
Unwanted applications like YouTube and BitTorrent are taking over my network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect
What is Application Visibility and Control (AVC)?
What is Application Visibility and Control?
Gain visibility into application running in the network, performance trend, and user
experiences
Intelligently prioritize, control, or direct application traffic to maximize user
experience
Introduce Application Visibility and Control (AVC) Solution
Branch Office Data Center
Servers Web
Servers
DPI
Performance
Monitoring
Appliance
Before AVC Solution
Branch Office Data Center
Servers Web
Servers
AVC
AVC
Management Management
Integrated Solution
• Provide 1000+ application recognition natively within ISR G2 and ASR1K
• Simple software activation
Rich Monitoring and Control Capabilities
• Comprehensive traffic statistics – response time, bandwidth
• Feature-rich IOS control capabilities (HQoS, PfR)
Flexible Deployment
• Branch, WAN aggregation, Data center, Internet edge
• Support Cisco and 3rd party management tool
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10
AVC – How the Solution works
Use QoS or PfR to control
application network usage
to improve application
performance
ASR1K
ISR G2
Control
High
Med
Low
Advanced reporting tool
aggregates and reports
application performance
(Cisco Prime Infrastructure
3rd Party Tools)
App Visibility &
User Experience Report
Management Tool
ISR G2 & ASR collect
application bandwidth and
response time metrics, and
export to management tool
(FNF, ART, MMON)
ASR1K
ISR G2
NFv9/IPFIX
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
3
App BW Transaction
Time
…
WebEx 3 Mb 150 ms …
Citrix 10 Mb 500 ms …
Identify applications using
L3 to L7 information
(NBAR2)
ASR1K
ISR G2
Application
Recognition
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12
Application Recognition
Identify applications using
L3 to L7 information
(NBAR2)
ASR1K
ISR G2
Application
Recognition
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13
HTTP became a NEW transport protocol
Must go into the payload to clearly identify the application
Skype, Bittorent, Apple Applications, Games, etc.
Need statefull inspection for dynamically assigned TCP and UDP port numbers
Application consists of multiple sessions (Video, Voice, Data)
Must also identify some “application extracted fields”
RTP Payload Type Classification eases classification of voice and video traffic
Should identify the “application transport”
tunneled applications, IPv6 in IPv4
How to Identify Applications?
Access Control List based on IP address, protocol type and port number is no longer enough
What is Really in Your Network? Port
Monitoring
Application
Monitoring
bittorrent rtp
gtalk
netflix
skype
webex
unknown?
http?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
NBAR: Deep Packet Inspection (DPI) Stateful and Dynamic Inspection
• Classification of L3-L7 Application traffic
• Identifies applications
Statically assigned
Dynamically assigned during connection establishment
• Non-TCP and non-UDP IP protocols
• Statefull inspection
Snooping bi-directional application traffic as it flows through the network
• Provides Advanced Application Classification and Field Extraction capabilities
• Support of IPv4, IPv6 and nested traffic (IPv6 transition method, ...)
• Classification per Categories, Sub-Categories and Attributes
ToS Source IP Addr
Dest IP Addr
IP Packet TCP/UDP Packet
Src Port
Data Packet
Sub-Port/Deep Inspection Dst Port
Protocol
NBAR 1000+ Application Recognition
List of protocols and applications supported by NBAR
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
NBAR Protocol Pack allows adding more applications without upgrading or reloading IOS
Supported devices: ISR-G2, ASR1000, adding support on unified access (WLAN controller, AP’s, Cat3850)
Roadmap
(Cloud & enterprise apps)
HTTP HTTP
HTTP
Examples of apps recognized by NBAR2 as of XE 3.6S and 15.2(3)T
Define Your Own Application in NBAR2
Port • TCP or UDP
• 16 static ports per application
• Range of ports (1000 maximum)
Payload • Search the first 255 bytes of
TCP or UDP payload
• ASCII (16 characters)
• Hex (4 bytes)
• Decimal (1-4294967295)
• Variable (4 bytes Hex)
HTTP URL • URI regex
• Host regex
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18
User-Defined Application Example
ip nbar user-defined lunar_light
8 ascii Moonbeam tcp
range 8000 8001
class-map solar_system
match protocol lunar_light
policy-map astronomy
class solar_system
set ip dscp AF21
interface Serial1
service-policy output
astronomy
• Name (“lunar light”) - Name the match criteria up to 24 characters
• Offset (Skip first “8” bytes) - Specify the beginning byte of string or value to be matched in the data packet, counting from zero for the first byte
• Format (“ascii”) - Define the format of the match criteria ASCII, hex or decimal
• Value(“Moonbeam”) - Should match with the value in the packet . If ASCII, up to 16 characters
• [Source or destination port] (“[source | destination]”) - Optionally restrict the direction of packet inspection; defaults to both directions if not specified
• TCP or UDP (“tcp”) - Indicate the protocol encapsulated in the IP packet
• Range or selected port number(s) (“range 2000 2999”) - “range” with “start” and “end” port numbers, up to 1,000 one to sixteen individual port numbers
ToS Source IP Addr
Dest IP Addr
IP Packet TCP/UDP Packet
Src Port
Data Packet
FFFF0000MoonbeamFFFF Dst Port
Protocol
NBAR2 Field Extraction Support • Ability to look into specific application information
• NBAR extract fields from HTTP, RTP, Citrix, etc… for QoS configuration
• HTTP Header Fields example
• NBAR RTP Payload Type Classification
Eases classification of voice and video traffic
VoIP, streaming/real time video, audio/video conferencing, Fax over IP
Distinguishes between RTP packets based on payload type and CODECS
Router(config-cmap)# match protocol http ?
content-encoding Encoding mechanism used to package entity body
from E-mail of human controlling the user-agent
host Host name of Origin Server containing resource
location Exact location of resource from request
mime Content-Type of entity body
referer Address the resource request was obtained from
server Software used by Origin Server handling request
url Uniform Resource Locator path
user-agent Software used by agent sending the request
Different Ways to Use NBAR
1. Discover applications going across interfaces
ip nbar protocol-discovery CLI
2. Match applications or groups of applications in QoS class-map to
take action, i.e. shape, police, remark
match protocol CLI in QoS class-map
3. With Flexible Netflow (FNF) or other performance reporting
features to report application name
match or collect application name CLI
© 2011 Cisco and/or its affiliates. All rights reserved.
Performance Collection & Exporting
ISR G2 & ASR collect
application bandwidth and
response time metrics, and
export to management tool
(FNF, ART, MMON)
ASR1K
ISR G2
NFv9/IPFIX
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
Performance Collection & Exporting – What is it? Rich Monitoring from the Network without Additional Hardware Probe
What applications, how much bandwidth, flow direction?
(Flexible Netflow and NBAR/NBAR2) Basic Monitoring
HTTP HTTP
Voice and Video Performance
(Media Monitoring) Advanced
Monitoring
30% of traffic is
voice and video
Critical Applications Performance
(Performance Agent)
40% of traffic is
critical applications
Flexible Netflow
• Feature to collect and export network information and statistics Flexibility in defining fields and flow record format
Utilize Netflow Version 9 Format
UDP-based transport
• Consist of data collection (flow monitor) and data export (flow export)
• Can be used for collecting application info from NBAR2 and statistics along with other network information
• Open-standard, can be analyzed by Cisco Insight, Cisco Prime NAM, Cisco Prime Assurance Manager, and 3rd Party Tools
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24
FNF +
NBAR2
MAC
Source IP Address
Source Port
Destination Port
Gaining Full Visibility with Flexible Netflow + NBAR2
Monitors data from layer 2 thru 7
Determines applications by combination of port and payload
Flow information who, what, when, where
Flexible NetFlow allows your own select of key fields
Statefull inspection of dynamic-port traffic
Packet and byte counts
Protocol
Link Layer
Header
Deep Packet (Payload) Inspection
ToS
NetFlow Destination IP Address
IP Header
TCP/UDP
Header
Data Packet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25
Flexible NetFlow Records for AVC Discovery Application Bandwidth Usage and Top Talker
• What applications do I have?
• What are connection durations?
• What is the total number of application flows?
Usage Record
• Top N clients and servers
• Top server ports and applications
Transaction Record
When users complain about Application Problem
Increased Latency
WAN Problem
Application Problem
Server Problem
User Problem
Your network is
slow
I do not see
anything
wrong End Users
Network Admin
What the users see What network admins see What can happen
ping – OK
show ip route - OK
traceroute - OK
show interface - OK
Application Response Time (ART) Measurement
Key Features
27 Application Response Time (ART) Metrics
Interact with NBAR2 for Application ID and field
extraction information
In ISR G2, provide by Performance Agent (PA)
In ASR1K, ART is part of unified monitoring
Benefits
Visibility into application usage and performance
Quantify user experience
Troubleshoot application performance
Track service levels for application delivery
My query
is taking
long
time!
My email
is slow!
Branch Data Center
How do I
ensure
my SLA
is met
Reporting Tool
WAN
NFv9/IPFI
X
Application Response Time (ART) Measurement Application Delivery Path Network Segment Breakdown
Application Servers
Total Delay
Client
Network Clients
Client Network
Delay (CND) Application
Delay (AD)
Network Delay (ND)
Server
Network
Request
Response Server Network
Delay (SND)
• Separate application delivery path into client and server segments
• Server Network Delay (SND) approximates WAN Delay
• Latency per application
Understand ART Metrics Calculation Server
Response
TT
Client
X
SYN
SYN-ACK
ACK 6
Request 1
ACK
DATA 4
DATA 3
DATA 5
DATA 3
Request 1 (Cont)
X
DATA 4
DATA 1
Request 2
DATA 6
DATA 2
ACK 3
ACK
SND
CND
Request
Retransmission
RT
• Response Time (RT)
t(First response pkt) – t(Last request pkt)
• Transaction Time (TT)
t(Last response pkt) – t(First request pkt)
• Network Delay (ND)
ND = CND + SND
• Application Delay (AD)
AD = RT – SND
Response
Quantify User
Experience
Identify
Server
Performance
Issue
Quantify User
Experience
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
List of ART Metrics Supported Traditional FNF Metrics
• Application ID (from NBAR2)
• Client/Server Bytes
• Client/Server Packets
• Source MAC Address
• Input/Output Interface
• IP DSCP
ART Metrics
• CND - Client Network Delay (min/max/sum)
• SND – Server Network Delay (min/max/sum)
• ND – Network Delay (min/max/sum)
• AD – Application Delay (min/max/sum)
• Total Response Time (min/max/sum)
• Total Transaction Time (min/max/sum)
• Number of New Connections
• Number of Late Responses
• Number of Responses by Response Time
‒ (7-bucket histogram)
• Number of Retransmissions
• Number of Transactions
• Client/Server Bytes
• Client/Server Packets
WAAS Express Metrics
• Input/Output Bytes
• WAAS Connection Mode
‒ TFO, TFO/LZ, TFO/DRE,
TFO/LZ/DRE
• Input/Output DRE Bytes
• Input/Output LZ Bytes
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Prime Infrastructure (PI) 3rd Party Network Management
Advanced reporting tool
aggregates and reports
application performance
(Cisco Prime Infrastructure
3rd Party Tools)
App Visibility &
User Experience Report
Management Tool
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 33
Cisco Prime Infrastructure – Assurance Manager
• Configuration of AVC features
• Network Monitoring
• Service Monitoring
• Reporting and Trends
• Multi-NAM Manager
• Packet and Flows Analysis
• Application Response Time
• Voice and Video Metrics
• Distributed SNMP and Netflow Collection
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34
How to use PI-AM to Monitor Application Usage? flow record type mace mace-record
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
Collect Traffic Volume Information
Who sends Bittorrent?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 35
How to use PI-AM to Monitor Application Usage?
Discover Top Users for the Application Discover Application Per-user
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 36
Monitor Application Performance Across Multiple Sites
How is the Server performing?
Which site is slowest?
How is user experience at a site?
How to use PI-AM to Monitor and Troubleshoot Application Performance
Response Time
Network Latency
Traffic Volume
Transaction Time
Application Server Delay
• Need to understand relationship
between these metrics
Your network
is so slow I
cannot get any
work done
today
I know exactly what
is going on
End Users
Network Admin
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38
1. Detect Application Server Problem
End user experience is impacted because application server is slow
Transaction Time Response Time
Server Delay Network Latency
Network seems fine
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39
2. Detect Network Inefficiency (Packet Loss)
• Transaction time shoots up when other metrics remain the same
Server Delay Network Latency
Response Time Transaction Time
Traffic volume goes down
while transaction time goes
up
AVC Management Tool Integration Company Product Use Cases Status
PAM Network and App Monitoring. Control
GUI (future)
PAM 2.0 – Adding PfR, new metrics in
XE 3.8S
Gomez &
DynaTrace
APM combined with App-aware
Network Monitoring
Adding NBAR2, PA, WAAS
5View App-aware Network Monitoring Already support WAAS
Adding NBAR2, PA
LiveAction Control (QoS) GUI, App-aware
Network Monitoring
Already supports medianet
Adding NBAR2, PA, PfR
Scrutinizer App-aware Network Monitoring Already support PfR, medianet
Adding NBAR2, PA
Others: Living Object, Insight, CA
© 2011 Cisco and/or its affiliates. All rights reserved.
Quality of Service (QoS) Performance Routing (PfR)
Use QoS or PfR to control
application network usage to
improve application
performance
ASR1K
ISR G2
Control
High
Med
Low
AVC Control Options
• Guarantee bandwidth to protect critical applications from network congestion
• Provide low latency to delay sensitive applications
• Stop or limit unwanted applications from using WAN resources
• Application routing based-on real-time performance Information
• Intelligent load sharing provides resiliency and fully utilizes all available WAN resources
• Improve performance of voice, video, and critical applications
Application Bandwidth Control Application Path Control
WAN LAN
Internet
No SLA
WAN 1
High SLA
WAN 2
Med SLA
WAN LAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 43
The Role of QoS for Control
• Bandwidth action Guarantee Bandwidth
• Police action Limit Max Bandwidth
• Priority action Minimize Latency
• Set action, i.e. set dscp Change Flow Properties
• Shape action Reduce Burst
SiSi
Application Path Control with PfR
SP B
MPLS
GETVPN
ASR1K
PfR MCs
SP A
MPLS
GETVPN
ASR1K
ASR1K
Branch
PfR BRs
PfR MC/BR
ASR1K
Enterprise Apps (High priority)
Netflix (Low priority)
WebEx (High priority)
Internet Router
• Performance Routing (PfR) provides intelligent load balancing and application control natively within the WAN infrastructure
Routing decision is based on real-time performance metrics, i.e. loss, jitter, latency
• Example: Send Enterprise Apps and WebEx over primary link, and send recreational traffic to secondary link
PfR Use Case Examples Protecting critical applications while Maximizing bandwidth utilization
• Protect business Cloud applications from network brownout Loss > 10%
• Cloud Service preferred path – ISP1
• Maximize all ISP bandwidth by load sharing other Internet traffic
Cloud Service & Load Balancing Policy
ISP-1 (Primary) ISP-2 (Secondary)
Detect loss > 10%
Cloud Service
Best Effort traffic
Internet
• Protect voice and video quality
Latency > 200ms; Jitter > 30ms
• Protect VDI applications from brownouts
Loss > 5%
• Voice & Video preferred path SP-A
• VDI preferred path SP-B
• Maximize utilization by load sharing
Multimedia & Critical Data Policy
SP-A (MPLS VPN) SP-B (MPLS VPN)
VDI
Detect high jitter
Voice&Video
Best Effort traffic
WAN
AVC Solution Benefits
Improve Application, Voice, and Video Performance
Identify Performance Issues Before They Occur
Minimize Downtime by Accelerating Troubleshooting
Better Application Visibility
and Control
Proactive Monitoring,
Performance Threshold
End-to-end Network
Visibility, Historical Data
What Benefits? How?
• Cisco 800 with Advanced IP services license
• Cisco 19/29/39xx with Data or Application Experience license
• Cisco ASR 1000 with Advanced IP services + AVC Feature License
What is required to use AVC?
• + Cisco Prime Infrastructure Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect
AVC management with Cisco Prime Assurance
Adrian Čech - NextiraOne
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 50
AVC topologie
Topologie AVC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 51
AVC spuštění v Cisco PAM Spuštění AVC
• Výběr menu Deploy - Configuration Tasks - Collecting Traffic Statistics
• Výběr zařízení
• Zařízení je ASR1k anebo ISR G2 směrovač
• Výběr hodnot a potvrzení konfigurace Apply
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 52
AVC vytvoření infrastruktury
Vytvoření struktury
• Výběr menu Design - Site Map Design
• Výběr New Campus
• Nastavení jména pobočky a Next
• Opakovat pro další pobočky
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 53
AVC asociace ze zařízením
Vytvoření asociace struktury a reálných zařízení
• Výběr menu Design - Endpoint-Site Association
• Výběr Add Row
• Přiřazení zařízení k pobočkám
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 54
AVC přehled provozu
Přehled provozu
• Výběr Operate - Detail Dashboards
• Výběr Site
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 55
AVC vytvoření grafu
Výběr grafu
• Výběr na ikoně vpravo Add Dashlet(s)
• Výběr grafu podle potřeby např. ‘Top Application Traffic over Time’
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 56
AVC ATR Výběr grafu
• Výběr na ikoně vpravo Add Dashlet(s)
• Výběr grafu Transaction Times
• Výběr filtru pro konkrétní aplikaci
© 2011 Cisco and/or its affiliates. All rights reserved. 57 Cisco Connect 57 © 2013 Cisco and/or its affiliates. All rights reserved.
Otázky a odpovědi
Zodpovíme též v “Ptali jste se” v sále LEO v 17:45 – 18:30
e-mail: [email protected]
© 2011 Cisco and/or its affiliates. All rights reserved. 58 Cisco Connect 58 © 2013 Cisco and/or its affiliates. All rights reserved.
Prosíme, ohodnoťte tuto přednášku.