Escolar Documentos
Profissional Documentos
Cultura Documentos
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-1
Overview
• AVC offers yet another competitive differentiator for the
Cisco Unified Access architecture.
• Application Visibility and Control features help ensure that
critical applications get through while less critical
applications get best effort.
• Benefits include lower operating costs through an
integrated solution available for access, distribution, and
core network devices, as well as faster troubleshooting,
and less network downtime.
• For the HTC case study, implementing AVC means
configuring Medianet and Mediatrace, Cisco Modular
QoS, Cisco IOS Flexible NetFlow Traffic Records and
Wireshark.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-2
Lesson objectives:
Upon completion of this lesson, you will be able to explain and configure different
features supporting visibility and control of applications. This will include the ability
to:
• Explain Application Visibility and Control
• Explain Cisco Medianet
• Describe Cisco Mediatrace
• Explain Cisco Medianet Auto Configuration via Auto Smartports (ASP)
• Explain Cisco Media Service Interface (MSI) and Media Service Proxy
(MSP)
• Characterize Cisco Flexible NetFlow
• Identify the capabilities of Cisco Packet Capture Technologies
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-3
Lab objectives:
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-4
Application Visibility and Control
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-5
App Visibility Monitoring /
Assessment
and Control Troubleshooting
Enhanced Object Performance
Flexible NetFlow
Tracking Monitor
Core
Microflow
IP SLA Mediatrace
Policing
QoS Mini-Protocol
Analyzer
Flexible NetFlow
Tracking
Microflow Mediatrace
IP SLA Policing MPA
AVC in WiSM-2 NAM-3
SPAN / RSPAN /
QoS ERSPAN
Built-in Traffic
Simulator Proxy Wireshark
Device Sensor Device Sensor
Wireless SPAN / RSPAN /
Controller AVC ERSPAN
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-6
Access Switches NAM-3
Cisco
Prime
Backbone Switches Infrastructure WLAN Controllers
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-7
Review
CISCO PRIME
THIRD PARTY
NETFLOW
COMPLIANCE CAPACITY PLANNING TROUBLESHOOTING COLLECTOR
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-8
Review
Identify
Custom DSCP Marking
applications
and prioritize
or drop
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-9
Review
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-10
Client AVC statistics on the WLAN
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-11
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-12
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-13
AVC monitoring of Client and Application statistics
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-14
Cisco Medianet
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-15
• Can ONE Network recognize all these applications?
Challenges • Can ONE Network prioritize all these applications?
• Can ONE Network deliver uncompromised user experience?
256Kb – 2Mbps video 2-4 Mbps ( SD TV ) 2.5-10 Mbps at 1080p 15 Mbps at 1080p
conferencing Spatial wideband audio
6-10 Mbps ( HD TV )
256-512 byte packets 700-1350 bytes <1260 bytes 700 – 1350 bytes
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-17
Auto configuration
Media Monitoring
Flow Metadata
2H 2013 Q4 2012
1H 2013
1H 2013
Datasheet: http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-612429.html
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-18
Cisco Mediatrace
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-19
• Mediatrace discovers and queries L2 and L3 nodes along a
flow path
• Gathers system resource, interface and flow specific
(perfmon) stats
- For performance monitor: dynamically configures monitoring policy (if
needed) 5-tuple + intervals etc. match static policy)
• Can be requested:
• By remote device
• Automatically (based on thresholds) via EEM script
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-20
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-21
Available via:
- Cisco IOS Exec CLI.
- Periodic configuration via IOS configuration.
- Launch from endpoints.
Modes:
- Hop Poll: performs only path discovery.
- System Poll: in addition to performing node and interface discovery, statistics
from the interfaces are collected.
- Perfmon Poll: collects flow specific statistics. If additional information, such as
the IP protocol and Layer 4 ports is specified, the query will be as detailed as
possible.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-22
BR-CAT3750#mediatrace poll path source 10.87.93.11
destination 10.87.80.162 perf-mon
Started the data fetch operation.
Waiting for data from hops.
This may take several seconds to complete...
Data received for hop 0
Data received for hop 1
Data received for hop 2
Data fetch complete.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-23
initiator#show mediatrace session stats 1
Session Index: 1
…
Mediatrace Hop Number: 2 (host=responder2, ttl=253)
Metrics Collection Status: Success
Reachability Address: 10.10.34.3
Ingress Interface: Gi0/1
Egress Interface: Gi0/2
Metrics Collected:
Flow Sampling Start Timestamp: 23:45:56
Loss of measurement confidence: FALSE
Media Stop Event Occurred: FALSE
IP Packet Drop Count (pkts): 0
IP Byte Count (Bytes): 6240
IP Packet Count (pkts): 60
IP Byte Rate (Bps): 208
Packet Drop Reason: 0
IP DSCP: 0
IP TTL: 57
IP Protocol: 17
Media Byte Rate Average (Bps): 168
Media Byte Count (Bytes): 5040
Media Packet Count (pkts): 60
RTP Interarrival Jitter Average (usec): 3911
RTP Packets Lost (pkts): 0
RTP Packets Expected (pkts): 60
RTP Packet Lost Event Count: 0
RTP Loss Percent (%): 0.00
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-24
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-25
Key Features Benefits
• Monitor media performance • Real-time monitoring of voice
metrics, i.e. jitter, loss and video performance across
network
• Integrate with NBAR2 to identify
applications • Accelerate troubleshooting –
identify what, where, when is the
• Setting threshold and generating problem
alert/alarm
• Proactive troubleshooting
• Standard FNFv9 export
• Validate SLA
Management Tool
i.e. PI 2.0
FNFv9 FNFv9
Alarm Alarm
Syslog Syslog
Voice/video Voice/video
WAN Endpoints
Endpoints
Medianet
Perf Monitoring
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-26
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-27
Cisco Medianet Auto Configuration via
Auto Smartports
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-28
Automatically detects a Medianet device via the Cisco
Medianet Service Interface and configures the switch port to
support that particular device
No more reserving ports for specific devices
Takes advantage of Cisco best practices
Interface-level configuration applied based on device
attached.
Configuration removed when device is disconnected.
User-created custom macros supported.
User-created macros can override Cisco built-in macros
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-29
Cisco Devices
• Access Point
• IP Phone
• Digital Media Player
• IP Video Surveillance Camera
• Switch
• Router
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-30
1. Endpoint identifies itself – Cisco Discovery Protocol or MAC Range
2. Automate network configuration – Auto SmartPorts macro configures:
- VLAN assignment
- QoS
- Security
3. Automate location configuration - Location integration
Catalyst Switch
Cisco IP Camera
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-31
Decide access and voice vlans for the network
• ASP will control which end-points (next slide)
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-33
1) Stub configuration on all ports – Access vlan 10
2960s(config)#int range GigabitEthernet 1/0/1 – 48
2960s(config-if-range)#switchport access vlan 10
2960s(config-if-range)#switchport mode access
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-34
Cisco Media Service Interface and Media
Service Proxy
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-35
How do I know the applications/end
points connected to the network
Auto device detection with
automatically? MSP
I have lot of non-Cisco gear in the end Third Party support with
point space. Will I still benefit from the MSP: supporting a range of
Medianet architecture? well known protocols
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Flow metadata is the information which describes the flow:
Network • QoS
Services
• RSVP
Transport • Routers, Switches
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-37
MSI - Application Name
from Endpoint
Apply uniform
QoS policies based MSP- Application name
on Metadata from endpoint + flows
Webex-video
from switch
NEs
Surveillance
Camera
Enable conf t
metadata flow
Metadata Database
5 Tuple Flow ID Application
Src IP Dst IP S. Port D. Port Protocol Name
10.76.109. 10.76.109. 120 200 UDP Telepresence-
TelePresence 45 51 0 0 media
10.76.109. 10.76.109. 211 312 TCP webex-Video
46 52 1 2
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-38
Before Metadata After Metadata
QoS policies would be based on
source/destination IP address, QoS policies would be based on
source/destination ports or DSCP application type.
markings.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-39
Configuration
• Enable MSP – Switch will snoop RTP/SIP/H.323 packets for device identification and
creating flows
profile flow
• Create Profile
media-proxy services profile msp-1
rsvp Enable RSVP
metadata Flow information from MSP exported to metadata
!
media-proxy services msp-1
Metadata
S S S
1 2 3
Configuration: Configuration:
Configuration: Metadata flow
MSP for 3rd Party Camera Profile flow Metadata flow
Flow created by switch will Media-proxy services profile msp-1
be sent to other network Rsvp
devices using metadata Metadata
Media-proxy services msp-1
Metadata flow
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-40
Cisco Flexible NetFlow
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-41
Campus Building A Campus Building B
3 Campus
Core 2
3
Benefits of Flexible NetFlow
Internet
NOC 1 Flexible NetFlow provides:
Ability to monitor different protocols like IPv4, IPv6
Campus and Layer-2
Building C Determines applications by combination of port
and payload
Flow information who, what, when, where
2 Flexible NetFlow allows customized key fields
selection
Exports based on the template-based NetFlow v9
2
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-42
• Ingress & Egress NetFlow. (4K Ingress only)
• EFSU support.(6K)
• Hitless ISSU. (4K)
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-43
Key fields are unique per record
2 1 • Match statement in the CLI 2 1
Netflow
NetflowCache
CacheAfter Packet
Before 1 1
Packet
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-44
1. Configure the Exporter
Where do I want
Router(config)# flowmy data sent?
exporter my-exporter
Router(config-flow-exporter)# destination 1.1.1.1
Router(config-flow-exporter)# option interface-table timeout 3600
Router(config-flow-exporter)# option sampler-table timeout 3600
Router(config-flow-exporter)# option application-table timeout 3600
4. Apply to an Interface
Router(config)# interface s3/0
Router(config-if)# ip flow monitor my-monitor input
Which interface do I want to monitor?
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-45
• List of all possible information elements
show flow exporter export-ids netflow-v9
• Template assignment
show flow exporter template
• High watermark in the cache
show flow monitor <flow-monitor> statistics
• NetFlow configuration
show running flow [exporter | monitor | record]
• Display NetFlow cache information
show flow monitor <name> cache format table
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-46
Cisco Packet Capture Technologies
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-47
Hosted Embedded Wireshark
IOSd Apps application for real time traffic
capture and decoding with
Features customer-familiar user interface
Components
Simplified monitoring and
troubleshooting
Common Infrastructure / HA Wireshark hosted as a 3rd party
Management Interface application
Module Drivers
Kernel Leverages IOS capabilities for
selective packet capture
Supported on Catalyst 4500
Sup7-E, 4500-X Series & 3850,
etc.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-48
• Cisco IOS XE can host third- Wireshark Operation—How Is It
party apps Done?
• Wireshark is a software process 1. Original packets are
• Capture filters hardware-switched to
destination
• Display filters
2. Copies of the interesting traffic
• Store packets in a pcap file that are generated in hardware
the user can manually
TFTP/SSH to remote server 3. Processed by software at a
rate-limited packet per second
• Support for multiple active to protect CPU utilization
capture points
4. The software interacts with the
Wireshark module and writes
the pcap files
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-49
• Simple capture and display
Switch# monitor capture point mycapture interface g1/1 filter ip protocol
tcp src 10.1.1.1 0.0.0.0 dest-port 80
Switch# monitor capture point mycapture start display brief
Switch# show monitor capture buffer mycap detailed
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-50
• Display packets in brief mode
Switch# show monitor capture file bootflash:mycapture.pcap
1 0.000000000 192.168.1.1 -> 192.168.1.10 UDP Source port: 59552 Destination port: 9995
2 0.999453140 192.168.1.1 -> 192.168.1.10 UDP Source port: 59552 Destination port: 9995
3 32.733140560 c8:4c:75:b4:0f:7f -> 01:00:0c:cc:cc:cc CDP Device ID:
4507_Sup7E_Access.cisco.com Port ID: GigabitEthernet2/10
4 34.999361760 192.168.1.1 -> 192.168.1.10 UDP Source port: 59552 Destination port: 9995
5 35.999754880 192.168.1.1 -> 192.168.1.10 UDP Source port: 59552 Destination port: 9995
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-51
• Traffic is captured via capture
SPAN session
• Packets are stored in a local
memory buffer
• Protocol filtering available by:
- VLANs
- ACLs
- MAC addresses
- EtherType
- Packet size
• Available on Catalyst 6500 since
IOS 12.3(33)SXI
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-52
• Filtering Configuration Example
6500# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
6500(config)# monitor session 1 type capture
6500(config-mon-capture)# source vlan 123,234-245
6500(config-mon-capture)# filter ethertype 0x8100
6500(config-mon-capture)# filter length 8192
6500(config-mon-capture)# filter mac-address 0123.4567.89ab
6500(config-mon-capture)# filter access-group 99
6500(config-mon-capture)# end
6500# show monitor capture
Capture instance [1] :
======================
Capture Session ID : 1
Session status : up
rate-limit value : 20000
redirect index : 0x7E07
Capture vlan : 1019
buffer-size : 4194304
capture state : OFF
capture mode : Linear
capture length : 68
Sw Filters :
ethertype : 33024
src mac : 0123.4567.89ab
Hw acl : 99
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-53
• The Cisco AVC solution is a suite of services in Cisco network devices that
provides application-level classification, monitoring, and traffic control.
• A Cisco Medianet architecture facilitates automation and delivers visibility for
greater scale and policy management across the network to endpoints
anywhere.
• Mediatrace discovers the routers and switches along the path of an IP flow
and can dynamically configure and retrieve general node information as well
as flow-specific metrics leveraging the performance monitor feature.
• Medianet auto configuration is designed to ease the administrative burden on
the network administrator by allowing the network infrastructure to
automatically detect a Medianet device attached to a Cisco Catalyst switch.
• MSI is flow information generated by the endpoint and provided to the switch;
MSP is flow information generated by the switch for a non-MSI endpoint
• Cisco IOS Flexible NetFlow is the next-generation in network forensics
technology enabling application visibility into the network
• Cisco packet capture technology available on different Catalyst switch
platforms include Wireshark and MPA on the Catalyst 6500 Switch.
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-54
• Task 1: Configure Cisco Medianet
• Task 2: Implement Cisco Mediatrace
Video Server
• Task 3: Configure Flexible NetFlow
- Bonus Points – Use CLI for
verification/testing
• Task 4: Use Wireshark for inspection
of the packets
- Optional