00.building Business Case SIP WP

Application Visibility and Control
© 2013 Cisco and/or its affiliates. All rights reserved. CONFIDENTIAL Application Visibility and Control UACBC v1.0—8-1
Overview
• AVC offers yet another competitive differentiator for the
Cisco Unified Access architecture.
• Application Visibility and Control features help ensure that
critical applications get through while less critical
applications get best effort.
• Benefits include lower operating costs through an
integrated solution available for access, distribution, and
core network devices, as well as faster troubleshooting,
and less network downtime.
• For the HTC case study, implementing AVC means
configuring Medianet and Mediatrace, Cisco Modular
QoS, Cisco IOS Flexible NetFlow Traffic Records and
Wireshark.
Lesson objectives:
Upon completion of this lesson, you will be able to explain and configure different
features supporting visibility and control of applications. This will include the ability
to:
• Explain Application Visibility and Control
• Explain Cisco Medianet
• Describe Cisco Mediatrace
• Explain Cisco Medianet Auto Configuration via Auto Smartports (ASP)
• Explain Cisco Media Service Interface (MSI) and Media Service Proxy
(MSP)
• Characterize Cisco Flexible NetFlow
• Identify the capabilities of Cisco Packet Capture Technologies
Lab objectives:
Configuring AVC includes completing the following tasks:

• Configure Cisco Medianet
• Implement Cisco Mediatrace
• Configure Flexible NetFlow
• Use Wireshark for packet inspection
Application Visibility and Control
App Visibility Monitoring /
Assessment
and Control Troubleshooting
Enhanced Object Performance
Flexible NetFlow
Tracking Monitor
Core
Microflow
IP SLA Mediatrace
Policing
QoS Mini-Protocol
Analyzer
Enhanced Object Perf Monitor

Distribution
Flexible NetFlow
Tracking
Microflow Mediatrace
IP SLA Policing MPA
AVC in WiSM-2 NAM-3
SPAN / RSPAN /
QoS ERSPAN
Clean Air Flexible NetFlow Perf Monitor
Media Service Mediatrace

Access
Built-in Traffic
Simulator Proxy Wireshark
Device Sensor Device Sensor
Wireless SPAN / RSPAN /
Controller AVC ERSPAN
Access Switches NAM-3
Cisco
Prime
Backbone Switches Infrastructure WLAN Controllers
Review
WIRELESS LAN CONTROLLER

Real Time
Interactive
Traffic Non-Real Time
Background
R2 LIBRARY NETFLOW (STATIC

Deep Packet POLICY TEMPLATE)
inspection Packet Mark and Drop provides Flow Export
CISCO PRIME
THIRD PARTY
NETFLOW
COMPLIANCE CAPACITY PLANNING TROUBLESHOOTING COLLECTOR
Review
Enable AVC on each

WLAN
Predefined Markings for Voice, Video,

etc.
Identify
Custom DSCP Marking
applications
and prioritize
or drop
Review
Apply the custom profile per WLAN
Client AVC statistics on the WLAN
AVC monitoring of Client and Application statistics
Cisco Medianet
• Can ONE Network recognize all these applications?
Challenges • Can ONE Network prioritize all these applications?
• Can ONE Network deliver uncompromised user experience?
BYOD / Web- Streaming Video Desktop Conferencing TelePresence

Conferencing
 256Kb – 2Mbps video  2-4 Mbps ( SD TV )  2.5-10 Mbps at 1080p  15 Mbps at 1080p
conferencing  Spatial wideband audio
 6-10 Mbps ( HD TV )
 256-512 byte packets  700-1350 bytes  <1260 bytes  700 – 1350 bytes
 Delay / Drop  Delay / Drop  Delay / Drop  Delay / Drop

Sensitivity : Low / Sensitivity : Med / Med Sensitivity : Hi / Med Sensitivity : Hi / Hi
Low
Medianet is an architecture, a blueprint that customers can use
as a guide towards building a scalable, efficient deployment
A medianet has the following characteristics:
• Media Aware
• Endpoint Aware
• Network Aware
There are four capabilities in Cisco Medianet:

• Auto configuration of video endpoints via Auto Smartports
• Media monitoring via Mediatrace, etc.
• Media Awareness via Media Service Interface, Media Service Proxy
• Management Solutions via Cisco Prime, LMS, etc.
Auto configuration
Media Monitoring
Flow Metadata
Media Services Proxy
TP CTS TP C & Ex Series Network

Digital Media Player 4300/4500 Series Jabber for
WBS27.FR26 4310G/4400 HD Box Cameras Windows VXC Management
2H 2013 Q4 2012
1H 2013
1H 2013
Media Services Interface

Cisco Prime:
Auto Configuration: Media Monitoring: Media Awareness: Collaboration Manager 1.1
• Auto smart ports • Performance monitor • Media Services Proxy Cisco Prime Infrastructure 2.0
• Location • Mediatrace • Flow Metadata
• IPSLA VO
ISR G2 2900/3900 Series

ISR 880/890 Series Catalyst 3750/3560 Catalyst 4500/ Catalyst 6500/6500-E
Series 4900 Series Series Sup2T ASR 1000 Series ASR 9000 Series
Network Elements
Q4 2012
1H 2013 2H 2013
Catalyst 2960S/2960 Series
Sup720 2H 2013
Medianet Readiness Assessment Service *Confidential
Datasheet: http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-612429.html
Cisco Mediatrace
• Mediatrace discovers and queries L2 and L3 nodes along a
flow path
• Gathers system resource, interface and flow specific
(perfmon) stats
- For performance monitor: dynamically configures monitoring policy (if
needed) 5-tuple + intervals etc. match static policy)
• Consolidates information into a single screen

• Allows for easy comparisons of device behavior
- Which interface is dropping packets?
- Where is DSCP getting reset?
• Can be requested:
• By remote device
• Automatically (based on thresholds) via EEM script
Available via:
- Cisco IOS Exec CLI.
- Periodic configuration via IOS configuration.
- Launch from endpoints.
Modes:
- Hop Poll: performs only path discovery.
- System Poll: in addition to performing node and interface discovery, statistics
from the interfaces are collected.
- Perfmon Poll: collects flow specific statistics. If additional information, such as
the IP protocol and Layer 4 ports is specified, the query will be as detailed as
possible.
BR-CAT3750#mediatrace poll path source 10.87.93.11
destination 10.87.80.162 perf-mon
Started the data fetch operation.
Waiting for data from hops.
This may take several seconds to complete...
Data received for hop 0
Data fetch complete.
initiator#show mediatrace session stats 1
Session Index: 1
…
Mediatrace Hop Number: 2 (host=responder2, ttl=253)
Metrics Collection Status: Success
Reachability Address: 10.10.34.3
Ingress Interface: Gi0/1
Egress Interface: Gi0/2
Metrics Collected:
Flow Sampling Start Timestamp: 23:45:56
Loss of measurement confidence: FALSE
Media Stop Event Occurred: FALSE
IP Packet Drop Count (pkts): 0
IP Byte Count (Bytes): 6240
IP Packet Count (pkts): 60
IP Byte Rate (Bps): 208
Packet Drop Reason: 0
IP DSCP: 0
IP TTL: 57
IP Protocol: 17
Media Byte Rate Average (Bps): 168
Media Byte Count (Bytes): 5040
Media Packet Count (pkts): 60
RTP Interarrival Jitter Average (usec): 3911
RTP Packets Lost (pkts): 0
RTP Packets Expected (pkts): 60
RTP Packet Lost Event Count: 0
RTP Loss Percent (%): 0.00
Key Features Benefits
• Monitor media performance • Real-time monitoring of voice
metrics, i.e. jitter, loss and video performance across
network
• Integrate with NBAR2 to identify
applications • Accelerate troubleshooting –
identify what, where, when is the
• Setting threshold and generating problem
alert/alarm
• Proactive troubleshooting
• Standard FNFv9 export
• Validate SLA
Management Tool
i.e. PI 2.0
FNFv9 FNFv9
Alarm Alarm
Syslog Syslog
Voice/video Voice/video
WAN Endpoints
Endpoints
Medianet
Perf Monitoring
Cisco Medianet Auto Configuration via
Auto Smartports
 Automatically detects a Medianet device via the Cisco
Medianet Service Interface and configures the switch port to
support that particular device
 No more reserving ports for specific devices
 Takes advantage of Cisco best practices
 Interface-level configuration applied based on device
attached.
 Configuration removed when device is disconnected.
 User-created custom macros supported.
 User-created macros can override Cisco built-in macros
Cisco Devices
• Access Point
• IP Phone
• Digital Media Player
• IP Video Surveillance Camera
• Switch
• Router
Non Cisco Devices

• MAC address OUI can be used
1. Endpoint identifies itself – Cisco Discovery Protocol or MAC Range
2. Automate network configuration – Auto SmartPorts macro configures:
- VLAN assignment
- QoS
- Security
3. Automate location configuration - Location integration
Switch provides civic &

geo location info to
Cameraregisters
Camera with MSI: endpoint – CDP: location
Assign to VLAN 10 &
itssend ‘device
location infotype’ = = bldg 24/room 5
‘Camera’ via CDP apply QoS policy x
with its manager
Catalyst Switch
Cisco IP Camera
Decide access and voice vlans for the network
• ASP will control which end-points (next slide)
Apply stub configuration

• All ports - Access mode
• Access VLAN – as planned
• Helps avoid DHCP timeout for new clients
Decide which ports will be managed via ASP

IMPORTANT:
• Follow ALL of the above steps to avoid instabilities when ASP is
enabled.
1) Stub configuration on all ports – Access vlan 10
2960s(config)#int range GigabitEthernet 1/0/1 – 48
2960s(config-if-range)#switchport access vlan 10
2960s(config-if-range)#switchport mode access
2) Enable for only LWAP AP and IP Phones

2960s(config)#macro auto global control device phone
lightweight -ap
3) Set vlan parameters for the AP and IP phone

2960s(config)#macro auto device phone ACCESS_VLAN=10 VOICE_VLAN=11
2960s(config)#macro auto device lightweight-ap ACCESS_VLAN=10
4) Enable and Show ASP

2960s(config)#macro auto global processing
Director#sh macro auto ?

address-group Display configd address groups
device Display device macro information
event macro event related commands
global Display global macro information
interface Display interface auto smart port status
Cisco Media Service Interface and Media
Service Proxy
How do I know the applications/end
points connected to the network
Auto device detection with
automatically? MSP
I have lot of non-Cisco gear in the end Third Party support with
point space. Will I still benefit from the MSP: supporting a range of
Medianet architecture? well known protocols
I want to apply my network features

not just based on the IP info but Metadata: app-level info
based on application parameters. available to the network;
Where can I get these application
level info from the network?
Integration with core
features/services like QoS,
Netflow and Monitoring.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Flow metadata is the information which describes the flow:
Architecture • End to End Signaling of flow attributes
• Explicit – MSI (End Points)

Producers • Implicit – MSP (Network)+ Device
Discovery
Network • QoS
Services
• RSVP
Transport • Routers, Switches
MSI - Application Name
from Endpoint
Apply uniform
QoS policies based MSP- Application name
on Metadata from endpoint + flows
Webex-video
from switch
NEs
Surveillance
Camera
Enable conf t
metadata flow
Metadata Database
5 Tuple Flow ID Application
Src IP Dst IP S. Port D. Port Protocol Name
10.76.109. 10.76.109. 120 200 UDP Telepresence-
TelePresence 45 51 0 0 media
10.76.109. 10.76.109. 211 312 TCP webex-Video
46 52 1 2
10.76.109. 10.76.109. 210 312 UDP rtp

47 53 0 3
Before Metadata After Metadata
QoS policies would be based on
source/destination IP address, QoS policies would be based on
source/destination ports or DSCP application type.
markings.
class-map match-any PQ class-map match-any PQ

match ip dscp ef match application rtp
match ip dscp cs4 policy-map TP
policy-map TP class PQ
class PQ priority
DSCP Reset priority DSCP Reset class class-default
class class-default dbl
dbl
If there is a DSCP reset in the path,

the QoS policy is still applicable as
If there is a DSCP reset in the path, the underlying source/dest IP and
the QoS policy is no longer ports and DSCP marking can be
applicable. referred to using metadata table:
Source IP Destination IP S. Port D. Port Application
10.76.109.45 10.76.109.51 1200 2000 TelePresence
Configuration
• Enable MSP – Switch will snoop RTP/SIP/H.323 packets for device identification and
creating flows
profile flow
• Create Profile
media-proxy services profile msp-1
rsvp  Enable RSVP
metadata  Flow information from MSP exported to metadata
!
media-proxy services msp-1
Metadata
S S S
1 2 3
Configuration: Configuration:
Configuration: Metadata flow
MSP for 3rd Party Camera Profile flow Metadata flow
Flow created by switch will Media-proxy services profile msp-1
be sent to other network Rsvp
devices using metadata Metadata
Media-proxy services msp-1
Metadata flow
Cisco Flexible NetFlow
Campus Building A Campus Building B
4 Typical causes of poor application

performance :
11 Bandwidth/capacity bottleneck
22 Unauthorized use of network resource
33 Security Monitoring
44 Monitor Non-Corporate Devices
3 Campus
Core 2
3
Benefits of Flexible NetFlow
Internet
NOC 1 Flexible NetFlow provides:
 Ability to monitor different protocols like IPv4, IPv6
Campus and Layer-2
Building C  Determines applications by combination of port
and payload
 Flow information who, what, when, where
2  Flexible NetFlow allows customized key fields
selection
 Exports based on the template-based NetFlow v9
2
• Ingress & Egress NetFlow. (4K Ingress only)
• Per Interface activation, NetFlow

support on all ports.
• Bridged NetFlow. Can create and
track bridged IP flows.
• If stack, individual stack members
export own NetFlow records directly
to Collector.
• VRF-aware export. (4K/6K)
• EFSU support.(6K)
• Hitless ISSU. (4K)
Key fields are unique per record
2 1 • Match statement in the CLI 2 1
Key Fields Packet 1

Non-key fields are attributes or Key Fields Packet 2
characteristics of a packet
Source IP 1.1.1.1 Source IP 3.3.3.3
Destination IP 2.2.2.2 • Collect statement in the CLI Destination IP 4.4.4.4
Destination port 80 Destination port 443
Layer 3 Protocol TCP - 6
If packet key fields are unique, a new Layer 3 Protocol TCP - 6
entry is created
TOS Byte 0 TOS Byte 0
Non-key Fields Packet 1 Otherwise, update the non-key fields, Non-key Fields Packet 2
Length 1250 e.g. packet count Length 519
Netflow
NetflowCache
CacheAfter Packet
Before 1 1
Packet
Source IP Dest. IP Dest Prt Protocol TOS … Bytes

1.1.1.1 2.2.2.2 80 6 0 … 11250
10000
Key fields Non-key fields
1. Configure the Exporter
Where do I want
Router(config)# flowmy data sent?
exporter my-exporter
Router(config-flow-exporter)# destination 1.1.1.1
Router(config-flow-exporter)# option interface-table timeout 3600
Router(config-flow-exporter)# option sampler-table timeout 3600
Router(config-flow-exporter)# option application-table timeout 3600
2. Configure the Flow Record Key fields

What data
Router(config)# do record
flow I want to meter?
my-record
Router(config-flow-record)# match ipv4 destination address
Router(config-flow-record)# match ipv4 source address
Router(config-flow-record)# collect counter bytes
3. Configure the Flow Monitor Non-key fields

Router(config)# flow monitor my-monitor
Router(config-flow-monitor)# exporter my-exporter
Router(config-flow-monitor)# record my-record
How do I want to cache information
4. Apply to an Interface
Router(config)# interface s3/0
Router(config-if)# ip flow monitor my-monitor input
Which interface do I want to monitor?
• List of all possible information elements
show flow exporter export-ids netflow-v9
• Template assignment
show flow exporter template
• High watermark in the cache
show flow monitor <flow-monitor> statistics
• NetFlow configuration
show running flow [exporter | monitor | record]
• Display NetFlow cache information
show flow monitor <name> cache format table
Cisco Packet Capture Technologies
Hosted  Embedded Wireshark
IOSd Apps application for real time traffic
capture and decoding with
Features customer-familiar user interface
Components
 Simplified monitoring and
troubleshooting
Common Infrastructure / HA  Wireshark hosted as a 3rd party
Management Interface application
Module Drivers
Kernel  Leverages IOS capabilities for
selective packet capture
 Supported on Catalyst 4500
Sup7-E, 4500-X Series & 3850,
etc.
• Cisco IOS XE can host third- Wireshark Operation—How Is It
party apps Done?
• Wireshark is a software process 1. Original packets are
• Capture filters hardware-switched to
destination
• Display filters
2. Copies of the interesting traffic
• Store packets in a pcap file that are generated in hardware
the user can manually
TFTP/SSH to remote server 3. Processed by software at a
rate-limited packet per second
• Support for multiple active to protect CPU utilization
capture points
4. The software interacts with the
Wireshark module and writes
the pcap files
• Simple capture and display
Switch# monitor capture point mycapture interface g1/1 filter ip protocol
tcp src 10.1.1.1 0.0.0.0 dest-port 80
Switch# monitor capture point mycapture start display brief
Switch# show monitor capture buffer mycap detailed
• Delete the capture point

Switch# no monitor capture point mycapture
• Simple capture and store

Switch# monitor capture point mycapture interface g1/1 filter ip protocol
tcp src 10.1.1.1 0.0.0.0 dest-port 80 associate file
bootflash:mycapture.pcap
Switch# monitor capture point mycapture start
Switch# monitor capture point mycapture stop
Switch# show monitor capture file bootflash:mycapture.pcap
• Display packets from a .pcap file with a display filter

Switch# show monitor capture file bootflash:mycapture.pcap display-filter
“net 10.1.1.0 0.0.0.255 and port 80”
• Display packets in brief mode
Switch# show monitor capture file bootflash:mycapture.pcap
1 0.000000000 192.168.1.1 -> 192.168.1.10 UDP Source port: 59552 Destination port: 9995
3 32.733140560 c8:4c:75:b4:0f:7f -> 01:00:0c:cc:cc:cc CDP Device ID:
4507_Sup7E_Access.cisco.com Port ID: GigabitEthernet2/10
• Display packets in detail mode

Switch# show monitor capture file bootflash:nflow.pcap detailed
Frame 2: 880 bytes on wire (7040 bits), 880 bytes captured (7040 bits)
Arrival Time: Nov 2, 2011 03:21:13.992382490 Universal
<..SNIP..>
Frame Number: 2
Frame Length: 880 bytes (7040 bits)
Capture Length: 880 bytes (7040 bits)
<..SNIP..>
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f), Dst: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)
Destination: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)
Address: e0:00:0a:61:4e:1a (e0:00:0a:61:4e:1a)
<..SNIP..>
Source: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f)
Address: c8:4c:75:b4:0f:7f (c8:4c:75:b4:0f:7f)
<..SNIP..>
<output omitted>
• Traffic is captured via capture
SPAN session
• Packets are stored in a local
memory buffer
• Protocol filtering available by:
- VLANs
- ACLs
- MAC addresses
- EtherType
- Packet size
• Available on Catalyst 6500 since
IOS 12.3(33)SXI
• Filtering Configuration Example
6500# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
6500(config)# monitor session 1 type capture
6500(config-mon-capture)# source vlan 123,234-245
6500(config-mon-capture)# filter ethertype 0x8100
6500(config-mon-capture)# filter length 8192
6500(config-mon-capture)# filter mac-address 0123.4567.89ab
6500(config-mon-capture)# filter access-group 99
6500(config-mon-capture)# end
6500# show monitor capture
Capture instance [1] :
======================
Capture Session ID : 1
Session status : up
rate-limit value : 20000
redirect index : 0x7E07
Capture vlan : 1019
buffer-size : 4194304
capture state : OFF
capture mode : Linear
capture length : 68
Sw Filters :
ethertype : 33024
src mac : 0123.4567.89ab
Hw acl : 99
• The Cisco AVC solution is a suite of services in Cisco network devices that
provides application-level classification, monitoring, and traffic control.
• A Cisco Medianet architecture facilitates automation and delivers visibility for
greater scale and policy management across the network to endpoints
anywhere.
• Mediatrace discovers the routers and switches along the path of an IP flow
and can dynamically configure and retrieve general node information as well
as flow-specific metrics leveraging the performance monitor feature.
• Medianet auto configuration is designed to ease the administrative burden on
the network administrator by allowing the network infrastructure to
automatically detect a Medianet device attached to a Cisco Catalyst switch.
• MSI is flow information generated by the endpoint and provided to the switch;
MSP is flow information generated by the switch for a non-MSI endpoint
• Cisco IOS Flexible NetFlow is the next-generation in network forensics
technology enabling application visibility into the network
• Cisco packet capture technology available on different Catalyst switch
platforms include Wireshark and MPA on the Catalyst 6500 Switch.
• Task 1: Configure Cisco Medianet
• Task 2: Implement Cisco Mediatrace
Video Server
• Task 3: Configure Flexible NetFlow
- Bonus Points – Use CLI for
verification/testing
• Task 4: Use Wireshark for inspection
of the packets
- Optional
Module 8 Lab Goal:

As the HTA Hospital Network lead, your
goal to provide Application Visibility and Video Player
Control (AVC) features in the network
infrastructure in order to improve quality
of user experience through the application-
aware network optimization and control.

00.building Business Case SIP WP

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

00.building Business Case SIP WP

Enviado por

Direitos autorais:

Formatos disponíveis

Application Visibility and Control

Configuring AVC includes completing the following tasks:

Enhanced Object Perf Monitor

Clean Air Flexible NetFlow Perf Monitor

Media Service Mediatrace

WIRELESS LAN CONTROLLER

R2 LIBRARY NETFLOW (STATIC

Enable AVC on each

Predefined Markings for Voice, Video,

Apply the custom profile per WLAN

BYOD / Web- Streaming Video Desktop Conferencing TelePresence

 Delay / Drop  Delay / Drop  Delay / Drop  Delay / Drop

There are four capabilities in Cisco Medianet:

Media Services Proxy

TP CTS TP C & Ex Series Network

Media Services Interface

ISR G2 2900/3900 Series

Medianet Readiness Assessment Service *Confidential

• Consolidates information into a single screen

Non Cisco Devices

Switch provides civic &

Apply stub configuration

Decide which ports will be managed via ASP

2) Enable for only LWAP AP and IP Phones

3) Set vlan parameters for the AP and IP phone

4) Enable and Show ASP

Director#sh macro auto ?

I want to apply my network features

Architecture • End to End Signaling of flow attributes

• Explicit – MSI (End Points)

10.76.109. 10.76.109. 210 312 UDP rtp

class-map match-any PQ class-map match-any PQ

If there is a DSCP reset in the path,

10.76.109.45 10.76.109.51 1200 2000 TelePresence

4 Typical causes of poor application

• Per Interface activation, NetFlow

Key Fields Packet 1

Source IP Dest. IP Dest Prt Protocol TOS … Bytes

Key fields Non-key fields

2. Configure the Flow Record Key fields

3. Configure the Flow Monitor Non-key fields

• Delete the capture point

• Simple capture and store

• Display packets from a .pcap file with a display filter

• Display packets in detail mode

Module 8 Lab Goal:

Você também pode gostar