advanced application monitoring techadvantage webinar

Download Advanced Application Monitoring TechAdvantage Webinar

If you can't read please download the document

Upload: get-your-build-on-with-software-for-the-network-beyond

Post on 19-Jan-2015

538 views

Category:

Technology


4 download

DESCRIPTION

Slides from the April 16th TechAdvantage Webinar for a detailed look into Advanced Application Monitoring. Watch the Replay: https://cisco.webex.com/ciscosales/lsr.php?RCID=02dc5c0f5d2f4e3f9149560a5d55a035

TRANSCRIPT

  • 1. Cisco TechAdvantage Webinars Advanced Application Monitoring Aamer Akhter (Distinguished TME, VCG) Karthik Dakshinamoorthy (Product Manager, NOSTG) Follow us @GetYourBuildOn Well get started a few minutes past the top of the hour. Note: You may not hear any audio until we get started.

2. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Open Your Network to a New World of Possibilities and Win a Full Conference Pass to Cisco Live US 2014 BYOP (Bring Your Own Project) - You Bring It, We Code It! We want to hear from you! What network problems keep you up at night? What in your network do you wish you could automate? Submit your thoughts and ideas as to what you want to solve and let our engineers come up with a solution! If your idea is selected, you could win a full conference pass to Cisco Live US 2014. How to Enter 1. Log in to the Cisco Communities, submit your idea: https://communities.cisco.com/thread/42494 2. Click Start a Discussion for each of your ideas. 3. Hurry, submit your idea today! A winner will be selected and notified on May 1st. Rules Read the official Terms and Conditions. 2 3. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit questions in Q&A panel and send to All Panelists Avoid CHAT window for better access to panelists Please complete the post-event survey For WebEx audio, select COMMUNICATE > Join Audio Broadcast Where can I get the presentation? Or send email to: [email protected] Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage For WebEx call back, click ALLOW phone button at the bottom of participants side panel Housekeeping 4. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public PanelistSpeakers Karthik Dakshinamoorthy Product Manager [email protected] Toerless Eckert Principal Engineer [email protected] Aamer Akhter Distinguished Engineer [email protected] Speakers & Panelist Introduction 5. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda Why Application Level Monitoring Active and Passive Monitoring IPSLA Intro to Application Awareness Performance Collection Fundamentals Flexible NetFlow, NetFlow version 9, IPFIX Moving to Performance Monitoring Performance Collection Stats, URL, ART Application Statistics URL Collection Application Response Time Performance Collection - Media Voice/Video Metrics Media Monitoring 6. Why Application Level Monitoring? 7. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Mobile Devices everywhere Cloud hosted applications Video for collaboration What Is Changing In TheApplications World? TheWhat,TheHow&TheWhere How Are Apps Accessed? Where Are Apps Hosted? What Are The New Business Apps? Internet as The WAN THE 8. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Performance is Key BYOD, Cloud Hosting, Video, Custom Apps are all good....IF they can PERFORM! What the users see ? The Network administratorIT team My applications are so slow I cannot get any work done today I do not see anything wrong My servers work fine, it must be the network Where does the problem come from ? Increased Latency, WAN, Application, Server, PC? Which Point In The Network Causes the issue? 9. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public A Day In Life Of An IT/Network Administrator.... My query is taking long time! My email is slow! Branch Data Center How do I ensure my SLA is met Reporting Tool WAN NFv9 Business critical banking applications, say SAP, taking too long in the last week Do I have the confidence to roll out 100 IP surveillance cameras in the coming month? I have a 8 Mbps leased line, and I know I am not utilizing my complete link bandwidth, but my applications are still not performing optimally. Why? What data do I have to tell my service provider? How do I make sure my best effort applications dont affect my critical applications? How can I track application based performance Where exactly is the problem: application, server, network,? And why suddenly? 10. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Network IT Complexity with Overlay Appliances Firewall Internet Internal Resources Corporate Network Access RouterWAAS Application Visibility and Control Firewall and VPN WAN Path Control 11. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public L2-L3 Transport L4-L7 Application Services Simplify Application Delivery One NetworkUNIFIED SERVICES Routing Redefined Ciscos Approach: One Network with Unified Services Control Optimization Security Visibility Routing 12. Know Your Applications Control Your ApplicationsMonitor Your Applications Granular App Detection, Performance Monitoring, Link Optimization, Bandwidth Rich Flow Information Fault Isolation, Troubleshooting Control HTTPHTTP HTTP What Does AVC (Application Visibility & Control) Comprise Of? 13. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public How to Detect Applications Granularly? First Step towards Application Aware Monitoring Integrated DPI engine (NBAR2) recognizes 1000+ applications In-service application signature update Support for IPv6/custom apps Support for application categorization L7 Classification Collect traffic statistics and 50+ performance metrics Export information using open export protocols such as netflow-v9 and IPFIX Performance Collection netflow-v9 IPFIX Capacity Planning Monitoring & Troubleshooting Bandwidth Latency NBAR2 is a Deep Packet Inspection (DPI) Technology to detect applications granularly NBAR2 Information Can be Exported using Netflow/FNF to applications 14. Measurement Systems 14 15. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Active and Passive Measurements Active: In lieu of user traffic, synthetic traffic is instrumented, injected and observed Pros Synthetic traffic can be used even when the user traffic does not exist Designed to allow better measurement than by observing user traffic Baseline sample of traffic, rather than time based user Cons Synthetic traffic is fake at some point the difference is going to matter It puts additional load on network ping, IPSLA Passive: User traffic is observed, analyzed, accounted and reported on Pros Measurement is based on real traffic, if there is a problem: its really happening Low footprint on network, additional traffic is for carrying reports Cons Needs user traffic to exist May need specialized features along path to make measurement ifmib, NetFlow, ART, performance monitor 15 Servers NetFlow: Passive Measurement ping: active measurement IPSLA: active measurement A monitoring strategy needs both active and passive monitoring 16. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Latency Network Jitter Dist. of Stats Connectivity Packet Loss FTP DNS DHCP TCPJitter ICMP UDPDLSW HTTP Network Performance Monitoring Service Level Agreement (SLA) Monitoring Network Assessment Multiprotocol Label Switching (MPLS) Monitoring VoIP MonitoringAvailability Trouble Shooting Operations Measurement Metrics Uses MIB Data Active Generated Traffic to Measure the Network DestinationSource Defined Packet Size, Spacing COS and Protocol Responder LDP H.323 SIP RTP IP SLA IP SLA: Synthetic Traffic Measurements RADIUS Video IP SLA Cisco IOS Software IP SLA Cisco IOS Software Cisco IOS Software 17. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public IPSLA Video Operation Embedded Traffic Simulator IPSLA known in industry for jitter, ICMP, etc. probes Most probes measure experience without affecting user traffic (hopefully) Need traffic to stress test network IPSLA VO provides Realistic representation of arbitrary video (RTP) traffic Packet sizes, burstiness, traffic rate, etc. pre-packaged profiles: IPTV, Video Surv, CTS Extensible via data file Custom profile generation from packet capture ActionPacked 18. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Passive Monitoring Performance Collection & Exporting What applications, how much bandwidth, flow direction? (Flexible NetFlow and NBAR2) Traffic Statistics 18 Integrated performance monitoring available for different type of applications and use cases HTTP HTTP Voice and Video Performance (Media Monitoring) Performance Collection 30% of bandwidth is voice and video Critical Applications Performance (Application Response Time) 40% of bandwidth is critical applications 19. PERFORMANCE COLLECTION 20. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Foundation: Flexible NetFlow (FNF) Build Performance Monitoring Metering Process (Flexible NetFlow Performance Monitor) Export Process (NetFlow v9, IPFIX) IETF Scope Capacity Planning Security Performance Analysis Visibility Devices NMS 21. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Foundation: Flexible NetFlow (FNF) NetFlow Key Fields vs Non-key Fields IPv4 and IPv6 support Key fields are unique per flow record (match statement) Non-key fields are attributes or characteristics of a flow (collect statement) If packet key fields are unique, new entry in flow record is created First packet of a flow will create the Flow entry using the Key Fields Remaining packets of this flow will only update statistics (bytes, counters, timestamps) Otherwise, update the non-key fields, i.e. packet count Key Fields Packet 1 Source IP 1.1.1.1 Destination IP 2.2.2.2 Source port 23 Destination port 22078 Layer 3 Protocol TCP - 6 TOS Byte 0 Non-key Fields Packet 1 Length 1250 12 12 Key Fields Packet 2 Source IP 3.3.3.3 Destination IP 4.4.4.4 Source port 80 Destination port 22079 Layer 3 Protocol TCP - 6 TOS Byte 0 Non-key Fields Packet 2 Length 519 Source IP Dest. IP Dest. I/F Protocol TOS Pkts 1.1.1.1 2.2.2.2 E1 6 0 11000 Source IP Dest. IP Dest. I/F Protocol TOS Pkts 3.3.3.3 4.4.4.4 E1 6 0 50 1.1.1.1 2.2.2.2 E1 6 0 11000 NetFlow Cache After Packet 1 NetFlow Cache After Packet 2 22. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Foundation: Flexible NetFlow (FNF) Exporting Process: NetFlow v9 and IPFIX Flow record Flow record Flow record Flow record Describe flow format A Describe flow format B Flow record A Flow record A Flow record B Exporter Collector Exporter Collector Fixed number of fields (18 fields) e.g. source/destination IP & port, input/ output interfaces, packet/byte count, ToS NetFlow Version 5 NetFlow v9 / IPFIX Users define flow record format Flow format is communicated to collector Flexible & Extensible Flow Export FormatStatic Flow Export Format 23. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public How do I want to cache information? Router(config)# flow monitor my-monitor Router(config-flow-monitor)# exporter my-exporter Router(config-flow-monitor)# record my-record Which interface do I want to monitor? What data do I want to meter? Router(config)# flow record my-record Router(config-flow-record)# match ipv4 destination address Router(config-flow-record)# match ipv4 source address Router(config-flow-record)# collect counter bytes Where do I want my data sent? Router(config)# flow exporter my-exporter Router(config-flow-exporter)# destination 1.1.1.1 Router(config)# interface s3/0 Router(config-if)# ip flow monitor my-monitor input 1. Configure the Exporter 2. Configure the Flow Record 3. Configure the Flow Monitor 4. Apply to an Interface Service Planning FNF Configuration - Example 23 24. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Flexible Flow Record: Key Fields 24 IPv4 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) TTL Protocol Options bitmap Fragmentation Flags Version Fragmentation Offset Precedence Identification DSCP Header Length TOS Total Length Interface Input Output Flow Sampler ID Direction Class ID Source MAC address Destination MAC address Dot1q VLAN Source VLAN Layer 2 IPv6 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) DSCP Protocol Extension Headers Traffic Class Hop-Limit Flow Label Length Option Header Next-header Header Length Version Payload Length Dest VLAN Dot1q priority NEW NEW 25. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Flexible Flow Record: Key Fields 25 Input VRF Name Multicast Replication Factor* RPF Check Drop* Is-Multicast BGP Next Hop IGP Next Hop src or dest AS Peer AS Traffic Index Forwarding Status Routing Transport Destination Port TCP Flag: ACK Source Port TCP Flag: CWR ICMP Code TCP Flag: ECE ICMP Type TCP Flag: FIN IGMP Type* TCP Flag: PSH TCP ACK Number TCP Flag: RST TCP Header Length TCP Flag: SYN TCP Sequence Number TCP Flag: URG TCP Window-Size UDP Message Length TCP Source Port UDP Source Port TCP Destination Port UDP Destination Port TCP Urgent Pointer RTP SSRC Application Application ID NEW NEW NEW: 2 or 4 bytes *: IPv4 Flow only NEW 26. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Flexible Flow Record: Non-Key Fields Plus any of the potential key fields: will be the value from the first packet in the flow IPv4 and IPv6 Total Length Minimum (**) Total Length Maximum (**) Counters Bytes Bytes Long Bytes Square Sum Bytes Square Sum Long Packets Packets Long Bytes replicated Bytes replicated Long Packets replicated Packets Replicated Long Timestamp sysUpTime First Packet sysUpTime First Packet Absolute first packet Absolute last packet IPv4 Total Length Minimum (*) Total Length Maximum (*) TTL Minimum TTL Maximum (*) IPV4_TOTAL_LEN_MIN, IPV4_TOTAL_LEN_MAX (**)IP_LENGTH_TOTAL_MIN, IP_LENGTH_TOTAL_MAX NEW NEW 26 27. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Key Fields Packet #1 Source IP 10.1.1.1 Destination IP 173.194.34.134 Source Port 20457 Destination Port 23 Layer 3 protocol 6 TOS byte 0 Ingres Interface Ethernet 0 Src. IP Dest. IP Src. Port Dest. Port Layer 3 Prot. TOS Byte Ingress Intf. 10.1.1.1 173.194.34.134. 20457 80 6 0 Ethernet 0 Key Fields Packet #2 Source IP 10.1.1.1 Destination IP 72.163.4.161 Source Port 30307 Destination Port 80 Layer 3 protocol 6 TOS byte 0 Ingres Interface Ethernet 0 Src. IP Dest. IP Src. Port Dest. Port Layer 3 Prot. TOS Byte Ingress Intf. App Name Timesta mps Byttes Packets 10.1.1.1 173.194.34.134 20457 80 6 0 Ethernet 0 HTTP 10.1.1.1 72.163.4.161 30307 80 6 0 Ethernet 0 Youtube NetFlow cache News Flexible NetFlow - NBAR Integration flow record app_record! match ipv4 source address! match ipv4 destination address! match ..! match application name! ! First packet of a flow will create the Flow entry using the Key Fields Remaining packets of this flow will only update statistics (bytes, counters, timestamps) 28. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Flexible NetFlow NBAR Integration Configuration Example 1941-7# sh flow monitor MONITOR-FNF-NBAR-INGRESS cache format table! Cache type: Normal! ! [SNIP]! ! IPV4 SRC ADDR IPV4 DST ADDR APP NAME bytes long pkts! =============== =============== =========================== ============== ==========! 2.1.1.1 1.1.1.11 cisco active-directory 567 3! 2.1.1.1 1.1.1.1 cisco citrix 1413406 19501! 2.1.1.1 1.1.1.1 NBAR 001myapp 13638318 11957! 2.1.1.1 1.1.1.1 port http 6944126 5461! 2.1.1.1 1.1.1.1 cisco share-point 541128 2782! 2.1.1.1 1.1.1.5 cisco ping 180 3! 2.1.1.1 1.1.1.1 port secure-http 28880 193! 2.1.1.1 1.1.1.35 cisco rtp 1266160 21108! 2.1.1.1 1.1.1.35 cisco rtcp 8000 88! NBAR = Custom Applications engine cisco = L7 App Engine Port = L4 port Engine 29. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps6601/networking_solutions_products_genericcontent0900aecd805ff728.html BillingDenial of Service Traffic Analysis CS-Mars NetFlow Partners 29 30. PERFORMANCE COLLECTION APPLICATION RESPONSE TIME 31. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Response Time Network Path Segments 31 Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation Separate application delivery path into multiple segments Server Network Delay (SND) approximates WAN Delay Latency per application Application Servers Total Delay Client Network Clients Client Network Delay (CND) Application Delay (AD) Network Delay (ND) AVC Server Network Request Response Server Network Delay (SND) 32. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public TT Client Server X SYN SYN-ACK ACK 6 Request 1 ACK DATA 4 DATA 3 DATA 5 DATA 3 Request 1 (Cont) X DATA 4 DATA 1 Request 2 DATA 6 DATA 2 ACK 3 ACK SND CND 32 Understand IOS ART Metrics Calculation Request Response Retransmission RT Response Time (RT) t(First response pkt) t(Last request pkt) Transaction Time (TT) t(Last response pkt) t(First request pkt) Network Delay (ND) ND = CND + SND Application Delay (AD) AD = RT SND Quantify User Experience Identify Server Performance Issue ART 33. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Application Response Time Measurement Screenshots: courtesy LivingObjects For Your Reference 34. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 For Your Reference 35. PERFORMANCE COLLECTION URL COLLECTION 36. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 URL Collection Top Domain, hit counts Key Features Provide web browsing activity report Standard IPFIX export IOS: PA or MMA (15.4(1)T) IOS-XE: MMA Utilize IPFIX Format which is extensible Benefits Visibility into top domains Monitors data in Layers 2 thru 7 Most visited web site Most visited URL per site How many hits for a particular domain extracted from HTTP request message http://www.cnn.com/US http://www.cnn.com/US http://www.cnn.com/WORLD www.cnn.com www.facebook.co m www.youtube.co m http://www.youtube.com/ciscolivelondon http://www.youtube.com/olympic http://www.facebook.com/farmville http://www.facebook.com/farmville http://www.facebook.com/farmville http://www.facebook.com/cisco 37. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Example: URL Hit Count Report 37 Courtesy of LivingObjects How many hits for a particular domain extracted from HTTP request message 38. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Top Domain and URL Hit Count Report Configuration Sample NBAR extracts fields from flows and exposes it into Application Response Time Engine (ART). ISR-G2: ART engine is available with PA. ASR1k: ART engine is available under FNF Requires IPFIX export for variable length fields (URL) News flow record type performance-monitor ART-RECORD-URL! match connection transaction-id! collect application http url! collect application http host! ASR1kUniedMonitoring flow record type mace PA-RECORD! collect application http uri statistics! collect application http host! !! ISR-G2k-PA Using a connection/ transaction records with export on transaction-end. So hit count =1, each URL is exported on a different record. 38 39. PERFORMANCE COLLECTION MEDIA PERFORMANCE 40. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Voice/Video Metrics : Why and Where? 40 Application/Traffic Statistics URL/URI Statistics Application Response Time Voice / Video Metrics Flexible Netflow Based Basic Statistics Only Data, Voice or Video Used by Network Admin TCP/HTTP Based Statistics Mainly for Data Applications Used by Network Admin Voice/Video Based Statistics RTP Level Statistics Used by Voice/Video Admin & Network Admin 41. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Why media monitoring is important? Simplified video transmission view Coding Transmission Decode Very sensitive to jitter, packet lost, delay......... 42. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1080linesofHorizontalResolution 1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9) 1080 x 1920 lines = 2,073,600 pixels per frame x 3 colors per pixel x 1 Byte (8 bits) per color x 30 frames per second = 1,492,992,000 bps or 1.5 Gbps Uncompressed H.264-based HD Codecs transmit 3-5 Mbps per 1080p image which represents over 99.67% compression (300:1) Therefore packet loss is proportionally magnified in overall video quality Users can notice a single packet lost in 10,000Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP! Impact of Video Compression on Packet Loss Tolerance 43. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Per-Application Latency, Jitter, Loss Targets Application Latency (one way) Jitter Loss (VoD) Loss (Live) Streaming Video < 1000 ms < 100 ms < 0.1% < 0.05% Video Conferencing < 150 ms < 30 ms NA < 0.10% TelePresence < 150 ms < 10 ms NA < 0.05% Digital Signage < 1000 ms < 100 ms < 0.1% 0% IPTV < 1000 ms < 100 ms < 0.1% 0% Video Surveillance < 1000 ms < 100 ms < 0.1% < 0.05% for reference 44. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public IOS Performance Monitor / Media monitoring Router/Switch Native RTP Analysis Network nodes are able to discover & validate RTP on hop by hop basis la carte metric (loss latency, jitter, etc.) selections, applied on operator selected sets of traffic Allows for fault isolation and network span validation Cross-network synchronized time windows for measurement Same 30 second (default) intervals measured Per-application threshold and alerting. NetFlow/IPFIX and MIB Interfaces Media monitoring Enabled MSIISR G1, ISR G2, ASR1k Cat3k, Cat4k, Cat6k 45. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Performance Monitor / MMON Understand RTP metrics 45 RTP packet drops on the WAN interface (input) or on the LAN interface (output). Synchronization source identifier (SSRC) to distinguish between different audio and video channels if they share the same UDP session (TP). RTP jitter values RTP payload type gives you an idea of the kind of media in an RTP stream A B Output Input Input Output Output Input Input Output Reports Loss Reports No Loss Loss occurs between A and B 46. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Performance Monitor / MMON Flow Analysis 46 Packet Loss Flow Analysis WAN ISR-G23#show performance monitor status policy pm-policy class-map telepresence Codes: * - field is not configurable under flow record NA - field is not applicable for configured parameters Match: ipv4 source address = 10.87.93.45, ipv4 destination address = 10.87.93.250, transport source-port = 4444, transport destination-port = 32771, transport rtp ssrc = 2742088475, ip protocol = 17, Policy: pm-policy, Class: telepresence transport packets lost counter : 0 transport packets lost rate ( % ) : 0.00 transport event packet-loss counter : 0 transport rtp jitter mean (usec) : 77 transport rtp jitter minimum (usec) : 207 transport rtp jitter maximum (usec) : 31331 application media bytes rate : 465363 application media packets rate : 405 ip dscp : 0x20 10.87.93.45 10.87.93.250 Packet Loss 47. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Media Performance Metrics ISR-G2 Configuration from PI 2.0 47 ASR1k collect routing forwarding-status collect ipv4 dscp collect ipv4 ttl collect transport packets expected counter collect transport packets lost counter collect transport packets lost rate collect transport event packet-loss counter collect transport rtp jitter mean collect transport rtp jitter minimum collect transport rtp jitter maximum collect interface input collect interface output collect counter bytes collect counter packets collect counter bytes rate collect timestamp interval collect application media bytes counter collect application media bytes rate collect application media packets counter collect application media packets rate collect application media event collect monitor event match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match transport rtp ssrc Key Fields Non-Key Fields for reference 48. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Audio Quality Metrics (AQM) on CUBE AQM provides deeper insight into the media flows that are processed by the CUBE / Voice gateways ISRG2, c8xx 15.3(3)M ASR1k (coming soon) Available via MIB, CDR and performance monitor PRI SIP/media 49. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Example Configuration AQM performance monitor media monitoring configuration under voice service voip or dial- peer Controls generation of metrics on CUBE/VG To export via NetFlow, regular performance monitor configuration just include the AQM fields MIB CISCO-VOICE-DIAL-CONTROL- MIB voice service voip media monitoring [num] persist ! num is number of channels used to monitor media statistics ! delay calc, MOS etc OR dial-peer voice [tag] voip media monitoring ! flow record type performance-monitor aqm match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect application voice number called collect application voice number calling Regular performance monitoring configuration continues 50. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Video Quality Metrics (VQM) on ISR G2 VQM deeper insight into the video flows (H.264) that are crossing routers ISRG2, c8xx 15.3(3)M Available via performance monitor 51. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Example Configuration VQM performance monitor no shut under video monitoring global config. To export via NetFlow, regular performance monitor configuration just include the AQM fields video monitoring maximum-sessions 10 no shutdown flow record type performance-monitoring vqm-rec match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match transport rtp ssrc collect application video resolution [ width | height ] last collect application video frame rate collect application video payload bitrate [ average | fluctuation ] collect application video frame [ I | STR | LTR | super-P | NR ] counter frames collect application video frame [ I | STR | LTR | super-P | NR ] counter packets [lost] collect application video frame [ I | STR | LTR | super-P | NR ] counter bytes collect application video frame [ I | STR | LTR | super-P | NR ] slice- quantization-level collect application video eMOS compression [ network | bitstream ] collect application video eMOS packet-loss [ network | bitstream ] collect application video frame percentage damaged collect application video scene-complexity collect application video level-of-motion collect transport rtpsequence-number [ last ] 52. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Dynamic Monitoring with Mediatrace Let mediatrace do the walking for you! Mediatrace discovers and queries L2 and L3 nodes along a flows path Gathers system resource, interface and flow specific (perf-mon) stats For performance monitor: dynamically configures monitoring policy (if needed) 5-tuple + intervals etc. match static policy). Consolidates information into a single screen Allows for easy comparisons of device behavior Which interface dropping packets? Where is DSCP getting reset? Can be requested by remote device Automatically (based on thresholds) via EEM script MSI Mediatrace avl in WebEx T28 TC/TE6 and CTS MSI MSI 53. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public VXR-AA0310#mediatrace poll path-specifier source 10.1.160.3 destination 10.1.3.3 perf-monitor Started the data fetch operation. Waiting for data from hops. This may take several seconds to complete... Data received for hop 0 Data received for hop 1 Data received for hop 2 Data fetch complete. Results: Mediatrace Hop Number: 0 (host=VXR-AA0310, ttl=255) Mediatrace Hop Number: 1 (host=3845-AA0216, ttl=250) Metrics Collection Status: Success Reachability Address: 10.1.162.2 Ingress Interface: Fa0/0/0 Egress Interface: Fa0/0/1 Metrics Collected: Flow Sampling Start Timestamp: 01:30:42 Loss of measurement confidence: FALSE Media Stop Event Occurred: FALSE IP Packet Drop Count (pkts): 0 IP Byte Count (Bytes): 207398 IP Packet Count (pkts): 898 IP Byte Rate (Bps): 6913 Packet Drop Reason: 0 IP DSCP: 34 IP TTL: 57 IP Protocol: 17 Media Byte Rate Average (Bps): 6314 Media Byte Count (Bytes): 189438 Media Packet Count (pkts): 898 RTP Interarrival Jitter Average (usec): 6677 RTP Packets Lost (pkts): 0 RTP Packets Expected (pkts): 893 RTP Packet Lost Event Count: 0 RTP Loss Percent (%): 0.00 Mediatrace Perf-Mon Poll Mediatrace perf-mon poll Flow specific statistics Performance-monitor policy automatically configured (if needed) along path, then flow data collected Fixed field-sets for RTP and TCP flow analysis Mediatrace 2.0 removes requirement of Layer-4 ports in mediatrace request. 10.1.160.3 10.1.3.3 10.10.12.2 54. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Reverse Mediatrace Exploring the destination to source path 54 15.3(1)T Initiator on the common path segment Forward media Forward mediatrace Reverse media Reverse mediatrace ResponderForward media and reverse media may take different path; Initiator and proxy both need to be on the common path segment Proxy initiator on the common path segment Configured as Initiator 55. Metrics Unification & Ease-Of-Use 56. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Flexible Netflow Common CLI and Framework to Export Various Metrics 56 Netflow Conversation Stats Perf-Mon ART Define Flow Exporter - where to send Apply Flow monitor to Interface, Direction Define Flow Record - Match & Collect Common Flexible Netflow Based Monitoring flow record RECORD-FNF match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match flow direction collect interface output collect counter bytes long collect counter packets flow record type performance-monitor my-rec match routing vrf input match ipv4 protocol match application name account-on-resolution match connection client ipv4 address match connection server ipv4 address match connection server transport port collect connection new-connections collect connection sum-duration collect connection server counter bytes long collect connection server counter packets long collect connection client counter bytes long collect connection client counter packets long flow record type performance-monitor my-rec match routing vrf input match ipv4 protocol match application name match connection client ipv4 address match connection server ipv4 address match connection server transport port collect ipv4 dscp collect connection delay response to-server sum collect connection server counter responses collect connection delay network to-server sum collect connection delay network to-client sum flow record type performance-monitor pm-ipv4 match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match ipv4 protocol match transport rtp ssrc collect transport packets lost counter collect transport packets lost rate collect transport rtp jitter mean collect transport rtp jitter minimum collect transport rtp jitter maximum collect application media packets rate 57. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Evolving to Unified Monitoring 57 Certain metrics available for certain features. Multiple features to configure Separate provisioning This was the current model for IOS All metrics are available within single feature Single provisioning This is the current model for IOS XE This is new in IOS 15.4(1)T Exporting Provisioning Collecting Exporting Provisioning Collecting Exporting Provisioning Collecting NetFlow v9 Export IPFIX Export Flexible NetFlow (FNF) Performance Agent (PA) PerfMon Performance Agent (PA) Collecting Collecting Collecting Traffic Stats Records Media Records ART Records Provisioning Exporting NetFlow v9 Export IPFIX Export App Usage Top Talker Voice/Video Perf App Response Time App Usage Top Talker Voice/Video Perf App Response Time NEW Now Available on IOS and IOS-XE 58. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Metric Collection (MMA) Correlation, Aggregation, Alerts Flexible NetFlow 58 Unified Monitoring Metric Mediation Agent (MMA) Overview Traffic Export NetFlow v9 or IPFIX Metrics Data Prime Infrastructure Partners Metric Providers Traffic Statistics Application Response Time Media Performance URL Collection Application Recognition (NBAR2) Deep Packet Inspection Engine identifying +1000 applications Control (QoS) Application Priorization Application Bandwidth Management 59. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 AVC Configuration Prime Infrastructure Enable AVC with just ON/ OFF button With Cisco Prime Infrastructure 2.0 60. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 AVC Configuration Prime AVC One-Click Enable AVC in one-click One device at a time Two simple steps 1. Select interface(s) 2. Enable 1 2 61. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public AVC Configuration ezPM 61 Enable AVC and enable flexibility: Configuring exporters Enable / Disable various traffic-monitors (a.k.a tools) For each traffic-monitor, override some default parameters (IPv4/6, Ingress/Egress, traffic to which the monitor is applied, cache size..) Monitor Name Default Traffic Classification Application-Response-Time (ART) All TCP URL HTTP applications Media RTP applications over UDP Conversation-Traffic-Stats Remaining traffic not matching other classifications Application-Traffic-Stats DNS and DHT IOS-XE: 3.10 IOS 15.4(1)T 62. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public ezPM 62 Equivalent to ~650 lines of configuration Records/Monitors/Class-maps/Policy-map pre-defined ! User defined ezPM context performance monitor context my-visibility profile application-experience exporter destination 10.10.10.10 source GigabitEthernet0/0/1 traffic-monitor all ! ! Attach the context to the interface interface GigabitEthernet0/0/2 performance monitor context my-visibility ! IOS-XE: 3.10 IOS 15.4(1)T 63. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Various Monitoring Solutions What They Can Collect 63 Monitoring Solution Netflow ART Perf-Mon IPSLA Metrics Available Packet Counters Client Network Delay RTP Jitter ICMP Echo Byte Counters Server Network Delay Packet Loss ICMP Path Jitter Packet Length Application Delay Latency ICMP Path Echo TTL Total Network Delay Media Bytes UDP Echo DSCP RTT Media Packets UDP Jitter Uptime Conversation Stats RTP SSRC Application Name WAAS Metrics # Packets Expected Multicast Replication # New Connections # Late Responses # Retransmissions Use Cases All IP apps, TCP, HTTP apps, Voice, Video Metrics Data, Voice, Video L3-4 Metrics L4-7 Metrics L4-7 Metrics (based on probe) Platforms ISRG2, ASR1k, cat6k, ISRG2, ASR1k ISRG2, ASR1k, cat6k ISRG2, ASR1k, cat6k cat4k, 3850 cat4k, cat3k, 3850 cat4k, cat3k, 3850 64. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Thank you! Please complete the post-event survey Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn 65. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public Connect Problem Detection, Isolation and Root-cause Analysis Application: sharepoint Issue: High Transaction Time Site: San Jose DC Identify application with high response time Analyze application performance over time Zoom to investigate specific performance issues Time-based Filter Identify the impacted client and contributing servers Analyze server activity 66. 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public IPSLA Multicast Support IPSLA Multicast available: 15.2(4)M (Aug2012) One Way Delay (NTP req) One Way Jitter Packet Loss Configuration is on IP SLA Sender Have to specify each responder explicitly in endpoint-list Responder becomes mcast receiver, IGMPv3 (G) and (S,G) behavior ISRG2, ISR4451X, ASR1k, CSR1000v, cat4k(sup7/6), c7600 SLAsender(config)#ip sla endpoint-list type ip mylist ip-address 172.16.1.2,172.17.1.2 port 3800 SLAsender(config)#ip sla 1 udp-jitter 224.1.1.1 4000 endpoint-list mylist source-ip 172.16.1.1 source-port 4500 num-packets 100 interval 25 Unicast control Multicast traffic