cisco inovacije u rutingu · © 2011 cisco and/or its affiliates. all rights reserved. cisco...

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco inovacije u rutingu

//mitko

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

•  A Need for Application Visibility

•  Advanced Classification NBAR2 Metadata

•  Monitoring and Analysis Flexible Netflow Performance Monitoring

•  Application Control •  Quality of Service (QoS) •  Performance Routing (PfR)

•  Network Management •  Conclusion


“I could have avoided the down time if I know what is running in my network”

“We do not know how many are experiencing performance issues “

“We initially cannot tell if the issue is in the client, the network, or in the backend server”

“We lack historical data to proactively detect unwanted performance trend and their root causes”

“I need to know if my SLA is being met”

“I want to stop unauthorized applications from using my network bandwidth”


Make the Network Application Aware

Gain visibility into application running in the network,

performance trend, and user experiences

Intelligently prioritize and control application traffic to maximize

user experience


IT Resources

Provision

Control

Optimize

Baseline

Network Adjustments

•  Plan, configure, monitor, troubleshoot

•  Sessions, endpoints and service infrastructure

•  SLA measurements

Network Management

•  Application acceleration, offload

•  Reduce WAN traffic, application latency

Optimization

•  Capacity planning •  Visibility into network and

application behavior

•  Dynamic troubleshooting

Monitoring and Instrumentation

•  Prioritize business-critical traffic

•  Meets established business policies and priorities

Control

•  Automatic application recognition •  Application Context awareness

Identification and Classification


  5 Tupples is a thing of the past

  More and More apps are opaque (ex: video streams

  Increasing use of Encryption and Obfuscation

  Per flow and Stateful are key attribute of modern classification

  Whole Sessions are composites of multiple application flows (Video, Voice, Data)

  IPv7 and IPv7 transition techniques proliferation


NBAR2

IOS NBAR +150 Signatures

SCE Classification +1000 Signatures

Advanced Classification Techniques

Innovations

Native IPv6 Classification Open API 3rd Party Integration..

•  NBAR2 is a complete rebuild and the next generation in classification engine development

•  New DPI component which provide Advanced Application Classification and Field Extraction Capabilities taken from SCE

•  Backward compatibility to preserve existing NBAR investments

•  In-service field upgradable Protocol Definition – no IOS upgrade required


•  Protocol Discovery Discovers and provides real time statistics on apps Accounting: per-interface, per-application, bi-directional statistics: Bit rate (bps), Packet counts and Byte counts Information available in the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB

•  Invoke ‘match protocol’ CLI in C3PL/MQC (class-map) CLI Application optimization Used in a number of different IOS functions (QoS, performance monitor, IOS FW)

•  With Flexible NetFlow (regardless of QoS) Invoke ‘application name/ID’ fields in flexible netflow (FNF) Application name/ID is included in NetFlow export reports


•  Top-N for all interfaces with NBAR protocol discovery enabled

•  NBAR-PD- MIB provides Top-N for all interfaces where N can differ for each interface

!

interface GigabitEthernet0/0/2!

ip nbar protocol-discovery!

ASR-1000#sh ip nbar protocol-discovery top-n !

GigabitEthernet0/0/2 !

[snip]!

Input Output !

----- ------ !

Protocol Packet Count Packet Count !

Byte Count Byte Count !

5min Bit Rate (bps) 5min Bit Rate (bps) !

5min Max Bit Rate (bps) 5min Max Bit Rate (bps) !

------------------------ ------------------------ ------------------------!

itunes 1352704 413286 !

2042671577 28254387 !

3395000 18000 !

15000000 208000 !

secure-http 584678 330847 !

640511303 76683682 !

2357000 196000 !

8847000 353000 !

youtube 139631 66440 !

207492818 3869014 !

1296000 17000 !

3575000 80000 !

bittorrent 37186 82432 !

11025469 113101301 !

81000 248000 !

84000 2465000 !


Categorization of protocols into meaningful terms Simplification of control configuration and report aggregation

Categories Sub-Categories Application-Group P2P-technology Tunnel Encrypted file-sharing client-server ftp-group n n n browsing other other y y y net-admin routing-protocol ipsec-group unassigned unassigned unassigned

other tunneling-protocols imap-group internet-privacy network-management irc-group

instant-messaging voice-video-chat-collaboration kerberos-group email authentication-services ldap-group

newsgroup database sqlsvr-group voice-and-video naming-services netbios-group

business-and-productivity-tools terminal nntp-group industrial-protocols streaming pop3-group

gaming p2p-networking snmp-group obsolete p2p-file-transfer tftp-group

trojan control-and-signaling fasttrack-group layer3-over-ip inter-process-rpc gnutella-group

location-based-services remote-access-terminal skinny-group layer2-non-ip network-protocol edonkey-emule-group

commercial-media-distribution bittorrent-group rich-media-http-content smtp-group

license-manager windows-live-messanger-group epayement yahoo-messenger-group

storage flash-group backup-systems skype-group one-click-hosting corba-group

For Your Reference


•  How to enforce a consistent network policy when classification are not available along the path ?

Eg: Rule: Prioritize Voice communication from Lepa to Slobodan?

•  Endpoint can provide information not available or visible on the wire

This flow has a DSCP = EF This flow contents RTP Voice

This packet has a DSCP=EF This packet comes from Fast1/0

This packet comes from location “Desk1” This packet comes from user “Marylou”

Slobodan Živojinović

Voice communication between Lepa and Slobodan Voice communication started with application “X”

Packets has DSCP=EF I know lots of information from the application that

I’m not going to send to the wire

Lepa Brena


1. Application Creates Metadata

Met

adat

a D

B

Met

adat

a D

B

Met

adat

a D

B

10.1.1.2 20.1.1.2

3. Media Flow 2. Metadata Announcement

Export of data to NMS

QoS based on Metadata

IP Src IP Dst Prot L4 Src

L4 Dst

Application Vendor Dial From Dial To Caller ID

10.1.1.2 20.1.1.2 UDP 2000 4000 Video-Conference (Audio)

Cisco 83922564 85268229 Lepa Brena

Flow Identifier Metadata


IntegrationInterface

Source IP Address

Source Port

Destination Port

NetFlow   Monitors data in Layers 2 thru 4   Determines applications by

combination of Port or Port/IP Addressed

  Flow information who, what, when, where

NBAR   Examines data from

Layers 3 thru 7   Utilizes Layers 3 and 4

plus packet inspection for classification

  Stateful inspection of dynamic-port traffic

  Packet and byte counts

Protocol

Link Layer Header

Deep Packet (Payload) Inspection

ToS NetFlow

NBAR

Destination IP Address

IP Header

TCP/UDP Header

Data Packet


Router(config)#flow exporter my-exporter Router(config-flow-exporter)#destination 1.1.1.1 Configure the Exporter

Router(config)#flow record my-record Router(config-flow-record)#match ipv4 destination address Router(config-flow-record)#match ipv4 source address Router(config-flow-record)#collect counter bytes

Configure the Flow Record

Router(config)#flow monitor my-monitor Router(config-flow-monitor)#exporter my-exporter Router(config-flow-monitor)#record my-record

Configure the Flow Monitor

Configure the Interface Router(config)#int s3/0 Router(config-if)#ip flow monitor my-monitor input


router(config)# flow record QoS-Record router(config-flow-record)# match ipv4 source address router(config-flow-record)# match ipv4 destination address router(config-flow-record)# match application name router(config-flow-record)# match ipv4 dscp router(config)# flow monitor Traffic-monitor router(config-flow-monitor)# record QoS-Record router(config)#policy-map fnf-NBAR-QoS router(config-pmap)#class Critical router(config-pmap-c)#flow Traffic-monitor router(config)# interface eth0/0 router(config-if)# service-policy out fnf-NBAR-QoS

router(config-flow-record)# match flow class-id

•  Validate Policy configuration •  Troubleshoot incorrect or missing

configurations •  Validate bandwidth allocations •  Isolate Rogue Application traffic

show flow mon <fnf_mon> cache IPV4 SRC IPV4 DST APP NAME DSCP Class-ID ======== ======== ======== ==== ======== 10.0.1.1 10.0.1.2 nbar sqlnet 0x12 Critical 10.0.1.1 10.0.1.2 nbar citrix 0x12 Critical 10.0.1.1 10.0.1.2 nbar FTP 0xA Critical


Billing Denial of Service

Traffic Analysis

CS-Mars

More info: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/


•  Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation

•  Implementation of IOS PA in the ISR provides monitoring capability for end-user experience

Application Servers

Total Delay

Client Network

Clients

Client Network Delay

Server Network Delay

Server Delay

Network Delay

IOS PA Server

Network


•  Report of Application Performance with and without WAAS optimization

•  Each optimized TCP flow is split into 3 segments, each require separate data source

WAAS specific metrics such as original and optimized bytes Application Response Time (ART) metrics such as transaction time, network delay, and response time

•  NAM correlates data from all data sources and present single report of Application Performance

WAN

Client Side Un-optimized

WAN Side Optimized

Pass-through

Server Side Un-Optimized

FA

SPAN or FA IOS PA

NAM 5.1


TT

Client IOS PA

Server

X

SYN

SYN-ACK

ACK 6

Request 1

ACK

DATA 4

DATA 3

DATA 5

DATA 3

Request 1 (Cont)

X

DATA 4

DATA 1

Request 2

DATA 6

DATA 2

ACK 3

ACK

SND

CND

•  Response Time (RT) t(First response pkt) – t(Last request pkt)

•  Transaction Time (TT) t(Last response pkt) – t(First request pkt)

•  Network Delay (ND) ND = CND + SND

•  Application Delay (AD) AD = RT – SND

Request

Response

Quantify User Experience

Identify Server Performance

Issue

Retransmission

RT


•  Visual


flow exporter pa-export destination 172.30.104.128 transport udp 3000 ! flow record type mace pa-record collect application name collect art all ! flow monitor type mace pa-monitor record mace-record exporter mace-export ! access-list 100 permit tcp any host

10.0.0.1 eq 80 class-map match-any pa-traffic match access-group 100 ! policy-map type mace mace_global class mace-traffic flow monitor pa-monitor ! interface Serial0/0/0 ip nbar protocol-discovery mace enable

Configuration Steps

1.  Configure flow exporter

2.  Configure flow record type mace

3.  Configure flow monitor type mace

4.  Configure class-map

5.  Configure policy-map type mace – policy must be named mace_global

6.  Configure mace enable on interface

Optionally enable NBAR2 to identify applications

Collect application name provided by NBAR2


•  Native RTP and TCP Analysis Visibility: Network nodes are able to discover & validate RTP, TCP and IP-CBR traffic on hop by hop basis SLA: À la carte metric (loss, latency, jitter etc.) selections, applied on operator selected sets of traffic Troubleshooting: Allows for fault isolation and network span validation

WAN1 (IP-‐VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

BR

MC/BR

BR

MC/BR

BR

BR

HQ

Released Nov 2010 15.1(3)T


Flexible Netflow PerfMon

Passive Monitoring

Flow Record

Flow Record Enhanced RTP and TCP metrics reporting

Filtering and classification (based on existing C3PL model)

Active Monitoring Router 1 Router 2

IPSLA Responder IPSLA Sender

Active Probing


flow exporter pam destination 10.35.89.61 transport udp 9991 ! flow monitor type performance-monitor medianet-perf-mon-monitor record default-rtp exporter pam ! class-map match-any rtp-traffic match protocol rtp ! policy-map type performance-monitor medianet-perf-mon class rtp-traffic flow monitor medianet-perf-mon-monitor react 1 transport-packets-lost-rate threshold value ge 5.00 action syslog ! interface GigabitEthernet0/0 service-policy output wan-qos service-policy type performance-monitor input medianet-perf-mon service-policy type performance-monitor output medianet-perf-mon

Default records for RTP

Monitor RTP traffic

Collect performance statistics of RTP traffic Generate alert if RTP loss > 5%

Monitor RTP traffic through Gi0/0 interface


List all the RTP streams and site performance, i.e. packet loss between sites

Indicate issue of RTP stream not being marked with correct DSCP

Show jitter between sites


Application BW Priority

Business Critical Committed 50% High

Browsing 30% (=15% of the line) Normal Internal Browsing

60% (Out of Browsing)

Remaining 70% (=35% of the line) Normal

class-map match-all business-critical match protocol citrix match access-group 101

class-map match-any browsing

match protocol attribute category browsing class-map match-any internal-browsing

match protocol http url “*myserver.com*” policy-map internal-browsing-policy

class internal-browsing bandwidth remaining percent 60

policy-map my-network-policy class business-critical priority percent 50

class browsing bandwidth remaining percent 30 service-policy internal-browsing-policy

interface Serial0/0/0 service-policy output my-network-policy

Internal-Browsing: 60% of Browsing

Browsing: 30% of Excess BW (=15% of the line)

Remaining: 70% of Excess BW (=35% of line)

Business-Critical: High Priority 50% committed

Committed BW (50% of the line)

Excess BW (50% of the line)


•  NBAR2 is used to identify the application (match protocol in class-map)

•  QoS actions include drop, re-prioritization of application in the QoS queue, re-mark DSCP/IP Precendence, police or shape the traffic rate using QoS MQC

•  After remark, PfR, can act upon the marked DSCP value

Before apply QoS control policy

After apply control policy


WAN1 (IP-‐VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

BR

HQ

•  The Decision Maker: Master Controller (MC) Apply policy, verification, reporting No packet forwarding/ inspection required

•  The Forwarding Path: Border Router (BR) Learn, measure, enforcement

MC

Optimize by: Reachability, Delay, Loss, Jitter, MOS,

Throughput, Load, and/or $Cost MC/BR

BR

MC/BR

BR


WAN1 (IP-‐VPN)

WAN2 (IPVPN, DMVPN)

MC/BR

MC/BR

BR

BR

HQ

•  Based on Destination Prefix •  Based on Application

ACL Well-know Applications Deep Packet Inspection (NBAR)

MC

pfr master!

!!

learn!

throughput!

!!

list seq 10 refname LEARN_VIDEO!

traffic-class access-list VOICE filter BRANCH!

aggregation-type prefix-length 32!

throughput!

!!

list seq 20 refname LEARN_CRITICAL!

traffic-class access-list CRITICAL filter BRANCH!

throughput!

! !

[Rest of the traffic]!

Traffic Classes

MC/BR

BR

MC/BR

BR


MC/BR

MC/BR

BR

BR

HQ

•  PfR uses NetFlow to collect and aggregate passive monitoring statistics on a per traffic class basis.

•  Border routers collect and report passive monitoring statistics to the master controller approximately once per minute.

•  Threshold comparison is done at the master controller

MC Passive

  PfR Netflow Monitoring   Flows Need not be

symmetrical

Delay Loss Reachability

Egress BW Ingress BW

Traffic Classes

Passive Performance

Metrics

MC/BR

BR

MC/BR

BR


MC/BR

MC/BR

BR

BR

HQ

•  Active monitoring involves creating a stream of synthetic traffic (IP SLA probes) that replicates a traffic class as closely as possible.

•  The performance metrics of the synthetic traffic are measured and the results are applied to the traffic class entry in the Master Contrloller database

MC

Active

  PfR enables IP SLA feature   Probes sourced from BR   ICMP probes learned or

configured   TCP, UDP, JITTER need ip

sla responder

Delay Loss Reachability

Jitter MOS

Traffic Classes

Active Performance

Metrics

MC/BR

BR

MC/BR

BR


MC/BR

MC/BR

BR

BR

HQ

•  MC initiates a route change when there a traffic class is going Out of Policy or when an exit link is out of policy.

•  The appropriate enforcement method is automatically determined by the MC

•  MC will then tell the BR to enforce the new path

MC

Destination Prefix

  BGP   EIGRP   Static   PIRO

Application

  Dynamic PBR   NBAR/CCE

Traffic Classes

MC/BR

BR

MC/BR

BR


•  Changing Landscape •  Advanced Classification

NBAR2 Metadata





•  Provide information about Network Infrastructure with drill-down into specific sites or interfaces


•  Various Application Specific Metrics, i.e. Server Response Time, Transaction Time


•  Collect Medianet performance metrics such as jitter, loss, for voice and video.

•  Collect voice statistics provided by NAM including MOS


•  Classification NBAR2 is the next generation DPI

Flexible Netflow Integration

IPv4 and IPv6 Traffic Analysis

Metadata Know characteristics of the flow passing through the network

Complimentary to DPI

•  Monitoring and Traffic Analysis – PerfMon and PA Native RTP and TCP Analysis Visibility: Network nodes are able to discover & validate RTP, TCP and IP-CBR traffic on hop by hop basis SLA: À la carte metric (loss, latency, jitter etc.) selections, applied on operator selected sets of traffic Troubleshooting: Allows for fault isolation and network span validation

•  Path Control – Performance Routing (PfR) NetFlow v9 export Simplification Initiative – Target Discovery

Thank you.

cisco inovacije u rutingu · © 2011 cisco and/or its affiliates. all rights reserved. cisco...

Documents