cisco inovacije u rutingu · © 2011 cisco and/or its affiliates. all rights reserved. cisco...
TRANSCRIPT
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Cisco inovacije u rutingu
//mitko
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
“I could have avoided the down time if I know what is running in my network”
“We do not know how many are experiencing performance issues “
“We initially cannot tell if the issue is in the client, the network, or in the backend server”
“We lack historical data to proactively detect unwanted performance trend and their root causes”
“I need to know if my SLA is being met”
“I want to stop unauthorized applications from using my network bandwidth”
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Make the Network Application Aware
Gain visibility into application running in the network,
performance trend, and user experiences
Intelligently prioritize and control application traffic to maximize
user experience
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
IT Resources
Provision
Control
Optimize
Baseline
Network Adjustments
• Plan, configure, monitor, troubleshoot
• Sessions, endpoints and service infrastructure
• SLA measurements
Network Management
• Application acceleration, offload
• Reduce WAN traffic, application latency
Optimization
• Capacity planning • Visibility into network and
application behavior
• Dynamic troubleshooting
Monitoring and Instrumentation
• Prioritize business-critical traffic
• Meets established business policies and priorities
Control
• Automatic application recognition • Application Context awareness
Identification and Classification
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
5 Tupples is a thing of the past
More and More apps are opaque (ex: video streams
Increasing use of Encryption and Obfuscation
Per flow and Stateful are key attribute of modern classification
Whole Sessions are composites of multiple application flows (Video, Voice, Data)
IPv7 and IPv7 transition techniques proliferation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
NBAR2
IOS NBAR +150 Signatures
SCE Classification +1000 Signatures
Advanced Classification Techniques
Innovations
Native IPv6 Classification Open API 3rd Party Integration..
• NBAR2 is a complete rebuild and the next generation in classification engine development
• New DPI component which provide Advanced Application Classification and Field Extraction Capabilities taken from SCE
• Backward compatibility to preserve existing NBAR investments
• In-service field upgradable Protocol Definition – no IOS upgrade required
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• Protocol Discovery Discovers and provides real time statistics on apps Accounting: per-interface, per-application, bi-directional statistics: Bit rate (bps), Packet counts and Byte counts Information available in the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB
• Invoke ‘match protocol’ CLI in C3PL/MQC (class-map) CLI Application optimization Used in a number of different IOS functions (QoS, performance monitor, IOS FW)
• With Flexible NetFlow (regardless of QoS) Invoke ‘application name/ID’ fields in flexible netflow (FNF) Application name/ID is included in NetFlow export reports
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
• Top-N for all interfaces with NBAR protocol discovery enabled
• NBAR-PD- MIB provides Top-N for all interfaces where N can differ for each interface
!
interface GigabitEthernet0/0/2!
ip nbar protocol-discovery!
ASR-1000#sh ip nbar protocol-discovery top-n !
GigabitEthernet0/0/2 !
[snip]!
Input Output !
----- ------ !
Protocol Packet Count Packet Count !
Byte Count Byte Count !
5min Bit Rate (bps) 5min Bit Rate (bps) !
5min Max Bit Rate (bps) 5min Max Bit Rate (bps) !
------------------------ ------------------------ ------------------------!
itunes 1352704 413286 !
2042671577 28254387 !
3395000 18000 !
15000000 208000 !
secure-http 584678 330847 !
640511303 76683682 !
2357000 196000 !
8847000 353000 !
youtube 139631 66440 !
207492818 3869014 !
1296000 17000 !
3575000 80000 !
bittorrent 37186 82432 !
11025469 113101301 !
81000 248000 !
84000 2465000 !
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Categorization of protocols into meaningful terms Simplification of control configuration and report aggregation
Categories Sub-Categories Application-Group P2P-technology Tunnel Encrypted file-sharing client-server ftp-group n n n browsing other other y y y net-admin routing-protocol ipsec-group unassigned unassigned unassigned
other tunneling-protocols imap-group internet-privacy network-management irc-group
instant-messaging voice-video-chat-collaboration kerberos-group email authentication-services ldap-group
newsgroup database sqlsvr-group voice-and-video naming-services netbios-group
business-and-productivity-tools terminal nntp-group industrial-protocols streaming pop3-group
gaming p2p-networking snmp-group obsolete p2p-file-transfer tftp-group
trojan control-and-signaling fasttrack-group layer3-over-ip inter-process-rpc gnutella-group
location-based-services remote-access-terminal skinny-group layer2-non-ip network-protocol edonkey-emule-group
commercial-media-distribution bittorrent-group rich-media-http-content smtp-group
license-manager windows-live-messanger-group epayement yahoo-messenger-group
storage flash-group backup-systems skype-group one-click-hosting corba-group
For Your Reference
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• How to enforce a consistent network policy when classification are not available along the path ?
Eg: Rule: Prioritize Voice communication from Lepa to Slobodan?
• Endpoint can provide information not available or visible on the wire
This flow has a DSCP = EF This flow contents RTP Voice
This packet has a DSCP=EF This packet comes from Fast1/0
This packet comes from location “Desk1” This packet comes from user “Marylou”
Slobodan Živojinović
Voice communication between Lepa and Slobodan Voice communication started with application “X”
Packets has DSCP=EF I know lots of information from the application that
I’m not going to send to the wire
Lepa Brena
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
1. Application Creates Metadata
Met
adat
a D
B
Met
adat
a D
B
Met
adat
a D
B
10.1.1.2 20.1.1.2
3. Media Flow 2. Metadata Announcement
Export of data to NMS
QoS based on Metadata
IP Src IP Dst Prot L4 Src
L4 Dst
Application Vendor Dial From Dial To Caller ID
10.1.1.2 20.1.1.2 UDP 2000 4000 Video-Conference (Audio)
Cisco 83922564 85268229 Lepa Brena
Flow Identifier Metadata
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
IntegrationInterface
Source IP Address
Source Port
Destination Port
NetFlow Monitors data in Layers 2 thru 4 Determines applications by
combination of Port or Port/IP Addressed
Flow information who, what, when, where
NBAR Examines data from
Layers 3 thru 7 Utilizes Layers 3 and 4
plus packet inspection for classification
Stateful inspection of dynamic-port traffic
Packet and byte counts
Protocol
Link Layer Header
Deep Packet (Payload) Inspection
ToS NetFlow
NBAR
Destination IP Address
IP Header
TCP/UDP Header
Data Packet
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Router(config)#flow exporter my-exporter Router(config-flow-exporter)#destination 1.1.1.1 Configure the Exporter
Router(config)#flow record my-record Router(config-flow-record)#match ipv4 destination address Router(config-flow-record)#match ipv4 source address Router(config-flow-record)#collect counter bytes
Configure the Flow Record
Router(config)#flow monitor my-monitor Router(config-flow-monitor)#exporter my-exporter Router(config-flow-monitor)#record my-record
Configure the Flow Monitor
Configure the Interface Router(config)#int s3/0 Router(config-if)#ip flow monitor my-monitor input
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
router(config)# flow record QoS-Record router(config-flow-record)# match ipv4 source address router(config-flow-record)# match ipv4 destination address router(config-flow-record)# match application name router(config-flow-record)# match ipv4 dscp router(config)# flow monitor Traffic-monitor router(config-flow-monitor)# record QoS-Record router(config)#policy-map fnf-NBAR-QoS router(config-pmap)#class Critical router(config-pmap-c)#flow Traffic-monitor router(config)# interface eth0/0 router(config-if)# service-policy out fnf-NBAR-QoS
router(config-flow-record)# match flow class-id
• Validate Policy configuration • Troubleshoot incorrect or missing
configurations • Validate bandwidth allocations • Isolate Rogue Application traffic
show flow mon <fnf_mon> cache IPV4 SRC IPV4 DST APP NAME DSCP Class-ID ======== ======== ======== ==== ======== 10.0.1.1 10.0.1.2 nbar sqlnet 0x12 Critical 10.0.1.1 10.0.1.2 nbar citrix 0x12 Critical 10.0.1.1 10.0.1.2 nbar FTP 0xA Critical
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Billing Denial of Service
Traffic Analysis
CS-Mars
More info: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
• Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation
• Implementation of IOS PA in the ISR provides monitoring capability for end-user experience
Application Servers
Total Delay
Client Network
Clients
Client Network Delay
Server Network Delay
Server Delay
Network Delay
IOS PA Server
Network
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
• Report of Application Performance with and without WAAS optimization
• Each optimized TCP flow is split into 3 segments, each require separate data source
WAAS specific metrics such as original and optimized bytes Application Response Time (ART) metrics such as transaction time, network delay, and response time
• NAM correlates data from all data sources and present single report of Application Performance
WAN
Client Side Un-optimized
WAN Side Optimized
Pass-through
Server Side Un-Optimized
FA
SPAN or FA IOS PA
NAM 5.1
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
TT
Client IOS PA
Server
X
SYN
SYN-ACK
ACK 6
Request 1
ACK
DATA 4
DATA 3
DATA 5
DATA 3
Request 1 (Cont)
X
DATA 4
DATA 1
Request 2
DATA 6
DATA 2
ACK 3
ACK
SND
CND
• Response Time (RT) t(First response pkt) – t(Last request pkt)
• Transaction Time (TT) t(Last response pkt) – t(First request pkt)
• Network Delay (ND) ND = CND + SND
• Application Delay (AD) AD = RT – SND
Request
Response
Quantify User Experience
Identify Server Performance
Issue
Retransmission
RT
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
• Visual
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
flow exporter pa-export destination 172.30.104.128 transport udp 3000 ! flow record type mace pa-record collect application name collect art all ! flow monitor type mace pa-monitor record mace-record exporter mace-export ! access-list 100 permit tcp any host
10.0.0.1 eq 80 class-map match-any pa-traffic match access-group 100 ! policy-map type mace mace_global class mace-traffic flow monitor pa-monitor ! interface Serial0/0/0 ip nbar protocol-discovery mace enable
Configuration Steps
1. Configure flow exporter
2. Configure flow record type mace
3. Configure flow monitor type mace
4. Configure class-map
5. Configure policy-map type mace – policy must be named mace_global
6. Configure mace enable on interface
Optionally enable NBAR2 to identify applications
Collect application name provided by NBAR2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
• Native RTP and TCP Analysis Visibility: Network nodes are able to discover & validate RTP, TCP and IP-CBR traffic on hop by hop basis SLA: À la carte metric (loss, latency, jitter etc.) selections, applied on operator selected sets of traffic Troubleshooting: Allows for fault isolation and network span validation
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
BR
MC/BR
BR
MC/BR
BR
BR
HQ
Released Nov 2010 15.1(3)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Flexible Netflow PerfMon
Passive Monitoring
Flow Record
Flow Record Enhanced RTP and TCP metrics reporting
Filtering and classification (based on existing C3PL model)
Active Monitoring Router 1 Router 2
IPSLA Responder IPSLA Sender
Active Probing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
flow exporter pam destination 10.35.89.61 transport udp 9991 ! flow monitor type performance-monitor medianet-perf-mon-monitor record default-rtp exporter pam ! class-map match-any rtp-traffic match protocol rtp ! policy-map type performance-monitor medianet-perf-mon class rtp-traffic flow monitor medianet-perf-mon-monitor react 1 transport-packets-lost-rate threshold value ge 5.00 action syslog ! interface GigabitEthernet0/0 service-policy output wan-qos service-policy type performance-monitor input medianet-perf-mon service-policy type performance-monitor output medianet-perf-mon
Default records for RTP
Monitor RTP traffic
Collect performance statistics of RTP traffic Generate alert if RTP loss > 5%
Monitor RTP traffic through Gi0/0 interface
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
List all the RTP streams and site performance, i.e. packet loss between sites
Indicate issue of RTP stream not being marked with correct DSCP
Show jitter between sites
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Application BW Priority
Business Critical Committed 50% High
Browsing 30% (=15% of the line) Normal Internal Browsing
60% (Out of Browsing)
Remaining 70% (=35% of the line) Normal
class-map match-all business-critical match protocol citrix match access-group 101
class-map match-any browsing
match protocol attribute category browsing class-map match-any internal-browsing
match protocol http url “*myserver.com*” policy-map internal-browsing-policy
class internal-browsing bandwidth remaining percent 60
policy-map my-network-policy class business-critical priority percent 50
class browsing bandwidth remaining percent 30 service-policy internal-browsing-policy
interface Serial0/0/0 service-policy output my-network-policy
Internal-Browsing: 60% of Browsing
Browsing: 30% of Excess BW (=15% of the line)
Remaining: 70% of Excess BW (=35% of line)
Business-Critical: High Priority 50% committed
Committed BW (50% of the line)
Excess BW (50% of the line)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
• NBAR2 is used to identify the application (match protocol in class-map)
• QoS actions include drop, re-prioritization of application in the QoS queue, re-mark DSCP/IP Precendence, police or shape the traffic rate using QoS MQC
• After remark, PfR, can act upon the marked DSCP value
Before apply QoS control policy
After apply control policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
• A Need for Application Visibility
• Advanced Classification NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
MC/BR
BR
BR
HQ
• The Decision Maker: Master Controller (MC) Apply policy, verification, reporting No packet forwarding/ inspection required
• The Forwarding Path: Border Router (BR) Learn, measure, enforcement
MC
Optimize by: Reachability, Delay, Loss, Jitter, MOS,
Throughput, Load, and/or $Cost MC/BR
BR
MC/BR
BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
MC/BR
BR
BR
HQ
• Based on Destination Prefix • Based on Application
ACL Well-know Applications Deep Packet Inspection (NBAR)
MC
pfr master!
!!
learn!
throughput!
!!
list seq 10 refname LEARN_VIDEO!
traffic-class access-list VOICE filter BRANCH!
aggregation-type prefix-length 32!
throughput!
!!
list seq 20 refname LEARN_CRITICAL!
traffic-class access-list CRITICAL filter BRANCH!
throughput!
! !
[Rest of the traffic]!
Traffic Classes
MC/BR
BR
MC/BR
BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
MC/BR
MC/BR
BR
BR
HQ
• PfR uses NetFlow to collect and aggregate passive monitoring statistics on a per traffic class basis.
• Border routers collect and report passive monitoring statistics to the master controller approximately once per minute.
• Threshold comparison is done at the master controller
MC Passive
PfR Netflow Monitoring Flows Need not be
symmetrical
Delay Loss Reachability
Egress BW Ingress BW
Traffic Classes
Passive Performance
Metrics
MC/BR
BR
MC/BR
BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
MC/BR
MC/BR
BR
BR
HQ
• Active monitoring involves creating a stream of synthetic traffic (IP SLA probes) that replicates a traffic class as closely as possible.
• The performance metrics of the synthetic traffic are measured and the results are applied to the traffic class entry in the Master Contrloller database
MC
Active
PfR enables IP SLA feature Probes sourced from BR ICMP probes learned or
configured TCP, UDP, JITTER need ip
sla responder
Delay Loss Reachability
Jitter MOS
Traffic Classes
Active Performance
Metrics
MC/BR
BR
MC/BR
BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
MC/BR
MC/BR
BR
BR
HQ
• MC initiates a route change when there a traffic class is going Out of Policy or when an exit link is out of policy.
• The appropriate enforcement method is automatically determined by the MC
• MC will then tell the BR to enforce the new path
MC
Destination Prefix
BGP EIGRP Static PIRO
Application
Dynamic PBR NBAR/CCE
Traffic Classes
MC/BR
BR
MC/BR
BR
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
• Changing Landscape • Advanced Classification
NBAR2 Metadata
• Monitoring and Analysis Flexible Netflow Performance Monitoring
• Application Control • Quality of Service (QoS) • Performance Routing (PfR)
• Network Management • Conclusion
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
• Provide information about Network Infrastructure with drill-down into specific sites or interfaces
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
• Various Application Specific Metrics, i.e. Server Response Time, Transaction Time
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
• Collect Medianet performance metrics such as jitter, loss, for voice and video.
• Collect voice statistics provided by NAM including MOS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
• Classification NBAR2 is the next generation DPI
Flexible Netflow Integration
IPv4 and IPv6 Traffic Analysis
Metadata Know characteristics of the flow passing through the network
Complimentary to DPI
• Monitoring and Traffic Analysis – PerfMon and PA Native RTP and TCP Analysis Visibility: Network nodes are able to discover & validate RTP, TCP and IP-CBR traffic on hop by hop basis SLA: À la carte metric (loss, latency, jitter etc.) selections, applied on operator selected sets of traffic Troubleshooting: Allows for fault isolation and network span validation
• Path Control – Performance Routing (PfR) NetFlow v9 export Simplification Initiative – Target Discovery
Thank you.