77
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies Jean Charles Griviaud and Ken Briley We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started.

Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

Embed Size (px)

DESCRIPTION

Providing functions to application traffic requires the network to classify, share information and understand the traffic. Application Visibility and Control (AVC) technologies address the needs for application classification, monitoring activities and network policies enforcement (QoS, Performance Routing, etc.), allowing for simplified, accelerated and scalable deployments.

Citation preview

Page 1: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies

Jean Charles Griviaud and Ken Briley

We’ll get started a few minutes past the top of the hour.

Note: you may not hear any audio until we get started.

Page 2: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 2

Madhavan Arunachalam Software Engineer

Engineering

[email protected]

Ina Singh Technical Leader

Engineering

[email protected]

Panelists

Ken Briley Technical Leader

Technical Marketing

[email protected]

Speakers

Jean-Charles Griviaud Product Manager

[email protected]

Page 3: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 3

• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists

• Please complete the post-event Survey

• For Webex audio, select COMMUNICATE > Join Audio Broadcast

• Where can I get the presentation? https://communities.cisco.com/docs/DOC-29594 Or send email to: [email protected]

• Join us on July 11 for our next IOS Advantage Webinar:

Flow Metadata for Enhanced Application Awareness

• For Webex call back, click ALLOW Phone button

at the bottom of Participants side panel

Page 4: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 4

• Introduction

• Use Case Deep Dive

Visibility into WAN usage and application performance

Non-business Traffic Impact Business Critical Applications

Maximize Utilization and Availability of Internet Presence

Maximize Utilization and Reliability of Applications over the WAN

• Summary

Page 5: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 5

Ensuring Application Performance Regardless of Location And Device Type Is

More Important Than Ever

SaaS IaaS/PaaS

5 DEVICES PER

USER BY 2016

300% GROWTH

IN VIDEO

TRAFFIC

XAAS MARKET

GROWING TO $241B BY

2020

80% OF NEW APPS

WEB ENABLED

Page 6: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 6

“I could have avoided the down time if I know what is running

in my network”

“We do not know how many are experiencing performance

issues “

“We initially cannot tell if the issue is in the client, the

network, or in the backend server”

“We lack historical data to proactively detect unwanted

performance trend and their root causes”

“I need to know if my SLA is being met”

“I want to stop unauthorized applications from using my

network bandwidth”

Page 7: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 7

Make the Network Application Aware

Gain visibility into application running in the network, performance trend, and user

experiences

Intelligently prioritize and control application traffic to maximize user experience

Page 8: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 8

Use QoS or PfR to

control application

network usage to

improve application

performance

ASR1K

ISR G2

Control

High

Med

Low

Advanced reporting

tool aggregates

and reports

application

performance

App Visibility &

User Experience Report

Management

Tool

ISR G2 & ASR

collect application

bandwidth and

response time

metrics, and export

to management tool

ASR1K

ISR G2

FNF

IOS PA

Reporting Tool Perf. Collection &

Exporting

Reporting Tools

NFv9

App BW Transaction

Time

WebEx 3 Mb 150 ms …

Citrix 10 Mb 500 ms …

Identify applications

using L7 signatures

(NBAR2) or

metadata

ASR1K

ISR G2

Application

Recognition

Page 9: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 9

NBAR2

IOS NBAR +150 Signatures

SCE Classification +1000 Signatures

Advanced Classification Techniques

Innovations IPv6 Classification

Nested Classification

Application Categorization

Open API 3rd Party Integration..

• List of protocols and applications supported by NBAR2 http://wwwin.cisco.com/ios/tech/collateral/90364_product_bulletin_c25-627831.pdf

• Enhanced reporting with additional field extraction – top browsing domain, top URL, browser type (Future)

• In-service Protocol Definition Update – no IOS upgrade required

Page 10: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 10

Use Case IT Challenges AVC Technologies Used

Visibility into WAN usage and

application performance

•Lack of cost effective visibility tools

•Insufficient information to

troubleshoot application performance

NBAR2, PA

PAM

Non-business Traffic Impact

Business Critical Applications

•Control non-business critical

applications from using the network

resource

NBAR2, QoS

PAM

Maximize Utilization and

Availability of Internet

Presence

•Complex and manual configuration

to utilize all available internet

accesses

PfR – Internet Presence

Maximize Utilization and

Reliability of Applications over

the WAN

•Protect critical applications from sub-

optimal performance in the WAN

•Utilize all the available WAN links

PfR - WAN

Page 11: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 11

11

Page 12: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 12

Layer 4 Monitoring

Visibility for Today

Network

bittorrent rtp

gtalk

netflix

skype

webex

unknown?

http?

Page 13: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 13

Increased Latency

WAN Problem

Application Problem

Server Problem

User Problem

1

3

Your network is

so slow I cannot

get any work

done today I do not see

anything

wrong End Users

Network

Admin

What the users see What network admins see What can happen

ping?

show ip route?

traceroute?

show interface?

Page 14: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 14

Key Features

Application Usage (BW, Top N)

Application Response Time (ART) Measurement

Interact with NBAR or NBAR2

Standard NFv9 export (future – IPFIX)

Metric aggregation reduces number of flow

records across WAN

Benefits

Visibility into application usage and performance

Quantify user experience

Troubleshoot application performance

Track service levels for application delivery

My query

is taking

long time!

My email

is slow!

Branch Data Center

How do I

ensure

my SLA

is met

Reporting Tool

WAN

NFv9

ISR G2: Today

ASR1K: XE 3.8S

Page 15: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 15

• Separate application delivery path into multiple segments

• Server Network Delay (SND) approximates WAN Delay

• Latency per application

Application Servers

Total Delay

Client

Network Clients

Client Network

Delay (CND) Application

Delay (AD)

Network Delay (ND)

IOS

PA

Server

Network

Request

Response Server Network

Delay (SND)

Page 16: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 16

• What server and application user accesses and performance metrics

Source IP Source Port Dest IP Dest Port Protocol Application Bytes

10.0.0.1 13352 1.1.1.1 80 TCP Sharepoint 15000

1.1.1.1 80 10.0.0.1 13352 TCP Sharepoint 100000

10.0.0.1 13353 1.1.1.1 80 TCP Sharepoint 30000

1.1.1.1 80 10.0.0.1 13353 TCP Sharepoint 200000

Source IP Dest IP Dest Port Protocol Application Clnt Bytes Svr Bytes

10.0.0.1 1.1.1.1 80 TCP Sharepoint 45000 300000

sharepoint.cisco.com

(IP=1.1.1.1)

Users make 2 requests to

http://sharepoint.cisco.com

(IP=10.0.0.1)

What PA stores

Page 17: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 17

router#show flow exporter statistics

Flow Exporter fnf-export:

Packet send statistics (last cleared

4d23h ago):

Client send statistics:

Client: Flow Monitor fnf

Records added: 3708444

- sent: 3708443

Bytes added: 218798196

- sent: 218798137

router#show flow exporter statistics

Flow Exporter pa-export:

Packet send statistics (last cleared

4d23h ago):

Client send statistics:

Client: MACE EXPORTER GROUP MACE-EXP-1

Records added: 883751

- sent: 883751

Bytes added: 55676313

- sent: 55676313

Collect Traffic Volume using FNF Collect Traffic Volume using PA

Data from Cisco alpha network show 75% reduction in flow records

Page 18: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 18

Traditional FNF Metrics

• Application ID (from NBAR2)

• Client/Server Bytes

• Client/Server Packets

• Source MAC Address

• Input/Output Interface

• IP DSCP

ART Metrics

• CND - Client Network Delay (min/max/sum)

• SND – Server Network Delay (min/max/sum)

• ND – Network Delay (min/max/sum)

• AD – Application Delay (min/max/sum)

• Total Response Time (min/max/sum)

• Total Transaction Time (min/max/sum)

• Number of New Connections

• Number of Late Responses

• Number of Responses by Response Time

(7-bucket histogram)

• Number of Retransmissions

• Number of Transactions

• Client/Server Bytes

• Client/Server Packets

WAAS Express Metrics

• Input/Output Bytes

• WAAS Connection Mode

TFO, TFO/LZ, TFO/DRE,

TFO/LZ/DRE

• Input/Output DRE Bytes

• Input/Output LZ Bytes

For Your

Reference

Page 19: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 19

Server

• Response Time (RT)

t(First response pkt) – t(Last request pkt)

• Transaction Time (TT)

t(Last response pkt) – t(First request pkt)

• Network Delay (ND)

ND = CND + SND

• Application Delay (AD)

AD = RT – SND

Response

Quantify User

Experience

Identify

Server

Performance

Issue

TT

Client IOS PA

X

SYN

SYN-ACK

ACK 6

Request 1

ACK

DATA 4

DATA 3

DATA 5

DATA 3

Request 1 (Cont)

X

DATA 4

DATA 1

Request 2

DATA 6

DATA 2

ACK 3

ACK

SND

CND

Request

Retransmission

RT

Quantify User

Experience

Page 20: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 20

flow exporter pa-export

destination 172.30.104.128

transport udp 9991

!

flow record type mace pa-record

collect application name

collect art all

collect (..)

!

flow monitor type mace pa-monitor

record pa-record

exporter pa-export

!

access-list 100 permit tcp any host

10.0.0.1 eq 80

class-map match-any pa-traffic

match access-group 100

!

policy-map type mace mace_global

class pa-traffic

flow monitor pa-monitor

!

interface Serial0/0/0

ip nbar protocol-discovery

mace enable

Configuration Steps

1. Configure flow exporter

2. Configure flow record type mace

3. Configure flow monitor type mace

4. Configure class-map

5. Configure policy-map type mace – policy must be named mace_global

6. Configure mace enable on interface

Enable NBAR2 to

identify applications,

not require after 15.2(4)M

Collect application name

provided by NBAR2

For Your

Reference

Page 21: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 21

• ‘collect application name’ exports application ID field to reporting tool

flow record type mace pa-record

collect application name

collect art all

interface Serial0/0/0

ip nbar protocol-discovery

mace enable

Src IP Dst IP Dst Port App ID Resp Time …

192.168.100.100 66.114.168.178 443 0 100

cisco.webex.com

(IP=66.114.168.178)

https://cisco.webex.com

IOS PA

Se0/0/0

(IP=192.168.100.100)

Src IP Dst IP Dst Port App ID Resp Time …

192.168.100.100 66.114.168.178 443 0x0D00019E 100

Without NBAR

With NBAR

Indicate this is

webex application

Flow

Record

Protocol discovery not

required after 15.2(4)M

Page 22: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 22

For Your

Reference

Before 15.2(4)M 15.2(4)M and later

Do not need NBAR AppID

export

Do not configure ‘collect

application name’ in flow

record type mace

Do not configure ‘collect

application name’ in flow

record type mace

Need NBAR AppID export Configure ‘collect

application name’ in flow

record type mace

Enable ‘ip nbar protocol-

discovery’ on the interface

Configure ‘collect

application name’ in flow

record type mace

Page 23: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 23

flow record type mace mace-record

collect datalink mac source address input

collect ipv4 dscp

collect interface input

collect interface output

collect application name

collect counter client bytes

collect counter server bytes

collect counter client packets

collect counter server packets

collect art all

Collect Traffic Volume Information

Who sends Bittorrent?

Page 24: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 24

Discover Top Users for the Application Discover Application Per-user

Page 25: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 25

How is the Server performing?

Which site is slowest?

How is user experience at a site?

Page 26: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 26

1. Application Server(s) Problem

2. Increased Network Latency

3. Increased Packet Loss

Application

Server

Problem

Network

Problem

• What metrics do I need to look at to detect these problems?

Page 27: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 27

Response Time

Network Latency

Traffic Volume

Transaction Time

Application Server Delay

Need to understand relationship

between these metrics

Your network

is so slow I

cannot get

any work done

today

I know exactly what

is going on

End Users

Network

Admin

Page 28: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 28

End user experience is impacted because application server is slow

Transaction Time Response Time

Server Delay Network Latency

Network seems fine

Page 29: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 29

• Increased network latency impacts response time and transaction time

Server Delay Network Latency

Transaction Time Response Time

Page 30: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 30

• Transaction time shoots up when other metrics remain the same

Server Delay Network Latency

Response Time Transaction Time

Traffic volume goes

down while

transaction time goes

up

Page 31: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 31

Use Cases/Scenarios ISR G2 ASR1K Management

Identify custom enterprise

application based on URL

15.2(4)M1 XE 3.8S PAM 2.0

Per network segment application

performance report

Today XE 3.8S PAM 2.X

Identify which QoS class traffic

flows into and the queue drop

15.2(4)M1 XE 3.9S PAM 2.1

Customers already have

performance monitoring tool and

want to use with AVC

15.2(4)M1 XE 3.8S Working with

3rd party tool

Customers need IPFIX support 15.2(4)M1 XE 3.8S PAM 2.0

NBAR2 Visibility into WAAS

compressed traffic

Roadmap XE 3.9S N/A

Internet Edge Visibility (SCEASR) XE 3.8S PAM 2.0

Page 32: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 32

Enable enterprise application monitoring and management

App Server URI BW Resp. Time

Payroll server1.example.com - 2M 100ms

Doc. Management server2.example.com /doc 1M 250ms

Software Rep. server2.example.com /software 5M 30sec

• Today: NBAR supports custom app by port or values in payload

• New: Custom application match on HTTP URL

• Configuration through PAM

• Recognize custom app for reporting and for QoS policy

Custom Enterprise Application

server1.example.com

/doc – Documentation

/software - Software

Cisco Prime Assurance

Custo

m A

pplic

ation

Definitio

n &

Report

server2.example.com

ASR1K: XE 3.8S

ISR G2: 15.2(4)M1

PAM 2.0

Page 33: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 33

• Faster problem resolution by providing break down network latency

• All devices report response time and latency metrics to PAM

• PAM correlates all metrics and provide end-to-end latency view of application delivery

3

3

Application =

Office 365

Branch

= 5 ms

WAN

= 50 ms

Headend

= 10 ms

Internet

= 70 ms

Server

= 20 ms

Headend

Internet WAN

NFv9/

IPFIX

Latency Break-down Report

Office 365

is slow

Application

Server

Delay

Client

Future

Page 34: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 34

Company Product Use Cases Status

PAM Network and App Monitoring.

Control GUI (future)

PAM 2.0 – Adding PfR, new

metrics in XE 3.8S

Gomez &

DynaTrace

APM combined with App-

aware Network Monitoring

Adding NBAR2, PA, WAAS

5View App-aware Network

Monitoring

Already support WAAS

Adding NBAR2, PA

LiveAction Control (QoS) GUI, App-aware

Network Monitoring

Already supports medianet

Adding NBAR2, PA, PfR

Scrutinizer App-aware Network

Monitoring

Already support PfR, medianet

Adding NBAR2, PA

Others: Living Object, Insight, CA

Page 35: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 35

• NBAR2 support for QoS config and monitoring

• New application performance report workflow from PA data

Page 36: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 36

Use Case IT Challenges AVC Technologies Used

Visibility into WAN usage and

application performance

•Lack of cost effective visibility tools

•Insufficient information to

troubleshoot application performance

NBAR2, PA

PAM

Non-business Traffic Impact

Business Critical Applications

•Control non-business critical

applications from using the network

resource

NBAR2, QoS

PAM

Maximize Utilization and

Availability of Internet

Presence

•Complex and manual configuration

to utilize all available internet

accesses

PfR – Internet Presence

Maximize Utilization and

Reliability of Applications over

the WAN

•Protect critical applications from sub-

optimal performance in the WAN

•Utilize all the available WAN links

PfR - WAN

Page 37: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 37

Page 38: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 38

• Bandwidth action Minimum Bandwidth

• Police action Maximum Bandwidth

• Priority action Minimize Latency

• Set action, i.e. set dscp Change Flow Properties

• Shape action Reduce Burst

Page 39: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 39

class-map match-any p2p-class

match protocol attribute application-group bittorrent-group

match protocol kazaa2

match protocol attribute sub-category p2p-networking

I want to exclude Viber and Skype from sub-category voice-video-chat-

collaboration

class-map match-any excluded-apps

match protocol skype

match protocol viber

class-map match-all voice-video-chat-app

match protocol attribute sub-category voice-video-chat-collaboration

match not class-map excluded-apps

Support information: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

IOS XE 3.4 S

15.2(2)T

Match on applications or pre-defined attributes

Future: Custom application attributes

XE 3.8S, 15.2(4)M1

Page 40: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 40

Monitor QoS Performance

• Top Application over Time

• QoS Class Map Statistics, Queue Drops, Pre/Post Traffic Rate, from CBWFQ MIBS

QoS Config

GUI planned

for PAM 2.1

Page 41: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 41

policy-map wan_remaining% class Voice-Bearer priority percent 25 class HD-Video priority percent 20 class Network-control bandwidth remaining percent 15 queue-limit 100 class Voice-Signaling bandwidth remaining percent 15 queue-limit 100 class SD-Video bandwidth remaining percent 20 queue-limit 200 class Business bandwidth remaining percent 15 queue-limit 250 class Bulk bandwidth remaining percent 10 queue-limit 200 class class-default bandwidth remaining percent 25 queue-limit 400

policy-map Shape_150M class class-default shape average 150000000 600000 0 service-policy wan_remaining% interface Gig x/y description **** CIR = 150Mbps **** bandwidth 150000 service-policy output Shape_150M

No guarantee for

business critical http

IOS XE 3.4 S

15.2(2)T

Page 42: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 42

Application BW Priority

Browsing 5% (Remaining BW) N/A

Business

Browsing

80% (Out of Browsing) Business

Other Browsing 20% (Out of Browsing) Default

class-map match-any browsing match protocol attribute category browsing class-map match-any Business-browsing match protocol http url “*myserver.com*” match protocol http url “*salesforce.com*” policy-map Business-browsing-policy class Business-browsing bandwidth remaining percent 80 set dscp af 21 class class-default bandwidth remaining percent 20 set dscp default policy-map wan_remaining% <snip> class Business bandwidth remaining percent 11 queue-limit 250 class browsing bandwidth remaining percent 5 service-policy Business-browsing-policy class class-default bandwidth remaining percent 24 queue-limit 400 interface Gig X/Y service-policy output wan_remaining%

Business-

Browsing:

80% of all

Browsing

Browsing:

5% BW

Remaining

Allocations are

shown in original

policy

Class-Default:

Low Priority

25% committed

Committed BW

(50% of the line)

Excess BW

(50% of the line)

WAN Policy for Browsing Traffic Egress

Page 43: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 44

class-map match-all p2p-app

match protocol attribute p2p-technology p2p-tech-yes

policy-map control-policy

class p2p-app

police 8000 conform-action transmit exceed-action drop

After apply control policy

Cisco Prime

NAM Top

Application

Chart

Page 44: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 45

class-map high

match protocol attribute application-group webex-group

class-map medium

match protocol attribute category net-admin

class-map low

match protocol attribute category file-sharing

!

policy-map my-priority-policy

class high

priority percent 50

class medium

bandwidth remaining percent 50

class low

bandwidth remaining percent 30

!

policy-map my-network-policy

class class-default

!

interface GigabitEthernet0/0/2

service-policy output my-network-policy

match protocol sharepoint

shape average 50000000

service-policy my-priority-policy

1

2

3

Page 45: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 46

No change in application BW usage even with changes in QoS policy

Application Bandwidth

High Priority

App, e.g.

Sharepoint

Low

Priority

App, e.g.

Windows

Update

Application Transaction Time Without proper

prioritization, users may suffer poor application response time

After re-prioritize high priority app, its response time significantly improves

Low priority app response time is worse as it is being moved to lower priority traffic queue

No

shaping

Shaping Apply queuing Re-prioritize

High priority App

1 2 3

Page 46: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 47

Use Case IT Challenges AVC Technologies Used

Visibility into WAN usage and

application performance

•Lack of cost effective visibility tools

•Insufficient information to

troubleshoot application performance

NBAR2, PA

PAM

Non-business Traffic Impact

Business Critical Applications

•Control non-business critical

applications from using the network

resource

NBAR2, QoS

PAM

Maximize Utilization and

Availability of Internet

Presence

•Complex and manual configuration

to utilize all available internet

accesses

PfR – Internet Presence

Maximize Utilization and

Reliability of Applications over

the WAN

•Protect critical applications from sub-

optimal performance in the WAN

•Utilize all the available WAN links

PfR - WAN

Page 47: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 48

Page 48: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 49

Protecting critical applications while Maximizing bandwidth utilization

• Protect business Cloud applications from network brownout Loss > 10%

• Cloud Service preferred path – ISP1

• Maximize all ISP bandwidth by load sharing other Internet traffic

Cloud Service & Load Balancing Policy

ISP-1 (Primary) ISP-2 (Secondary)

Detect loss > 10%

Cloud Service

Best Effort traffic

Internet

• Protect voice and video quality

Latency > 200ms; Jitter > 30ms

• Protect VDI applications from brownouts

Loss > 5%

• Voice & Video preferred path SP-A

• VDI preferred path SP-B

• Maximize utilization by load sharing

Multimedia & Critical Data Policy

SP-A (MPLS VPN) SP-B (MPLS VPN)

VDI

Detect high jitter

Voice & Video

Best Effort traffic

WAN

Page 49: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 50

Learning

Prefixes

ACL

DSCP Based

Applications

50

Passive

PfR Netflow Monitoring

Flows Need not be symmetrical

Delay Loss

Egress BW

Reachability

Ingress BW

Active

PfR enables IP SLA feature

Probes sourced from BR

ICMP probes learned or configured

TCP, UDP, JITTER need ip sla responder

Delay Loss

Jitter

Reachability

MOS

Link

Load balancing

Max utilization

Link grouping

$Cost

Application

Performance

Reachability

Delay

Loss

MOS

Jitter

Destination Prefix

BGP

- Egress: route injection or Modifying the BGP Local Preference attribute

- Ingress: BGP AS-PATH Prepend or AS Community

EIGRP Route Control

Static Route Injection

PIRO

Application

Dynamic PBR

NBAR/CCE

Page 50: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 51

eBGP eBGP

BR BR

HQ

MC

iBGP

• PfR used to load balance the traffic

• New default policies based on load-balancing

• Cisco ASR1k is typical BR/MC with BR terminating WAN connections

• BGP routing

• BRs must be iBGP peers

• Default routing or

• Partial routes or

• Full routes

• PfR can actively manage up to 20k Prefixes concurrently (with ASR1000)

• 12.4T/15.0.1M

• IOS-XE 3.3.0

51

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

Manual tuning using BGP Egress – Local Preference

Ingress – AS-PATH Prepend + specific routes

60% 15% 10% 35%

1GE 100M

Page 51: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 52

Dest Prefixes (NetFlow) Learning

Monitoring Passive – Global

Policies

Path Enforcement BGP

Egress BW

Load-Balancing (range)

Inject BGP Route

BGP Local Pref

BR BR

HQ

MC

55% 45% eBGP eBGP

iBGP

52

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

Page 52: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 53

Inside Prefixes (BGP) Learning

Monitoring Passive – Global

Policies

Path Enforcement BGP

Ingress BW

Load-Balancing (range)

BGP AS-PATH Prepend

BGP Community

BR BR

HQ

MC

20% 17%

iBGP

53

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

eBGP eBGP

Page 53: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 54 54

BR Links Ingress Egress

BR1 Gig1/1 200 40

BR2 Gig1/2 130 60

Destination Prefix

Delay Loss Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 60 0 20 40 BR1 Gi1/1

10.1.10.0/24 110 0 52 60 BR1 Gi1/2

… 89 1 34 10 BR2 Gi1/1

Traffic

Classes

Border routers collect and report passive monitoring

statistics to the master controller approximately once

per minute.

BRs gather performance measurements using Netflow

BRs report Performance Metrics for Traffic Classes to

the Master Controller

BR BR

HQ

MC

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

NetFlow

Cache NetFlow

Cache

Exits

Page 54: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 55

pfr master max-range-utilization percent 10 logging ! border 10.4.5.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! border 10.4.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! ! learn prefixes 1000 expire after time 60 ! ! periodic 600 !

Link Range Utilization

• Keep the usage on a set of exit links

within a certain percentage range of

each other

Max Link Utilization

• Upper threshold on the amount of

traffic a specific link can carry

Max Prefixes

• Limit the number of prefixes to 1000

• Delete Prefix if not relearned in 60

Minutes

Global Policies

• Load Balancing enabled by default

• Link OOP if :

• % Util > Lowest + 10

• % Util > 90

• Revaluate Exit every 10 Minutes

55

Page 55: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 56

MC#sh pfr master traffic-class OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms), MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe all # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is denied DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 10.1.1.0/24 N N N N N N INPOLICY 0 10.4.5.5 Et0/1 BGP 58 60 0 0 0 0 66 7 U U 0 0 N N N N 10.1.2.0/24 N N N N N N INPOLICY 0 10.4.5.4 Et0/1 BGP 210 210 0 0 0 0 16 2 U U 0 0 N N N N [SNIP] 10.1.3.0/24 N N N N N N INPOLICY 0 10.4.5.5 Et0/1 BGP 59 60 0 0 0 0 61 7 U U 0 0 N N N N MC#

BR BR

HQ

MC

56

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

55% 45% eBGP eBGP

iBGP

Page 56: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 57

R3#sh pfr master exits ============================================================================================== PfR Master Controller Exits: General Info: ============= E - External I - Internal N/A - Not Applicable Up/ ID Name Border Interface ifIdx IP Address Mask Policy Type Down --- ------------ --------------- ----------- ----- --------------- ---- ----------- ---- ---- 2 10.5.5.5 Et0/1 2 100.5.82.5 24 Util E UP 1 10.4.4.4 Et0/1 2 100.4.81.4 24 Util E UP Global Exit Policy: =================== Range Egress: In Policy - Max difference 4% between Exits 2 & 1 - Policy 10% Range Ingress: Out of Policy - Max difference 10% between Exits 2 & 1 - Policy 0% Util Egress: In Policy Util Ingress: In Policy Cost: In Policy Exits Performance: ================== Egress Ingress ---------------------------------------------------- ------------------------------------ ID Capacity MaxUtil Usage % RSVP POOL OOP Capacity MaxUtil Usage % OOP --- -------- -------- -------- --- -------------- ----- -------- -------- -------- --- ----- 2 3000 2700 1033 34 N/A N/A 3000 3000 1 0 N/A 1 3000 2700 1161 38 N/A N/A 3000 3000 321 10 N/A TC and BW Distribution: ======================= # of TCs BW (kbps) Probe Active Name/ID Current Controlled InPolicy Controlled Total Failed Unreach (count) (fpm) ---- ---------------------------- ---------------------- ------ -------- 2 26 26 26 1035 1033 0 0 1 20 20 20 1088 1161 0 0 Exit Related TC Stats: ====================== Priority highest nth ------------------ Number of TCs with range: 1 45 Number of TCs with util: 0 46 Number of TCs with cost: 0 0 Total number of TCs: 46 R3#

BR BR

HQ

MC

57

ISP1 ISP2

ISP3

ISP4 ISP5

ISP6

iBGP

eBGP eBGP 55% 45%

Page 57: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 58

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

Voice, Video,

Critical The Rest of the

Traffic

MC

Rest of the Traffic

Voice - Video

Critical Application

Application based optimization

Voice and Video traffic: primary path, check delay,

loss, jitter – fallback secondary

Business Applications: primary path, check loss,

utilization – fallback secondary

Data Applications: load balanced across SPs or use

the secondary path

Target Discovery will be used

58

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

Page 58: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 59

BR

Traffic

Classes Prefixes

Prefixes + DSCP

Applications

Learning

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

MC

Monitoring Fast – Voice/Video

Passive – Rest

Active – Critical Apps

59

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

Page 59: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 60

Voice, Video,

Critical

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

2. Loss

The Rest of the

Traffic

3. Jitter

4. Delay

Load-Balancing Rest of the Traffic

Voice - Video

Critical Application

MC

1. Link-Group

2. Loss

4. Delay

1. Link-Group

Policies

60

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

Page 60: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 61

BR

Traffic

Classes

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

MC

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

61

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 EF 60 0 20 40 BR1 Gi1/1

10.1.10.0/24 AF31 110 0 52 60 BR1 Gi1/2

… - 89 1 34 10 BR2 Gi1/1

BRS gather performance measurements using

IP SLA probes

‒ The performance metrics of the synthetic

traffic are measured

‒ The results are applied to the traffic class

entry in the Master Controller database

BRs report Performance Metrics for Traffic

Classes

Page 61: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 62 62

BR Links Ingress Egress

BR1 Gig1/1 200 40

BR2 Gig1/2 130 60

Destination Prefix

DSCP App

Id Delay Loss

Ingress

BW

Egress

BW BR Exit

10.1.1.1/32 60 0 20 40 BR1 Gi1/1

10.1.10.0/24 110 0 52 60 BR1 Gi1/2

… 89 1 34 10 BR2 Gi1/1

Traffic

Classes

Border routers collect and report passive monitoring

statistics to the master controller approximately once

per minute.

BRs gather performance measurements using Netflow

BRs report Performance Metrics for Traffic Classes to

the Master Controller

BR

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

MC

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

Exits

NetFlow

Cache

NetFlow

Cache

Page 62: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 63

pfr master

!

learn

throughput

!

list seq 10 refname LEARN_VIDEO

traffic-class access-list VOICE filter BRANCH_PREFIX

(traffic-class application nbar rtp-audio filter BRANCH)

aggregation-type prefix-length 32

throughput

!

list seq 20 refname LEARN_CRITICAL

traffic-class access-list CRITICAL filter BRANCH_PREFIX

(traffic-class application nbar citrix filter BRANCH)

throughput

!

!

!

mode route protocol pbr

!

Learning

• No need for learn-list per branch. Only one

learn-list for voice/video because Target

Discovery is used

• Automatically learn based on DSCP values

for Voice, Video and Critical Applications

• Rest of the Traffic falls under global learning

(kind of “default class)

Global Policies

• Apply for the rest of the traffic

• Load Balancing enabled by default

IOS 15.2(3)T

63

Page 63: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 64

MC#sh pfr master learn list

Learn-List seq 10 refname LEARN_VIDEO

Configuration:

Traffic-Class Access-list: VOICE

Filter: BRANCH1_PREFIX

Aggregation-type: prefix-length 32

Learn type: throughput

Session count: 1000 Max count: 1000

Policies assigned: 10

Status: ACTIVE

Stats:

Traffic-Class Count: 4

Traffic-Class Learned:

Appl Prefix 20.20.0.12/32 ef 256

Appl Prefix 20.20.0.14/32 ef 256

Appl Prefix 30.30.0.11/32 ef 256

Appl Prefix 30.30.0.13/32 ef 256

Learn-List seq 20 refname LEARN_CRITICAL

Configuration:

Traffic-Class Access-list: BUSINESS

Aggregation-type: prefix-length 24

Learn type: throughput

Session count: 50 Max count: 100

Policies assigned: 20

Status: ACTIVE

Stats:

Traffic-Class Count: 37

Traffic-Class Learned:

Appl Prefix 20.20.14.0/24 af31 256

Appl Prefix 20.20.6.0/24 af31 256

Appl Prefix 30.30.5.0/24 af31 256

Appl Prefix 20.20.8.0/24 af31 256

Appl Prefix 30.30.14.0/24 af31 256

[SNIP]

64

Page 64: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 65 65

BR BR

HQ

MC

MC/B

R

MC/B

R BR MC/B

R

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

Active

Fast

Active Throughput

pfr-map MYMAP 10 match pfr learn list LEARN_LIST_VIDEO_BRANCH1 set periodic 90 set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000

TCP, UDP, JITTER probe need ip sla responder

What’s needed:

‒ Configure a pfr-map that matches prefixes or

applications @ Remote-site1

‒ Define the policies

‒ Define the jitter probes

And REPEAT for each remote site

Page 65: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 66 66

BR BR

HQ

MC

MC/B

R

MC/B

R BR MC/B

R

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

Active

Fast

Active Throughput

PfR becomes multi-site aware

PfR utilizes a Peering between the Master

Controllers

Enables Automatic discovery of Branch

router, prefixes and probe target

Simplify the Active mode with Jitter probes

Page 66: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 67

• Each MC announces its inside prefixes, together with probe target address and site names

67

BR BR

HQ

MC

MC/B

R

MC/B

R BR MC/B

R

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

Site HQ

Publish

Prefix H1, H2, H3

Responder H

Site 1

Publish

Prefix A

Responder 1

Site 2

Publish

Prefix B

Responder 2

Site 3

Publish

Prefix C, D, E

Responder 3, 4

Active

Fast

Active Throughput

Page 67: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 68 68

BR BR

HQ

MC

MC/B

R

MC/B

R BR MC/B

R

WAN1 (IP-VPN)

WAN2 (IPVPN, DMVPN)

Prefixes Responders Sites

Prefix A

Prefix B

Prefix C, D, E

Responder1

Responder2

Responder3, 4

Site 1

Site 2

Site 3

Mapping table built on each site

Allows automatic jitter probe configuration

Allows automatic probe generation

Page 68: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 69

pfr-map MAP-TEST3 10 match pfr learn list LEARN_LIST_BRANCH1 set periodic 90 set mode route control set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr-map MAP-TEST3 15

match pfr learn list LEARN_LIST_BRANCH2

set periodic 90

set mode route control

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

set active-probe jitter 20.9.9.9 target-port 2000

pfr master

policy-rules MYMAP

mc-peer head-end Loopback1

target-discovery

[SNIP]

!

pfr-map MYMAP 10

match pfr learn list LEARN_LIST_BRANCH

set periodic 90

set delay threshold 200

set loss threshold 50000

set jitter threshold 30

set mode monitor fast

set resolve loss priority 2 variance 5

set resolve jitter priority 3 variance 5

set resolve delay priority 4 variance 5

no set resolve range

no set resolve utilization

set probe frequency 4

Page 69: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 70

BR BR

HQ

MC/B

R BR MC/B

R

The Rest of the

Traffic

30.30.0.0/16

10.10.0.0/16

20.20.0.0/16

10.3.3.3

30.10.10.10 20.9.9.9

! pfr master policy-rules MYMAP mc-peer head-end Loopback0 target-discovery <responder-list HQ_TARGET> <inside- prefixes HQ_PREFIX> border 10.4.4.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP1 ! border 10.5.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP2 !

pfr master

policy-rules MYMAP

mc-peer 10.3.3.3 Loopback0

target-discovery

Voice, Video,

Critical

IOS 15.2(3)T

MC

MC/B

R

70

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

R3

LISTEN

R10

SETUP

The peering to the

head-end

Page 70: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 71

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

Voice, Video,

Critical The Rest of the

Traffic

30.30.0.0/16

10.10.0.0/16

20.20.0.0/16

MC 10.3.3.3

20.9.9.9 30.10.10.10

71

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

R3#sh pfr master target-discovery

PfR Target-Discovery Services

Mode: Static Domain: 59501

Responder list: HQ_TARGET Inside-prefixes list: HQ_PREFIX

SvcRtg: client-handle: 7 sub-handle: 6 pub-seq: 1

PfR Target-Discovery Database (local)

Local-ID: 10.3.3.3 Desc: R3

Target-list: 10.4.5.5, 10.4.5.4

Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24

PfR Target-Discovery Database (remote)

MC-peer: 30.10.10.10 Desc: R10

Target-list: 30.30.0.10

Prefix-list: 30.30.0.0/16

MC-peer: 20.9.9.9 Desc: R9

Target-list: 20.20.0.9

Prefix-list: 20.20.0.0/16

R3#

Page 71: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 72

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

Voice, Video,

Critical The Rest of the

Traffic

30.30.0.0/16

10.10.0.0/16

20.20.0.0/16

MC 10.3.3.3

20.9.9.9 30.10.10.10

72

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

R3#sh pfr master active-probes target-discovery PfR Master Controller active-probes (TD) Border = Border Roter running this probe MC-Peer = Remote MC associated with this target Type = Probe Type Target = Target Address TPort = Target Port N - Not applicable Destination Site Peer Addresses: MC-Peer Targets 30.10.10.10 30.30.0.10 20.9.9.9 20.20.0.9 The following Probes are running: Border Idx State MC-Peer Type Target TPort 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.5.5.5 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.5.5.5 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 R3#

Page 72: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 73

BR BR

HQ

MC/B

R

MC/B

R BR MC/B

R

Voice, Video,

Critical The Rest of the

Traffic

30.30.0.0/16

10.10.0.0/16

20.20.0.0/16

MC 10.3.3.3

20.9.9.9 30.10.10.10

73

WAN1 (IP-VPN, DMVPN)

WAN2 (IPVPN, DMVPN)

R10#sh pfr master target-discovery

PfR Target-Discovery Services

Mode: Dynamic Domain: 59501

SvcRtg: client-handle: 2 sub-handle: 1 pub-seq: 1

PfR Target-Discovery Database (local)

Local-ID: 30.10.10.10 Desc: R10

Target-list: 30.30.0.10

Prefix-list: 30.30.0.0/16

PfR Target-Discovery Database (remote)

MC-peer: 20.9.9.9 Desc: R9

Target-list: 20.20.0.9

Prefix-list: 20.20.0.0/16

MC-peer: 10.3.3.3 Desc: R3

Target-list: 10.4.5.5, 10.4.5.4

Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24

R10#

Page 73: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 74

pfr-map MYMAP 10 match pfr learn list LEARN_VIDEO set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90

Policies Thresholds

• Applied to the voice and video traffic

• Loss, delay and jitter

Policies Definition

• List all policies

• Assign priority

• Administrative policy: SP1 is the primary

path, fallback to SP2 if OOP

Jitter Probe

• Target Discovery is used

• No need to manually define the probe target

Monitor mode fast

• Actively probe all exits to get performance

metrics

IOS 15.2(3)T

74

Page 74: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 75

pfr-map MYMAP 20 match pfr learn list LEARN_CRITICAL set delay threshold 120 set loss threshold 200000 set mode monitor active throughput set resolve delay priority 1 variance 20 set resolve loss priority 5 variance 10 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90

Policies Thresholds

• Applied to the voice and video traffic

• Loss, delay and jitter

Policies Definition

• List all policies

• Assign priority

• Administrative policy: SP1 is the primary

path, fallback to SP2 if OOP

Active Probes

• Automatic configuration and generation of

probes

Monitor mode Active

• Actively probe all exits to get performance

metrics

IOS 15.2(3)T

75

Page 75: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 76

! pfr master policy-rules MYMAP max-range-utilization percent 22 ! mc-peer head-end Loopback0 target-discovery ! logging ! ! Default Policies ! mode route protocol pbr !

Link Range Utilization

• Keep the usage on a set of exit links

within a certain percentage range of

each other

Global Policies

• Apply for the rest of the traffic

• Load Balancing enabled by default

IOS 15.2(3)T

76

Page 76: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 77

Page 77: Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

© 2010 Cisco and/or its affiliates. All rights reserved. 78

The Key Takeaways of this presentation were:

• NBAR2 and PA can be deployed to provide visibility at the remote branches, and provide tool to proactively monitor application performance

• Implement application-aware QoS to better control application usage and maximize performance of critical applications

• PfR simplifies Internet Presence load balancing operation

• PfR protects critical applications from WAN brownout and maximize utilization of available WAN links