Application aware networks

Praha, hotel Clarion 10. 11. dubna 2013 Application aware networks Detekce a řízení aplikačních toků v moderních sítích ARCH4/L2 Miroslav Brzek - Cisco Adrian Čech - NextiraOne 2011 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1

Agenda Why we need Application-awareness in Enterprise WAN? What is AVC? AVC Technologies Application Recognition (NBAR2) Performance Monitoring (FNF, ART) Management Tool Control (QoS, PfR) Conclusion AVC management with Cisco Prime Assurance demo ukázka

Why Application Visibility and Control in Enterprise WAN? 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

Business and IT are Changing Like Never Before Network Needs To Evolve To Support These Transitions Application complexity increases Cloud and Virtualization centralize application delivery Multiple entities involved in delivering applications Identify growing applications using more than just port number Understand application performance from end users perspective Problem isolation to minimize downtime and business impact

How Do I Design My Network Infrastructure To Granularly identify the applications Understand the network condition and capacity Understand the user experience Control unwanted traffic Maximize use of available resources Deliver consistent performance to critical applications 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5

Typical Use Cases for Application-aware network deployment What applications do I have running on my network? Users call about application problem, how do I isolate the problem I want to monitor branch user experiences accessing Oracle application in my Data Center Unwanted applications like YouTube and BitTorrent are taking over my network

What is Application Visibility and Control (AVC)? 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

What is Application Visibility and Control? Gain visibility into application running in the network, performance trend, and user experiences Intelligently prioritize, control, or direct application traffic to maximize user experience

Introduce Application Visibility and Control (AVC) Solution Before AVC Solution Performance Monitoring Appliance Web Servers DPI Email Servers Management AVC Web Servers Email Servers Management Branch Office Data Center Branch Office AVC Data Center Integrated Solution Rich Monitoring and Control Capabilities Flexible Deployment Provide 1000+ application recognition natively within ISR G2 and ASR1K Simple software activation Comprehensive traffic statistics response time, bandwidth Feature-rich IOS control capabilities (HQoS, PfR) Branch, WAN aggregation, Data center, Internet edge Support Cisco and 3 rd party management tool

AVC How the Solution works ISR G2 App Visibility & User Experience Report ISR G2 ASR1K ISR G2 ASR1K NFv9/IPFIX App BW Transaction Time WebEx 3 Mb 150 ms Citrix 10 Mb 500 ms ASR1K High Med Low Reporting Tools Application Recognition Identify applications using L3 to L7 information (NBAR2) Reporting Perf. Tool Collection & Exporting ISR G2 & ASR collect application bandwidth and response time metrics, and export to management tool (FNF, ART, MMON) Management Tool Advanced reporting tool aggregates and reports application performance (Cisco Prime Infrastructure 3 rd Party Tools) Control Use QoS or PfR to control application network usage to improve application performance 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10

AVC Technologies 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

ISR G2 ASR1K Application Recognition Application Recognition Identify applications using L3 to L7 information (NBAR2) 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12

How to Identify Applications? Access Control List based on IP address, protocol type and port number is no longer enough HTTP became a NEW transport protocol Must go into the payload to clearly identify the application Skype, Bittorent, Apple Applications, Games, etc. Need statefull inspection for dynamically assigned TCP and UDP port numbers Application consists of multiple sessions (Video, Voice, Data) Must also identify some application extracted fields RTP Payload Type Classification eases classification of voice and video traffic Should identify the application transport tunneled applications, IPv6 in IPv4 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13

What is Really in Your Network? Port Monitoring Application Monitoring bittorrent skype rtp gtalk netflix webex unknown? http?

NBAR: Deep Packet Inspection (DPI) Stateful and Dynamic Inspection IP Packet TCP/UDP Packet Data Packet ToS Protocol Source IP Addr Dest IP Addr Src Port Dst Port Sub-Port/Deep Inspection Classification of L3-L7 Application traffic Identifies applications Statically assigned Dynamically assigned during connection establishment Non-TCP and non-udp IP protocols Statefull inspection Snooping bi-directional application traffic as it flows through the network Provides Advanced Application Classification and Field Extraction capabilities Support of IPv4, IPv6 and nested traffic (IPv6 transition method,...) Classification per Categories, Sub-Categories and Attributes 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15

NBAR 1000+ Application Recognition Roadmap (Cloud & enterprise apps) HTTP HTTP HTTP Examples of apps recognized by NBAR2 as of XE 3.6S and 15.2(3)T List of protocols and applications supported by NBAR http://www.cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html NBAR Protocol Pack allows adding more applications without upgrading or reloading IOS Supported devices: ISR-G2, ASR1000, adding support on unified access (WLAN controller, AP s, Cat3850)

Define Your Own Application in NBAR2 Port TCP or UDP 16 static ports per application Range of ports (1000 maximum) Payload Search the first 255 bytes of TCP or UDP payload ASCII (16 characters) Hex (4 bytes) Decimal (1-4294967295) Variable (4 bytes Hex) HTTP URL URI regex Host regex

User-Defined Application Example IP Packet TCP/UDP Packet Data Packet ToS Protocol Source IP Addr Dest IP Addr Src Port Dst Port FFFF0000MoonbeamFFFF ip nbar user-defined lunar_light 8 ascii Moonbeam tcp range 8000 8001 class-map solar_system match protocol lunar_light policy-map astronomy class solar_system set ip dscp AF21 interface Serial1 service-policy output astronomy Name ( lunar light ) - Name the match criteria up to 24 characters Offset (Skip first 8 bytes) - Specify the beginning byte of string or value to be matched in the data packet, counting from zero for the first byte Format ( ascii ) - Define the format of the match criteria ASCII, hex or decimal Value( Moonbeam ) - Should match with the value in the packet. If ASCII, up to 16 characters [Source or destination port] ( [source destination] ) - Optionally restrict the direction of packet inspection; defaults to both directions if not specified TCP or UDP ( tcp ) - Indicate the protocol encapsulated in the IP packet Range or selected port number(s) ( range 2000 2999 ) - range with start and end port numbers, up to 1,000 one to sixteen individual port numbers 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18

NBAR2 Field Extraction Support Ability to look into specific application information NBAR extract fields from HTTP, RTP, Citrix, etc for QoS configuration HTTP Header Fields example Router(config-cmap)# match protocol http? content-encoding Encoding mechanism used to package entity body from E-mail of human controlling the user-agent host Host name of Origin Server containing resource location Exact location of resource from request mime Content-Type of entity body referer Address the resource request was obtained from server Software used by Origin Server handling request url Uniform Resource Locator path user-agent Software used by agent sending the request NBAR RTP Payload Type Classification Eases classification of voice and video traffic VoIP, streaming/real time video, audio/video conferencing, Fax over IP Distinguishes between RTP packets based on payload type and CODECS

Different Ways to Use NBAR 1. Discover applications going across interfaces ip nbar protocol-discovery CLI 2. Match applications or groups of applications in QoS class-map to take action, i.e. shape, police, remark match protocol CLI in QoS class-map 3. With Flexible Netflow (FNF) or other performance reporting features to report application name match or collect application name CLI

ISR G2 ASR1K NFv9/IPFIX Reporting Tools Reporting Tool Perf. Collection & Exporting Performance Collection & Exporting ISR G2 & ASR collect application bandwidth and response time metrics, and export to management tool (FNF, ART, MMON) 2011 Cisco and/or its affiliates. All rights reserved.

Performance Collection & Exporting What is it? Rich Monitoring from the Network without Additional Hardware Probe Advanced Monitoring Basic Monitoring Voice and Video Performance (Media Monitoring) 30% of traffic is voice and video Critical Applications Performance (Performance Agent) What applications, how much bandwidth, flow direction? (Flexible Netflow and NBAR/NBAR2) 40% of traffic is critical applications HTTP HTTP

Flexible Netflow Feature to collect and export network information and statistics Flexibility in defining fields and flow record format Utilize Netflow Version 9 Format UDP-based transport Consist of data collection (flow monitor) and data export (flow export) Can be used for collecting application info from NBAR2 and statistics along with other network information Open-standard, can be analyzed by Cisco Insight, Cisco Prime NAM, Cisco Prime Assurance Manager, and 3rd Party Tools

Gaining Full Visibility with Flexible Netflow + NBAR2 Link Layer Header IP Header TCP/UDP Header ToS MAC Protocol Source IP Address Destination IP Address Source Port Destination Port NetFlow Monitors data from layer 2 thru 7 Determines applications by combination of port and payload Flow information who, what, when, where Data Packet Deep Packet (Payload) Inspection FNF + NBAR2 Flexible NetFlow allows your own select of key fields Statefull inspection of dynamic-port traffic Packet and byte counts 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24

Flexible NetFlow Records for AVC Discovery Application Bandwidth Usage and Top Talker Usage Record What applications do I have? What are connection durations? What is the total number of application flows? Transaction Record Top N clients and servers Top server ports and applications 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25

When users complain about Application Problem What the users see What network admins see What can happen Your network is slow Increased Latency End Users I do not see anything wrong ping OK show ip route - OK traceroute - OK show interface - OK WAN Problem Application Problem Server Problem Network Admin User Problem

Application Response Time (ART) Measurement My email is slow! How do I ensure my SLA is met My query is taking long time! WAN Branch NFv9/IPFI X Data Center Reporting Tool Key Features 27 Application Response Time (ART) Metrics Interact with NBAR2 for Application ID and field extraction information In ISR G2, provide by Performance Agent (PA) In ASR1K, ART is part of unified monitoring Benefits Visibility into application usage and performance Quantify user experience Troubleshoot application performance Track service levels for application delivery

Application Response Time (ART) Measurement Application Delivery Path Network Segment Breakdown Request Clients Client Network Server Network Application Servers Response Client Network Delay (CND) Server Network Delay (SND) Application Delay (AD) Network Delay (ND) Total Delay Separate application delivery path into client and server segments Server Network Delay (SND) approximates WAN Delay Latency per application

Understand ART Metrics Calculation Client Request SYN ACK CND Request 1 Request 1 (Cont) TT ACK 3 X ACK 6 Request 2 SND RT X SYN-ACK ACK DATA 1 DATA 2 DATA 3 DATA 4 DATA 5 DATA 3 DATA 4 Retransmission DATA 6 Server Response Response Time (RT) t(first response pkt) t(last request pkt) Transaction Time (TT) t(last response pkt) t(first request pkt) Network Delay (ND) ND = CND + SND Application Delay (AD) AD = RT SND Quantify User Experience Quantify User Experience Identify Server Performance Issue

List of ART Metrics Supported Traditional FNF Metrics Application ID (from NBAR2) Client/Server Bytes Client/Server Packets Source MAC Address Input/Output Interface IP DSCP WAAS Express Metrics Input/Output Bytes WAAS Connection Mode TFO, TFO/LZ, TFO/DRE, TFO/LZ/DRE Input/Output DRE Bytes Input/Output LZ Bytes ART Metrics CND - Client Network Delay (min/max/sum) SND Server Network Delay (min/max/sum) ND Network Delay (min/max/sum) AD Application Delay (min/max/sum) Total Response Time (min/max/sum) Total Transaction Time (min/max/sum) Number of New Connections Number of Late Responses Number of Responses by Response Time (7-bucket histogram) Number of Retransmissions Number of Transactions Client/Server Bytes Client/Server Packets 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30

App Visibility & User Experience Report Management Tool Cisco Prime Infrastructure (PI) 3 rd Party Network Management Advanced reporting tool aggregates and reports application performance (Cisco Prime Infrastructure 3 rd Party Tools) 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Prime Infrastructure Assurance Manager Configuration of AVC features Network Monitoring Service Monitoring Reporting and Trends Multi-NAM Manager Packet and Flows Analysis Application Response Time Voice and Video Metrics Distributed SNMP and Netflow Collection 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 33

How to use PI-AM to Monitor Application Usage? flow record type mace mace-record collect datalink mac source address input collect ipv4 dscp collect interface input collect interface output collect application name collect counter client bytes collect counter server bytes collect counter client packets collect counter server packets collect art all Who sends Bittorrent? Collect Traffic Volume Information 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34

How to use PI-AM to Monitor Application Usage? Discover Top Users for the Application Discover Application Per-user 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 35

Monitor Application Performance Across Multiple Sites Which site is slowest? How is the Server performing? How is user experience at a site? 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 36

How to use PI-AM to Monitor and Troubleshoot Application Performance Response Time I know exactly what is going on Your network is so slow I cannot get any work done today Application Server Delay Need to understand relationship between these metrics Network Latency Network Admin End Users Transaction Time Traffic Volume

1. Detect Application Server Problem Transaction Time Response Time Network seems fine Server Delay Network Latency End user experience is impacted because application server is slow 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 38

2. Detect Network Inefficiency (Packet Loss) Transaction Time Response Time Traffic volume goes down while transaction time goes up Server Delay Network Latency Transaction time shoots up when other metrics remain the same 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 39

AVC Management Tool Integration Company Product Use Cases Status PAM Network and App Monitoring. Control GUI (future) PAM 2.0 Adding PfR, new metrics in XE 3.8S Gomez & DynaTrace APM combined with App-aware Network Monitoring Adding NBAR2, PA, WAAS 5View App-aware Network Monitoring Already support WAAS Adding NBAR2, PA LiveAction Control (QoS) GUI, App-aware Network Monitoring Already supports medianet Adding NBAR2, PA, PfR Scrutinizer App-aware Network Monitoring Already support PfR, medianet Adding NBAR2, PA Others: Living Object, Insight, CA

ISR G2 ASR1K High Med Low Control Quality of Service (QoS) Performance Routing (PfR) Use QoS or PfR to control application network usage to improve application performance 2011 Cisco and/or its affiliates. All rights reserved.

AVC Control Options Application Bandwidth Control Application Path Control WAN 1 High SLA WAN 2 Med SLA Internet No SLA WAN LAN WAN LAN Guarantee bandwidth to protect critical applications from network congestion Provide low latency to delay sensitive applications Stop or limit unwanted applications from using WAN resources Application routing based-on real-time performance Information Intelligent load sharing provides resiliency and fully utilizes all available WAN resources Improve performance of voice, video, and critical applications

The Role of QoS for Control Guarantee Bandwidth Limit Max Bandwidth Minimize Latency Change Flow Properties Reduce Burst Bandwidth action Police action Priority action Set action, i.e. set dscp Shape action 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 43

Application Path Control with PfR Performance Routing (PfR) provides intelligent load balancing and application control natively within the WAN infrastructure Routing decision is based on real-time performance metrics, i.e. loss, jitter, latency Example: Send Enterprise Apps and WebEx over primary link, and send recreational traffic to secondary link Enterprise Apps (High priority) Netflix (Low priority) WebEx (High priority) PfR MCs ASR1K ASR1K PfR BRs SP A MPLS GETVPN PfR MC/BR Branch ASR1K Internet Router Si ASR1K SP B MPLS GETVPN

PfR Use Case Examples Protecting critical applications while Maximizing bandwidth utilization Detect loss > 10% Internet Detect high jitter WAN Cloud Service Voice&Video VDI Best Effort traffic Best Effort traffic ISP-1 (Primary) ISP-2 (Secondary) SP-A (MPLS VPN) SP-B (MPLS VPN) Cloud Service & Load Balancing Policy Protect business Cloud applications from network brownout Loss > 10% Cloud Service preferred path ISP1 Maximize all ISP bandwidth by load sharing other Internet traffic Multimedia & Critical Data Policy Protect voice and video quality Latency > 200ms; Jitter > 30ms Protect VDI applications from brownouts Loss > 5% Voice & Video preferred path SP-A VDI preferred path SP-B Maximize utilization by load sharing

Conclusion 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

AVC Solution Benefits What Benefits? How? Improve Application, Voice, and Video Performance Better Application Visibility and Control Identify Performance Issues Before They Occur Proactive Monitoring, Performance Threshold Minimize Downtime by Accelerating Troubleshooting End-to-end Network Visibility, Historical Data

What is required to use AVC? Cisco 800 with Advanced IP services license Cisco 19/29/39xx with Data or Application Experience license Cisco ASR 1000 with Advanced IP services + AVC Feature License + Cisco Prime Infrastructure Management

AVC management with Cisco Prime Assurance Adrian Čech - NextiraOne 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect

AVC topologie Topologie AVC 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 50

AVC spuštění v Cisco PAM Spuštění AVC Výběr menu Deploy - Configuration Tasks - Collecting Traffic Statistics Výběr zařízení Zařízení je ASR1k anebo ISR G2 směrovač Výběr hodnot a potvrzení konfigurace Apply 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 51

AVC vytvoření infrastruktury Vytvoření struktury Výběr menu Design - Site Map Design Výběr New Campus Nastavení jména pobočky a Next Opakovat pro další pobočky 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 52

AVC asociace ze zařízením Vytvoření asociace struktury a reálných zařízení Výběr menu Design - Endpoint-Site Association Výběr Add Row Přiřazení zařízení k pobočkám 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 53

AVC přehled provozu Přehled provozu Výběr Operate - Detail Dashboards Výběr Site 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 54

AVC vytvoření grafu Výběr grafu Výběr na ikoně vpravo Add Dashlet(s) Výběr grafu podle potřeby např. Top Application Traffic over Time 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 55

AVC ATR Výběr grafu Výběr na ikoně vpravo Add Dashlet(s) Výběr grafu Transaction Times Výběr filtru pro konkrétní aplikaci 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 56

Otázky a odpovědi Zodpovíme též v Ptali jste se v sále LEO v 17:45 18:30 e-mail: connect-cz@cisco.com 2011 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 57

Prosíme, ohodnoťte tuto přednášku. 2011 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 58

Děkujeme za pozornost. 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect 59