Documente Academic
Documente Profesional
Documente Cultură
Cisco Confidential
Register for a Technical Seminar with our Cisco Software SMEs: http://www.ciscolive.com/london/registration-packages/
Session Title Session Number
TECIPM-3191 TECNMS-3601
Application Awareness in the Network; the Route to Application Visibility and Control TECRST-2672 Converged Access: Wired/Wireless System Architecture, Design and Operations Enterprise QoS Design Strategy IP Mobility Deep Dive IPv6 for Dummies: An Introduction to IPv6 IPv6 Security Scaling the IP NGN with Unified MPLS Software Defined Networking and Use Cases Understanding and Deploying IP Multicast Networks
2012 Cisco and/or its affiliates. All rights reserved.
Speakers
Panelists
Cisco Confidential
Submit questions in Q&A panel and send to All Panelists Avoid CHAT window for better access to panelists For WebEx audio, select COMMUNICATE > Join Audio Broadcast For WebEx call back, click ALLOW phone button at the bottom of participants side panel Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com Please complete the post-event survey Join us February 13th for our next TechAdvantage Webinar:
Unleash the Power of Your Network with One Platform Kit (onePK)
www.cisco.com/go/techadvantage
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Positioning
Key Customer Challenges PfR Benefits
Cisco Confidential
Cisco Confidential
Cisco Confidential
Cisco Confidential
Type of Applications
Cisco Confidential
50%
Percent of CIO s who say the majority of their apps will be in the Cloud by 2015
37%
Consider Cloud ready WAN to be the Most Critical Infrastructure for Cloud 28% : Virtualized DC 21% - SP SLA
Key FindingsCisco Global Cloud Networking Survey, April 2012* Expectation Reality: Top Network Challenges vs.
50%
Percent of CIO s who say the majority of their apps will be in the Cloud by 2015
37%
Consider Cloud ready WAN to be the Most Critical Infrastructure for Cloud 28% : Virtualized DC 21% - SP SLA
60%
Cited Performance as a Key Challenge for Cloud
66%
Cited Security and Policy as a Key Challenge for Cloud
60%
Cited Management as a Key Challenge for Cloud
WAN
Internet
Cisco Confidential
12
I dont know, if I am getting my SLA I dont know, the applications running in my network I dont know, how to isolate performance problems I dont know, how much non-business traffic is consuming
WAN
Internet
Cisco Confidential
13
I dont know, if I am getting my SLA I dont know, the applications running in my network I dont know, how to isolate performance problems I dont know, how much non-business traffic is consuming
WAN
Internet
Cisco Confidential
14
I dont know, if I am getting my SLA I dont know, the applications running in my network I dont know, how to isolate performance problems I dont know, how much non-business traffic is consuming
WAN
Internet
I cant do, anything about poor and inconsistent performance I cant do, anything about my Network outages I cant do, anything about under utilization of my Expensive WAN links I cant do, anything about unreliability for my WAN links
Cisco Confidential
15
I dont know, if I am getting my SLA I dont know, the applications running in my network I dont know, how to isolate performance problems I dont know, how much non-business traffic is consuming
WAN
Internet
I cant do, anything about poor and inconsistent performance I cant do, anything about my Network outages I cant do, anything about under utilization of my Expensive WAN links I cant do, anything about unreliability for my WAN links
Cisco Confidential
16
I dont know, if I am getting my SLA I dont know, the applications running in my network I dont know, how to isolate performance problems I dont know, how much non-business traffic is consuming
WAN
Internet
I cant do, anything about poor and inconsistent performance I cant do, anything about my Network outages I cant do, anything about under utilization of my Expensive WAN links I cant do, anything about unreliability for my WAN links
Cisco Confidential
17
Visibility
Control
Report
Cisco Confidential
18
Save 40% operational cost by smart load balancing Increase WAN reliability with out increase in $ cost Avoid service outages
Cisco Confidential
19
SP-A
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
20
SP-A
Network Outage Network Outage
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
21
Pfr enabled
SP-A
Network Outage Network Outage
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
22
Expensive SP-A
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
23
Pfr enabled
Expensive SP-A
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
24
SP-A
BR
SP-B
BR
MC/BR
MC
BR
HQ
SP-C
BR
BR
Cisco Confidential
25
Pfr enabled
SP-A
BR
SP-B
BR
MC/BR
MC
BR
HQ
SP-C
BR
BR
Cisco Confidential
26
Pfr enabled
SP-A
BR
SP-B
BR
MC/BR
MC
BR
HQ
SP-C
BR
BR
Cisco Confidential
27
Pfr enabled
SP-A
BR
SP-B
BR
BR
HQ
SP-C
BR
BR
Cisco Confidential
28
SP-A
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
29
SP-A
Service outage Service Outage
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
30
Pfr enabled
SP-A
Service outage Service Outage
BR
BR
SP-B
MC
MC/BR
BR
HQ
Cisco Confidential
31
Internet
Cloud Service
ISP-1 (Primary)
ISP-2 (Secondary)
Internet traffic
Protect business Cloud applications from network
brownout
Loss > 10%
Cisco Confidential
32
Internet
brownout
Loss > 10%
Cloud Service preferred path ISP1 Maximize all ISP bandwidth by load sharing other
Internet traffic
Cisco Confidential
33
WAN
Voice & Video preferred path SP-A Critical Apps preferred path SP-A Maximize utilization by load sharing
Cisco Confidential
34
WAN
Critical Apps
Voice & Video preferred path SP-A Critical Apps preferred path SP-A Maximize utilization by load sharing
Cisco Confidential
35
Cisco Confidential
36
Optimize by:
Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost
WAN1 WAN2
Cisco Confidential
37
Internet Edge
ISP2
Enterprise WAN
WAN1
(IP-VPN)
MC/BR
Branch
ISP1
BR MC
BR
MC/BR
BR
MC
BR
(IPVPN, DMVPN)
WAN2
BR
MC/BR
HQ
Cisco Confidential
38
HQ
MC
BR
BR
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
39
HQ
Site HQ
MC
BR
WAN1 (IP-VPN)
MC/
MC/
MC/ BR BR Site 3
Publish Prefix C, D, E Responder 3, 4
Cisco Confidential
40
HQ
MC
BR
BR
Mapping table built on each site Allows automatic jitter probe configuration Allows automatic probe generation
MC/BR
WAN1 (IP-VPN)
MC/BR
MC/BR
BR
Cisco Confidential
41
Learning
Get the Traffic Classes in the MC database Get the Traffic Classes Performance Metrics Check Delay, loss, threshold, Bandwidth and more Use a good performing path per Traffic Class
Cisco Confidential
42
HQ
Traffic Classes
MC
traffic flowing through the border routers Subsets of the total traffic must be identified, and these traffic subsets are named traffic classes
Dest. IP DSCP Delay 0 Loss
BR
BR
Jitter
Global or
10.2.2.0/24
WAN1
(IP-VPN)
Jitter BW
Dest. IP 10.2.2.0/24
DSCP EF
AppID
Delay 0
Loss
Application Groups
MC/BR
Dest. IP 10.2.2.0/24 DSCP AF31 AppID Delay 0 Loss Jitter BW
MC/BR
MC/BR
BR
10.1.1.0/24 10.1.2.0/24
2012 Cisco and/or its affiliates. All rights reserved.
10.2.1.0/24 10.2.9.0/24
Cisco Confidential
43
HQ
Voice - Video
Traffic Classes
MC
MC/BR
MC/BR
MC/BR
BR
10.10.1.0/24 10.10.2.0/24
10.20.1.0/24 10.20.9.0/24
Cisco Confidential
44
HQ
Traffic Classes
Destination Prefix DSCP App Id Delay Loss Ingress BW Egress BW BR Exit
MC
NetFlow Cache
Traffic Classes
BR
BR
NetFlow Cache
WAN1 (IP-VPN)
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
45
HQ
MC
Destination Prefix 10.1.1.1/32 20.2.1.0/24 30.1.1.0/24 DSCP EF AF31 0 App Id Delay Loss Ingress BW Egress BW BR BR1 BR2 BR1 Exit E0/0 E0/0 E0/0
NetFlow Cache
BR
BR
NetFlow Cache
Traffic Classes
WAN1 (IP-VPN)
BRs aggregate based on the configured destination mask Send the reports to the MC every minute
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
46
HQ
Traffic Classes
MC
Passive
Reachability Egress BW PfR Netflow Monitoring Flows Need not be symmetrical Delay Loss Ingress BW
NetFlow Cache
BR
BR
NetFlow Cache
WAN1 (IP-VPN)
Learning Monitoring (Passive Active) Choosing Your Policies Enforcing the Path
MC/BR MC/BR MC/BR
BR
Cisco Confidential
47
HQ
DSCP 0 AF11 0
App Id
Delay
Loss
Ingress BW
Egress BW
MC
BR BR1 BR1 BR2 Exit Gi1/1 Gi1/2 Gi1/1
BR
BR
Traffic Classes
BR BR1 BR2 Links Gig1/1 Gig1/2 Ingress Egress
WAN1 (IP-VPN)
PfR uses NetFlow to collect and aggregate passive monitoring statistics on a per traffic class basis. MC Instructs BRs to monitor the performance
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
48
HQ
DSCP 0 AF11 0
App Id
Loss 0 0 1
MC
BR BR1 BR1 BR2 Egress 40 60 Exit Gi1/1 Gi1/2 Gi1/1
Traffic Classes
NetFlow Cache
BR
BR
NetFlow Cache
WAN1 (IP-VPN)
Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. BRs gather performance measurements using Netflow BRs report Performance Metrics for Traffic Classes to the Master Controller
2012 Cisco and/or its affiliates. All rights reserved.
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
49
HQ
Active
Reachability Jitter PfR enables IP SLA feature Probes sourced from BR ICMP probes learned or configured TCP, UDP, JITTER need ip sla responder Delay Loss MOS
MC
BR
BR
WAN1 (IP-VPN)
Learning Monitoring (Passive - Active) Choosing Your Policies Enforcing the Path
MC/BR MC/BR MC/BR
BR
Cisco Confidential
50
HQ
Fast
Active probes on all path all the time Passive to measure BW only
MC
BR
BR
Active Throughput
Passive to measure BW only Active probing on current exit
MC/BR
WAN1 (IP-VPN)
MC/BR
MC/BR
BR
HQ
MC
Destination Prefix 10.1.1.1/32 10.1.10.0/24 App Id Ingress BW Egress BW
DSCP EF AF31 0
Delay
Jitter
Loss
BR
BR
Traffic Classes
WAN1 (IP-VPN)
Active monitoring involves creating a stream of synthetic traffic (IP SLA probes) that replicates a traffic class as closely as possible. MC Instructs BRs to send probes and monitor the performance
MC/BR MC/BR MC/BR
BR
Cisco Confidential
52
HQ
MC
Destination Prefix 10.1.1.1/32 10.1.10.0/24 App Id Ingress BW 20 52 34 Egress BW 40 60 10
DSCP EF AF31 0
Delay 60 110 89
Jitter 10 15 26
Loss 0 0 1
BR
BR
Traffic Classes
BRs gather performance measurements using IP SLA probes The performance metrics of the synthetic traffic are collected BRs report Performance Metrics for Traffic Classes to the MC
MC/BR
WAN1 (IP-VPN)
MC/BR
MC/BR
BR
The MC applies results to the traffic class entry in the Master Controller database
Cisco Confidential
53
HQ
Traffic Classes
MC
Link
Load balancing Max utilization Link grouping $Cost
Application Performance
Reachability Delay Loss MOS Jitter
WAN1
(IP-VPN)
WAN2
(IPVPN,
DMVPN)
BR
BR
Learning Monitoring (Passive Active) Choosing Your Policies Enforcing the Path
MC/BR MC/BR MC/BR
BR
Cisco Confidential
54
HQ
1. Link-Group Voice - Video 2. Loss 3. Jitter 4. Delay 1. Link-Group Critical Application 2. Loss 4. Delay Rest of the Traffic Load-Balancing
MC/BR
MC
BR
BR
WAN1 (IP-VPN)
Multiple resolvers can be assigned Set of Policies per Application Group Resolver Priority
2012 Cisco and/or its affiliates. All rights reserved.
MC/BR
MC/BR
BR
Cisco Confidential
55
HQ
Destination Prefix
BGP
- Egress: route injection or Modifying the BGP Local Preference attribute - Ingress: BGP AS-PATH Prepend or AS Community
Application
Dynamic PBR NBAR/CCE
MC
BR
BR
WAN1 (IP-VPN)
Learning Monitoring (Passive Active) Choosing Your Policies Enforcing the Path
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
57
Internet Edge
Branch
ISP1
ISP2
WAN1
(IP-VPN)
BR MC BR BR
MC/BR
MC/BR
MC
BR
(IPVPN, DMVPN)
WAN2
BR
MC/BR
HQ
Cisco Confidential
58
Problem Statement
Ingress/Egress path are under/over utilized Maximize bandwidth utilization (uplinks with different BW
ISP A
Internet
ISP B
Manual Solution
Consider The Traffic Patterns of the Enterprise.
Does the Enterprise Host Content? 1000 Mbps 20 Mbps
Not Sure?
Graph Interface Byte Count Use NetFlow Even better, use Flexible NetFlow
Egress
R1
R2
20% direction doesnt matter unless links are widely varying speeds.
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Ingress
Tool/Attribute
Longest Match Local Preference AS_Path Communities
Implementation
Static or Redistribution / Received Direction Applied: Inbound Direction Applied: Outbound Direction Applied: Outbound
Cisco Confidential
60
HQ
R3
iBGP
R4 R5
eBGP
eBGP
ISP1 ISP4
ISP3
ISP2
ISP5 ISP6
ASR1000)
12.4T/15.0.1M IOS-XE 3.3.0
2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
61
HQ
R3
Learning Monitoring
iBGP
R5
55% 45%
eBGP
ISP1 ISP4
ISP3
ISP2
ISP5 ISP6
Cisco Confidential
62
HQ
R3
Learning Monitoring
iBGP
R5
20% 17%
eBGP
ISP1 ISP4
ISP3
ISP2
ISP5 ISP6
Cisco Confidential
63
Cisco Confidential
64
ISP1
ISP2
Enterprise WAN
WAN1
(IP-VPN)
MC/BR
Branch
BR MC
BR
MC/BR
BR
MC
BR
(IPVPN, DMVPN)
WAN2
BR
MC/BR
HQ
Cisco Confidential
65
HQ
Voice - Video
Problem Statement:
Recent carrier routing problem cause a network outage (Blackout).
MC
Fluctuating performance over the WAN is causing intermittent application problems (Brownout) Secondary/Backup WAN path under utilized
BR
BR
WAN1 (IP-VPN)
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
66
HQ
Traffic Classes
MC
Learning
Voice - Video
Voice, Video, Critical
BR BR
Classes of Applications
BR
Cisco Confidential
67
HQ
Traffic Classes
MC
Monitoring
Probes
Probes
Destination DSCP Prefix 10.1.1.1/32 10.1.10.0/24 Destination Prefix 10.1.1.1/32 10.1.10.0/24 EF AF31 EF DSCP 0 AF11 0
App Id
Delay 60 110 89
Jitter 10 20 35
Loss 0 0 1
Ingress BW 20 52 34
Egress BW 40 60 10 Egress BW 40 60 10
WAN1 (IP-VPN)
App Id
Delay 60 110 89
Loss 0 0 1
Ingress BW 20 52 34
MC/BR
MC/BR
BR
Cisco Confidential
68
HQ
MC
Policies
1. Link-Group
Voice, Video, Critical
BR BR
Voice - Video
Critical Application
2. Loss 4. Delay
MC/BR MC/BR MC/BR
BR
Load-Balancing
Cisco Confidential
69
Cisco Confidential
70
HQ
NetFlow
MC
SNMP Read
BR
WAN1 (IP-VPN)
MC/BR
MC/BR
MC/BR
BR
Cisco Confidential
71
To Support Technologies Such as MPLS or Multicast, This Export Format Can Be Leveraged to Easily Insert New Fields
Template FlowSet #0
(Version, # Packets, Sequence #, Source ID) Template Record Template ID #254 (Specific Field Types and Lengths) Template Record Template ID #257 (Specific Field Types and Lengths)
Data FlowSet
FlowSet ID #256 Data Record Data Record
Data FlowSet
FlowSet ID #257 Data Record
Option Template FlowSet #1 Template ID 258 (Specific Field Types and Lengths)
(Field Values)
(Field Values)
(Field Values)
Matching ID numbers are the way to associate template to the data records The header follows the same format as prior NetFlow versions so collectors will be backward compatible Each data record represents one flow If exported flows have different fields, they cannot be contained in the same template record (i.e., BGP next hop
Cisco Confidential
72
Traffic Analysis
Denial of Service
Billing
MC
Cisco Confidential
74
Cisco Confidential
75
Cisco Confidential
76
Cisco 3900 Cisco 2900 Cisco 1900 Cisco 1800 12.4, 12.4T, 15M/T Cisco 2800 12.4, 12.4T 15M/T Cisco 3900 Cisco 3800 12.4, 12.4T Cisco 3800 15M/T 12.4, 12.4T 15M/T
Cisco 6500
12.2(33)SXH (Deprecated)
Cisco 7600
Cisco Confidential
77
77
ISR Platforms
Services (AES) technology package license All other ASR1000 (ASR1002-F, ASR1002, ASR1004, ASR1006, ASR1013): Use Advanced IP Services (AIS/AISK9) or Advanced Enterprise Services (AES/AESK9) images
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
78
Docwiki Performance Routing Home Technology Overview, Solution Guides, Troubleshooting Guides, FAQ
http://docwiki.cisco.com/wiki/PfR:Home
Basic Configuration
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-basic.html
Advanced Configuration
http://www.cisco.com/en/US/docs/ios/pfr/configuration/guide/pfr-advanced.html
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
4h Lab: Deploying and Operating PfR LTRRST-2006 9h Techtorial: Application Visibility and Control TECRST-2672
Cisco Confidential
80
Thank you! Please complete the post-event survey Join us February 13th for our next webinar: Unleash the Power of Your Network with One Platform Kit (onePK) Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn
Cisco Confidential
81
Thank you.