Upload
get-your-build-on-with-software-for-the-network-beyond
View
3.243
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Providing functions to application traffic requires the network to classify, share information and understand the traffic. Application Visibility and Control (AVC) technologies address the needs for application classification, monitoring activities and network policies enforcement (QoS, Performance Routing, etc.), allowing for simplified, accelerated and scalable deployments.
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies
Jean Charles Griviaud and Ken Briley
We’ll get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
© 2010 Cisco and/or its affiliates. All rights reserved. 2
Madhavan Arunachalam Software Engineer
Engineering
Ina Singh Technical Leader
Engineering
Panelists
Ken Briley Technical Leader
Technical Marketing
Speakers
Jean-Charles Griviaud Product Manager
© 2010 Cisco and/or its affiliates. All rights reserved. 3
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event Survey
• For Webex audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? https://communities.cisco.com/docs/DOC-29594 Or send email to: [email protected]
• Join us on July 11 for our next IOS Advantage Webinar:
Flow Metadata for Enhanced Application Awareness
• For Webex call back, click ALLOW Phone button
at the bottom of Participants side panel
© 2010 Cisco and/or its affiliates. All rights reserved. 4
• Introduction
• Use Case Deep Dive
Visibility into WAN usage and application performance
Non-business Traffic Impact Business Critical Applications
Maximize Utilization and Availability of Internet Presence
Maximize Utilization and Reliability of Applications over the WAN
• Summary
© 2010 Cisco and/or its affiliates. All rights reserved. 5
Ensuring Application Performance Regardless of Location And Device Type Is
More Important Than Ever
SaaS IaaS/PaaS
5 DEVICES PER
USER BY 2016
300% GROWTH
IN VIDEO
TRAFFIC
XAAS MARKET
GROWING TO $241B BY
2020
80% OF NEW APPS
WEB ENABLED
© 2010 Cisco and/or its affiliates. All rights reserved. 6
“I could have avoided the down time if I know what is running
in my network”
“We do not know how many are experiencing performance
issues “
“We initially cannot tell if the issue is in the client, the
network, or in the backend server”
“We lack historical data to proactively detect unwanted
performance trend and their root causes”
“I need to know if my SLA is being met”
“I want to stop unauthorized applications from using my
network bandwidth”
© 2010 Cisco and/or its affiliates. All rights reserved. 7
Make the Network Application Aware
Gain visibility into application running in the network, performance trend, and user
experiences
Intelligently prioritize and control application traffic to maximize user experience
© 2010 Cisco and/or its affiliates. All rights reserved. 8
Use QoS or PfR to
control application
network usage to
improve application
performance
ASR1K
ISR G2
Control
High
Med
Low
Advanced reporting
tool aggregates
and reports
application
performance
App Visibility &
User Experience Report
Management
Tool
ISR G2 & ASR
collect application
bandwidth and
response time
metrics, and export
to management tool
ASR1K
ISR G2
FNF
IOS PA
Reporting Tool Perf. Collection &
Exporting
Reporting Tools
NFv9
App BW Transaction
Time
…
WebEx 3 Mb 150 ms …
Citrix 10 Mb 500 ms …
Identify applications
using L7 signatures
(NBAR2) or
metadata
ASR1K
ISR G2
Application
Recognition
© 2010 Cisco and/or its affiliates. All rights reserved. 9
NBAR2
IOS NBAR +150 Signatures
SCE Classification +1000 Signatures
Advanced Classification Techniques
Innovations IPv6 Classification
Nested Classification
Application Categorization
Open API 3rd Party Integration..
• List of protocols and applications supported by NBAR2 http://wwwin.cisco.com/ios/tech/collateral/90364_product_bulletin_c25-627831.pdf
• Enhanced reporting with additional field extraction – top browsing domain, top URL, browser type (Future)
• In-service Protocol Definition Update – no IOS upgrade required
© 2010 Cisco and/or its affiliates. All rights reserved. 10
Use Case IT Challenges AVC Technologies Used
Visibility into WAN usage and
application performance
•Lack of cost effective visibility tools
•Insufficient information to
troubleshoot application performance
NBAR2, PA
PAM
Non-business Traffic Impact
Business Critical Applications
•Control non-business critical
applications from using the network
resource
NBAR2, QoS
PAM
Maximize Utilization and
Availability of Internet
Presence
•Complex and manual configuration
to utilize all available internet
accesses
PfR – Internet Presence
Maximize Utilization and
Reliability of Applications over
the WAN
•Protect critical applications from sub-
optimal performance in the WAN
•Utilize all the available WAN links
PfR - WAN
© 2010 Cisco and/or its affiliates. All rights reserved. 11
11
© 2010 Cisco and/or its affiliates. All rights reserved. 12
Layer 4 Monitoring
Visibility for Today
Network
bittorrent rtp
gtalk
netflix
skype
webex
unknown?
http?
© 2010 Cisco and/or its affiliates. All rights reserved. 13
Increased Latency
WAN Problem
Application Problem
Server Problem
User Problem
1
3
Your network is
so slow I cannot
get any work
done today I do not see
anything
wrong End Users
Network
Admin
What the users see What network admins see What can happen
ping?
show ip route?
traceroute?
show interface?
© 2010 Cisco and/or its affiliates. All rights reserved. 14
Key Features
Application Usage (BW, Top N)
Application Response Time (ART) Measurement
Interact with NBAR or NBAR2
Standard NFv9 export (future – IPFIX)
Metric aggregation reduces number of flow
records across WAN
Benefits
Visibility into application usage and performance
Quantify user experience
Troubleshoot application performance
Track service levels for application delivery
My query
is taking
long time!
My email
is slow!
Branch Data Center
How do I
ensure
my SLA
is met
Reporting Tool
WAN
NFv9
ISR G2: Today
ASR1K: XE 3.8S
© 2010 Cisco and/or its affiliates. All rights reserved. 15
• Separate application delivery path into multiple segments
• Server Network Delay (SND) approximates WAN Delay
• Latency per application
Application Servers
Total Delay
Client
Network Clients
Client Network
Delay (CND) Application
Delay (AD)
Network Delay (ND)
IOS
PA
Server
Network
Request
Response Server Network
Delay (SND)
© 2010 Cisco and/or its affiliates. All rights reserved. 16
• What server and application user accesses and performance metrics
Source IP Source Port Dest IP Dest Port Protocol Application Bytes
10.0.0.1 13352 1.1.1.1 80 TCP Sharepoint 15000
1.1.1.1 80 10.0.0.1 13352 TCP Sharepoint 100000
10.0.0.1 13353 1.1.1.1 80 TCP Sharepoint 30000
1.1.1.1 80 10.0.0.1 13353 TCP Sharepoint 200000
Source IP Dest IP Dest Port Protocol Application Clnt Bytes Svr Bytes
10.0.0.1 1.1.1.1 80 TCP Sharepoint 45000 300000
sharepoint.cisco.com
(IP=1.1.1.1)
Users make 2 requests to
http://sharepoint.cisco.com
(IP=10.0.0.1)
What PA stores
© 2010 Cisco and/or its affiliates. All rights reserved. 17
router#show flow exporter statistics
Flow Exporter fnf-export:
Packet send statistics (last cleared
4d23h ago):
Client send statistics:
Client: Flow Monitor fnf
Records added: 3708444
- sent: 3708443
Bytes added: 218798196
- sent: 218798137
router#show flow exporter statistics
Flow Exporter pa-export:
Packet send statistics (last cleared
4d23h ago):
Client send statistics:
Client: MACE EXPORTER GROUP MACE-EXP-1
Records added: 883751
- sent: 883751
Bytes added: 55676313
- sent: 55676313
Collect Traffic Volume using FNF Collect Traffic Volume using PA
Data from Cisco alpha network show 75% reduction in flow records
© 2010 Cisco and/or its affiliates. All rights reserved. 18
Traditional FNF Metrics
• Application ID (from NBAR2)
• Client/Server Bytes
• Client/Server Packets
• Source MAC Address
• Input/Output Interface
• IP DSCP
ART Metrics
• CND - Client Network Delay (min/max/sum)
• SND – Server Network Delay (min/max/sum)
• ND – Network Delay (min/max/sum)
• AD – Application Delay (min/max/sum)
• Total Response Time (min/max/sum)
• Total Transaction Time (min/max/sum)
• Number of New Connections
• Number of Late Responses
• Number of Responses by Response Time
(7-bucket histogram)
• Number of Retransmissions
• Number of Transactions
• Client/Server Bytes
• Client/Server Packets
WAAS Express Metrics
• Input/Output Bytes
• WAAS Connection Mode
TFO, TFO/LZ, TFO/DRE,
TFO/LZ/DRE
• Input/Output DRE Bytes
• Input/Output LZ Bytes
For Your
Reference
© 2010 Cisco and/or its affiliates. All rights reserved. 19
Server
• Response Time (RT)
t(First response pkt) – t(Last request pkt)
• Transaction Time (TT)
t(Last response pkt) – t(First request pkt)
• Network Delay (ND)
ND = CND + SND
• Application Delay (AD)
AD = RT – SND
Response
Quantify User
Experience
Identify
Server
Performance
Issue
TT
Client IOS PA
X
SYN
SYN-ACK
ACK 6
Request 1
ACK
DATA 4
DATA 3
DATA 5
DATA 3
Request 1 (Cont)
X
DATA 4
DATA 1
Request 2
DATA 6
DATA 2
ACK 3
ACK
SND
CND
Request
Retransmission
RT
Quantify User
Experience
© 2010 Cisco and/or its affiliates. All rights reserved. 20
flow exporter pa-export
destination 172.30.104.128
transport udp 9991
!
flow record type mace pa-record
collect application name
collect art all
collect (..)
!
flow monitor type mace pa-monitor
record pa-record
exporter pa-export
!
access-list 100 permit tcp any host
10.0.0.1 eq 80
class-map match-any pa-traffic
match access-group 100
!
policy-map type mace mace_global
class pa-traffic
flow monitor pa-monitor
!
interface Serial0/0/0
ip nbar protocol-discovery
mace enable
Configuration Steps
1. Configure flow exporter
2. Configure flow record type mace
3. Configure flow monitor type mace
4. Configure class-map
5. Configure policy-map type mace – policy must be named mace_global
6. Configure mace enable on interface
Enable NBAR2 to
identify applications,
not require after 15.2(4)M
Collect application name
provided by NBAR2
For Your
Reference
© 2010 Cisco and/or its affiliates. All rights reserved. 21
• ‘collect application name’ exports application ID field to reporting tool
flow record type mace pa-record
collect application name
collect art all
interface Serial0/0/0
ip nbar protocol-discovery
mace enable
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0 100
cisco.webex.com
(IP=66.114.168.178)
https://cisco.webex.com
IOS PA
Se0/0/0
(IP=192.168.100.100)
Src IP Dst IP Dst Port App ID Resp Time …
192.168.100.100 66.114.168.178 443 0x0D00019E 100
Without NBAR
With NBAR
Indicate this is
webex application
Flow
Record
Protocol discovery not
required after 15.2(4)M
© 2010 Cisco and/or its affiliates. All rights reserved. 22
For Your
Reference
Before 15.2(4)M 15.2(4)M and later
Do not need NBAR AppID
export
Do not configure ‘collect
application name’ in flow
record type mace
Do not configure ‘collect
application name’ in flow
record type mace
Need NBAR AppID export Configure ‘collect
application name’ in flow
record type mace
Enable ‘ip nbar protocol-
discovery’ on the interface
Configure ‘collect
application name’ in flow
record type mace
© 2010 Cisco and/or its affiliates. All rights reserved. 23
flow record type mace mace-record
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
Collect Traffic Volume Information
Who sends Bittorrent?
© 2010 Cisco and/or its affiliates. All rights reserved. 24
Discover Top Users for the Application Discover Application Per-user
© 2010 Cisco and/or its affiliates. All rights reserved. 25
How is the Server performing?
Which site is slowest?
How is user experience at a site?
© 2010 Cisco and/or its affiliates. All rights reserved. 26
1. Application Server(s) Problem
2. Increased Network Latency
3. Increased Packet Loss
Application
Server
Problem
Network
Problem
• What metrics do I need to look at to detect these problems?
© 2010 Cisco and/or its affiliates. All rights reserved. 27
Response Time
Network Latency
Traffic Volume
Transaction Time
Application Server Delay
Need to understand relationship
between these metrics
Your network
is so slow I
cannot get
any work done
today
I know exactly what
is going on
End Users
Network
Admin
© 2010 Cisco and/or its affiliates. All rights reserved. 28
End user experience is impacted because application server is slow
Transaction Time Response Time
Server Delay Network Latency
Network seems fine
© 2010 Cisco and/or its affiliates. All rights reserved. 29
• Increased network latency impacts response time and transaction time
Server Delay Network Latency
Transaction Time Response Time
© 2010 Cisco and/or its affiliates. All rights reserved. 30
• Transaction time shoots up when other metrics remain the same
Server Delay Network Latency
Response Time Transaction Time
Traffic volume goes
down while
transaction time goes
up
© 2010 Cisco and/or its affiliates. All rights reserved. 31
Use Cases/Scenarios ISR G2 ASR1K Management
Identify custom enterprise
application based on URL
15.2(4)M1 XE 3.8S PAM 2.0
Per network segment application
performance report
Today XE 3.8S PAM 2.X
Identify which QoS class traffic
flows into and the queue drop
15.2(4)M1 XE 3.9S PAM 2.1
Customers already have
performance monitoring tool and
want to use with AVC
15.2(4)M1 XE 3.8S Working with
3rd party tool
Customers need IPFIX support 15.2(4)M1 XE 3.8S PAM 2.0
NBAR2 Visibility into WAAS
compressed traffic
Roadmap XE 3.9S N/A
Internet Edge Visibility (SCEASR) XE 3.8S PAM 2.0
© 2010 Cisco and/or its affiliates. All rights reserved. 32
Enable enterprise application monitoring and management
App Server URI BW Resp. Time
Payroll server1.example.com - 2M 100ms
Doc. Management server2.example.com /doc 1M 250ms
Software Rep. server2.example.com /software 5M 30sec
• Today: NBAR supports custom app by port or values in payload
• New: Custom application match on HTTP URL
• Configuration through PAM
• Recognize custom app for reporting and for QoS policy
Custom Enterprise Application
server1.example.com
/doc – Documentation
/software - Software
Cisco Prime Assurance
Custo
m A
pplic
ation
Definitio
n &
Report
server2.example.com
ASR1K: XE 3.8S
ISR G2: 15.2(4)M1
PAM 2.0
© 2010 Cisco and/or its affiliates. All rights reserved. 33
• Faster problem resolution by providing break down network latency
• All devices report response time and latency metrics to PAM
• PAM correlates all metrics and provide end-to-end latency view of application delivery
3
3
Application =
Office 365
Branch
= 5 ms
WAN
= 50 ms
Headend
= 10 ms
Internet
= 70 ms
Server
= 20 ms
Headend
Internet WAN
NFv9/
IPFIX
Latency Break-down Report
Office 365
is slow
Application
Server
Delay
Client
Future
© 2010 Cisco and/or its affiliates. All rights reserved. 34
Company Product Use Cases Status
PAM Network and App Monitoring.
Control GUI (future)
PAM 2.0 – Adding PfR, new
metrics in XE 3.8S
Gomez &
DynaTrace
APM combined with App-
aware Network Monitoring
Adding NBAR2, PA, WAAS
5View App-aware Network
Monitoring
Already support WAAS
Adding NBAR2, PA
LiveAction Control (QoS) GUI, App-aware
Network Monitoring
Already supports medianet
Adding NBAR2, PA, PfR
Scrutinizer App-aware Network
Monitoring
Already support PfR, medianet
Adding NBAR2, PA
Others: Living Object, Insight, CA
© 2010 Cisco and/or its affiliates. All rights reserved. 35
• NBAR2 support for QoS config and monitoring
• New application performance report workflow from PA data
© 2010 Cisco and/or its affiliates. All rights reserved. 36
Use Case IT Challenges AVC Technologies Used
Visibility into WAN usage and
application performance
•Lack of cost effective visibility tools
•Insufficient information to
troubleshoot application performance
NBAR2, PA
PAM
Non-business Traffic Impact
Business Critical Applications
•Control non-business critical
applications from using the network
resource
NBAR2, QoS
PAM
Maximize Utilization and
Availability of Internet
Presence
•Complex and manual configuration
to utilize all available internet
accesses
PfR – Internet Presence
Maximize Utilization and
Reliability of Applications over
the WAN
•Protect critical applications from sub-
optimal performance in the WAN
•Utilize all the available WAN links
PfR - WAN
© 2010 Cisco and/or its affiliates. All rights reserved. 37
© 2010 Cisco and/or its affiliates. All rights reserved. 38
• Bandwidth action Minimum Bandwidth
• Police action Maximum Bandwidth
• Priority action Minimize Latency
• Set action, i.e. set dscp Change Flow Properties
• Shape action Reduce Burst
© 2010 Cisco and/or its affiliates. All rights reserved. 39
class-map match-any p2p-class
match protocol attribute application-group bittorrent-group
match protocol kazaa2
match protocol attribute sub-category p2p-networking
I want to exclude Viber and Skype from sub-category voice-video-chat-
collaboration
class-map match-any excluded-apps
match protocol skype
match protocol viber
class-map match-all voice-video-chat-app
match protocol attribute sub-category voice-video-chat-collaboration
match not class-map excluded-apps
Support information: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
IOS XE 3.4 S
15.2(2)T
Match on applications or pre-defined attributes
Future: Custom application attributes
XE 3.8S, 15.2(4)M1
© 2010 Cisco and/or its affiliates. All rights reserved. 40
Monitor QoS Performance
• Top Application over Time
• QoS Class Map Statistics, Queue Drops, Pre/Post Traffic Rate, from CBWFQ MIBS
QoS Config
GUI planned
for PAM 2.1
© 2010 Cisco and/or its affiliates. All rights reserved. 41
policy-map wan_remaining% class Voice-Bearer priority percent 25 class HD-Video priority percent 20 class Network-control bandwidth remaining percent 15 queue-limit 100 class Voice-Signaling bandwidth remaining percent 15 queue-limit 100 class SD-Video bandwidth remaining percent 20 queue-limit 200 class Business bandwidth remaining percent 15 queue-limit 250 class Bulk bandwidth remaining percent 10 queue-limit 200 class class-default bandwidth remaining percent 25 queue-limit 400
policy-map Shape_150M class class-default shape average 150000000 600000 0 service-policy wan_remaining% interface Gig x/y description **** CIR = 150Mbps **** bandwidth 150000 service-policy output Shape_150M
No guarantee for
business critical http
IOS XE 3.4 S
15.2(2)T
© 2010 Cisco and/or its affiliates. All rights reserved. 42
Application BW Priority
Browsing 5% (Remaining BW) N/A
Business
Browsing
80% (Out of Browsing) Business
Other Browsing 20% (Out of Browsing) Default
class-map match-any browsing match protocol attribute category browsing class-map match-any Business-browsing match protocol http url “*myserver.com*” match protocol http url “*salesforce.com*” policy-map Business-browsing-policy class Business-browsing bandwidth remaining percent 80 set dscp af 21 class class-default bandwidth remaining percent 20 set dscp default policy-map wan_remaining% <snip> class Business bandwidth remaining percent 11 queue-limit 250 class browsing bandwidth remaining percent 5 service-policy Business-browsing-policy class class-default bandwidth remaining percent 24 queue-limit 400 interface Gig X/Y service-policy output wan_remaining%
Business-
Browsing:
80% of all
Browsing
Browsing:
5% BW
Remaining
Allocations are
shown in original
policy
Class-Default:
Low Priority
25% committed
Committed BW
(50% of the line)
Excess BW
(50% of the line)
WAN Policy for Browsing Traffic Egress
© 2010 Cisco and/or its affiliates. All rights reserved. 44
class-map match-all p2p-app
match protocol attribute p2p-technology p2p-tech-yes
policy-map control-policy
class p2p-app
police 8000 conform-action transmit exceed-action drop
After apply control policy
Cisco Prime
NAM Top
Application
Chart
© 2010 Cisco and/or its affiliates. All rights reserved. 45
class-map high
match protocol attribute application-group webex-group
class-map medium
match protocol attribute category net-admin
class-map low
match protocol attribute category file-sharing
!
policy-map my-priority-policy
class high
priority percent 50
class medium
bandwidth remaining percent 50
class low
bandwidth remaining percent 30
!
policy-map my-network-policy
class class-default
!
interface GigabitEthernet0/0/2
service-policy output my-network-policy
match protocol sharepoint
shape average 50000000
service-policy my-priority-policy
1
2
3
© 2010 Cisco and/or its affiliates. All rights reserved. 46
No change in application BW usage even with changes in QoS policy
Application Bandwidth
High Priority
App, e.g.
Sharepoint
Low
Priority
App, e.g.
Windows
Update
Application Transaction Time Without proper
prioritization, users may suffer poor application response time
After re-prioritize high priority app, its response time significantly improves
Low priority app response time is worse as it is being moved to lower priority traffic queue
No
shaping
Shaping Apply queuing Re-prioritize
High priority App
1 2 3
© 2010 Cisco and/or its affiliates. All rights reserved. 47
Use Case IT Challenges AVC Technologies Used
Visibility into WAN usage and
application performance
•Lack of cost effective visibility tools
•Insufficient information to
troubleshoot application performance
NBAR2, PA
PAM
Non-business Traffic Impact
Business Critical Applications
•Control non-business critical
applications from using the network
resource
NBAR2, QoS
PAM
Maximize Utilization and
Availability of Internet
Presence
•Complex and manual configuration
to utilize all available internet
accesses
PfR – Internet Presence
Maximize Utilization and
Reliability of Applications over
the WAN
•Protect critical applications from sub-
optimal performance in the WAN
•Utilize all the available WAN links
PfR - WAN
© 2010 Cisco and/or its affiliates. All rights reserved. 48
© 2010 Cisco and/or its affiliates. All rights reserved. 49
Protecting critical applications while Maximizing bandwidth utilization
• Protect business Cloud applications from network brownout Loss > 10%
• Cloud Service preferred path – ISP1
• Maximize all ISP bandwidth by load sharing other Internet traffic
Cloud Service & Load Balancing Policy
ISP-1 (Primary) ISP-2 (Secondary)
Detect loss > 10%
Cloud Service
Best Effort traffic
Internet
• Protect voice and video quality
Latency > 200ms; Jitter > 30ms
• Protect VDI applications from brownouts
Loss > 5%
• Voice & Video preferred path SP-A
• VDI preferred path SP-B
• Maximize utilization by load sharing
Multimedia & Critical Data Policy
SP-A (MPLS VPN) SP-B (MPLS VPN)
VDI
Detect high jitter
Voice & Video
Best Effort traffic
WAN
© 2010 Cisco and/or its affiliates. All rights reserved. 50
Learning
Prefixes
ACL
DSCP Based
Applications
50
Passive
PfR Netflow Monitoring
Flows Need not be symmetrical
Delay Loss
Egress BW
Reachability
Ingress BW
Active
PfR enables IP SLA feature
Probes sourced from BR
ICMP probes learned or configured
TCP, UDP, JITTER need ip sla responder
Delay Loss
Jitter
Reachability
MOS
Link
Load balancing
Max utilization
Link grouping
$Cost
Application
Performance
Reachability
Delay
Loss
MOS
Jitter
Destination Prefix
BGP
- Egress: route injection or Modifying the BGP Local Preference attribute
- Ingress: BGP AS-PATH Prepend or AS Community
EIGRP Route Control
Static Route Injection
PIRO
Application
Dynamic PBR
NBAR/CCE
© 2010 Cisco and/or its affiliates. All rights reserved. 51
eBGP eBGP
BR BR
HQ
MC
iBGP
• PfR used to load balance the traffic
• New default policies based on load-balancing
• Cisco ASR1k is typical BR/MC with BR terminating WAN connections
• BGP routing
• BRs must be iBGP peers
• Default routing or
• Partial routes or
• Full routes
• PfR can actively manage up to 20k Prefixes concurrently (with ASR1000)
• 12.4T/15.0.1M
• IOS-XE 3.3.0
51
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
Manual tuning using BGP Egress – Local Preference
Ingress – AS-PATH Prepend + specific routes
60% 15% 10% 35%
1GE 100M
© 2010 Cisco and/or its affiliates. All rights reserved. 52
Dest Prefixes (NetFlow) Learning
Monitoring Passive – Global
Policies
Path Enforcement BGP
Egress BW
Load-Balancing (range)
Inject BGP Route
BGP Local Pref
BR BR
HQ
MC
55% 45% eBGP eBGP
iBGP
52
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
© 2010 Cisco and/or its affiliates. All rights reserved. 53
Inside Prefixes (BGP) Learning
Monitoring Passive – Global
Policies
Path Enforcement BGP
Ingress BW
Load-Balancing (range)
BGP AS-PATH Prepend
BGP Community
BR BR
HQ
MC
20% 17%
iBGP
53
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
eBGP eBGP
© 2010 Cisco and/or its affiliates. All rights reserved. 54 54
BR Links Ingress Egress
BR1 Gig1/1 200 40
BR2 Gig1/2 130 60
Destination Prefix
Delay Loss Ingress
BW
Egress
BW BR Exit
10.1.1.1/32 60 0 20 40 BR1 Gi1/1
10.1.10.0/24 110 0 52 60 BR1 Gi1/2
… 89 1 34 10 BR2 Gi1/1
Traffic
Classes
Border routers collect and report passive monitoring
statistics to the master controller approximately once
per minute.
BRs gather performance measurements using Netflow
BRs report Performance Metrics for Traffic Classes to
the Master Controller
BR BR
HQ
MC
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
NetFlow
Cache NetFlow
Cache
Exits
© 2010 Cisco and/or its affiliates. All rights reserved. 55
pfr master max-range-utilization percent 10 logging ! border 10.4.5.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! border 10.4.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external max-xmit-utilization percentage 90 ! ! learn prefixes 1000 expire after time 60 ! ! periodic 600 !
Link Range Utilization
• Keep the usage on a set of exit links
within a certain percentage range of
each other
Max Link Utilization
• Upper threshold on the amount of
traffic a specific link can carry
Max Prefixes
• Limit the number of prefixes to 1000
• Delete Prefix if not relearned in 60
Minutes
Global Policies
• Load Balancing enabled by default
• Link OOP if :
• % Util > Lowest + 10
• % Util > 90
• Revaluate Exit every 10 Minutes
55
© 2010 Cisco and/or its affiliates. All rights reserved. 56
MC#sh pfr master traffic-class OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms), MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe all # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is denied DstPrefix Appl_ID Dscp Prot SrcPort DstPort SrcPrefix Flags State Time CurrBR CurrI/F Protocol PasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBw ActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 10.1.1.0/24 N N N N N N INPOLICY 0 10.4.5.5 Et0/1 BGP 58 60 0 0 0 0 66 7 U U 0 0 N N N N 10.1.2.0/24 N N N N N N INPOLICY 0 10.4.5.4 Et0/1 BGP 210 210 0 0 0 0 16 2 U U 0 0 N N N N [SNIP] 10.1.3.0/24 N N N N N N INPOLICY 0 10.4.5.5 Et0/1 BGP 59 60 0 0 0 0 61 7 U U 0 0 N N N N MC#
BR BR
HQ
MC
56
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
55% 45% eBGP eBGP
iBGP
© 2010 Cisco and/or its affiliates. All rights reserved. 57
R3#sh pfr master exits ============================================================================================== PfR Master Controller Exits: General Info: ============= E - External I - Internal N/A - Not Applicable Up/ ID Name Border Interface ifIdx IP Address Mask Policy Type Down --- ------------ --------------- ----------- ----- --------------- ---- ----------- ---- ---- 2 10.5.5.5 Et0/1 2 100.5.82.5 24 Util E UP 1 10.4.4.4 Et0/1 2 100.4.81.4 24 Util E UP Global Exit Policy: =================== Range Egress: In Policy - Max difference 4% between Exits 2 & 1 - Policy 10% Range Ingress: Out of Policy - Max difference 10% between Exits 2 & 1 - Policy 0% Util Egress: In Policy Util Ingress: In Policy Cost: In Policy Exits Performance: ================== Egress Ingress ---------------------------------------------------- ------------------------------------ ID Capacity MaxUtil Usage % RSVP POOL OOP Capacity MaxUtil Usage % OOP --- -------- -------- -------- --- -------------- ----- -------- -------- -------- --- ----- 2 3000 2700 1033 34 N/A N/A 3000 3000 1 0 N/A 1 3000 2700 1161 38 N/A N/A 3000 3000 321 10 N/A TC and BW Distribution: ======================= # of TCs BW (kbps) Probe Active Name/ID Current Controlled InPolicy Controlled Total Failed Unreach (count) (fpm) ---- ---------------------------- ---------------------- ------ -------- 2 26 26 26 1035 1033 0 0 1 20 20 20 1088 1161 0 0 Exit Related TC Stats: ====================== Priority highest nth ------------------ Number of TCs with range: 1 45 Number of TCs with util: 0 46 Number of TCs with cost: 0 0 Total number of TCs: 46 R3#
BR BR
HQ
MC
57
ISP1 ISP2
ISP3
ISP4 ISP5
ISP6
iBGP
eBGP eBGP 55% 45%
© 2010 Cisco and/or its affiliates. All rights reserved. 58
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
Voice, Video,
Critical The Rest of the
Traffic
MC
Rest of the Traffic
Voice - Video
Critical Application
Application based optimization
Voice and Video traffic: primary path, check delay,
loss, jitter – fallback secondary
Business Applications: primary path, check loss,
utilization – fallback secondary
Data Applications: load balanced across SPs or use
the secondary path
Target Discovery will be used
58
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
© 2010 Cisco and/or its affiliates. All rights reserved. 59
BR
Traffic
Classes Prefixes
Prefixes + DSCP
Applications
Learning
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
MC
Monitoring Fast – Voice/Video
Passive – Rest
Active – Critical Apps
59
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
© 2010 Cisco and/or its affiliates. All rights reserved. 60
Voice, Video,
Critical
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
2. Loss
The Rest of the
Traffic
3. Jitter
4. Delay
Load-Balancing Rest of the Traffic
Voice - Video
Critical Application
MC
1. Link-Group
2. Loss
4. Delay
1. Link-Group
Policies
60
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
© 2010 Cisco and/or its affiliates. All rights reserved. 61
BR
Traffic
Classes
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
MC
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
61
Destination Prefix
DSCP App
Id Delay Loss
Ingress
BW
Egress
BW BR Exit
10.1.1.1/32 EF 60 0 20 40 BR1 Gi1/1
10.1.10.0/24 AF31 110 0 52 60 BR1 Gi1/2
… - 89 1 34 10 BR2 Gi1/1
BRS gather performance measurements using
IP SLA probes
‒ The performance metrics of the synthetic
traffic are measured
‒ The results are applied to the traffic class
entry in the Master Controller database
BRs report Performance Metrics for Traffic
Classes
© 2010 Cisco and/or its affiliates. All rights reserved. 62 62
BR Links Ingress Egress
BR1 Gig1/1 200 40
BR2 Gig1/2 130 60
Destination Prefix
DSCP App
Id Delay Loss
Ingress
BW
Egress
BW BR Exit
10.1.1.1/32 60 0 20 40 BR1 Gi1/1
10.1.10.0/24 110 0 52 60 BR1 Gi1/2
… 89 1 34 10 BR2 Gi1/1
Traffic
Classes
Border routers collect and report passive monitoring
statistics to the master controller approximately once
per minute.
BRs gather performance measurements using Netflow
BRs report Performance Metrics for Traffic Classes to
the Master Controller
BR
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
MC
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
Exits
NetFlow
Cache
NetFlow
Cache
© 2010 Cisco and/or its affiliates. All rights reserved. 63
pfr master
!
learn
throughput
!
list seq 10 refname LEARN_VIDEO
traffic-class access-list VOICE filter BRANCH_PREFIX
(traffic-class application nbar rtp-audio filter BRANCH)
aggregation-type prefix-length 32
throughput
!
list seq 20 refname LEARN_CRITICAL
traffic-class access-list CRITICAL filter BRANCH_PREFIX
(traffic-class application nbar citrix filter BRANCH)
throughput
!
!
!
mode route protocol pbr
!
Learning
• No need for learn-list per branch. Only one
learn-list for voice/video because Target
Discovery is used
• Automatically learn based on DSCP values
for Voice, Video and Critical Applications
• Rest of the Traffic falls under global learning
(kind of “default class)
Global Policies
• Apply for the rest of the traffic
• Load Balancing enabled by default
IOS 15.2(3)T
63
© 2010 Cisco and/or its affiliates. All rights reserved. 64
MC#sh pfr master learn list
Learn-List seq 10 refname LEARN_VIDEO
Configuration:
Traffic-Class Access-list: VOICE
Filter: BRANCH1_PREFIX
Aggregation-type: prefix-length 32
Learn type: throughput
Session count: 1000 Max count: 1000
Policies assigned: 10
Status: ACTIVE
Stats:
Traffic-Class Count: 4
Traffic-Class Learned:
Appl Prefix 20.20.0.12/32 ef 256
Appl Prefix 20.20.0.14/32 ef 256
Appl Prefix 30.30.0.11/32 ef 256
Appl Prefix 30.30.0.13/32 ef 256
Learn-List seq 20 refname LEARN_CRITICAL
Configuration:
Traffic-Class Access-list: BUSINESS
Aggregation-type: prefix-length 24
Learn type: throughput
Session count: 50 Max count: 100
Policies assigned: 20
Status: ACTIVE
Stats:
Traffic-Class Count: 37
Traffic-Class Learned:
Appl Prefix 20.20.14.0/24 af31 256
Appl Prefix 20.20.6.0/24 af31 256
Appl Prefix 30.30.5.0/24 af31 256
Appl Prefix 20.20.8.0/24 af31 256
Appl Prefix 30.30.14.0/24 af31 256
[SNIP]
64
© 2010 Cisco and/or its affiliates. All rights reserved. 65 65
BR BR
HQ
MC
MC/B
R
MC/B
R BR MC/B
R
WAN1 (IP-VPN)
WAN2 (IPVPN, DMVPN)
Active
Fast
Active Throughput
pfr-map MYMAP 10 match pfr learn list LEARN_LIST_VIDEO_BRANCH1 set periodic 90 set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000
TCP, UDP, JITTER probe need ip sla responder
What’s needed:
‒ Configure a pfr-map that matches prefixes or
applications @ Remote-site1
‒ Define the policies
‒ Define the jitter probes
And REPEAT for each remote site
© 2010 Cisco and/or its affiliates. All rights reserved. 66 66
BR BR
HQ
MC
MC/B
R
MC/B
R BR MC/B
R
WAN1 (IP-VPN)
WAN2 (IPVPN, DMVPN)
Active
Fast
Active Throughput
PfR becomes multi-site aware
PfR utilizes a Peering between the Master
Controllers
Enables Automatic discovery of Branch
router, prefixes and probe target
Simplify the Active mode with Jitter probes
© 2010 Cisco and/or its affiliates. All rights reserved. 67
• Each MC announces its inside prefixes, together with probe target address and site names
67
BR BR
HQ
MC
MC/B
R
MC/B
R BR MC/B
R
WAN1 (IP-VPN)
WAN2 (IPVPN, DMVPN)
Site HQ
Publish
Prefix H1, H2, H3
Responder H
Site 1
Publish
Prefix A
Responder 1
Site 2
Publish
Prefix B
Responder 2
Site 3
Publish
Prefix C, D, E
Responder 3, 4
Active
Fast
Active Throughput
© 2010 Cisco and/or its affiliates. All rights reserved. 68 68
BR BR
HQ
MC
MC/B
R
MC/B
R BR MC/B
R
WAN1 (IP-VPN)
WAN2 (IPVPN, DMVPN)
Prefixes Responders Sites
Prefix A
Prefix B
Prefix C, D, E
Responder1
Responder2
Responder3, 4
Site 1
Site 2
Site 3
Mapping table built on each site
Allows automatic jitter probe configuration
Allows automatic probe generation
© 2010 Cisco and/or its affiliates. All rights reserved. 69
pfr-map MAP-TEST3 10 match pfr learn list LEARN_LIST_BRANCH1 set periodic 90 set mode route control set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 no set resolve range no set resolve utilization set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr-map MAP-TEST3 15
match pfr learn list LEARN_LIST_BRANCH2
set periodic 90
set mode route control
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
set active-probe jitter 20.9.9.9 target-port 2000
pfr master
policy-rules MYMAP
mc-peer head-end Loopback1
target-discovery
[SNIP]
!
pfr-map MYMAP 10
match pfr learn list LEARN_LIST_BRANCH
set periodic 90
set delay threshold 200
set loss threshold 50000
set jitter threshold 30
set mode monitor fast
set resolve loss priority 2 variance 5
set resolve jitter priority 3 variance 5
set resolve delay priority 4 variance 5
no set resolve range
no set resolve utilization
set probe frequency 4
© 2010 Cisco and/or its affiliates. All rights reserved. 70
BR BR
HQ
MC/B
R BR MC/B
R
The Rest of the
Traffic
30.30.0.0/16
10.10.0.0/16
20.20.0.0/16
10.3.3.3
30.10.10.10 20.9.9.9
! pfr master policy-rules MYMAP mc-peer head-end Loopback0 target-discovery <responder-list HQ_TARGET> <inside- prefixes HQ_PREFIX> border 10.4.4.4 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP1 ! border 10.5.5.5 key-chain pfr interface Ethernet0/0 internal interface Ethernet0/1 external link-group SP2 !
pfr master
policy-rules MYMAP
mc-peer 10.3.3.3 Loopback0
target-discovery
Voice, Video,
Critical
IOS 15.2(3)T
MC
MC/B
R
70
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
R3
LISTEN
R10
SETUP
The peering to the
head-end
© 2010 Cisco and/or its affiliates. All rights reserved. 71
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
Voice, Video,
Critical The Rest of the
Traffic
30.30.0.0/16
10.10.0.0/16
20.20.0.0/16
MC 10.3.3.3
20.9.9.9 30.10.10.10
71
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
R3#sh pfr master target-discovery
PfR Target-Discovery Services
Mode: Static Domain: 59501
Responder list: HQ_TARGET Inside-prefixes list: HQ_PREFIX
SvcRtg: client-handle: 7 sub-handle: 6 pub-seq: 1
PfR Target-Discovery Database (local)
Local-ID: 10.3.3.3 Desc: R3
Target-list: 10.4.5.5, 10.4.5.4
Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24
PfR Target-Discovery Database (remote)
MC-peer: 30.10.10.10 Desc: R10
Target-list: 30.30.0.10
Prefix-list: 30.30.0.0/16
MC-peer: 20.9.9.9 Desc: R9
Target-list: 20.20.0.9
Prefix-list: 20.20.0.0/16
R3#
© 2010 Cisco and/or its affiliates. All rights reserved. 72
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
Voice, Video,
Critical The Rest of the
Traffic
30.30.0.0/16
10.10.0.0/16
20.20.0.0/16
MC 10.3.3.3
20.9.9.9 30.10.10.10
72
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
R3#sh pfr master active-probes target-discovery PfR Master Controller active-probes (TD) Border = Border Roter running this probe MC-Peer = Remote MC associated with this target Type = Probe Type Target = Target Address TPort = Target Port N - Not applicable Destination Site Peer Addresses: MC-Peer Targets 30.10.10.10 30.30.0.10 20.9.9.9 20.20.0.9 The following Probes are running: Border Idx State MC-Peer Type Target TPort 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.5.5.5 2 TD-Actv 30.10.10.10 jitter 30.30.0.10 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.4.4.4 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 10.5.5.5 2 TD-Actv 20.9.9.9 jitter 20.20.0.9 5000 R3#
© 2010 Cisco and/or its affiliates. All rights reserved. 73
BR BR
HQ
MC/B
R
MC/B
R BR MC/B
R
Voice, Video,
Critical The Rest of the
Traffic
30.30.0.0/16
10.10.0.0/16
20.20.0.0/16
MC 10.3.3.3
20.9.9.9 30.10.10.10
73
WAN1 (IP-VPN, DMVPN)
WAN2 (IPVPN, DMVPN)
R10#sh pfr master target-discovery
PfR Target-Discovery Services
Mode: Dynamic Domain: 59501
SvcRtg: client-handle: 2 sub-handle: 1 pub-seq: 1
PfR Target-Discovery Database (local)
Local-ID: 30.10.10.10 Desc: R10
Target-list: 30.30.0.10
Prefix-list: 30.30.0.0/16
PfR Target-Discovery Database (remote)
MC-peer: 20.9.9.9 Desc: R9
Target-list: 20.20.0.9
Prefix-list: 20.20.0.0/16
MC-peer: 10.3.3.3 Desc: R3
Target-list: 10.4.5.5, 10.4.5.4
Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24
R10#
© 2010 Cisco and/or its affiliates. All rights reserved. 74
pfr-map MYMAP 10 match pfr learn list LEARN_VIDEO set delay threshold 200 set loss threshold 50000 set jitter threshold 30 set mode monitor fast set resolve loss priority 2 variance 5 set resolve jitter priority 3 variance 5 set resolve delay priority 4 variance 5 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90
Policies Thresholds
• Applied to the voice and video traffic
• Loss, delay and jitter
Policies Definition
• List all policies
• Assign priority
• Administrative policy: SP1 is the primary
path, fallback to SP2 if OOP
Jitter Probe
• Target Discovery is used
• No need to manually define the probe target
Monitor mode fast
• Actively probe all exits to get performance
metrics
IOS 15.2(3)T
74
© 2010 Cisco and/or its affiliates. All rights reserved. 75
pfr-map MYMAP 20 match pfr learn list LEARN_CRITICAL set delay threshold 120 set loss threshold 200000 set mode monitor active throughput set resolve delay priority 1 variance 20 set resolve loss priority 5 variance 10 set link-group SP1 fallback SP2 set probe frequency 4 set periodic 90
Policies Thresholds
• Applied to the voice and video traffic
• Loss, delay and jitter
Policies Definition
• List all policies
• Assign priority
• Administrative policy: SP1 is the primary
path, fallback to SP2 if OOP
Active Probes
• Automatic configuration and generation of
probes
Monitor mode Active
• Actively probe all exits to get performance
metrics
IOS 15.2(3)T
75
© 2010 Cisco and/or its affiliates. All rights reserved. 76
! pfr master policy-rules MYMAP max-range-utilization percent 22 ! mc-peer head-end Loopback0 target-discovery ! logging ! ! Default Policies ! mode route protocol pbr !
Link Range Utilization
• Keep the usage on a set of exit links
within a certain percentage range of
each other
Global Policies
• Apply for the rest of the traffic
• Load Balancing enabled by default
IOS 15.2(3)T
76
© 2010 Cisco and/or its affiliates. All rights reserved. 77
© 2010 Cisco and/or its affiliates. All rights reserved. 78
The Key Takeaways of this presentation were:
• NBAR2 and PA can be deployed to provide visibility at the remote branches, and provide tool to proactively monitor application performance
• Implement application-aware QoS to better control application usage and maximize performance of critical applications
• PfR simplifies Internet Presence load balancing operation
• PfR protects critical applications from WAN brownout and maximize utilization of available WAN links