AVC Tech3

Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1

Application ExperienceApplication Visibility and Control

Jimmy Ray Purser PE /MSEE

TechWiseTV

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2"All Specifications Subject to Change without Notice"

Increasing BW alone will not fix DSCP marking related performance problems

Marginal increases in ROI on BW sales

No Latency improvement with BW increases

Multiple links do not solve brown-out issues

AVC provides better use of bandwidthUse high-pri QoS markings on the correct apps - only possible with NBAR2!

Higher ROI is possible - SPs can offer AVC-enabled WAAS at a premium for better user experienceExample: 90% HD Video optimization

Much faster application experience is possible - Increasing links still means the same latency. WAAS offers 70% faster Citrix

Send applications over the best-performing links dynamically - iWAN works around issues on a per-application basis - before the user even notices

Why is Bandwidth alone not the Solution?


Transitions and Trends


Software Defined Networking with onePK

New Paradigm Traditional Approach

App

CJava

IOS

Events

AppEEM (TCL)Actions

Routing

Data Plane

Policy

Interface

Monitoring

Discovery

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols An

yth

ing

yo

u ca

n th

ink

of


onePK API

• HTML documentation: Drill-down to desired function

• Task-centric, feature-rich API

• AVC APIs− QoS Policy Service Set

Policy, Target, Class, Filter, Action

− Monitoring Service Set (Available soon)

Records, Caches, Exporters

http://developer.cisco.com/onepk/capi/index.html

Cisco Confidential 6© 2011 Cisco and/or its affiliates. All rights reserved.

onePK: How Easy?

• Download and install SDK

• Turn on ONE-P on the router (three lines of CLI)− router(config)#onep

− router(config-onep)#transport socket

− router(config-onep)#start

• Select your desired functions using the HTML documentation

• Write a wrapper around the function using your language of choice (C, Python) - takes two minutes

• You’re done! Time to design your web interface. You can use the wrapper from within your existing web server (e.g. from PHP) or use it with any application server (e.g. WebLogic)

AVC QoS

Reports

SDK

Wrapper Code

Integration with Web Server (e.g. using PHP) or with Application Server (e.g. Java)

Server

IOS / IOS-XE

Cisco Confidential Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 7

What is AVC?


What Does AVC Comprise Of?

Granular App Detection, Performance Monitoring, Link Optimization, Rich Flow Information Fault Isolation, Troubleshooting Bandwidth Control

HTTP HTTP

HTTP

Know Your Applications Monitor Your Applications Control Your Applications


SCE

NBAR1

ISR G2/AXASR 1000

ISR-XE

CSR FW

WirelessCatalyst

Time

Strategic Positioning: The AVC Family Tree


Types of Inspection

Port based (ACL)

Up to Layer 4 analysis

2,000 signatures embedded in ISRs and ASRs

Up to Application Level

ACL and NBAR2 Interact with application to go deeper into the end user flows

2,000 signatures embedded in ISRs and ASRs

Up to Application Level

ACL, DPI and Metadata

Embedded in ISR and ASR


Application Visibility


What Do We Want to Monitor?

Application Usage per client IP/subnet/site

Top Clients per application

Most visited Sites Per-URL application

response times

Per-application end-to-end latency

Application response time and Transaction time

Application processing time Top conversation per

application

Per-stream jitter and Packet Loss

RTP conversations

TrafficStatistics

URLVisibility

ApplicationResponse

Time

MediaPerformance

TCP/HTTP Based, Mainly Data ApplicationsFNF Based, Basic Statistics - Data,

Voice, VideoVoice/Video based statistics and RTP

level statistics


Traffic Statistics• Category and sub-category attributes are supported to make visibility easier• Associate data with user-names using Cisco Identity Services Engine (ISE)• See the volume of traffic identified using:

show ip nbar protocol-discovery top-n• Unknown apps? Create your own, using payload inspection or HTTP-based (next slide)• Upgrade protocol packs without upgrading the IOS/XE image

Top applications

Top Clients/Servers per app

Cisco Prime Examples


URL Visibility• Top URLs by hits or response time• Ability to extract key fields from HTTP, SMTP, POP3, NNTP, SIP and other protocols• Custom application using ‘regexp’ (Regular Expressions)

Custom Applications

Top URLs by Response Time

HTTP Attributes Collection

Top URL Hits

Cisco Prime Examples


Application Response Time Statistics• Quantify user experience• Troubleshoot application performance• Track service levels for application delivery

Worst Sites by Transaction Time

ART Metrics Application Performance ReportLiveAction


Media Performance Monitoring• Rich information with Flow Metadata• Intelligent classification method• Ideal for VoIP, WebEx, Telepresence,

Desktop Video Conferencing, HCS, Lync, Jabber

Worst Sites by Mean Opinion Score

RTP Conversations QoS View

LiveActionWorst

Sites by Jitter

Jitter View Plixer


Application Control


QoS Example Requirements

“I want to allocate fixed, priority bandwidth for Oracle, SAP and citrix traffic in the network”

“I want to police all the Torrent and Skype traffic at the WAN edge to 5 % of link bandwidth”

“I want to shape all video and collaboration applications to 5 Mbps”

“I want to analyze (using my management station) the queue drops for all applications in the network”


Application Control

COSDSCP

IPPROTOCOL

VLAN…

ApplicationCategory

Sub-CategoryApplication-

GroupHTTPRTP…

CitrixExchange

OracleLync

YouTubeSkypeKazaa

…

Enterprise AppBrowsing

EmailGaming

IMVoice and Video

File Sharing…

URLHost

MIMEClient HeaderServer Header

FromLocationRefererServer

User-AgentBandwidth guarantee

Packet dropQueuing Policy

Logging

Policing and ShapingSet QoS (L2, L3 or

Metadata)Track or timeout sessions

Monitor flows…

InterfaceTunnels

…

Filter (Classification

)

Action

Target

Performance Routing (PfR)

QoS-markedTraffic

Classes

Business Critical

Real TimeVideo

Best Effort…


Before QoS Policy After QoS Policy

QoS Policy applied from Cisco PI has policed the torrent traffic, thereby creating more room for business critical traffic on the WAN Interface

Validate Application Performance


Example: Stop P2P Applications with AVC

22

class-map match-any p2p-app match protocol dht match protocol attribute sub-category p2p-file-transferpolicy-map control-policy class p2p-app police 8000 conform-action transmit exceed-action drop

Critical Apps Response Time improvesAfter apply control policy

Bandwidth UsageAfter apply control policy


ONE-P ACL ExampleOne-Click Policy Creation

• Create ACL− ret = onep_acl_create_l3_acl(AF_INET,

elemA, &aclC);

• Create ACE− ret = onep_acl_create_l3_ace(100, FALSE,

&ace3);

• Add ACE to the ACL− ret = onep_acl_add_ace(aclC, ace3);

• Apply ACL to the interface− ret = onep_acl_apply_to_interface(aclC,

eth0, ONEP_DIRECTION_IN);

Server

IOS / IOS-XE


Performance Routing (PfR) Enhances Classical Routing

Metrics

Adaptivity

Classical PfR

+

• Topological State• Least Cost Path• Static User Preference

• Path Cost• Interface Bandwidth• Interface State

Responds to: • Physical State Changes in

Network

• Traffic-aware (measured)• Policy controlled• Measured Performance

• Delay• Jitter• Bandwidth

Responds to:• Directly Measured

Performance changes

Path Control


What Performance Routing (PfR) DoesProtecting Critical Applications while increasing Bandwidth Utilization

ISP1 (Primary) ISP2 (Secondary)

Cloud Services and Load-Balancing Policy

• Protect business cloud applications from Internetbrownout

Loss less than 10%

• Cloud services preferredpath: ISP1

• Increase all ISP bandwidth by load-sharing otherInternet traffic

• Protect voice and video quality

Latency less than 200 ms; Jitter less than 30 ms

• Protect VDI applications from brownouts

Loss less than 5%

• Voice and video preferred path SP-A

• VDI preferred path SP-B

• Increase utilization by load sharing

Multimedia and Critical Data Policy

Cloud Services

Internet

Best-Effort Traffic

Detect loss greater than 10%

SP-A (MPLS VPN) SP-B (MPLS VPN)

Voice and Video

WANDetecthigh jitter

VDI

Best-Effort Traffic


Intelligent WAN (iWAN)

The Decision Maker: Master Controller (MC) Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/ inspection required

The Forwarding Path: Border Router (BR) Gain network visibility in forwarding path (Learn, measure) Enforce MC’s decision (path enforcement) Does all packet forwarding

Optimize by: Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost

DSL Cable

BR

DataCenter

Branch

MC+BR

BR

MC


Add in WAN OptimizationSpeed and Bandwidth Benefits on top of the WAN

PrivateCloud

Accelerate Any TCP ConnectionBranchWAVE

AppNav-XE Controller

WANCSR

vWAAS

WAAS Express

Faster Applications, More Users, Less Bandwidth90% HD Video optimization and better user experienceTwice as many Citrix users over same WAN, 70% fasterToyota: ROI in less than one year, 65% BW cost savings

Easy to DeployWorks with existing branch routers (and existing AX license)

ScalableHighly scalable AppNav Controller and WAVE pool designNative HA capability

Data Center


Making Revenue from AVC


Traffic and URL Reports

• Benefits to the End Customer− Identify how the enterprise’ users are using the network (per-site, per-user and per-application)

− Identify likely causes of performance issues

− Justify network and IT projects

− Instantly see adoption of new IT projects and cloud services

− Negotiate better deals with cloud service providers based on usage and performance

− Higher visibility for the Network Team to provide valuable information to senior management

− Opportunity to extend Network Team role

• Benefits to the SP− Reuse existing hardware to offer a new service

− Opportunity to engage with customers over CPE upgrade discussions

− Opportunity to engage with customers with WAAS

− An easy way to have the infrastructure ready for upsell to Application Control with additional revenue

− An easy way to get experience with SDN and have the capability for rapidly rolling out new services

− Provides vendor lock-in to retain the customer

− Ability for SP sales staff/account managers to have a portal and visibility over customer application usage

− Ability for SP customer support to have deeper knowledge of what the end customer is doing


Application Response Time Reports

• Benefits to the End Customer− End-to-end, deep knowledge of how the network is performing for business critical applications

− More intelligent troubleshooting for a quicker resolution

− Justify advanced projects and better negotiation with cloud SPs

• Benefits to the SP− Greater end customer satisfaction and greater stickiness/lock-in

− Opportunity to gain deep visibility into what applications the customer runs and what issues they experience

− Opportunity to address performance issues in new ways using SDN

− Identify the applications and quantify how WAAS would improve performance, for targeting WAAS sales better


Media Monitoring and HCS

• Benefits to the SP− Ability to provide high priority application-specific QoS to HCS traffic compared to Skype, Lync usage

− Ability to see if the customer network is ready for high-end desktop videoconferencing and Telepresence

− Ability for the SP Network Team to have additional information to provide to the Voice Team for fault isolation when things go wrong


Application-Specific QoS

• Benefits to the End Customer− Ability to best use their network as application usage changes

− Ability to see dramatic performance improvements instantly

− Ability to spot non-business-critical application usage and trends, and do something about it immediately

• Benefits to the SP− Opportunity for the SP to provide a value-add portal for Application-aware QoS to the customer, that is

chargeable and provides lock-in to retain the customer


Performance Routing (PfR)

• Benefits to the End Customer− Provides a cloud-ready WAN

− Offers confidence that cloud services will run reliably and quickly - more than just additional bandwidth alone would offer

− Provides a WAN that is ready for voice and video

• Benefits to the SP− Allows SP account managers to also offer DSL and 3G/4G connectivity that has more value to the

customer than just as a backup connection

− Allows the SP to offer multiple and additional forms of connectivity for remote branches where MPLS is not ideal

− Provides a lot of lock-in to retain the customer

− Opportunity to sell secure VPN to the customer


Platforms and Performance


Cisco IOS/IOS-XE End-to-End Solutions

ASR1002

ASR1004

ASR1006

ASR1013

ASR1001

Integrated Services Router

3900

29512921

29112901

19411921

890, 880860VAE, 810

Aggregation Services Router

ASR1002-X

4451-X

BYODAVC

WAASScanSafeFlexVPNTrustSec

CloudCloud Connectors

(Cloud Storage,HCS,ScanSafe)

WAASApplication Velocity

VideoAVC

MedianetPerformance RoutingApplication Velocity

CUBE VDIAVC

WAASGET VPN

PfR

IoTIPv6

NAT 64Application Velocity

NetworkSystems

End-to-End ConnectivityRoutingSecurity

EncryptionCisco Virtual Office

Thank you.

AVC Tech3

Technology

Transcript of AVC Tech3