2.2.6 Cisco Expo 2012

Cisco Expo
2012

kgrigori@cisco.com
25 2012
2011 Cisco and/or its affiliates. All rights reserved.
NBAR2
Metadata

Flexible Netflow
Performance Monitoring

Quality of Service (QoS)
Performance Routing (PfR)
,

,

,

,

,

,
SLA
-
,
,

!

ping?
show ip route?
traceroute?
show interface?

WAN-


,
,

..
,

.

ISR-G2: 15.2(2)T1
ASR1K: XE 3.4S
AVC
AVC
Performance
Monitoring
Appliance
Email
Servers
Web
Servers
DPI
Branch
Office

1200
ISR G2
ASR 1000

AVC
on
ASR1K
Email
Servers
Management
Management
Data Center
Web
Servers
Data Center
Branch
Office
AVC
on
ISR G2

(HQoS,
PfR, WAAS)

, ,
WAN,
Internet

Cisco
IOS PA
FNF
ISR G2
ASR1K
ISR G2
ASR1K
App Visibility &

User Experience Report
App
BW
Transaction
Time
WebEx
3 Mb
150 ms
Citrix
10 Mb
500 ms
FNFv9
ISR G2
ASR1K
High
Med
Low
Reporting Tools

DPI engine
(NBAR2)
L7
Reporting
Tool
ISR G2 & ASR

:
QoS PfR

NBAR2
Metadata

Flexible Netflow


TCP/UDP
(,
)
,

Stateful inspection
TCP/UDP

(, , )
IPv6 IPv6
transition
10

SCE
IOS NBAR
+150
+1200

IPv6
API

NBAR2
NBAR2
(DPI)
( SCE)
NBAR

1200 -
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bull
etin_c25-627831.html
11

Categories
Sub-Categories
Application-Group
P2P-technology
Tunnel
Encrypted
file-sharing
browsing
net-admin
other
internet-privacy
instant-messaging
email
newsgroup
voice-and-video
business-and-productivity-tools
industrial-protocols
gaming
obsolete
trojan
layer3-over-ip
location-based-services
layer2-non-ip
client-server
other
routing-protocol
tunneling-protocols
network-management
voice-video-chat-collaboration
authentication-services
database
naming-services
terminal
streaming
p2p-networking
p2p-file-transfer
control-and-signaling
inter-process-rpc
remote-access-terminal
network-protocol
commercial-media-distribution
rich-media-http-content
license-manager
epayement
storage
backup-systems
one-click-hosting
ftp-group
other
ipsec-group
imap-group
irc-group
kerberos-group
ldap-group
sqlsvr-group
netbios-group
nntp-group
pop3-group
snmp-group
tftp-group
fasttrack-group
gnutella-group
skinny-group
edonkey-emule-group
bittorrent-group
smtp-group
windows-live-messanger-group
yahoo-messenger-group
flash-group
skype-group
corba-group
n
y
unassigned
n
y
unassigned
n
y
unassigned
12
Netflow v9

Top-N
NBAR
interface GigabitEthernet0/0/2
ip nbar protocol-discovery
ASR-1000#sh ip nbar protocol-discovery top-n
GigabitEthernet0/0/2
[snip]
Protocol
Output
-----
------
Packet Count
Packet Count
Byte Count
Byte Count
5min Bit Rate (bps)
5min Bit Rate (bps)
5min Max Bit Rate (bps)
5min Max Bit Rate (bps)
------------------------ ------------------------ ----------------------itunes
secure-http
youtube
bittorrent
Input
1352704
413286
2042671577
28254387
3395000
18000
15000000
208000
584678
330847
640511303
76683682
2357000
196000
8847000
353000
139631
66440
207492818
3869014
1296000
17000
3575000
80000
37186
82432
11025469
113101301
81000
248000
84000
2465000
13

IPv4/IPv6
MC/BR
Internet
BR
WAN1
(IP-VPN)
class-map match-any peer2peer
match protocol kazaa2
match protocol gnutella
?
match protocol fastrack
BR
Native IPv6
BR
IPv4
HQ

?

?
MC/BR
policy-map limit-p2p
class
peer2peer
WAN2
(IPVPN, DMVPN)
bandwidth
percent 10
MC/BR
BR
interface Serial1
service-policy input limit-p2p
MC/BR
14

Category, sub-category, p2p, tunnel
filesharing
FTP, CIFS, Bittorrent ..
MC/BR
Internet
class-map my-class2
class-map my-class2
match protocol attribute category filesharing
match protocol attribute category filesharing
match not class-map excluded-apps
WAN1
(IP-VPN)
MC/BR
FTP, CIFS
class-map match-any excluded-apps
match protocol ftp
match protocol cifs
BR
Native IPv6
BR
MC/BR
IPv4
HQ
email
outlook, gmail, hotmail,
yahoo-mail, ..
BR
WAN2
(IPVPN, DMVPN)
class-map my-class1
match protocol attribute category email
BR
MC/BR
15
ip nbar pdlm
<path_to_pdlm_file>
PDLM
(bittorrent.pdlm ,
citrix.pdlm ..)
NBAR2
PDLM
PDLM
ip nbar protocol-pack
<path_to_protocol_pack>
PDLM
Protocol Pack
IOS IOS XE PDL Protocol
Description Language (show ip nbar version)

PDLM update
(PDLM www.cisco.com )
PDLM protocol pack, 15.2(4)M
XE 3.7S (show ip nbar protocol-pack)
protocol pack IOS
16
Router# debug ip nbar unclassified-port-stats

Router# show ip nbar unclassified-port-stats
Port
Proto
# of Packets
------- -------- ------6346
tcp
347679
27005
udp
55043
Router# ip nbar port-map custom-02 tcp 5634 6346 6347 6348 6349 6355
Router(config)# class-map gnutella
Router(config-cmap)# match protocol custom-02
Router(config-cmap)# exit
Router(config)# policy-map sample
Router(config-pmap)# class gnutella
Router(config-pmap-c)# police 1000000 31250 31250 conform-action drop
exceed-action drop violate-action drop

custom protocol-> www.cisco.com
PDLM-
custom protocol MQC

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080094ac5.shtml
17
, , ..:
Bit rate (bps), , ..
CISCO-NBARPROTOCOL-DISCOVERY-MIB
Flexible NetFlow ( QoS) Performance
Agent (PA)
application name/ID flexible netflow (FNF)

Application name/ID NetFlow
C3PL/MQC (class-map) CLI - match protocol

, QoS
IOS (QoS, performance monitor,
IOS FW)
PfR traffic-class application nbar
18
NBAR2
Metadata

Flexible Netflow

19

X
DSCP=EF

,

DSCP = EF
RTP
Voice

DSCP=EF
Fast1/0
Desk1

20
Metadata
Prot
L4
Src
L4
Dst
Application
Vendor
Dial From
Dial To
Caller ID
10.1.1.2
20.1.1.2
UDP
2000
4000
VideoConference
(Audio)
Cisco
83922564
85268229
Ivan
Ivanov
Metadata DB
1.
Metadata
QoS
Metadata
10.1.1.2
2.
Metadata
3.
Metadata DB
IP Dst
Metadata DB
IP Src
20.1.1.2
21
MC/BR
Metadata Signaling
WAN1
(IP-VPN)
MC/BR
BR
BR
HQ
class-map my-class
match metadata global-session-id <>
match metadata end-point [model | vendor | version]
BR
MC/BR
WAN2
(IPVPN, DMVPN)
BR
MC/BR
Cisco Metadata & Media Services Proxy

Metadata (WebEx, DMS, IP- , VX, TelePresence, Tandberg , CIUS,
Jabber ) - Media Services Interface (MSI)
, Metadata Media Services Proxy (MSP) (ISR
G2, Catalyst 4500 )
22
MSP

BR
MC/BR
Metadata
MC/BR
WAN1
(IP-VPN)
BR
BR
HQ
MC/BR
NBAR
IP Src
10.1.1.1
IP Dst
125.1.1.1
Prot
90
L4 Src
4080
L4 Dst
1234
Metadata
Application
Vendor
telepresence
Cisco
rtp
telepresencevideo
Dial
From
1001
Dial
To
2002
User
Bob
23
NBAR2
Metadata

Flexible Netflow

24
Link Layer
Header
NetFlow
Interface
ToS
NetFlow
Protocol
IP Header
TCP/UDP
Header
Source
IP Address
Destination
IP Address
Source
Port
L2-L4

7

: , ,
, ..
NBAR
Destination
Port
L3-L7

L3-L4 +

Data
Packet
Deep Packet
(Payload)
Inspection
NBAR
25
flow cache (flow monitor) ,

NetFlow
SrcIf
Fa1/0
Fa1/0
Fa1/0
Fa1/0
NetFlow
SrcIPadd
173.100.21.2
173.100.3.2
173.100.20.2
173.100.6.2
DstIf
Fa0/0
Fa0/0
Fa0/0
Fa0/0
DstIPadd
10.0.227.12
10.0.227.12
10.0.227.12
10.0.227.12
Protocol SrcPort DstPort

11
00A2
00A2
6
15
15
11
00A1
00A1
6
19
19
Export
Flow Monitor 1
DstIPadd
10.0.227.12
10.0.227.12
10.0.227.12
10.0.227.12
Protocol
11
6
11
6
TOS
80
40
80
40
Export
Export
Export
Flow Monitor 2
Protocol
11
6
11
6
TOS
80
40
80
40
Flgs
10
0
10
0
Flow Monitor 3
SrcIf
Fa1/0
Fa1/0
Fa1/0
Fa1/0
SrcIPadd
173.100.21.2
173.100.3.2
173.100.20.2
173.100.6.2
DstIf
Fa0/0
Fa0/0
Fa0/0
Fa0/0
26
News
router(config)# flow record

router(config-flow-record)#
#1
Source IP
10.1.1.1
app_record
match ipv4 source
address
match ipv4 destination address
match ..
Source IP
collect application name
#2
10.1.1.1
Destination IP
173.194.34.134
Destination IP
72.163.4.161
Source Port
20457
Source Port
30307
Destination Port
23
Destination Port
80
Layer 3 protocol
Layer 3 protocol
TOS byte
TOS byte
Ingress Interface
Ethernet 0
Ingress Interface
Ethernet 0
Src. IP
Src. IP
Dest. IP
Dest. IP
10.1.1.1
10.1.1.1
173.194.34.13
4.
173.194.34.134
10.1.1.1
72.163.4.161
Src. Port
Src.
Port
20457
20457
30307
NetFlow
Dest.
Dest.
Port
Port
80
23
Layer 3
Layer 3
Prot.
Prot.
6
6
TOS
TOS
Byte
Byte
0
0
Ingress Intf.
Ingress Intf.
Ethernet 0
Ethernet 0
HTTP
80
Ethernet 0
Youtube
App
Name
Times
tamps
Bytes
Packets
Flow entry
(, , ..)
27
Exporter
flow exporter my-exporter

destination 1.1.1.1
Flow Record
flow record my-record

match ipv4 source address
collect counter bytes
int s3/0
ip flow monitor my-monitor input
Flow Monitor
flow monitor my-monitor

exporter my-exporter
record my-record
28
flow record fnf-QoS-record

match application name
match ipv4 dscp
match flow class-id
collect counter bytes
collect counter packets
!
flow monitor fnf_monitor
record fnf-QoS-record
!
interface eth0/0
ip flow monitor fnf-monitor output
!
show flow mon <fnf_mon> cache

IPV4 SRC IPV4 DST
======== ========
10.0.1.1 10.0.1.2
10.0.1.1 10.0.1.2
10.0.1.1 10.0.1.2
Transactional
flow
record ( Netflow)
NBAR

IPv4/IPv6
Flow class-id ,

Flow export format - Netflow version 9 (RFC 3954)

IPFIX (RFC 5101)

, collector
(, Plixer)
APP NAME
========
nbar ssh
nbar telnet
NBAR my-app
DSCP Class-id
==== ========
0x20 Management
0x20 Management
0x22
29
NEW
NBAR Flexible NetFlow

HTTP- (Hostname URL) 15.2(4)M IOS XE
3.7.0S
show flow mon <app_mon> cache
IPV4 SRC ADDR
===============
10.0.1.1
IPV4 DST ADDR

==============
10.0.1.2
router(config)# flow record

APP NAME
=============
nbar http
Hostname
===============
www.google.com
URL
===========
/news
News
HTTP_record
match application http hostname
match application http URL
30
NBAR2
Metadata

Flexible Netflow

31
(Media Monitoring)
30%

(Performance Agent)
40%
-
, , ?
(Flexible Netflow NBAR/NBAR2)
HTTP HTTP
32
ISR G2:
ASR1K:
SLA?
WAN
Branch
NFv9
(
, Top N)

WAN

NBAR/NBAR2
Netflow v9 (IPFIX
)
WAAS Express
WAAS
33

Clients
Client
Network
Server
Network
IOS PA
Application
Servers
, WAN )
IOS PA ISR end-user
(NAM)
34
Client Side
Un-optimized
WAN Side
Optimized
Server Side
Un-Optimized
WAN
IOS PA
SPAN
or FA
FA
Pass-through
NAM 5.1
WAAS
TCP- 3 ,

WAAS-, original optimized bytes
Application Response Time (ART) : transaction time, network delay response time
NAM

35
IOS PA
Client
Server
SYN
(RT)
SND
SYN-ACK
CND
Response Time
t(First response pkt) t(Last request pkt)
ACK
Transaction
Request 1
Time (TT)
ACK
Request
Request 1 (Cont)
RT
TT
t(Last response pkt) t(First request pkt)
DATA 1
DATA 2
Network
DATA 3
ACK 3
Delay (ND)
DATA 4
DATA 5
DATA 3
DATA 4
ACK 6
Retrans
mission
DATA 6
Response
ND = Client Network Delay (CND) +

Server Network Delay (SND)
Application Delay (AD)

AD = RT SND
Request 2
36
IOS PA
ART
Application ID (from NBAR2)
CND - Client Network Delay (min/max/sum)
Client/Server Bytes
SND Server Network Delay (min/max/sum)
Client/Server Packets
ND Network Delay (min/max/sum)
Source MAC Address
AD Application Delay (min/max/sum)
Input/Output Interface
Total Response Time (min/max/sum)
IP DSCP
Total Transaction Time (min/max/sum)

Number of New Connections
WAAS Express
Number of Late Responses
Input/Output Bytes
Number of Responses by Response Time
WAAS Connection Mode

TFO, TFO/LZ, TFO/DRE, TFO/LZ/DRE
(7-bucket histogram)
Number of Retransmissions
Input/Output DRE Bytes
Number of Transactions
Input/Output LZ Bytes
Client/Server Bytes
Client/Server Packets
37

NBAR2

1. flow exporter
2. flow record mace
3. flow monitor mace
4. class-map
5. policy-map mace

mace_global
6. mace
enable
NBAR2

flow exporter pa-export

destination 172.30.104.128
transport udp 3000
!
flow record type mace pa-record
collect art all
!
flow monitor type mace pa-monitor
record mace-record
exporter mace-export
!
access-list 100 permit tcp any host
10.0.0.1 eq 80
class-map match-any pa-traffic
match access-group 100
!
policy-map type mace mace_global
class pa-traffic
flow monitor pa-monitor
!
interface Serial0/0/0
ip nbar protocol-discovery
mace enable
38
FNFv9
Alarm
Syslog
FNFv9
Alarm
Syslog
Voice/video
Endpoints
Management Tool
i.e. PAM
Voice/video
Endpoints
WAN
Medianet
Perf Monitoring
- jitter, loss,...
NBAR2

alert/alarm
Netflow v9

, ,

SLA
39

Router 1
Router 2
Active Probing
IPSLA Sender
IPSLA Responder

Flexible
Netflow
PerfMon
Flow Record
Flexible Netflow -
Performance Monitor - RTP/TCP

/ ( C3PL)
Flow Record
40
flow exporter pam

destination 10.35.89.61
transport udp 9991
!
flow monitor type performance-monitor medianet-perf-mon-monitor
record default-rtp
exporter pam
RTP
!
class-map match-any rtp-traffic
RTP-
match protocol rtp
!
policy-map type performance-monitor medianet-perf-mon
class rtp-traffic

flow monitor medianet-perf-mon-monitor
react 1 transport-packets-lost-rate
RTP
threshold value ge 5.00
RTP loss > 5%
action syslog
!
interface GigabitEthernet0/0

service-policy output wan-qos
Gi0/0
service-policy type performance-monitor input medianet-perf-mon
service-policy type performance-monitor output medianet-perf-mon
RTP
41
Flexible
Netflow
Medianet
Performance Monitor
Performance
Agent
Flow byte-count, interface ..
Voice/video RTP-, jitter ..
..
flow record type performancemonitor medianet-record

collect transport rtp-jitter
(..)
flow monitor type performancemonitor medianet-mon
(..)
policy-map type performancemonitor medianet
class rtp-traffic
flow monitor medianet-mon
interface Gi0/0/1
service-policy type performancemonitor input medianet
service-policy type performancemonitor output medianet
flow record type mace mace-record

collect art all
(..)
flow monitor type mace ios-pa
(..)
policy-map mace_global
class http-traffic
flow monitor type mace ios-pa
interface Gi0/0/1
mace enable
flow record my-flow-record

collect counter bytes long
(..)
flow monitor intf-fnf
(..)
interface Gi0/0/1
ip flow monitor intf-fnf input
ip flow monitor intf-fnf-output
?
42
IOS XE
3.8S
Flow byte-count, interface.
Voice/video RTP-, jitter ..
flow record type performance-monitor rtp-record

collect transport rtp-jitter
(..)
flow record type performance-monitor art-record
collect art all
(..)
..
policy-map type performance-monitor avc

class rtp-traffic
flow monitor rtp-mon
class tcp-app
flow monitor app-mon
(..)
!
interface Gi0/0/1
service-policy type performance-monitor input avc
service-policy type performance-monitor output avc
flow monitor type performance-monitor rtp-mon

(..)
flow monitor type performance-monitor app-mon
(..)

,

43
NBAR2
Metadata

Flexible Netflow

44
HQ
NBAR2
IP Packet
ToS
Protocol
TCP/UDP Packet
Src
IP
Addr
Dest
IP
Addr
Src
Port
Dst
Port
Campus WAN
Aggregation
Data Packet
Sub-Port/Deep Inspection
BR
BR
Vendor
Dial From
Dial To
Caller ID
Video-Conference
(Audio)
Cisco
83922564
85268229
Albert
Albatross
Si
App
Si
Metadata
Campus
Distribution
ACL
Src IP
Dst IP
S Port
D Port
DSCP
1.1.1.1
1.1.1.2
16384
16399
46
Campus
Access
45
class-map match-all business-critical

match protocol citrix
match access-group 101
Committed BW
(50% of the line)
class-map match-any browsing

match protocol attribute category browsing
class-map match-any internal-browsing
match protocol http url *myserver.com*
Excess BW
(50% of the line)
Application
BW
Priority
Business Critical
Committed 50%
High
Browsing
30% (=15% of the line)
Normal
Internal
Browsing
Remaining
60% (Out of Browsing)
70% (=35% of the line)
Normal
policy-map internal-browsing-policy
class internal-browsing
bandwidth remaining percent 60
policy-map my-network-policy
class business-critical
priority percent 50
class browsing
bandwidth remaining percent 30
service-policy internal-browsing-policy
interface Serial0/0/0
service-policy output my-network-policy
Business-Critical:
High Priority
50% committed
Remaining:
70% of Excess BW
(=35% of line)
Browsing:
Internal-Browsing: 30% of Excess BW
60% of Browsing
(=15% of the line)
46
NBAR2
Metadata

Flexible Netflow

48

WAN 1
High SLA
Email
WAN 2
Med SLA
Internet
No SLA
WAN
LAN

WAN

HTTP
WAN
LAN

WAN
,
-
49

WAN 1
High SLA
Email

WAN- Internet
WAN 2
Med SLA
Internet
No SLA
HTTP
WAN
LAN

real-time
50
Protecting critical applications while Maximizing bandwidth utilization

Detect loss >
10%
Detect high
jitter
Internet
Best Effort traffic
Best Effort traffic
ISP-2 (Secondary)
SP-A (MPLS VPN)
Cloud Service & Load Balancing Policy
-
Loss > 10%
ISP1

Internet
ISP
SP-B (MPLS VPN)
Multimedia & Critical Data Policy
VDI
Voice&Video
Cloud Service
ISP-1 (Primary)
WAN

Latency > 200ms; Jitter > 30ms
VDI-
Loss > 5%

- SP-A
VDI - SP-B

ISP
51
MC/BR
WAN1
(IP-VPN)
MC
BR
:
Reachability, Delay, Loss, Jitter, MOS,
Throughput, Load / $Cost
BR
HQ
MC/BR
MC/BR
BR
WAN2
(IPVPN, DMVPN)
MC/BR
The Decision Maker: Master Controller (MC)
BR
, ,
/
The Forwarding Path: Border Router (BR)

, ,
52
NBAR2
Metadata

Flexible Netflow

53

Cisco Prime NAM
ISR G2 SRE
Cisco Prime NAM
WAAS VB
Cisco ISR G2 NAM Blade
Cisco Prime NAM

Nexus 1010
SPAN
Cat65xx/C76xx
NAM1/NAM2 Blades
NAM 2200 Series Appliance
ERSPAN
RSPAN
NetFlow
Cat65xx NAM3 Blade
CEF
VACL
WAAS
PA

55
NAM

TCP

Cisco Prime Infrastructure 1.2
56
, , ..
57
flow record type mace mace-record

collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all

Bittorrent?
58

, bittorrent
59

:

,

/,

..
60
Medianet : jitter, loss ..

(MOS ..), NAM
61
NBAR2
Metadata

Flexible Netflow

63
NBAR2
WAN, Internet edge, Datacenter edge

,
?
IOS PA

.

,
?
IOS PerfMon
.
Mediatrace.

Oracle

IOS PA

YouTube BitTorrent
NBAR2 QoS

.

64
Branch
Headend/Internet
ISR G2
ASR 1000
IOS 15.2(2)T1
IOS XE 3.4S
NBAR2
Performance Agent
Performance Monitor
Flexible Netflow
QoS
NBAR2
Performance Monitor
Flexible Netflow
QoS
Management
Cisco Prime
Cisco Prime Infrastructure

1.2 Assurance
Cisco Prime NAM 5.1(3)
65
800
Advanced IP Services
1900
Data License
2900
Data License
3900
Data License
ASR1K
Advanced IP Services/Advanced Enterprise

Services
ISR G2 1900/2900/3900 - Data- 60

Prime Assurance Manager evaluation- 60
66
AVC

AVC ,

AVC

AVC Cisco ISR G2 ASR1K
67
Application Visibility and Control - http://www.cisco.com/go/avc

NBAR - http://www.cisco.com/go/nbar
http://www.cisco.com/en/US/partner/docs/ios/ios_xe/qos/configuration/guid
e/clsfy_traffic_nbar_xe.html
Flexible Netflow - http://www.cisco.com/go/netflow
Performance Agent -
http://www.cisco.com/en/US/products/ps11671/index.html
Performance Monitor -
http://www.cisco.com/en/US/partner/docs/ios/media_monitoring/configurati
on/guide/mm_pasv_mon.html
Performance Routing - http://www.cisco.com/go/pfr
Prime NAM - http://www.cisco.com/go/nam
Prime Assurance Manager - http://www.cisco.com/go/pam
68
Cisco Expo
Linksys E900.
:
Cisco
,

:
15:00 25 16:30 26
www.ceq.com.ua
70

2.2.6 Cisco Expo 2012

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

2.2.6 Cisco Expo 2012

Загружено:

Авторское право:

Доступные форматы

Cisco Expo

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

App Visibility &

ISR G2 & ASR

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

5min Bit Rate (bps)

5min Bit Rate (bps)

5min Max Bit Rate (bps)

5min Max Bit Rate (bps)

------------------------ ------------------------ ----------------------itunes

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

IOS IOS XE PDL Protocol

Description Language (show ip nbar version)

Router# debug ip nbar unclassified-port-stats

2011 Cisco and/or its affiliates. All rights reserved.

application name/ID flexible netflow (FNF)

C3PL/MQC (class-map) CLI - match protocol

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Metadata & Media Services Proxy

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

flow cache (flow monitor) ,

Protocol SrcPort DstPort

2011 Cisco and/or its affiliates. All rights reserved.

router(config)# flow record

2011 Cisco and/or its affiliates. All rights reserved.

flow exporter my-exporter

flow record my-record

flow monitor my-monitor

2011 Cisco and/or its affiliates. All rights reserved.

flow record fnf-QoS-record

show flow mon <fnf_mon> cache

Flow export format - Netflow version 9 (RFC 3954)

NBAR Flexible NetFlow

IPV4 DST ADDR

router(config)# flow record

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

t(Last response pkt) t(First request pkt)

ND = Client Network Delay (CND) +

Application Delay (AD)

2011 Cisco and/or its affiliates. All rights reserved.

Application ID (from NBAR2)

CND - Client Network Delay (min/max/sum)

SND Server Network Delay (min/max/sum)

ND Network Delay (min/max/sum)

Source MAC Address

AD Application Delay (min/max/sum)

Total Response Time (min/max/sum)

Total Transaction Time (min/max/sum)