ATOS Enterprise Routing QoS

Internet Edge
20 Fevrier 2014 Jrme Durand

CSE Routing & Switching CISCO
@JeromeDurand
http://reseauxblog.cisco.fr
Marc Sanchez
2010 Cisco and/or its affiliates. All rights reserved.

Qualification Internet Edge
10GE + BGP + QoS + Netflow
Services rich Edge Router Services rich Core Switch High scale Core Router
with increasing scale with increasing scale with increasing services
ASR 1000 Catalyst 6k w/ sup2T + ASR 9000
Riche instrumentation Cluster possible (VSS) Performance

pour performance Collapsed core Densit / Scalabilit
applicative (HQoS, DPI, campus/Internet Edge Cluster possible (VSS)
PfR, Flexible Services via module Services via module
Netflow,Perfmon) ad-hoc ad-hoc
Fonctions de scurit HQoS limite, 40Gbps, 100Gbps
avances (VPN, FW) Microflow policing Flowspec
10GE max, interfaces 40GE IOS-XR
TDM 100GE ready
IOS (IOS-XE) IOS
2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Introduction lASR 9000
Cisco ASR 9000 Portfolio Snapshot
Uncompromising Density Across a Scalable Portfolio
> 2Tbs Per Slot Capable Chassis
Optimized for Ultra High Density

Ethernet Service Edge & Core
applications
ASR 9922 ASR 9912 ASR 9904
Common IOS-XR, Line-Cards / NPU, Fabric ASICs, Power Supplies
< 1Tbps per Slot Capable Chassis
Optimized for Ethernet Service Edge

and Multi-Service Edge applications ASR 9001 ASR 9001-S
ASR 9010 ASR 9006 (120G) (60G)
Presentation_ID 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Industry Hardened IOS XR
Super Stable, Granular Modular, Ultra-High Scale
Fully distributed for ultra high Granular process for selective
control plane scale restartability
LC CPU
BFD I
OSPFv2 OSPFv3
O
RP CPU
LC CPU S
CFM Routing
X Independent Processes

LC CPU R BGP
IOS-XR
PIM
Device File
Driver System Full Standard XR PI Binaries
MgmtEth
MgmtEth
Micro-Kernel GE 0
Process Mgmt Platform Layer GE 1
GE 2
Memory Mgmt con SPP Data Plane
Scheduler aux QNX GE n
TCP/IP
HW Abstraction
disk
Micro kernel for Virtualization for

superior stability flexibility
ASR 9000 80-360G Typhoon Class Linecards
Hyper Intelligence & Service Scalability
300%
00% Capacity
apacity Upgrade
pgrade
From
From 120G/Slot
120G/Slot to
to 360G/Slot
360G/Slot in
in existing
existing chassis
chassis
Dense
Dense 10GE
10GE &
& 100GE
100GE
36x10GE
300-
00-400%
00% Service & Control
ervice & ontrol Plane
lane Scale
cale
From
From 512K
512K to
to 2M
2M MACs
MACs learned
learned in
in Hardware
Hardware
From 1.3M
From 1.3M to
to 4M
4M IPv4
IPv4 prefixes
prefixes
From
From 512k
512k to
to 2M
2M IPv6
IPv6 prefixes
prefixes
24x10GE
Hyper-
yper-Intelligent
ntelligent
Video
Video buffering
buffering for
for lossless
lossless multicast
multicast
In-line
In-line video
video monitoring
monitoring 2x100GE
Integrated
Integrated G.709
G.709
SyncE
SyncE // IEEE
IEEE 1588-2008
1588-2008 PTP
PTP timing
timing
Tunneling
Tunneling services
services optimized
optimized
Modular 80G & 160G
ASR 9001 Compact Chassis
Sub-slot 0 with MPA Sub-slot 1 with MPA
GPS, 1588 Console, Aux,

Redundant Management Fixed 4x10G
(AC or DC)
Power Supplies BITS SFP+ ports
EOBC ports for nV
Field Replaceable Edge (2xSFP)
Fan Tray
Field Replaceable
Typhoon Scale Parameters
Metric Transport (TR) Linecard Scale Service Edge (SE) Linecard Scale
FIB Routes (v4/v6) 4M/2M
Multicast FIB 128K
MAC Addresses 2M
L3 VRFs 4K (8K in 4.2.1)
Bridge Domains / VFI 64K
PW 128K
L3 Subif / LC 8K 20K
Differentiation
L2 Interfaces (EFPs) / LC 16K 64K
Egress Queues 8 Queues / port 256K / NPU
Policers 8K / NPU 256K / NPU
BNG IPoE/PPPoE Sessions Not Supported 64K
ASR 1000 pour Internet Edge
ASR 1000 : Vue densemble
De 2.5 100 Gbit/s Prt supporter jusqu 360 Gbit/s
ROUTEUR COMPACT ET APPLICATIONS BUSINESS
NOMBREUX SERVICES INTEGRES
PUISSANT CRITIQUES - RESILIENCE
Performance de 2,5 200 Gbit/s avec Sparation des plans de contrle et de Firewall intgr, VPN, chiffrement,
services activs donnes NBAR2, CUBE-ENT,CUBE-SP
Protection des investissements grce Redondance matrielle et logicielle Possibilit dactiver simplement les
la modularit du systme, CLI IOS et Mise jour chaud (ISSU) services sans changer le matriel grce
SPA des licences logicielles
QoS Hardware avec 128 000 files
dattente
ASR 1013
Haute performance
Services rsilients intgrs
ASR 1006
ASR 1004
ASR 1002 ASR 1002-X
ASR 1001
Gbit/s Gbit/s Gbit/s Gbit/s Gbit/s

Gbit/s
2,5 5 5 10 5 36 10 40 10 100 40 360
Exemples dusages pour lentreprise
Site distant
Internet WAN
WAN priv
ISP1 ISP2 Aggrgation/

WAN Cloud
WAN priv
Accs internet Agrgation WAN
DC Internet Cur du DC WAN
Zone/DMZ Campus
WAN scuris
Extranet
Interconnexion de Data Centers
Cur du Data Center
Cisco Cloud Intelligent Network
Public
HD
Private Hybrid
VoIP VDI
Video
App
OS
Connecting Users to the Optimal Pervasive Simplified

Cloud With Confidence Experience Security Operations
Ciscos Approach: One Network with Unified Services
Visibility
One Network L4-L7
UNIFIED SERVICES Application Control
Services
Optimization
Security
L2-L3
Transport
Simplify Routing
Application
Delivery Routing Redefined
Composants matriels
ASR 1000 Series
Protection des investissements
ASR 1013
ASR 1006
ASR 1004
ASR 1002-X
ASR 1002
Flexibilit dans le choix des interfaces
ASR 1001
SPA - SHARED PORT ADAPTERS
Chssis
RP-2
RP-2
RP-1
RP-1

ntr le
Plan de cPo
)
(R
100G 200G
40G
20G
10G
2.5-5G
ic es
Plan de sPe)rv
(ES
Exemple : chssis ASR 1006
SPAs
SIP
ESP10
RP1
(slots
r0 & r1)
Chssis ASR 1000
g ASR 1001 ASR 1002 ASR 1002-X ASR 1004 ASR 1006 ASR 1013
SPA supportes 1 3 3 8 12 24
RP supportes 0 (Intgr) 0 (Intgr) 0 (Intgr) 1 2 2
ESP supportes 0 (Intgr) 1 0 (Intgr) 1 2 2
SIP supportes 0 (Intgr) 0 (Intgr) 0 (Intgr) 2 3 6
Redondance IOS Logicielle Logicielle Logicielle Logicielle Matrielle Matrielle
GE intgrs 4 (SFP) 4 (SFP) 6 (SFP) Aucun Aucun Aucun
Hauteur 1 RU 2 RU 2 RU 4 RU 6 RU 13 RU
Bande-passante 2,5 5 Gbit/s 5 10 Gbit/s 5 36 Gbit/s 10 40 Gbit/s 10 100 Gbit/s 40100+ Gbps
Puissante max en
sortie
400W 470W 470W 765W 1275W 3200W
Ventilation Avant - Arrire Avant - Arrire Avant - Arrire Avant - Arrire Avant - Arrire Avant - Arrire
IDC 1 0 0 0 0 0
Vue densemble de lASR 1002-X
Chssis & matriel 2 RU

RP, ESP & SIP intgrs Avantages pour le client
Alimentation redondantes
Solution dagrgation WAN compacte (2RU) avec nombreux services
embarqus activables
Bande-passante du systme 5, 10, 20, 36 Gbit/s, via licence logicielle
Solution de routage multiple
Performance Jusqu 30 Mpps Agrgation WAN intgrant le WAN scuris
Bande-passante pour 4 Gbit/s Passerelle daccs Internet avec Performance Routing et fonction de
chiffrement Firewall
Solutions pour services manags avec de nombreux services intgrs
Plan de contrle Quad-core @ processeur 2.13GHz
Solution optimale pour les sites distants
Plan de donnes ESP intgre avec bande-passante volutive BGP Route-Reflector trs haute performance
de 5 36 Gbit/s MSE, BRAS avec jusqu 64k sessions
Modules dentre/sortie 3 SPA + 6 ports GE intgrs (Cuivre/Fibre SFP, Performance - 4 fois plus de performance que lASR1002
support de SyncE)
Pay-As-You-Grow: Augmentation de la performance simple par licence
Console / MGMT Ethernet / Aux logicielle (RTU) 10, 20 ou 36 Gbit/s
Management Ethernet
Stockage USB externe Protection des investissemens Mmes SPAs que dans les autres chssis
ASR 1000 et dautres plateformes Cisco
Disque dur optionnel (160GB)
Licences RTU (Right-to-Use)
FW / NAT 36G FW/NAT, 2 M sessions Pour les fonctionnalits (IPB,AIS,AES)
Pour la performance (10, 20, 36 Gbit/s)
Synchronisation dhorloge via Stratum 3/G.813 Clocking, BITS timing, GPS,
le rseau SyncE, 1588 IOS-XE Mme exprience logicielle que toute la famille ASR 1000
Scurit logicielle Secure boot

Code Signing (FIPS-140-3)
24
New Fixed Ethernet Linecard
40 Gbps Bandwidth, High Port Density, 2x10GE + 20x1GE
Huge Cost Saving 1/3 Price compared to SIP & SPA configuration
ASR1000-2T+20X1GE
Two Variants 2x10GE+20x1GE Orderable Now

6x10GE Target March 2014 All current Ethernet features
SyncE
Chassis ASR1004, ASR1006 & ASR1013
IEEE 1588
RP RP2 Y.1731 - CFM
ESP ESP40, ESP100 & ESP200 40 Gbps Bandwidth
Architecture et Haute-Disponibilit
Composants de lASR 1000
ESP - Processeur de Route Route ESP - Processeur de
commutation Processor Processor commutation
(Actif) (Actif) (Standby) (Standby)
FECP RP RP FECP RP (Route Processor)

Gre le trafic du plan de contrle
QFP
Interconn. Interconn.
QFP Gre le systme
Subsys- Sub-
Crypto
Assist
tem Crypto
Assist
system
ESP (Embedded Services Processor)
Gre le trafic du plan de donnes
Interconn. Interconn.
SPA Interface Processor (SIP)
Les Shared Port Adapters (SPA) fournissent les
Midplane interfaces pour la connectivit
Architecture de commutation centralise

Interconn. Interconn. Interconn.
Tout le trafic transite par lESP actif, lESP standby est
IOCP IOCP IOCP synchronis avec tous les tats via un lien 10 Gbit/s
SPA SPA SPA
Agg. Agg. Agg.
Architecture de contrle distribue
Tous les composants principaux du systme ont un
SPA SPA SPA SPA SPA SPA processeur de contrle puissant ddi pour les plans
de contrle et de donnes
ESI, (Enhanced Serdes Interface) 11,5 Gbit/s
Hypertransport, 10 Gbit/s
SPA-SPI, 11,2 Gbit/s
La bande passante de lESP
LASR 1000 a un fond de panier passif. La capacit de commutation du systme est dtermine par le type dESP et de
SIP utiliss dans le systme
La bande passante de lESP correspond la bande-passante en sortie totale du systme, quelque soit linterface
Le trafic prioritaire (tant quil nest pas en over-subscription, par exemple moins de 10 Gbit/s pour une ESP-10G) ne sera
pas concern par cette limite
Exemple pour lESP-10G :
5 Gbit/s 5 Gbit/s 1 Gbit/s 8 Gbit/s

5 Gbit/s ASR 1000 5 Gbit/s 2 Gbit/s ASR 1000 2 Gbit/s
5 Gbit/s unicast dans chaque direction 1 Gbit/s multicast avec 8 rplications dans une direction
Total 5+5=10 2Gbit/s unicast dans lautre direction
Total 8+2=10
5 Gbit/s 5 Gbit/s 1 Gbit/s 10 Gbit/s

6 Gbit/s ASR 1000
6 Gbit/s 1 Gbit/s ASR 1000 1 Gbit/s
5 Gbit/s unicast dans une direction et 6 Gbit/s dans lautre 1 Gbit/s multicast avec 10 rplications dans une direction
Total 5+6=11 dpasse la limite de 10 Gbit/s Seuls 10 Gbit/s sont 1 Gbit/s unicast dans lautre direction
transmis Total 10+1=11 dpasse la limite de 10 Gbit/s Seuls 10 Gbit/s sont
transmis
Over-subscription du systme
La bande-passante totale du systme est dtermin par les lments suivants :
Le type dESP
Le type de SIP (SPA Interface Processor)
Les SIP installes dans le systme partagent la capacit de lESP, quelque soit le type de SIP. Exemple:
ESP-10G 10 Gbit/s partags entre SIP
ESP-20G 20 Gbit/s partags entre SIP
La bande-passante de la SIP est la capacit du lien entre la SIP et lESP
SIP-10G lien 10 Gbit/s entre SIP et ESP
SIP-40G lien 40 Gbit/s entre SIP et ESP
Bande-passante de
Bande-passante maximale Over-subscription
Chssis Type dESP Type de SIP Nb de SIP Over-subscription SPA / SIP lESP Over-subscription ESP
par slot (Gbit/s) systme
(Gbit/s)
ASR 1001 ESP2.5 n.a. n.a. n.a. 2:1 2.5 5.6:1 5.6:1
ASR 1001/ASR1002 ESP5 n.a. n.a. n.a. 4:1 5 6.8:1 6.8:1
ESP10 n.a. n.a. n.a. 4:1 10 3.4:1 3.4:1
ASR 1002-X ESP40 SIP40 n.a. n.a. 9:10 36 1:1 9:10
ASR 1004 ESP10 SIP10 2 10 4:1 10 2:1 8:1
ESP20 SIP10 2 10 4:1 20 1:1 4:1
ESP40 SIP10 2 10 4:1 40 1:2 4:1
(Suite sur le slide suivant)
Architecture Systme
Plan de contrle distribu
Pas de perte
de paquets
Route Standby
Route
Dfaillance RP
Processor Processor
devient
Route
HW ou SW
Actif Processor
Standby
Actif
ESP Actif ESP Standby
Lie
nG
E
SPA SPA SPA SPA SPA SPA
SPA Interface Processor SPA Interface Processor SPA Interface Processor

Lien spar et indpendant pour les donnes du plan de contrle (GE)
Architecture Systme
Plan de donnes centralis
Interruption de
donnes minimale
Route Standby
Route
Processor Processor
Route
Actif Processor
Standby
P ath
nt
Pu
Standby
Dfailance ESP
ESP Actif ESP
devient
Standby
SW ou HW
Actif
ESI
11,5 G
bit/s
SPA Interface Processor SPA Interface Processor SPA Interface Processor

Tous les paquets sont traits par le QFP pour la commutation

Liens spars et indpendants pour les donnes pour le plan de donnes (ESI 11,5 Gbit/s pour SIP10)
Application Visiblity and Control
What is Application Visibility and Control (AVC)
What is Needed
App Visibility &

User Experience Report
App BW Transaction
Time
SAP 3M 150 ms High

Sharepoint 10M 500 ms
NFv9/IPFIX Med
Low
Reporting Tools
Application Perf. Collection

Reporting Tool Management
Control
Recognition & Exporting Tool
Advanced
Advanced reporting
reporting
Identify Collect
Collect application
application Control
Control application
application
Identify applications
applications tool
tool aggregates
aggregates
using performance
performance network
network usage
usage toto
using L3
L3 to
to L7
L7 and
and reports
reports
information metrics,
metrics, and
and export
export improve
improve application
application
information application
application
to
to management
management tooltool performance
performance
performance
performance
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
What is Application Visibility and Control (AVC)
Enabled Technologies
App Visibility &

User Experience Report
App BW Transaction
Time
SAP 3M 150 ms
High
Sharepoint 10M 500 ms
NFv9/IPFIX Med
Low
Reporting Tools
Application Perf. Collection

Reporting Tool Management
Control
Recognition & Exporting Tool
Unified
Unified Monitoring
Monitoring
-- Traffic
Traffic Statistics
NBAR2
Statistics Cisco
Cisco Prime
Prime
NBAR2 --Response
Response Time
Time QoS
QoS (w/
(w/ NBAR2)
NBAR2)
Metadata --
Voice/Video Infrastructure
Infrastructure
Metadata Voice/Video PfR
PfR
Monitoring
Monitoring 3
3rd Party
rd
Party Tools
Tools
-- URL
URL Collection
Collection
Application Recognition in Enterprise
ACL, DPI and Metadata

ACL and NBAR2 Interact with application to go
+1000 signatures in NBAR2 deeper into the end user flows
ACL
Up to the application level +1000 signatures in NBAR2
Up to Layer 4 analysis
Up to the application level
DISCOVER - CLASSIFICATION
What is An Application?
What about these?
HTTP 80
Are these
FTP 20/21
applications?
POP3 110
IMAP 143
Or just ports?
HTTPS 443
SMTP 25
NBAR2 Highlight
Number of Applications Supported HTTP
1200
URI
HTTP Hostname Browser Type
1000 1000+
800 Number of
Applications
600 Supported
400
200
0
NBAR1 NBAR2
More than 1000 applications support and Field Extraction collect application
growing specific information in addition to identify
Categorization to simplify application applications
management Sub-port Classification match parameters
In-service signature update through Protocol of the applications
Pack
Simplify Application Management with NBAR2
Attributes
NBAR2 attribute provides grouping of similar types of applications

Use attributes to report on group of applications or to simplify QoS
classification
6 pre-defined attributes per application (can be reassigned by users)
Category First level grouping of applications with similar functionalities
Sub-category Second level grouping of applications with similar functionalities
Application-group Grouping of applications based on brand or application suite
P2P-technology? Indicate application is peer-to-peer
Encrypted? Indicate application is encrypted
Tunneled? Indicate application uses tunnelling technique
Define Your Own Application in NBAR2
Port Payload HTTP URL

TCP or UDP Search the first 255 bytes of TCP or URI regex New
16 static ports per application UDP payload Host regex
Range of ports (1000 maximum) ASCII (16 characters)
Hex (4 bytes)
Decimal
(1-4294967295)
Variable (4 bytes Hex)
NBAR2 Field Extraction
Overview
Ability to look into specific applications for additional field information

NBAR2 extracted fields from HTTP, RTP, Citrix, etc for QoS configuration
HTTP Header Fields
Eases classification of voice and video traffic
VoIP, streaming/real time video, audio/video conferencing, Fax over IP
Distinguishes between RTP packets based on payload type and CODECS
Some extracted fields within Flexible NetFlow and Unified Monitoring
NBAR2 Field Extraction
HTTP Example
http://www.cnn.com/US Se0/0/0
(IP=192.168.100.100) www.cnn.com
(IP=157.166.255.18)
Ability to extract information from HTTP message

collect application http host
collect application GET /weather/getForecast?time=37&&zipCode=95035 HTTP/1.1
http url Host: svcs.cnn.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0)
Gecko/20100101 Firefox/14.0.1
collect application Accept:
http user-agent text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cnn.com/US/
collect application
http referer
How NBAR2 can be used
Protocol Discovery ip nbar protocol-discovery CLI
Discovers and provides real time statistics on applications
Accounting: per-interface, per-application, bi-directional statistics:
Bit rate (bps), Packet counts and Byte counts
Information available in the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB
Invoke match protocol CLI in C3PL/MQC (class-map) CLI

Application optimization
Used in a number of different IOS functions (QoS, performance monitor, IOS FW)
With Flexible NetFlow (regardless of QoS)

Invoke match|collect application name fields in flexible netflow (FNF)
Application name/ID is included in NetFlow export reports
NBAR2 Regular Updates
In-service Application Definition Update
PPX (Major) PPY (Major)

1M PPX.1 (Minor) 1M 1M PPY.1 (Minor)
protocols~ 10 Bug fixes Protocols~10 Bug fixes

updates and small updates updates and small updates
fixes fixes
PP 6.0
Advanced Protocol Pack
Available
Includes all supported Protocols / Applications
Support Traffic categorization and Attributes
Available (as Default protocol pack) in DATA image NBAR2
Periodic releases and Offers SLA
Protocol Pack
Useful Pointers:
Protocol1
Protocoln
Protocol2
Protocol Library
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Protocol List and Version support

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
NBAR2 Protocol Pack For Your
Reference
Example
Add new applications recognized by NBAR2 without IOS upgrade or router reload
New protocol pack is published every two months on CCO
Single IOS CLI to enable the protocol pack
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Flow Metadata Principles
Flow Identifier Metadata
IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Dial From Dial To Caller ID
10.1.1.2 20.1.1.2 UDP 2000 4000 Video- Cisco 83922564 85268229 Albert
Conference Albatross
(Audio)
1. Application Creates
Metadata QoS based on
DB
DB
DB
Metadata DB
Metadata DB
Metadata DB
Metadata Metadata
Metadata
Metadata
Export
10.1.1.2 10.1.1.2
of data
2. Metadata Announcement 3. Media Flow to NMS
PERFORMANCE COLLECTION
Performance Collection & Exporting
What is it?
Integrated performance monitoring available for different type of applications and use cases
Performance Voice
Voice and
and Video
Video Performance
Performance Critical
Critical Applications
Applications Performance
Performance
Collection (Media
(Media Monitoring)
Monitoring) (Application
(Application Response
Response Time)
Time)
30% of bandwidth 40% of bandwidth is
is voice and video critical applications
Traffic What
What applications,
applications, how
how much
much bandwidth,
bandwidth, flow
flow direction?
direction?
Statistics (Flexible
(Flexible NetFlow
NetFlow and
and NBAR2)
NBAR2)
HTTP HTTP
Foundation: Flexible NetFlow (FNF)
Build Performance Monitoring
Devices NMS
IETF Scope Capacity Planning

Security
Performance Analysis
Visibility
Export Process
Metering Process (NetFlow v9, IPFIX)
(Flexible NetFlow
Performance Monitor)
Multiple Monitors with Unique Key Fields
Traffic
Flow Flow
Monitor 1 Monitor 2
Non-Key Fields Non-Key Fields

Key Fields Packet 1 Key Fields Packet 1
Packets Packets
Source IP 3.3.3.3 Source IP 3.3.3.3
Bytes Timestamps
Destination IP 2.2.2.2 Destination IP 2.2.2.2
Timestamps
Source Port 23 Input Interface Gi0/1
Next Hop Address
Destination Port 22078 SYN Flag 0
Layer 3 Protocol TCP - 6
TOS Byte 0
Input Interface Ethernet 0
Traffic Analysis Cache Security Analysis Cache

Source Dest. Source Dest. Input Source Dest.
Protocol TOS Pkts Input I/F Flag Pkts
IP IP Port Port I/F IP IP
3.3.3.3 2.2.2.2 23 22078 6 0 E0 1100 3.3.3.3 2.2.2.2 Gi0/1 0 11000
Exporting Process: NetFlow v9 and IPFIX
Static Flow Export Format Flexible & Extensible Flow Export Format
NetFlow Version 5 NetFlow v9 / IPFIX
Flow
Flow record
record Describe
Describe flow
flow format
format A
A
Describe
Describe flow
flow format
format B
B
Flow
Flow record
record
Collector
Collector
Exporter
Exporter
Flow
Flow record
record A
A
Flow
Flow record
record
Flow
Flow record
record A
A
Flow
Flow record
record Flow
Flow record
record B
B
Fixed number of fields (18 fields) Users define flow record format
e.g. source/destination IP & port, Flow format is communicated to collector
input/output interfaces, packet/byte count,
ToS
What do we want to monitor?
Application
Application Conversation
Conversation Application
Application Media
Media
URL
URL Visibility
Visibility
Traffic
Traffic Stats
Stats Traffic
Traffic Stats
Stats Response
Response Time
Time Performance
Performance
Filters
Filters Filters
Filters Filters
Filters Filters
Filters Filters
Filters
DNS/DHT
DNS/DHT Remaining
Remaining traffic
traffic HTTP
HTTP Traffic
Traffic Selected
Selected TCP
TCP RTP
RTP Applications
Applications
not
not included
included in in Applications
Applications
other filters
other filters
Traffic
Traffic statistics
statistics Traffic
Traffic statistics
statistics Sample
Sample traffic
traffic Traffic
Traffic statistics
statistics Traffic
Traffic statistics
statistics
per
per application
application per
per application,
application, statistics,
statistics, TCP
TCP and
and TCP
TCP and
and media
media
client
client and
and server
server performance
performance and and performance
performance performance
performance
host/URL
host/URL data
data per
per metrics
metrics per
per metrics
metrics per
per
connection
connection application,
application, client
client application,
application, client
client
and
and server
server and
and server
server
We need more Metrics with Flexible NetFlow
Bytes, Packets, Routing Info (L3 to L4) FNF

Network latency
Application ID (L3 to L7) + NBAR2
Response Time
Performance
Network Metrics Unified
Metrics
(e.g. QoS) Monitoring
(e.g. MMON, ART)
Derived Metrics
Other Metrics Jitter QoS policy/class-
(e.g. URL Hit
(e.g. PfR) map
count)
Retransmission
AVC Configuration
Prime Infrastructure
Enable AVC with just

ON/OFF button
With Cisco Prime
Infrastructure 2.0
AVC Configuration
IOS-XE: 3.10
ezPM
Monitor Name Default Traffic Classification

Application-Response-Time (ART) All TCP
URL HTTP applications
Media RTP applications over UDP
Conversation-Traffic-Stats Remaining traffic not matching other classifications
Application-Traffic-Stats DNS and DHT
Enable AVC and enable flexibility:

Configuring exporters
Enable / Disable various traffic-monitors (a.k.a tools)
For each traffic-monitor, override some default parameters (IPv4/6, Ingress/Egress, traffic to
which the monitor is applied, cache size..)
For Your
Reference
2. URL Collection
Top Domain, hit counts
Key Features
www.cnn.co www.youtube.co www.facebook.co
Provide web browsing activity report m m m
Standard IPFIX export
IOS: PA
IOS-XE: Unified Monitoring http://www.youtube.com/ciscolivelondon
http://www.youtube.com/olympic
Utilize IPFIX Format which is extensible
http://www.cnn.com/US http://www.facebook.com/farmville
http://www.cnn.com/US http://www.facebook.com/farmville
Benefits http://www.cnn.com/WORLD http://www.facebook.com/farmville
http://www.facebook.com/cisco
Visibility into top domains
Monitors data in Layers 2 thru 7
Most visited web site
Most visited URL per site
How many hits for a particular domain extracted
from HTTP request message
Example: URL Hit Count Report
How many hits for a particular domain

extracted from HTTP request message
Courtesy of LivingObjects
3. Application Response Time HQ
Measurement
Datacenter Delay
How
How do
do II
ensure
ensure
my
my SLA
SLA
is
is met
met
Key Features
27 Application Response Time (ART) Metrics
Interact with NBAR2 for Application ID
Reporting
IOS: PA ASR ASR
Tool
IOS-XE: Unified Monitoring
Network Delay
Export: NFv9 and IPFIX export
WAN1 WAN2
(IP-VPN) (IPVPN, DMVPN)
Benefits
Visibility into application usage and performance
Quantify user experience PA PA PA PA
Branch Delay
Troubleshoot application performance ISR ISR ISR ISR
Track service levels for application delivery My
My
email
email is
is
slow!
slow!
My
My query
query is
is
taking
taking long
long
time!
time!
Application Response Time
Network Path Segments
Clients
Request Client Server Application Servers
Request
Network AVC Network
Response
Response Client Network Server Network Delay Application
Delay (CND) (SND) Delay (AD)
Network Delay (ND)
Total Delay
Application response time provides insight into application behavior (network vs server bottleneck) to
accelerate problem isolation
Separate application delivery path into multiple segments
Server Network Delay (SND) approximates WAN Delay
Latency per application
Understand IOS ART Metrics Calculation
Client ART Server
SYN
SND
SND
SYN-ACK
CND
CND
ACK
Request 1
Network Delay ND = CND + SND
ACK
(ND)
Request
Request 1 (Cont)
RT
RT Response Time t(First response pkt)
TT
TT DATA 1 (RT) t(Last request pkt)
DATA 2
DATA 3
X
ACK 3 DATA 4 Transaction t(Last response pkt) Quantify
Quantify User
User
X DATA 5
Response
Time (TT) t(First request pkt) Experience
Experience
DATA 3
DATA 4
Retransmission Application AD = RT SND Identify

Identify Server
Server
Retransmission
ACK 6
Delay (AD) Performance
Performance Issue
Issue
DATA 6
Request 2
is in the correct CoS
Application Response Time
For Your
Reference
Measurement
y application ?
osts, static TCP/UDP ports, DSCP values
te business vs leisure use
ports
date ?
my network ?
sers ?
pplication name discovered

on
loy specific appliance for X
rk and how its classified
cts 19
LivingObjects Screenshots: courtesy

18 LivingObjects
For Your
Reference
For Your
Reference
QoS Visibility
QoS Class-ID, Queue Drops and Queue Hierarchy
Applied Policy Map

policy-map
policy-map P1
P1
In the Flow Record,
class
class C1
C1
shaping
collect policy qos class
shaping average
average 16000000
16000000
service-policy child
service-policy child hierarchy
collect policy qos queue drops
policy-map Flow Hierarchy Queue id
policy-map child
child
class C11
class C11 Flow 1 P1, C1, C11 1
bandwidth
bandwidth remaining
remaining percent
percent 10
10
class
class C12
C12 Flow 2 P1, C1, C11 1
bandwidth
bandwidth remaining
remaining percent
percent 70
70
class Flow 3 P1, C1, C12 2
class class-default
class-default
bandwidth
bandwidth remaining
remaining percent
percent 20
20
class-map
Queue id Queue packet drops
class-map match-all
match-all C1
C1
match
match any
any 1 100
class-map
class-map match-all
match-all C11
C11
match
match ip
ip dscp
dscp ef
ef 2 20
class-map
class-map match-all
match-all C12
C12
match
match ip
ip dscp
dscp cs2
cs2
For each flow, the class hierarchy and queue drops can now be exported through
NetFlow
Class-ID to Name mapping provided through separate Option Templates
Performance Monitor
Understand RTP metrics
Loss occurs
between A and B
A B
Output
Output Output
Output Output
Output Output
Output
Input Input Input Input Reports
Reports Loss
Loss
Input Input Input Input
Reports
Reports No
No
RTP packet drops on the WAN interface (input) or on the LAN interface (output). Loss
Loss
Synchronization source identifier (SSRC) to distinguish between different audio and video
channels if they share the same UDP session (TP).
RTP jitter values
RTP payload type gives you an idea of the kind of media in an RTP stream
CONTROL
QoS and Performance Routing (PfR)
Maximize Application Performance
Controls application bandwidth usage and selects optimal path
Stop bittorrent and
netflix.
Prioritize salesforce,
oracle WAN1
Backup B ac
k up
WAN2
Application-aware QoS Intelligent Path Selection
Identify 1000+ applications using Deliver critical applications over the

NBAR2 and control bandwidth with path which can meet application
Cisco industry leading QoS performance requirement using
PfR
Limit unwanted traffic and prioritize
critical applications Automatic load share to maximize
2013 Cisco and/or its affiliates. All rights reserved.
bandwidth use on available links Cisco Public 118
Example: Stop P2P Applications with AVC
After apply control
policy
class-map
class-map match-any
match-any bittorrent
bittorrent
match
match protocol
protocol attribute
attribute sub-category
sub-category p2p-file-transfer
p2p-file-transfer
match
match protocol
protocol bittorrent-networking
bittorrent-networking
match
match protocol
protocol dht
dht
policy-map drop-bittorrent
policy-map drop-bittorrent
class
class bittorrent
bittorrent
police
police 8000
8000 conform-action
conform-action drop
drop exceed-action
exceed-action drop
drop violate-action
violate-action drop
drop
interface
interface GigabitEthernet0/0/0
GigabitEthernet0/0/0
service-policy
service-policy input
input drop-bittorrent
drop-bittorrent
service-policy
service-policy output drop-bittorrent
output drop-bittorrent
Internet Edge Use Case
Automatic Traffic Engineering HQ
Problem Statement
Ingress/Egress path are under/over utilized R3
Maximize bandwidth utilization (uplinks with different BW) iBGP
Solution: PfR used to load balance the traffic
R4 R5
New default policies based on load-balancing
eBGP
Cisco ASR1k is typical BR/MC with BR terminating eBGP
WAN connections
BGP routing
BRs must be iBGP peers ISP1 ISP2
Default routing or ISP3

Partial routes or
ISP5
Full routes ISP4
PERFORMANCE TESTS
Conclusion
Key Takeaway
What can AVC do for me? How?
Identify various applications in my network NBAR2 uses DPI to identify 1000+ applications
Collect traffic information and performance Embedded monitoring exports information in

metrics without hardware probe standard NFv9 or IPFIX format
Provide data for proactive monitoring and Both Cisco Prime Infrastructure and 3 rd party
troubleshooting are supported
Tune my network to improve application Application-aware QoS leveraging NBAR2 to

performance identify applications PfR Path Control
ASR1K AVC Performance
XE 3.10S
Application QoS + Application QoS

Application QoS App Usage + App Usage Crypto
ASR 1K + App Performance
Platform
Throughput *
Throughput * Throughput * Throughput *
(Gbps)
(Gbps) (Gbps) (Gbps)
ASR 1001 5 2.0 1.5 1.0

ESP 5 4.0 1.0 1.0 1.0
ESP 10 9.0 2.5 2.0 2.5
ESP 20 16.0 4.0 4.0 6.0
ESP 40 17.0 5.0 5.0 7.0
1002-X 26 10.0 9 NA
* Throughput includes both input and output

Technical References External
Application Visibility and Control
http://www.cisco.com/go/avcportal
http://www.cisco.com/go/pfr
Docwiki.cisco.com
AVC: http://docwiki.cisco.com/wiki/AVC:Home
PfR: http://docwiki.cisco.com/wiki/PfR:Home
AVC Solution Guide for IOS-XE

http://www.cisco.com/en/US/docs/ios/solutions_docs/avc/ios_xe3_8/avc_soln_guide_iosxe3_8.html
http://www.cisco.com/en/US/docs/ios/solutions_docs/avc/ios_xe3_9/avc_soln_guide_iosxe3_9.html
http://www.cisco.com/en/US/partner/docs/ios/solutions_docs/avc/ios_xe3_10/avc_config.html
NBAR
http://www.cisco.com/en/US/partner/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html
AVC Cisco Developer Network (CDN)

http://developer.cisco.com/web/avc
THANK YOU

ATOS Enterprise Routing QoS

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

ATOS Enterprise Routing QoS

Загружено:

Авторское право:

Доступные форматы

Internet Edge

20 Fevrier 2014 Jrme Durand

2010 Cisco and/or its affiliates. All rights reserved.

ASR 1000 Catalyst 6k w/ sup2T + ASR 9000

Riche instrumentation Cluster possible (VSS) Performance

> 2Tbs Per Slot Capable Chassis

Optimized for Ultra High Density

ASR 9922 ASR 9912 ASR 9904

Common IOS-XR, Line-Cards / NPU, Fabric ASICs, Power Supplies

< 1Tbps per Slot Capable Chassis

Optimized for Ethernet Service Edge

Micro kernel for Virtualization for

Sub-slot 0 with MPA Sub-slot 1 with MPA

GPS, 1588 Console, Aux,

Multicast FIB 128K

L3 VRFs 4K (8K in 4.2.1)

Bridge Domains / VFI 64K

L2 Interfaces (EFPs) / LC 16K 64K

Egress Queues 8 Queues / port 256K / NPU

Policers 8K / NPU 256K / NPU

BNG IPoE/PPPoE Sessions Not Supported 64K

Gbit/s Gbit/s Gbit/s Gbit/s Gbit/s

ISP1 ISP2 Aggrgation/

Interconnexion de Data Centers

Cur du Data Center

Connecting Users to the Optimal Pervasive Simplified

RP supportes 0 (Intgr) 0 (Intgr) 0 (Intgr) 1 2 2

ESP supportes 0 (Intgr) 1 0 (Intgr) 1 2 2

SIP supportes 0 (Intgr) 0 (Intgr) 0 (Intgr) 2 3 6

Redondance IOS Logicielle Logicielle Logicielle Logicielle Matrielle Matrielle

GE intgrs 4 (SFP) 4 (SFP) 6 (SFP) Aucun Aucun Aucun

Chssis & matriel 2 RU

Scurit logicielle Secure boot

Two Variants 2x10GE+20x1GE Orderable Now

FECP RP RP FECP RP (Route Processor)

Architecture de commutation centralise

5 Gbit/s 5 Gbit/s 1 Gbit/s 8 Gbit/s

5 Gbit/s 5 Gbit/s 1 Gbit/s 10 Gbit/s

ASR 1001/ASR1002 ESP5 n.a. n.a. n.a. 4:1 5 6.8:1 6.8:1

ESP10 n.a. n.a. n.a. 4:1 10 3.4:1 3.4:1

ASR 1002-X ESP40 SIP40 n.a. n.a. 9:10 36 1:1 9:10

ASR 1004 ESP10 SIP10 2 10 4:1 10 2:1 8:1

ESP20 SIP10 2 10 4:1 20 1:1 4:1

ESP40 SIP10 2 10 4:1 40 1:2 4:1

(Suite sur le slide suivant)

ESP Actif ESP Standby

SPA Interface Processor SPA Interface Processor SPA Interface Processor

Lien spar et indpendant pour les donnes du plan de contrle (GE)

SPA SPA SPA SPA SPA SPA

SPA Interface Processor SPA Interface Processor SPA Interface Processor

Tous les paquets sont traits par le QFP pour la commutation

App Visibility &

SAP 3M 150 ms High

Application Perf. Collection

App Visibility &

Application Perf. Collection

ACL, DPI and Metadata

NBAR2 attribute provides grouping of similar types of applications

Sub-category Second level grouping of applications with similar functionalities

Application-group Grouping of applications based on brand or application suite

P2P-technology? Indicate application is peer-to-peer

Encrypted? Indicate application is encrypted

Tunneled? Indicate application uses tunnelling technique