Table Of Contents
Configuring Application Visibility and Control for Cisco Flexible Netflow
Prerequisites for Cisco Application Visibility and Control
Restrictions for Cisco Application Visibility and Control
Information About Cisco Application Visibility and Control
Cisco Network-Based Application Recognition
Cisco IOS Flexible NetFlow Traffic Records
How to Configure Cisco Application Visibility and Control
Cisco NetFlow commands for Cisco Application Visibility and Control
Cisco NBAR and Cisco QoS Commands for Cisco Application Visibility and Control
Verifying the Flow Exporter Configuration
Creating Usage Records and Monitoring
Creating Transaction Records and Monitoring
Configuring Transaction Records
Configuring Transaction Records
Configuration Examples for Cisco Application Visibility and Control
Example: Configuring Cisco Application Visibility and Control
Information About Cisco NBAR Memory for Cisco Application Visibility and Control
How to Configure Cisco NBAR Memory for Cisco Application Visibility and Control
Displaying Cisco NBAR Information
Information About Cisco Modular QOS (MQC)
Configuration Examples for Cisco Modular QOS (MQC)
Example: Protocol Classification
Example: Attribute Classification
Example: Combination Classification
Example: Excluding an Application from a Category
Example: Sub-application Classification
Example: Destination-Based Policy
Example: Applying a QoS Policy
Example: Applying Different Policies to Different Interfaces
Configuring Application Visibility and Control for Cisco Flexible Netflow
First published: July 22, 2011This guide contains information about the Cisco Application Visibility and Control feature. It also provides instructions on how to configure the Cisco Application Visibility and Control feature.
![]()
Note
This guide contains basic information for configuring the feature. For information on advanced configurations, see the "Additional References" section.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Cisco Application Visibility and Control
•
Restrictions for Cisco Application Visibility and Control
•
Information About Cisco Application Visibility and Control
•
How to Configure Cisco Application Visibility and Control
•
Configuration Examples for Cisco Application Visibility and Control
•
Information About Cisco NBAR Memory for Cisco Application Visibility and Control
•
How to Configure Cisco NBAR Memory for Cisco Application Visibility and Control
•
Displaying Cisco NBAR Information
•
Information About Cisco Modular QOS (MQC)
•
Configuration Examples for Cisco Modular QOS (MQC)
Prerequisites for Cisco Application Visibility and Control
•
You are familiar with the information in Cisco IOS NetFlow Overview at http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/ios_netflow_ov.html
•
You are familiar with the Modular QOS (MQC) information in the Applying QoS Features Using the MQC at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_mqc.html.
•
You are familiar with Classifying Network Traffic Using NBAR in Cisco IOS XE Software http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html.
•
You are familiar with Cisco IOS Quality of Service Solutions Command Reference http://www.cisco.com/en/US/products/ps11174/prod_command_reference_list.html
•
You are familiar with the information in the Cisco Application Visibility and Control Collection Manager User Guide at http://www.cisco.com/en/US/products/ps6153/products_user_guide_list.html.
•
The Cisco ASR 1000 Series Router is configured for IPv4 routing.
![]()
Note
More Cisco IOS Flexible NetFlow information resources are available at the Additional References.
Restrictions for Cisco Application Visibility and Control
•
The Cisco Application Visibility and Control feature supports export in Version 9 format only.
Information About Cisco Application Visibility and Control
•
Internal components of the Cisco ASR 1000 Series Router:
–
Cisco Network-Based Application Recognition
–
Cisco IOS Flexible NetFlow Traffic Records
•
External components:
Figure 1-1 illustrates the core components of the Cisco Application Visibility and Control solution.
Figure 1-1 Cisco ASR 1000 Application Visibility and Control Network Components
![]()
Cisco Network-Based Application Recognition
Cisco NBAR enables protocol detection for a network. Protocol detection is the process by which the system determines that a particular network flow is from a specific application. This process is performed using various techniques including payload signature matching, behavioral classification or classification based on Layer 7 parameters (sometimes called protocol sub-classification). Upon detection of a flow, a Protocol ID is assigned to it. The Protocol ID is then used by the solution to determine the appropriate actions on packets belonging to that flow.
Cisco Modular QOS
Standard Cisco Modular QOS (MQC) is used for the Cisco ASR 1000 Application Visibility and Control Modular QOS solution. It is used to create the application-aware policy of the solution.
Bandwidth Control
The Cisco Application Visibility and Control solution provides global bandwidth control by using pre-configured application categorization structure. This includes category (for example browsing), sub-category (for example streaming), or an application group (for example, flash-group) or application (for example, YouTube). This control allows service providers to set acceptable bandwidth consumption policies for different traffic classes. Bandwidth priority is provided by using platform policies.
![]()
Note
Examples of bandwidth control configuration are provided in Configuration Examples for Cisco Modular QOS (MQC).
Cisco NetFlow v9
Cisco NetFlow export format Version 9 is a flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.
Cisco IOS Flexible NetFlow Traffic Records
Cisco IOS Flexible NetFlow uses the Cisco ASR 1000 Series Router infrastructure to provide application visibility. It exports data in the form of Flexible NetFlow records. These records are in the NetFlow version 9 format. The two types of Flexible NetFlow records are Usage Records and Transaction Records.
Figure 1-2 illustrates the packet fields used by the Transaction Records and Usage Records. The red fields are the key fields.
Figure 1-2 Packet Fields of Transaction Records and Usage Records
![]()
The following sections describe the two types of Flexible NetFlow records:
Usage Records
Usage Records are records of the different type of applications that run on a specific interface. The operator can use Usage Records to monitor how much bandwidth the different applications use. The Usage Records can show this application usage over a specific time period, the peak and average usages, and usage for a specific application type. Usage Records perform periodic aggregation of the category information for the interface. (For example, export information for peer-to-peer traffic or email usage).
Transaction Records
A transaction is a set of logical exchanges between endpoints. There is normally one transaction within a flow. The Transaction Record monitors the traffic at transaction levels. These records provide a detailed analysis of the traffic flows. Transaction Records are bound to the input and output directions of the network side interfaces. These Transaction Records allow the system to capture each unidirectional flow once.
External Components
These solution components exist on platforms that are physically separate from the Cisco ASR 1000 Series Router.
Cisco Collection Manager
The Cisco Collection Manager is a set of software modules that runs on a server. It receives and processes Flexible NetFlow records. The processed records are stored in the Cisco Collection Manager database. The database can be either bundled or external.
The Cisco Collection Manager is covered in detail in the Cisco Application Visibility and Control Collection Manager User Guide.
Cisco Insight v3
Cisco Insight v3 is reporting platform software. It processes the formatted data from the Collection Manager database. It presents customized reports, charts, and statistics about the traffic. Cisco Insight v3 is a Web 2.0 application that is accessed with a browser.
Cisco Insight v3 is covered in detail in the Cisco Insight v3 User Guide.
How to Configure Cisco Application Visibility and Control
•
Configuring the Flow Exporter (required)
•
Creating Usage Records and Monitoring
•
Creating Transaction Records and Monitoring
New Commands and Keywords
The following commands and keywords are either new and introduced with the Cisco Application Visibility and Control feature or related to the feature.
Cisco NetFlow commands for Cisco Application Visibility and Control
These commands are Cisco NetFlow commands. Documentation for these commands can be found in the Cisco IOS NetFlow Command Reference http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_book.html.
•
The granularity connection command
•
The collect connection command
•
The match connection transaction-id command
•
The collect connection initiator command
•
The collect connection new-connections command
•
The collect connection sum-duration command
•
The collect flow end-reason command
•
The account-on-resolution keyword for the match application name command
•
The event transaction-end keyword for the cache timeout command
Cisco NBAR and Cisco QoS Commands for Cisco Application Visibility and Control
These commands are Cisco NBAR and Cisco QoS commands. Documentation for these commands can be found in the Cisco IOS Quality of Service Solutions Command Reference at http://www.cisco.com/en/US/products/ps11174/prod_command_reference_list.html.
•
match protocol attribute category
•
match protocol attribute sub-category
•
match protocol attribute application-group
•
match protocol attribute encrypted
•
match protocol attribute tunnel
•
show ip nbar protocol-attribute
•
show ip nbar attribute
•
show ip nbar resources flow
•
ip nbar resource flow max-sessions
Configuring the Flow Exporter
Perform the following tasks to configure Flexible NetFlow and bind Flexible NetFlow to an interface:
•
Creating the Flow Exporter (required)
•
Verifying the Flow Exporter Configuration (optional)
Creating the Flow Exporter
To configure the flow exporter, perform the following required task.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow exporter exporter-name
4.
destination ip-address [vrf vrf-name]
5.
template data timeout seconds
6.
option interface-table timeout seconds
7.
option sampler-table timeout seconds
8.
option application-table timeout seconds
9.
option application-attributes timeout seconds
10.
option vrf-table timeout seconds
11.
source interface-type interface-number
12.
transport udp udp-port
13.
exit
DETAILED STEPS
Verifying the Flow Exporter Configuration
To verify the configuration commands that you entered, perform the following optional task.
SUMMARY STEPS
1.
enable
2.
show running-config flow exporter exporter-name
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show running-config flow exporter exporter-name
The show running-config flow exporter command shows the configuration commands of the flow exporter that you specify.
Router# show running-config flow exporter EXPORTER-1
Building configuration...Current configuration:!flow exporter EXPORTER-1destination 10.24.88.60source GigabitEthernet0/0/1transport udp 2055option interface-table timeout 300option sampler-table timeout 300option application-table timeout 300!end
Creating Usage Records and Monitoring
This section is made up of the following procedures
•
Configuring Usage Records (required)
•
Verifying Usage Records (optional)
•
Configuring Usage Monitoring (required)
•
Verifying Usage Monitoring (optional)
Configuring Usage Records
Both input and output usage records are required to capture in both directions. To configure usage records, perform the following tasks:
•
Configuring an Input Usage Record (required)
•
Configuring an Output Usage Record (required)
Configuring an Input Usage Record
To configure an input usage record, perform the following required task.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow record flow-record-name
4.
match flow direction
5.
match interface input
6.
match ipv4 version
7.
match ipv6 version
8.
match application name account-on-resolution
9.
collect interface output
10.
collect flow direction
11.
collect timestamp sys-uptime first
12.
collect timestamp sys-uptime last
13.
collect counter bytes long
14.
collect counter packets
15.
collect connection new-connections
16.
collect connection sum-duration
17.
collect routing vrf input
18.
end
DETAILED STEPS
Configuring an Output Usage Record
To configure an output usage record, perform the following required task.
![]()
Note
The account-on-resolution keyword for the match application name command is introduced as part of the Cisco Application Visibility and Control feature. The connection new-transactions and connection sum-duration keywords for the collect command are introduced as part of the Cisco Application Visibility and Control feature.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow record flow-record-name
4.
match interface output
5.
match flow direction
6.
match application name account-on-resolution
7.
collect interface input
8.
collect routing vrf input
9.
collect flow direction
10.
collect timestamp sys-uptime first
11.
collect timestamp sys-uptime last
12.
collect counter bytes long
13.
collect counter packets
14.
collect connection new-connections
15.
collect connection sum-duration
16.
end
DETAILED STEPS
Verifying Usage Records
To verify usage records, perform the following optional task.
SUMMARY STEPS
1.
enable
2.
show flow record [[name] record-name | netflow-original | netflow {ipv4 | ipv6} record [peer]]
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show flow record [[name] record-name | netflow-original | netflow {ipv4 | ipv6} record [peer]]
Displays the status and statistics for a flow record.
Router# show flow record name my-usage-monitor-record
flow record my-input-usage-monitormatch interface inputmatch flow directionmatch application name account-on-resolutionmatch ipv4 versioncollect interface outputcollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect counter bytes longcollect counter packetscollect connection new-connectionscollect connection sum-durationcollect routing vrf inputRouter# show flow record name my-output-usage-monitor-record
flow record my-output-usage-monitormatch application name account-on-resolutionmatch flow directionmatch interface outputcollect interface inputcollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect counter bytes longcollect counter packetscollect connection new-connectionscollect connection sum-durationcollect routing vrf inputConfiguring Usage Monitoring
To configure usage monitoring, perform the following required task.
![]()
Note
You must configure separate flow monitors for both input and output directions to capture traffic in each direction.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow monitor flow-monitor-name
4.
record flow-record-name
5.
exporter exporter-name
6.
cache type normal
7.
cache entries cache-entries
8.
cache timeout active 300
9.
cache timeout inactive 300
10.
exit
11.
interface interface-type interface-number
12.
ip flow monitor flow-monitor-name input
13.
ip flow monitor flow-monitor-name output
14.
end
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
flow monitor flow-monitor-name
Example:Router(config)# flow monitor my-input-
usage-monitorCreates a a flow monitor/usage record and enters Cisco Flexible NetFlow flow monitor configuration mode.
•
This command also allows you to modify an existing flow monitor.
![]()
Note
A usage record is a type of flow monitor. Either flow monitor or usage record may be used in the procedure to specify a usage record.
Step 4
record flow-record-name
Example:Router(config-flow-monitor)# record my-
input-usage-recordConfigures the record operation to operate on the usage record.
Step 5
exporter exporter-name
Example:Router(config-flow-monitor)# exporter EXPORT- ER-1
Specifies the name of an exporter that you created previously.
•
This is the exporter the usage record uses.
![]()
Note
You configured the name of this exporter in Step 3 of "Creating the Flow Exporter" section.
Step 6
cache type normal
Example:Router(config-flow-monitor)# cache type normal
(Optional) Configures parameters for the usage record.
•
cache entries is equal to the number of expected parallel applications multiplied by the number of interfaces with usage reports. The default is 500.
Step 7
cache entries cache-entries
Example:cache entries 5000
(Optional) Configures parameters for the usage record
Step 8
cache timeout active 300
Example:cache timeout active 300
(Optional) Configures parameters for the usage record
Step 9
cache timeout inactive 300
Example:cache timeout inactive 300
(Optional) Configures parameters for the usage record
Step 10
exit
Example:Router(config-flow-monitor)# exit
Exits Cisco Flexible NetFlow flow monitor configuration mode and returns to global configuration mode.
Step 11
interface interface-type interface-number
Example:Router(config)# interface et0/0
Enters interface configuration mode and configures the specific interface on which the usage record will record the different type of applications.
Step 12
ip flow monitor flow-monitor-name input
Example:Router(config-if)# ip flow monitor my-input-us- age-monitor input
Attaches a specific flow monitor to monitor the input of the configured interface for the usage record.
•
Use the usage record/flow monitor created for the input direction for the ip flow monitor flow-monitor-name input command.
Step 13
ip flow monitor flow-monitor-name output
Example:Router(config-if)# ip flow monitor my-out- put-usage-monitor output
Attaches a specific flow monitor to monitor the output of the configured interface for the usage record.
•
Use the usage record/flow monitor created for the output direction for the ip flow monitor flow-monitor-name output command.
Step 14
end
Example:Router(config-flow-monitor)# end
Exits flow monitor configuration mode and returns to privileged EXEC mode.
Verifying Usage Monitoring
To verify usage monitoring, perform the following optional task.
![]()
Note
To display the current status of a flow exporter, refer to the "Verifying the Flow Exporter Configuration" section.
Prerequisites
Before you can display the flows in the flow monitor cache, the interface to which you applied the input flow monitor must be receiving traffic.
SUMMARY STEPS
1.
enable
2.
show flow monitor [[name] monitor-name [cache [format {csv | record | table}]] [statistics]]
3.
show interface
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show flow monitor [[name] monitor-name [cache [format {csv | record | table}]] [statistics]]
Displays the status and statistics for a flow monitor.
Router# show flow monitor name my-input-usage-monitor
flow monitor my-input-usage-monitorrecord my-input-usage-monitor-recordexporter my-usage-monitor-exportercache type normalcache entries 5000cache timeout active 300cache timeout inactive 300or
Router# show flow monitor name my-output-usage-monitor
flow monitor my-output-usage-monitorrecord my-output-usage-monitor-recordexporter my-usage-monitor-exportercache type normalcache entries 5000cache timeout active 300cache timeout inactive 300Step 3
show interface
Displays the specific flow monitors attached to the interface.
Router# show interface
interface et0/0ip flow monitor my-input-usage-monitor inputip flow monitor my-output-usage-monitor outputCreating Transaction Records and Monitoring
This section is made up of the following procedures:
•
Configuring Transaction Records (required)
•
Verifying Transaction Records (optional)
•
Configuring Transaction Records (required)
•
Verifying Transaction Records (optional)
Configuring Transaction Records
To configure transaction records, perform the following required task.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow record flow-record-name
4.
match connection transaction-id
5.
collect interface input
6.
collect interface output
7.
collect flow direction
8.
collect ipv4 protocol
9.
collect ipv4 source address
10.
collect ipv4 destination address
11.
collect ipv4 version
12.
collect ipv6 version
13.
collect routing vrf input
14.
collect transport source-port
15.
collect transport destination-port
16.
collect connection initiator
17.
collect timestamp sys-uptime first
18.
collect timestamp sys-uptime last
19.
collect counter bytes long
20.
collect counter packets
21.
collect flow sampler
22.
collect application name
23.
collect flow end reason
24.
end
DETAILED STEPS
Verifying Transaction Records
To verify transaction records, perform the following optional task.
SUMMARY STEPS
1.
enable
2.
show flow record name record-name
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show flow record name record-name]
Displays the status and statistics for a flow record.
Router# show flow record name my-tr-monitor-recordflow record my-tr-monitor-recordmatch connection transaction-id
collect interface inputcollect interface outputcollect flow directioncollect ipv4 versioncollect ipv4 protocolcollect ipv4 source addresscollect ipv4 destination addresscollect transport source-portcollect transport destination-portcollect connection initiatorcollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect counter bytes longcollect counter packetscollect flow samplercollect application namecollect flow end reasoncollect routing vrf inputConfiguring Transaction Records
To configure transaction records, perform the following required task.
![]()
Note
You must configure separate flow monitors for both input and output directions to capture traffic in each direction.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
flow monitor flow-monitor-name
4.
record flow-monitor-name
5.
exporter exporter-name
6.
cache timeout event transaction-end
7.
cache entries cache-entries
8.
exit
9.
sampler sampler-name
10.
mode {deterministic | random} 1 out-of window-size
11.
granularity connection
12.
interface interface-type interface-number
13.
ip flow monitor flow-monitor-name input
14.
ip flow monitor flow-monitor-name output
15.
end
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
flow monitor flow-monitor-name
Example:Router(config)# flow monitor my-tr-monitor
Creates a a flow monitor/usage record and enters Cisco Flexible NetFlow flow monitor configuration mode.
•
This command also allows you to modify an existing flow monitor.
![]()
Note
A usage record is a type of flow monitor. Either flow monitor or usage record may be used in the procedure to specify a usage record.
Step 4
record flow-monitor-name
Example:Router(config-flow-monitor)# record my-tr-moni- tor-record
Configures the record operation to operate on the usage record.
Step 5
exporter exporter-name
Example:Router(config-flow-monitor)# exporter my-tr-monitor-exporter
Specifies the name of an exporter that you created previously. This is the exporter the usage record uses.
![]()
Note
You configured the name of this exporter in Step 3 of "Creating the Flow Exporter" procedure.
Step 6
cache timeout event transaction-end
Example:Router(config-flow-monitor)# cache timeout event transaction-end
Configures the timeout parameters for the usage record.
•
transaction-end—Generates the record in the NetFlow cache at the end of a transaction.
![]()
Note
The Cisco Application Visibility and Control feature introduced the transaction-end as a keyword for the cache command.
![]()
Note
transaction-end must have the application name in the record.
![]()
Note
transaction-end must have the transaction-id as a matched field in the record.
Step 7
cache entries cache-entries
Example:Router(config-flow-monitor)# cache entries 30000
Configures parameters for the usage record.
•
cache-entries—the maximum number of flows multiplied by two multiplied by the flow-sampling rate.
![]()
Note
For further information about flows, see the "Information About Cisco NBAR Memory for Cisco Application Visibility and Control" section.
Step 8
exit
Example:Router(config-flow-monitor)# exit
Exits Cisco Flexible NetFlow flow monitor configuration mode and returns to global configuration mode.
Step 9
sampler sampler-name
Example:Router(config)# sampler my-tr-sampler
Creates a Cisco Flexible NetFlow flow sampler and enters Cisco Flexible NetFlow sampler configuration mode.
Step 10
mode {deterministic | random} 1 out-of window-size
Example:Router(config-sampler)# mode random 1 out-of 1000
Specifies the type of sampling and the packet interval for a Cisco Flexible NetFlow sampler.
![]()
Note
The sampling rate must conform to the Cisco Collection Manager supported rate for a given platform and a given network flow rate.
Step 11
granularity connection
Example:Router(config-sampler)# granularity connection
Samples connections and sends all packets for this given connection. This is opposed to per packet sampling where all connections are exported but for each connection only sampled packets are accounted.
![]()
Note
The Cisco Application Visibility and Control feature introduced the granularity connection command.
![]()
Note
There is no deterministic sampler with the granularity connection.
![]()
Note
A granularity connection must have the application name in the record.
Step 12
interface interface-type interface-number
Example:Router(config)# interface et0/0
Enters interface configuration mode and configures the specific interface on which the usage record will record the different type of applications on.
Step 13
ip flow monitor flow-monitor-name input
Example:Router(config-if)# ip flow monitor my-tr-moni- tor sampler my-tr-sampler input
Attaches a specific flow monitor to monitor the input of the configured interface for the usage record.
Use the usage record/flow monitor created for the input direction for the ip flow monitor flow-monitor-name input command.
Step 14
ip flow monitor flow-monitor-name output
Example:Router(config-if)# ip flow monitor my-tr-moni- tor sampler my-tr-sampler output
Attaches a specific flow monitor to monitor the output of the configured interface for the usage record.
Use the usage record/flow monitor created for the output direction for the ip flow monitor flow-monitor-name output command.
Step 15
end
Example:Router(config-flow-monitor)# end
Leaves flow monitor configuration mode and returns to privileged EXEC mode.
Verifying Transaction Records
To display the configuration of a flow monitor and a Cisco Flexible NetFlow sampler, perform the following optional procedure:
![]()
Note
To display the current status of a flow exporter, see the "Verifying the Flow Exporter Configuration" section.
SUMMARY STEPS
1.
enable
2.
show flow monitor [name flow-monitor-name]
3.
show sampler [[name] sampler-name]
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show flow monitor [name flow-monitor-name]
Displays the configuration of a flow monitor.
Router# show flow monitor name my-tr-monitor
flow monitor my-tr-monitorrecord my-tr-monitor-recordexporter my-tr-monitor-exportercache timeout event transaction-endcache entries 30000Step 3
show sampler [[name] sampler-name]
Displays the configuration of a Cisco Flexible NetFlow sampler.
Router# show sampler name my-tr-samplersampler my-tr-samplermode random 1 out-of 100granularity ConnectionConfiguration Examples for Cisco Application Visibility and Control
This section provides the following configuration example:
•
Example: Configuring Cisco Application Visibility and Control
Example: Configuring Cisco Application Visibility and Control
The following example shows how to configure Cisco Application Visibility and Control. This sample starts in global configuration mode.
flow record my-total-input-usage-monitor-recordmatch ipv4 versionmatch interface inputmatch flow directioncollect routing vrf inputcollect ipv4 dscpcollect interface outputcollect counter bytes longcollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect application namecollect connection new-connectionscollect connection sum-duration!!flow record my-total-output-usage-monitor-recordmatch ipv4 versionmatch interface outputmatch flow directioncollect routing vrf inputcollect ipv4 dscpcollect interface inputcollect counter bytes longcollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect application namecollect connection new-connectionscollect connection sum-duration!!flow record my-ipv6-tr-monitor-recordmatch connection transaction-idcollect ipv6 versioncollect interface inputcollect interface outputcollect ipv6 protocolcollect ipv6 source addresscollect ipv6 destination addresscollect transport source-portcollect transport destination-portcollect interface inputcollect interface outputcollect flow directioncollect flow samplercollect flow end-reasoncollect counter bytes longcollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime lastcollect application namecollect routing vrf inputcollect connection initiator!!flow exporter exp1destination 10.56.128.231transport udp 2055option interface-table timeout 300option sampler-table timeout 300option application-attributes timeout 300option application-table timeout 300option verf-table timeout 300!!flow monitor input-usage-monitorrecord input-usage-recordexporter exp1cache timeout inactive 300cache timeout active 300cache entries 5000casche size entries 10000!!flow monitor output-usage-monitorrecord output-usage-recordexporter exp1cache timeout inactive 300cache timeout active 300cache entries 5000cache size entries 10000!!flow monitor my-total-input-usage-monitorrecord my-total-input-output-usage-monitor-recordexporter exp1cache timeout inactive 300cache timeout active 300cache entries 100!!flow monitor my-total-output-usage-monitorrecord my-total-input-output-usage-monitor-recordexporter exp1cache timeout inactive 300cache timeout active 300cache entries 5000!!flow monitor my-ipv6-tr-monitorrecord my-ipv6-tr-monitor-recordexporter my-tr-monitor-exportercache timeout event transaction-endcache entries 20000!!flow monitor tr-monitorrecord tr-recordexporter exp1cache timeout event transaction-endcache entries 30000!!sampler my-samplermode random 1 out-of 1000granularity Connection!interface GigabitEthernet0/1/0ip address 10.56.128.82 255.255.255.0negotiation auto!! For IPv4:!interface GigabitEthernet0/1/1description *** LAN*****ip address 1.1.1.254 255.255.255.0ip flow monitor my-input-usage-monitor inputip flow monitor my-tr-monitor sampler my-sampler inputip flow monitor my-output-usage-monitor outputip flow monitor my-tr-monitor sampler my-sampler outputip flow monitor my-total-input-usage-monitor inputip flow monitor my-total-output-usage-monitor output! For IPv6:!interface GigabitEthernet0/1/1description *** LAN*****ip address 1.1.1.254 255.255.255.0ip flow monitor my-input-usage-monitor inputip flow monitor my-output-usage-monitor outputip flow monitor my-ipv6-tr-monitor sampler my-sampler inputip flow monitor my-ipv6-tr-monitor sampler my-sampler outputip flow monitor my-total-input-usage-monitor inputip flow monitor my-total-output-usage-monitor output!ip flow monitor tr-monitor sampler my-sampler inputno negotiation auto!interface GigabitEthernet0/1/2description *** WAN*****ip address 2.2.2.254 255.255.255.0ip flow monitor input-usage-monitor inputip flow monitor output-usage-monitor outputip flow monitor tr-monitor sampler my-sampler outputno negotiation autoInformation About Cisco NBAR Memory for Cisco Application Visibility and Control
Cisco NBAR is an essential part of Cisco Application Visibility and Control. In general, Cisco NBAR is can increase application performance through better QoS and policying, and visibility into what applications are using the network by determining that a particular network flow is from a specific application. This is done using various techniques. Upon detection of a flow, a protocol ID is assigned to it. The protocol ID is then used by the solution to determine the appropriate actions on packets belonging to that flow.
Cisco Application Visibility and Control uses the NBAR flow table to store per flow information. It can only act on flows which have an active session in the flow table. The number of flows in the flow table affects the performance and capacity of the Cisco ASR 1000 Series Router. You can configure the amount of memory depending on the memory available in your router.
There is also a fixed memory limit. This prevents strain on the Cisco ASR 1000 Series Router when features other than the Cisco Application Visibility and Control allocate flow table memory. When a fixed memory limit is reached, the Cisco Application Visibility and Control flows supported by the Cisco ASR 1000 Series Router may drop below the number you configured.
The maximum and default number of flows and the fixed memory limit supported is show in Table 1. The amounts are based on the specific Embedded Service Processor (ESP) in your Cisco ASR 1000 Series Router. See your router specifications to determine the ESP type.
How to Configure Cisco NBAR Memory for Cisco Application Visibility and Control
For general information on configuring Cisco NBAR, refer to Classifying Network Traffic Using NBAR in Cisco IOS XE Software http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html
To configure NBAR flow table memory, perform the following procedure.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip nbar resources flow max-sessions number-of-sessions
4.
end
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
ip nbar resources flow max-sessions number-of-ses- sions
Example:Router(config)# ip nbar resources flow max-ses- sions number-of-sessions
Configures the maximum number of flows which can be allocated in the flow table.
•
number-of-sessions—The maximum and default number of flow sessions for a specific platform are shown in Table 1.
Step 4
end
Example:Router(config)# end
Leaves global configuration mode and returns to privileged EXEC mode.
Displaying Cisco NBAR Information
To display information about NBAR flow memory, complete the following procedure:
SUMMARY STEPS
1.
enable
2.
show ip nbar resources flow
DETAILED STEPS
Step 1
enable
The enable command enters privileged EXEC mode (enter the password if prompted).
Router> enable
Router#Step 2
show ip nbar resources flow
Displays the NBAR flow statistics.
Router# show ip nbar resources flowMaximum no of sessions allowed : 2000000Maximum memory usage allowed : 734003 KBytesActive sessions : 1Active memory usage : 49338 KBytesPeak session : 1Peak memory usage : 49338 KBytesTable 2 describes the significant fields shown in the display.
Information About Cisco Modular QOS (MQC)
Standard Cisco Modular QOS (MQC) provides the control portion of Cisco Application Visibility and Control. Experience with Cisco QoS is required to implement a solution specific to your network.
•
For specific information about configuring QoS with MQC, see Applying QoS Features Using the MQC at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_mqc.html.
•
For information about configuring Cisco QoS, see the Cisco IOS Quality of Service Solutions Configuration Guide at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_4/qos_12_4_book.html
Basic configuration of Cisco QoS for Cisco Application Visibility and Control includes:
•
Configuring user defined sub-application IDs or access control lists (ACLs).
•
Defining the classes required to apply policy by using application IDs or Categories/Attributes.
•
Defining Monitoring action
–
Define the Usage and Transaction Records of Cisco Application Visibility and Control. (See the "How to Configure Cisco Application Visibility and Control" section).
–
Attach the record generation directly under the interface or under a class map.
•
Defining a QoS policy
•
Defining a monitoring policy
–
Use policy-map for reporting
Configuration Examples for Cisco Modular QOS (MQC)
This section provides the following examples:
•
Example: Protocol Classification
•
Example: Attribute Classification
•
Example: Combination Classification
•
Example: Excluding an Application from a Category
•
Example: Sub-application Classification
•
Example: Destination-Based Policy
•
Example: Applying a QoS Policy
•
Example: Applying Different Policies to Different Interfaces
Example: Protocol Classification
The following example shows how a single protocol is classified:
class-map match-any bittorrent-classmatch protocol bittorrentExample: Attribute Classification
The following example shows how to classify all mail traffic:
class-map match-any mail-classmatch protocol attribute category emailExample: Combination Classification
The following example shows how to classify FTP traffic, e-mail traffic, and a single application of BitTorrent. A class can contain the combination of application ID, attributes, or other classes:
class-map match-any ftp-mail-bittorrent-classmatch protocol attribute sub-category ftpmatch class-map mail-classmatch protocol bittorrentExample: Excluding an Application from a Category
The following example shows how to exclude edonkey from p2p. You first define a class in the policy-map based on edonkey.
class-map match-any class-edonkeymatch protocol edonkeyclass-map match-any class-p2pmatch protocol attribute sub-category p2ppolicy-map my-policyclass class-edonkey<actions only for edonkey>class class-p2p<actions for p2p excluding edonkey>interface eth0/0service-policy input my-policyExample: Sub-application Classification
The following example shows a classification of a sub-application. Such a configuration does not impact the application ID definition. It adds a classification on the sub-application to be used in a match statement. This is different from an SCE "flavor" configuration which causes new applications (services in the SCE terms) to be created. The following example shows how to configure a 1 Gbps committed rate to myuploadserver.com, while a peak rate is applied to all other browsing traffic:
class-map match-any browsing-classmatch protocol attribute category browsingclass-map match-all my-upload-server-classmatch protocol http url "*myuploadserver.com*"policy-map policy1class my-upload-server-classpolice cir 1000000000class browsing-classpolice pir 400000000Example: Destination-Based Policy
The following example shows a destination-based policy. A destination-based policy doesn't impact the application ID definition as used in the SCE. It adds a group of Layer 4 classification filters for use in a match statement. The following example provides policing of HTTP traffic that goes to 30.3.0.0/16 or 20.2.0.0/16. The match on access-group could be applied to any class level.
access-list 101 permit ip 30.3.0.0 0.0.255.255 anyaccess-list 101 permit ip 20.2.2.0 0.0.255.255 anyclass-map match-all 2030-http-classmatch protocol httpmatch access-group 101policy-map policy1class 2030-http-classpolice 4000Example: Applying a QoS Policy
The following example shows how to apply maximum bandwidth on an application by using a policer. In this example, a peak information rate (PIR) of 1 Gbps is enforced on peer-to-peer traffic. The policer is defined on the input direction of the interface.
class-map match-any p2p-classmatch protocol attribute sub-category p2ppolicy-map p2p-policyclass p2p-classpolice pir 1000000000interface eth0/0service-policy input p2p-policyThe following example shows how to apply maximum bandwidth on an application by using a queue instead of a policer. In this example, a PIR of 2 Gbps is enforced on the peer-to-peer traffic. The queue is defined on the output direction of the interface.
class-map match-any p2p-classmatch protocol attribute sub-category p2ppolicy-map p2p-limitclass p2p-classshape 200000000interface eth0/0service-policy output p2p-limitThe following example shows how to prioritize specific application over another application. In this example, all the traffic is directed to the same queue, but the peer-to-peer traffic gets a lower weight so it will be de-prioritized when the queue is full. The application prioritization can be enforced only on the output direction only because it is implemented with the queue.
class-map match-any p2p-classmatch protocol attribute sub-category p2ppolicy-map p2p-prioclass p2p-classbandwidth remaining ratio 10class class-defaultbandwidth remaining ratio 50interface eth0/0service-policy output p2p-prioExample: Applying Different Policies to Different Interfaces
The following example shows two policy maps, one for only FTP and one for FTP and peer-to-peer. The two policy maps apply to different interfaces:
class-map match-any ftp-classmatch protocol attribute sub-category ftpclass-map match-any p2p-ftp-policy-classmatch protocol attribute sub-category p2pmatch class-map ftp-classpolicy-map p2p-ftp-policyclass p2p-ftp-policy-classpolice pir 400000000policy-map ftp-policyclass ftp-classpolice pir 100000000interface eth0/0service-policy input p2p-ftp-policyinterface eth1/1service-policy input ftp-policyExample: Default QoS Policy
The following example shows a default policy used to set a policy for all traffic that is not specifically classified. The reserved class-default class is used.
policy-map default-policyclass class-defaultpolice pir 400000000interface eth0/0service-policy input default-policyExample: Policy Hierarchy
The following example shows a policy hierarchy. In many cases, you need to apply a policy for classified traffic when applying an additional policy for a subset of this traffic. In the standard way of class order, this cannot apply. To configure such a policy, a policy hierarchy is used.
The following example shows how to set a default limit for file-sharing traffic at 400 Mbps. The traffic limit for peer-to-peer and FTP, which are subsets of file-sharing, is set at 100 Mbps.
class-map match-any p2p-ftp-policy-classmatch protocol attribute sub-category p2pmatch protocol attribute sub-category ftpclass-map match-any file-sharing-classmatch protocol attribute category file-sharingpolicy-map p2p-ftp-policyclass p2p-ftp-policy-classpolice pir 100000000policy-map file-sharing-policyclass file-sharing-classpolice pir 400000000service-policy p2p-ftp-policyinterface eth0/0service-policy input file-sharing-policyAdditional References
Related Documents
Related Topic Document TitleCisco IOS commands
NetFlow commands
Overview of Cisco IOS NetFlow
List of the features documented in the Cisco IOS NetFlow Configuration Guide
The minimum information about and tasks required for configuring NetFlow and NetFlow Data Export
Getting Started with Configuring NetFlow and NetFlow Data Export
Tasks for configuring NetFlow to capture and export network traffic data
Tasks for configuring NetFlow multicast support
Tasks for detecting and analyzing network threats with NetFlow
Tasks for using Cisco MQC
Tasks for configuring Cisco QoS
Tasks for configuring Cisco NBAR
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
NBAR commands.
Standards
Standards TitleNo new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
Technical Assistance
Glossary
Application ID—The application identifier is the unique definition of a specific Layer 2 to Layer 7 application. Also referred to as protocol-ID.
Application Recognition— Classification of a flow that ends with an application ID. This can be stateless or stateful. Also called application detection.
Application Session—When a flow is associated with a particular protocol or application, this is referred to as a session. A session often implies a user login and logout, and may include the multiple flows of a particular subscriber.
BiFlow —A BiFlow is composed of packets associated with both the forward direction and the reverse direction between endpoints. Also referred to as a full flow or bi-directional flow. See RFC5101.
Cisco Collection Manager—The Cisco Collection Manager is a set of software modules that runs on a server. It receives and processes NetFlow Records. The processed records are stored in the Cisco Collection Manager database. The database can be either bundled or external.
Cisco Insight v3—Cisco Insight v3 is reporting platform software. It processes the formatted data from the Collection Manager database. It presents customized reports, charts, and statistics of the traffic. Cisco Insight v3 is a Web 2.0 application accessed by using a browser.
Flow—Unidirectional stream of packets between a given source and destination. Source and destination are each defined by a network-layer IP address and transport-layer source and destination port numbers.
MQC—Modular QoS CLI. A CLI structure that lets you create traffic polices and attach them to interfaces. A traffic policy contains a traffic class and one or more QoS features. The QoS features in the traffic policy determine how the classified traffic is treated.
NBAR 2—Network-Based Application Recognition 2. A classification engine in Cisco IOS software that recognizes a wide variety of applications, including web-based applications and client/server applications that dynamically assign TCP or UDP port numbers. After the application is recognized, the network can invoke specific services for that application. NBAR is a key part of the Cisco Content Networking architecture and works with QoS features to enable you to use network bandwidth efficiently.
NetFlow—Cisco IOS security and accounting feature that maintains per-flow information.
NetFlow sampler—A set of properties that are defined in a NetFlow sampler map that has been applied to at least one physical interface or subinterface.
NetFlow sampler map—The definition of a set of properties (such as the sampling rate) for NetFlow sampling.
NetFlow v9—NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.
ToS—type of service. Second byte in the IP header that indicates the desired quality of service for a specific datagram.
Transaction—A set of logical exchanges between endpoints. A typical example of transactions are the series of multiple HTTP GET transactions (each with a different URL) within the same flow. Typically there is one transaction within a flow.
UniFlow—A UniFlow is composed of packets sent from a single endpoint to another single endpoint. Also referred to as a half flow or uni-directional flow. See RFC5101.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2010-2011 Cisco Systems, Inc. All rights reserved.