The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature is designed to analyze and measure network traffic for WAAS Express.
Application Visibility and Control (AVC) provides visibility for various applications and the network to central network management stations. MACE (Measurement, Aggregation, and Correlation Engine) provides AVC services by measuring metrics on a subset of traffic and exporting those metrics to a target. This enables the traffic to be measured and analyzed and the applications’ performance to be base-lined, monitored, and troubleshot .
This feature expands on the original enhancement of the WAAS Express feature that provided support for application monitoring. Monitoring capability for Wide-Area Application Services (WAAS) Express allows the analysis and measurement of TCP-based client-server messages to provide transaction- and session-based analytics. This feature works independently of WAAS Express to provide users with application visibility.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on Cisco.com is not required.
MACE does not interoperate with Network Address Translation (NAT) on the ingress (LAN) interface if the ip nat inside command is configured on the ingress interface. However, MACE interoperates with NAT on the egress (WAN) interface if the ip nat outside command is configured on the egress interface.
Phase 2 of Measurement, Aggregation, and Correlation Engine (MACE) provides the following additional support:
Monitoring of IPv6 flows
MACE metrics for UDP flows.
Two new NBAR option templates
New option templates for class and policy information
Use of the IPFIX protocol for flow exporters
The following collect commands can now be used to monitor IPv6 flows
collect art response time sum
collect art response time minimum
collect art response time maximum
collect art server response time sum
collect art server response time minimum
collect art server response time maximum
collect art network time sum
collect art network time minimum
collect art network time maximum
collect art client network time sum
collect art client network time minimum
collect art client network time maximum
collect art server network time sum
collect art server network time minimum
collect art server network time maximum
collect art total response time sum
collect art total response time minimum
collect art total response time maximum
collect art total transaction time sum
collect art total transaction time minimum
collect art total transaction time maximum
collect art count transactions
collect art server packets
collect art server bytes
collect art count retrans
collect art client packets
collect art client bytes
collect art count new connections
collect art count responses
collect art count late responses
collect art count responses histogram
collect art all
collect datalink mac source address input
collect ip dscp
collect application name
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect application http uri statistics
collect application http host
collect policy qos classification hierarchy
collect policy qos queue drops
collect time inter-packet-gap histogram
The following commands for new option templates are now supported
option application-attributes
option sub-application-table
option class-qos-table
option policy-qos-table
NetFlow is a Cisco IOS application that provides statistics about packets that flow through a device.
NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol—either between devices or to any other networking device or end station. NetFlow does not require any external change—either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices such as LAN switches. Also, NetFlow capture and export operations are performed independently on each internetworking device; NetFlow need not be operational on each device in the network.
For more information, see the NetFlow Configuration Guide.
The Measurement, Aggregation, and Correlation Engine (MACE) provides the following metrics:
MACE metrics—Metrics that are extracted or calculated by the MACE engine itself, such as the number of packets and bytes.
ART metrics—Metrics that are extracted or calculated by the Application Response Time (ART) engine, such as network delay. These metrics are available only for TCP flows.
WAAS metrics—Metrics that are extracted or calculated by Wide-Area Application Services (WAAS), such as Data Redundancy Elimination (DRE) input bytes. These metrics are available only when WAAS is configured and MACE is monitoring the WAAS traffic.
The Measurement, Aggregation, and Correlation Engine (MACE) can be configured either through an independent and new policy-map type or as part of the Wide-Area Application Services (WAAS) policy.
The table below lists the categories of MACE configuration.
|
Configuration |
Description |
|---|---|
|
Global set of metrics |
Metrics that need to be collected. |
|
Filters |
Subset of traffic for which metrics need be collected. You can configure the MACE to monitor specific traffic. The MACE uses filters to classify traffic that has to be analyzed. |
|
Timers |
Frequency with which data needs to be exported. You can configure timer values for exporting flow metrics. After the timer expires, flow metrics are exported using NetFlow Data Export Version 9 (NDE v9). This timer has a default value of 5 minutes. |
|
NetFlow Collector’s details |
Details of the NetFlow Collector where data needs to be exported. You can configure information from the NetFlow Collector to export flow metrics. You can configure more than one exporter for the same set of metrics, in which metrics are exported to all NetFlow collectors. |
The MACE collects the required metrics by using the metric template that contains a specific set of metric fields and exports them by using the Flexible NetFlow (FNF) infrastructure.
Cisco's WAAS Express software interoperates with WAN optimization headend applications from Cisco. Cisco WAAS Express improves WAN access and use by optimizing applications, such as backup (is backup an application or a mechanism?), that require high bandwidth or are bound to a LAN.
WAAS Express helps enterprises meet the following objectives:
Complement the Cisco WAN optimization system by adding the capability to branch routers.
Provide branch office employees with LAN-like access to information and applications across a geographically distributed network.
Minimize unnecessary WAN bandwidth consumption through the use of advanced compression algorithms.
Virtualize print and other local services to branch office users.
The Network Analysis Module (NAM) Performance Agent (PA) for WAAS Express analyzes and measures network traffic. The PA enables baselining, monitoring, and troubleshooting of application performance. The analysis and measurement of network traffic is done by the Measurement, Aggregation, and Correlation Engine (MACE). MACE performs the required measurements on a subset of traffic and exports the necessary metrics to a target.
The Measurement, Aggregation, and Correlation Engine (MACE) data plane forwards packets to the Application Response Time (ART) engine in the same order in which the MACE receives them. The ART engine checks every packet forwarded by the MACE.
The ART engine saves some data from each packet in its own data structures and performs the required calculations. It aggregates the flows based on the following Layer 7 (L7) information:
Destination address
Destination port
Layer 4 protocol
Segment ID
Source address
When the export timer expires, the ART engine provides its flows and flow metrics to the MACE Exporter.
The Measurement, Aggregation, and Correlation Engine (MACE) Exporter receives the Flexible NetFlow (FNF) templates from the MACE configuration plane and builds FNF records based on these templates. It then passes the flow templates along with each record to the NetFlow infrastructure. FNF requires these templates to understand the layout of the records so that it can export the correct fields at the time of export.
The MACE Exporter allows you to configure the export time interval. The intervals 1, 2, 5, 10, and 15, in minutes, are supported. The export timer starts when the MACE is enabled. There are two ways to enable MACE: by using the MACE policy or by using the MACE along with the WAAS policy. To synchronize the export time of multiple devices that run the MACE across the network with the collector, the export timer expires when the current time modulo configured interval is zero. For instance, if a user configures a 5 minute interval at 10:07, the first export timer will expire at 10:10 (because 10:10 modulo 5 is 0) and subsequently at a gap of every 5 minutes (10:15, 10:20, and so on).
 Note |
Modulo is the resulting remainder when one number is divided by another. For example, the modulo of 5 and 4 is 1 because 5 divided by 4 leaves a remainder of 1. |
This export mechanism ensures that the time when the first export interval expires is independent from the time when the MACE policy was applied to the target. Any future update to the timeout interval causes the current timer to stop, and a new timer starts. The timer also stops when the policy is removed from the interface.
Note |
The MACE Exporter works on a best-effort basis. Also, MACE being a monitoring tool, the export process does execute with a high priority. |
When the MACE Exporter timer expires, all engines are notified to process the metrics. After this notification, a second set of calls are sent to collect the processed metrics. The MACE Exporter receives the metrics data from various sources, aggregates them into a single FNF record, and passes it to the NetFlow component. Aggregation is done on the basis of Layer 7 keys. Application ID (Network-Based Application Recognition [NBAR]) is provided as a metric only when requested through the configuration.
MACE phase 2 can be invoked immediately before and after WAAS is enabled in both ingress and egress directions. This allows for measurements to be captured with no interference from any other feature. However, in the absence of WAAS, the before-WAAS and after-WAAS traffic is identical. Perform this task to enable MACE phase 2 on WAAS.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
flow record type mace name Example: |
Configures a flow record for MACE and enters Flexible NetFlow flow record configuration mode. |
| Step 4 |
collect art all Example: |
Collects all Application Response Time (ART) metrics. |
| Step 5 |
collect application http host Example: |
Collects all Application Response Time (ART) metrics. |
| Step 6 |
collect application http uri statistics Example: |
Collects application HTTP URI statistics. |
| Step 7 |
collect policy qos classification hierarchy Example: |
Collects the QoS policy classification hierarchy. |
| Step 8 |
collect policy qos queue drops Example: |
Collects the number of QoS policy queue drops. |
| Step 9 |
collect time inter-packet-gap histogram Example: |
Collects the inter-packet-gap time histogram. |
| Step 10 |
exit Example: |
Exits Flexible NetFlow flow record configuration mode. |
| Step 11 |
flow exporter exporter-name Example: |
Creates a Flexible NetFlow flow exporter and enters Flexible NetFlow flow exporter configuration mode. |
| Step 12 |
export-protocol ipfix Example: |
Configures IPFIX as the export protocol. |
| Step 13 |
option application-attributes Example: |
Configures an option template. |
| Step 14 |
option sub-application-table Example: |
Configures an option template. |
| Step 15 |
option class-qos-table Example: |
Configures an option template. |
| Step 16 |
option policy-qos-table Example: |
Configures an option template. |
| Step 17 |
destination ip-address Example: |
Configures the IP address of the workstation to which you want to send the NetFlow information. |
| Step 18 |
exit Example: |
Exits Flexible NetFlow flow exporter configuration mode. |
| Step 19 |
flow monitor type mace name Example: |
Configures a Flexible NetFlow flow monitor of type MACE and enters Flexible NetFlow flow monitor configuration mode. |
| Step 20 |
record record-name Example: |
Specifies the name of a user-defined flow record that was previously configured. |
| Step 21 |
exporter exporter-name Example: |
Specifies the name of a flow exporter that was previously configured. |
| Step 22 |
exit Example: |
Exits Flexible NetFlow flow monitor configuration mode. |
| Step 23 |
mace monitor waas {all | optimized } name Example: |
Enables MACE on WAAS for a flow monitor that was previously configured. |
| Step 24 |
end Example: |
Exits global configuration mode and returns to privileged EXEC mode. |
You can enable the Cisco IOS NAM PA for WAAS Express feature on both ingress and egress interfaces so that MACE can capture and monitor traffic in both directions. After enabling MACE in one direction, the same policy is internally configured in the other direction as well. Perform this task to enable MACE on an interface.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
flow record type mace name Example: |
Configures a flow record for MACE and enters Flexible NetFlow flow record configuration mode. |
| Step 4 |
collect art all Example: |
Collects all Application Response Time (ART) metrics. |
| Step 5 |
collect application name Example: |
Collects the application name. |
| Step 6 |
collect counter client bytes Example: |
Collects the total number of bytes from the client. |
| Step 7 |
collect counter server bytes Example: |
Collects the total number of bytes from the server. |
| Step 8 |
collect counter client packets Example: |
Collects the total number of bytes from the server. |
| Step 9 |
collect counter client packets Example: |
Collects the total number of packets from the server. |
| Step 10 |
collect application http host Example: |
Collects all Application Response Time (ART) metrics. |
| Step 11 |
collect application http uri statistics Example: |
Collects application HTTP URI statistics. |
| Step 12 |
collect policy qos classification hierarchy Example: |
Collects the QoS policy classification hierarchy. |
| Step 13 |
collect policy qos queue drops Example: |
Collects the number of QoS policy queue drops. |
| Step 14 |
collect time inter-packet-gap histogram Example: |
Collects the inter-packet-gap time histogram. |
| Step 15 |
exit Example: |
Exits Flexible NetFlow flow record configuration mode. |
| Step 16 |
flow exporter exporter-name Example: |
Creates an FNF flow exporter and enters Flexible NetFlow flow exporter configuration mode. |
| Step 17 |
export-protocol ipfix Example: |
Configures IPFIX as the export protocol. |
| Step 18 |
option application-attributes Example: |
Configures an option template. |
| Step 19 |
option sub-application-table Example: |
Configures an option template. |
| Step 20 |
option class-qos-table Example: |
Configures an option template. |
| Step 21 |
option policy-qos-table Example: |
Configures an option template. |
| Step 22 |
destination ip-address Example: |
Configures the IP address of the workstation to which you want to send the NetFlow information. |
| Step 23 |
exit Example: |
Exits Flexible NetFlow flow exporter configuration mode. |
| Step 24 |
flow monitor type mace name Example: |
Configures an FNF flow monitor of type MACE and enters Flexible NetFlow flow monitor configuration mode. |
| Step 25 |
record record-name Example: |
Specifies the name of a user-defined flow record that was previously configured. |
| Step 26 |
exporter exporter-name Example: |
Specifies the name of a flow exporter that was previously configured. |
| Step 27 |
exit Example: |
Exits Flexible NetFlow flow monitor configuration mode. |
| Step 28 |
class-map type waas class-map-name Example: |
Configures a WAAS Express class map and enters class map configuration mode. |
| Step 29 |
exit Example: |
Exits class-map configuration mode. |
| Step 30 |
policy-map type mace name Example: |
Configures a MACE policy map and enters policy-map configuration mode. |
| Step 31 |
class name Example: |
Configures a class name and enters policy-map class configuration mode. |
| Step 32 |
flow monitor monitor-name Example: |
Configures a flow monitor name. |
| Step 33 |
exit Example: |
Exits policy-map class configuration mode. |
| Step 34 |
exit Example: |
Exits policy-map configuration mode. |
| Step 35 |
interface type number [name-tag ] Example: |
Configures an interface type and enters interface configuration mode. |
| Step 36 |
mace enable Example: |
Applies the global MACE policy on an interface. |
| Step 37 |
end Example: |
Exits interface configuration mode and returns to privileged EXEC mode. |
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
Flexible NetFlow commands |
Cisco IOS Flexible NetFlow Command Reference |
|
NetFlow configuration tasks |
Cisco IOS NetFow Configuration Guide |
|
WAN configuration tasks |
|
|
WAN commands |
Cisco IOS Wide-Area Networking Command Reference |
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
MACE Phase 2 |
15.1(4)M2 |
This feature is provides support for IPv6 flows, MACE metrics for UDP flows, two new NBAR option templates, new option templates for class and policy information, and the use of IPFIX for flow exporters. The following commands were introduced or modified: collect application http host, collect application http uri statistics, collect policy qos classification hierarchy, collect policy qos queue drops, collect time inter-packet-gap histogram, export-protocol ipfix, option application-attributes, option sub-application-table, option class-qos-table,and option policy-qos-table . |
Feedback