What’s new and changed

Cisco IOS XE Release

Feature Name and Description

Supported Platforms

Cisco IOS XE 17.16.1a

Application performance monitoring helps you configure performance monitors using which you can view real-time, end-to-end application performance filtered by client segments, network segments, and server segments.

This information helps you optimize application performance and reduce downtime

  • Cisco Catalyst 8000V Edge Software

  • Cisco Catalyst 8500 Series Edge Platforms

  • Cisco Catalyst 8300 Series Edge Platforms

  • Cisco Catalyst 8200 Series Edge Platforms

  • Cisco 1000 Series Integrated Services Routers

  • Cisco 4461 Integrated Services Router

Overview of monitoring application performance for SD-Routing devices

In a scenario where networks are expanding there is a need to monitor the network, and the applications hosted on it. To achieve this, the application performance monitoring feature on SD-Routing devices helps you configure performance monitors using which you can view real-time, end-to-end application performance filtered by client segments, network segments, and server segments. This information helps you optimize application performance and reduce downtime.

In Cisco IOS XE 17.16.1a, you can now monitor TCP and Real-time Transport Protocol (RTP) traffic on DMVPN tunnels for IKEv2 traffic using Application Response Time (ART) monitor and Media monitor respectively. This functionality is only supported on DMVPN tunnels with IKEv2 encryption.

This is an enhancement over the existing functionality of monitoring TCP traffic using ART monitor on an interface configured for direct internet access.

Key concepts

These concepts explain the basics of application performance monitoring for SD-Routing devices

  • Preconfigured profiles for monitor performance: This feature offers preconfigured class maps, performance monitor policy map, and performance monitor context to quickly configure performance monitoring for various facets of the network. You can customise these preconfigured profiles as per your business requirement.

  • Flexibility to monitor different metrics:The ART (Application Response Time) monitor helps you gather detailed metrics for all TCP traffic. Some of the parameters that can be monitored are—server network delay, client network delay, application delay, and loss.

    The media monitor helps you gather detailed metrics for RTP traffic. The parameters that can be monitored are jitter, and loss.

Prerequisites

To configure performance monitoring of applications hosted on SD-Routing devices, ensure that the software version of the device is a minimum of Cisco IOS XE Catalyst SD-WAN Release 17.13.1a.

The functionality to monitor TCP and RTP traffic on DMVPN tunnels is introduced from Cisco IOS XE Catalyst SD-WAN Release 17.16.1a

Benefits

Application performance monitoring on SD-Routing devices offers these benefits:

  • The application performance monitoring framework offers rapid diagnosis of issues therefore leading to minimal downtime.

  • The application performance monitoring framework can be configured for TCP, audio, and video traffic. Therefore providing in-depth analysis of all kinds of network traffic.

  • The application performance monitoring framework helps you monitor random traffic flows based on the sampling rate configured, rather than the entire traffic. Therefore reducing performance and scaling overhead.

Limitations

The application monitoring feature on SD-Routing devices have these limitations:

  • You can only monitor performance of applications hosted on SD-Routing devices hosted with IPv4 address. It is not possible to monitor performance of applications that are hosted with an IPv6 address.

  • Configuration of multi application-aggregation contexts that have the same monitor on one interface is not supported.

  • The class-map used to configure monitoring of performance of applications only supports a maximum of two layer class-map and does not support three or more layer class-map.

Supported devices

You can configure application performance monitoring on these platforms:

  • Cisco Catalyst 8000V Edge Software

  • Cisco Catalyst 8500 Series Edge Platforms

  • Cisco Catalyst 8300 Series Edge Platforms

  • Cisco Catalyst 8200 Series Edge Platforms

  • Cisco 1000 Series Integrated Services Routers

  • Cisco 4461 Integrated Services Router

Configure application performance monitoring on Cisco SD-WAN Manager for SD-Routing devices

To configure application performance monitoring in Cisco SD-WAN Manager, create a CLI Add-on Profile.

Step 1

Go to Cisco Catalyst SD-WAN Manager. Select Configuration > Configuration Groups. Select Solution as SD Routing.

Step 2

Select an existing configuration group or create a new one. Select the configuration group, click + Add Profile to add a CLI Add-on Profile.

Step 3

To create a new profile, select + Create New. Specify name and description. If you have an existing CLI Add-on profile, select the profile, click Edit.

Step 4

In the Config Preview pane, enter the commands required for configuring features. Click Save and then Done.

Step 5

Associate and Deploy the Configuration Group to an SD-Routing Device Click Next.

Step 6

In the Summary window, select Preview CLI. The old and new configuration is displayed. Review the changes. Click Cancel to go back to configuration groups page.

Sample commands to configure application performance monitoring

Here is a sample configuration to monitor the performance of specific applications for a DMVPN tunnel

class-map match-any APP_PERF_MONITOR_APPS_0
match protocol attribute application-group amazon-group
match protocol attribute application-group box-group
match protocol attribute application-group concur-group
match protocol attribute application-group dropbox-group
match protocol attribute application-group google-group
match protocol attribute application-group gotomeeting-group
match protocol attribute application-group intuit-group
match protocol attribute application-group ms-cloud-group
Cisco Confiden+al Cisco Confiden+al
match protocol attribute application-group oracle-group
match protocol attribute application-group salesforce-group
match protocol attribute application-group sugar-crm-group
match protocol attribute application-group webex-group
match protocol attribute application-group zendesk-group
match protocol attribute application-group zoho-crm-group
class-map match-any APP_PERF_MONITOR_FILTERS
match class-map APP_PERF_MONITOR_APPS_0
performance monitor context APP_PM_POLICY profile application-aggregation
exporter destination local-controller source Null0
traffic-monitor art-aggregated class-and APP_PERF_MONITOR_FILTERS interval-timeout 300 sampling-
interval 100
traffic-monitor media-aggregated class-and APP_PERF_MONITOR_FILTERS interval-timeout 300
sampling-interval 100
interface Tunnel100
performance monitor context APP_PM_POLICY

Customise the configuration of application performance monitoring

You can customize the configuration to monitor performance of applications based on your business needs. This table explains the different profiles, maps and contexts used in the sample configuration and provides guidelines on how each parameter can be customized to achieve more granular monitoring.

Application performance monitoring commands - Explanation and usage

Command

Explanation and usage

class-map match-any APP_PERF_MONITOR_APPS_0

The APP_PERF_MONITOR_APPS_0 is the class-map that contains application groups to monitor.

This parameter determines how packets are evaluated when multiple match criteria exist. A packet must match any of the match statements to be accepted. If you do not specify the match-any or match-all keyword, the default keyword of match-all is used.

match protocol attribute application-group

To configure the match criterion for a class map based on the specified application group, use the match protocol attribute application-group command.

The application-group keyword allows the configuration of applications grouped together based on the same networking application as the match criteria.

For example, Yahoo-Messenger, Yahoo-VoIP-messenger, and Yahoo-VoIPover-SIP are grouped together under the yahoo-messenger-group.

class-map match-any APP_PERF_MONITOR_FILTERS

The APP_PERF_MONITOR_FILTERS is the filter that is used by a specific monitor.

This parameter sets the context of how monitoring has to be performed.

performance monitor context APP_PM_POLICY profile application-aggregation

The APP_PM_POLICY is the name of performance monitor context . A context contains information about a traffic monitor that has to be enabled.

The application-aggregation profile is the preconfigured and default policy for SD-Routing devices to filter traffic based on your intent. To enable the performance monitor context on a specified interface, use the performance monitor context command.

exporter destination localcontroller source Null0

The exporter destination command is used to export metrics from performance monitors to the Cisco vManage.

traffic-monitor art-aggregated class-and APP_PERF_MONITOR_FILTERS interval-timeout 300 sampling- interval 100

The application monitoring framework provides two types of traffic-monitors:

The art-aggregated monitor only monitors TCP traffic. Whereas the media-aggregated monitor only monitors RTP traffic. Both these monitors have default filters.

In addition to the default filter, the key word class-and specifies a customized filter using which different application groups can be defined and therefore provides more exact scope of the traffic to be monitored.

The interval-timeout 300 command means the metrics are reported to Cisco vManage every 300 seconds. 300 seconds is the recommended value. If interval-timeout keyword is not explicitly configured, the default value is 60 seconds.

The sampling-interval 100 command means that every 100 milliseconds, a new flow of a certain application on a certain interface is analysed to monitor its metric. 100 milliseconds is the recommended value.

If sampling-interval command is not explicitly configured, the default behaviour is to monitor every flow, which leads to more processing overhead on a device.

interface Tunnel100 performance monitor context APP_PM_POLICY

You can use context to specify the interface on which the performance monitoring context has to be enabled.

Verify application performance monitoring using Cisco SD- WAN Manager

After configuring application performance monitoring, verify if the performance monitors are functional and how the applications are monitored.

Verify application performance using commands

Execute these commands using Tools > SSH terminal in Cisco SD-WAN Manager to monitor application performance.

Use command

To

show performance monitor cache monitor APP_PM_POLICY-art_agg detail format record

display monitoring details of TCP data.

show performance monitor cache monitor APP_PM_POLICY-media_agg detail format record

display monitoring details of RTP data

Verify application performance using Monitor dashboard

On the Cisco Catalyst SD-WAN Manager, choose Monitor > Overview to view the Application Health dashlet.

The Application Health dashlet displays application metrics for the last 24 hours. You can filter data based on the performance of applications.

The application monitoring data can be viewed in these methods:

View details

Click View Details to view details of each of the application on the site.

The details displayed include:

  • Application Name

  • Health metrics

  • Number of Poor, Fair and Good sites

  • Application Family

View all applications for a site

You can also view the health of all the applications on a single site. To enter single site view, click the All Sites and select a site.

View one application on all sites

For a single application on all sites, select a specific Site ID to navigate to single site monitoring. Click the application name to view further application specific details.

View one application on a site

For a single application on a single site, a line graph shows the application health over a period of time.

Select the time to displays a list of paths that has processed application traffic over a time period.

Select individual paths and view the individual QoE lines on the line graph. At a time five paths can be selected, and five line charts are displayed. You can also drag the top handles to focus on a particular point in time. When you change the time, the table automatically refreshes to show the health information for that time interval.

View heatmap on application health

Select the heatmap view for details on the application health in form a grid. The grid of colored squares displays the application health as Good, Fair, or Poor. Hover over a square or click it to display additional details of an application at a specific time and click View details to view specific application details.