Administering Application Policies
Understanding the Categorize Applications Tab
The IWAN app operates with the Cisco NBAR2 Protocol Pack, which runs on routers within the IWAN network. NBAR2 categorizes network application traffic using the individual protocols in the Protocol Pack, in addition to any user-defined custom protocols. (“Protocols” define how NBAR2 categorizes a specific network application.) The IWAN app shows the applications defined by the NBAR2 Protocol Pack, grouped by application category.
The IWAN app 1.5.x releases operate with Protocol Pack 27.0.0 or 31.0.0. See the Protocol Pack documentation for details.
Use the Categorize Applications tab to view, edit, move, and add custom applications as shown in the following table:
|
|
|
|
|---|---|---|
View all of the installed applications in an alphabetized list or view the applications by category. |
||
Note
For a quick tutorial about what you can do on the Categorize Applications page, click Teach Me in the instructional text.
Viewing Applications
Use this procedure to view applications by list, by category, or view a summary of all installed applications.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Categorize Applications tab. All of the installed applications are displayed in an alphabetized list.
Step 3 To view the applications by category, click the By Application Category / By Applications drop-down list, and select View By Application Category.
Not all categories are shown by default. To view all categories, click the Show link in the instructional text.
Step 4 To view all of the applications in a particular category, click the down arrow for a category.
Step 5 To view a summary of the total number of applications, popular applications, and custom applications, see the Applications Summary area.
Step 6 To search for a specific application, enter one of the following parameters in the Search field: application short name, long description, ports, traffic class.
Moving Applications to a Different Category
To share bandwidth, you can move the application into a different category.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Categorize Applications tab. All of the installed applications are displayed in an alphabetized list.
Step 3 To view all of the applications in a particular category, click the down arrow by a category.
Step 4 To move an application into a different category, drag-and-drop it into the appropriate category, and click Apply Changes.
Editing Application Information
Use this procedure to edit application information.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Categorize Applications tab. All of the installed applications are displayed in an alphabetized list.
Step 3 To view all of the applications in a particular category, click the down arrow for a category.
Step 4 To edit application information, click on the pencil icon next to the application. Information about the application appears.
Step 5 Click Edit. The Edit Application dialog box opens.
Step 6 Make your changes, and click Save.
Adding a New Application
Use this procedure to add a new custom application.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Categorize Applications tab. All of the installed applications are displayed in an alphabetized list.
Step 3 To add a new custom application, click the Add Application tab. The Add Application dialog box opens.
Step 4 Enter the following properties, and click Add :
Supported Server IP/Port Combinations
The following table provides examples of supported combinations for the Server IP/Port option.
|
|
(examples) |
(examples) |
maximum 1000 ports in range (examples) |
|---|---|---|---|
Deleting NBAR2 Custom Applications
Use this procedure to delete NBAR2 custom applications.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Categorize Applications tab.
Step 3 To delete a custom application, do the following:
a. In the left window, change the View By filter from Application Category to Applications.
b. Click the Edit icon next to the application. The Edit Application dialog box opens.
c. Click the Delete button in the Edit Application dialog box.
Note The Delete button is available only for custom applications (not EasyQoS custom apps or default Protocol Pack applications).
d. Click OK in the confirmation box. The application is removed from the user interface. (The deletion is finalized in a later step with the Apply Changes button.)
Note If you change your mind, and do not want to delete the application, refresh the page. The application is restored with all of its configuration.
Step 4 To finalize the application deletion, click Apply Changes (top right corner).
Note After you click Apply Changes, the application cannot be restored.
Step 5 To delete multiple applications at once, delete them from the user interface, and click Apply Changes. The Application Policy Summary page appears, listing all of the applications to be deleted.
Step 6 Review the information in the summary and then do one of the following:
- Click the Apply Now radio button, and then click Continue.
- Click the Schedule radio button, specify a date and time to delete the application, and then click Continue.
Understanding the Define Application Policies Tab
Use the Define Application Policy tab to define policies according to their relevance to the business.
Application policies are categorized as one of the following:
- Business Relevant—Applications such as email, voice-and-video, file-sharing, backup-and-storage that are critical to the business.
- Default—Applications such as epayement.
- Business Irrelevant—Applications that are not relevant to the business such as social media and gaming applications.
Application policy defines the QoS and PfR policies for each of the application categories.
Cisco IWAN QoS defines how traffic egresses the network. It is critical that the classification, marking, and bandwidth allocations align to the service provider offering to ensure consistent QoS treatment end-to-end.
The IWAN app follows a 12-class model on the ingress to mark all incoming applications, and traffic ismarked again on the egress according to the service provider QoS profile attached to the WAN link.
Note You can view the DSCP values and bandwidth allocated for each egress class, and edit the values in the service provider profiles through the Configure Hub Site and Settings > Service Providers tab.
To ensure proper QoS treatment, place the application categories in the right column. All categories placed in the Business Relevant column will be marked according to the traffic class for the corresponding applications. To view the traffic class for an application, open the Categorize Applications tab, then open the Category for the application, and click the edit button for the application. The following table shows how traffic classes map to specific DSCP values:
|
|
|
|---|---|
All categories placed in Business Irrelevant are marked with a DSCP value of CS1, regardless of the traffic class attached to the application. Categories placed in the Default section keep their original incoming marking.
Optionally, set PfR path prioritization by enabling Application Performance for a category and selecting the Path Preference radio button. For each category, the WAN paths configured in the Service Providers tab (on the Configure Hub Site & Settings page) are shown in the category dropdown menu.
Optionally, Drop can be selected from the menu for the secondary path. If this option is selected, and the primary path goes out of policy, the PfR will drop the packets rather than failing over to the secondary path.
Optionally, multiple primary and secondary options can be selected. If the primary path goes out of policy, the SLA threshold for each application is monitored, and applications are dynamically moved to the secondary path.
To view or edit the SLA threshold values for an application, open the Categorize Applications tab, then open the Category for the application, and click the edit button for the application.
Operations in the Define Applications Tab
Use the Define Application Policy tab to do the following:
|
|
|
|
|---|---|---|
Moving an Application Category to a Different Business Group
Use this procedure to move an application category to a different business group.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Define Application Policy tab. Applications are displayed in three categories: Business Relevant, Default, and Business Irrelevant.
Step 3 To move an application from one business group to another, use the drag-and-drop feature. For example, you can drag the epayment application from the Default group and drop it into the Business Irrelevant group.
Modifying the Application Performance
Use this procedure to modify the application performance parameters.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Define Application Policy tab. All of the applications are displayed in three categories: Business Relevant, Default, and Business Irrelevant.
Step 3 To modify the application performance, click the down arrow next to an application. The Application Performance dialog box opens as shown in the following figure.
a. Click the Application Performance button to enable or disable it.
b. Choose the appropriate path preference radio button.
c. Choose primary and secondary path from the drop-down list. The secondary path can be Drop.
Step 5 Select a path preference, with Path 1 being the preferred path for traffic in this category. For example, Int (Internet).
Step 6 After updating the path preference, click Save.
Note The Save option does not check for validations in conflict with future scheduled workflows. Please reevaluate scheduled jobs based on these changes and update scheduled jobs as required. If there is a conflict when the scheduled job is activated, it may fail at that time.
Understanding the Application Bandwidth Tab
Use the Application Bandwidth tab to view the bandwidth used across various applications. Based on this information you can choose to move applications into different categories. See Moving Applications to a Different Category.
Viewing the Application Bandwidth
Use this procedure to view the bandwidth used across different applications in a graphical format.
Make sure you have done the following:
- Added the Cisco APIC-EM controller IP address on the Prime application.
- Added the Prime credentials in Cisco APIC-EM.
Step 1 From the Cisco IWAN home page, click Administer Application Policy. The Application Policy page opens.
Step 2 Click the Application Bandwidth tab. The amount of bandwidth used per application category for each hub is displayed in a graphical format. You can also view the date and time the bandwidth is used the most.
Feedback