 Feedback
|
Contents
- Configuring Application Visibility and Control for Cisco Flexible Netflow
- Finding Feature Information
- Prerequisites for Cisco Application Visibility and Control
- Restrictions for Cisco Application Visibility and Control
- Information About Application Availibility and Control
- Components of an Application Visibility and Control Network
- Cisco Network-Based Application Recognition
- Cisco Modular QOS
- Bandwidth Control
- Cisco NetFlow v9
- Cisco IOS Flexible NetFlow Traffic Records
- External Components
- Cisco Collection Manager
- Cisco Insight v3
- Information About Cisco NBAR Memory for Cisco Application Visibility and Control
- Information About Cisco Modular QOS (MQC)
- How to Configure Cisco Application Visibility and Control
- How to Configure Cisco Application Visibility and Control
- New Commands and Keywords
- Cisco NetFlow commands for Cisco Application Visibility and Control
- Cisco NBAR and Cisco QoS Commands for Cisco Application Visibility and Control
- Configuring the Flow Exporter
- Creating the Flow Exporter
- Verifying the Flow Exporter Configuration
- Creating Usage Records and Monitoring
- Configuring a Usage Record for AVC Phase 2
- Verifying Usage Records
- Configuring Usage Monitoring
- Verifying Usage Monitoring
- Creating Transaction Records and Monitoring
- Configuring Transaction Records
- Verifying Transaction Records
- Configuring Transaction Records
- Verifying Transaction Records
- Configuring Extracted Fields Records
- How to Configure Cisco NBAR Memory for Cisco Application Visibility and Control
- Displaying Cisco NBAR Information
- Configuration Examples for Application Availibility and Control
- Configuration Examples for Cisco Application Visibility and Control
- Example Configuring Cisco Application Visibility and Control
- Configuration Examples for Cisco Modular QOS (MQC)
- Example Protocol Classification
- Example Attribute Classification
- Example Combination Classification
- Example Excluding an Application from a Category
- Example Sub-application Classification
- Example Destination-Based Policy
- Example Applying a QoS Policy
- Example Applying Different Policies to Different Interfaces
- Example Default QoS Policy
- Example Policy Hierarchy
- Additional References
- Feature Information for Application Visibility and Control
- Glossary
Configuring Application Visibility and Control for Cisco Flexible Netflow
First published: July 22, 2011
This guide contains information about the Cisco Application Visibility and Control feature. It also provides instructions on how to configure the Cisco Application Visibility and Control feature.
 Note | This guide contains basic information for configuring the feature. For information on advanced configurations, see the Additional References. |
- Finding Feature Information
- Prerequisites for Cisco Application Visibility and Control
- Restrictions for Cisco Application Visibility and Control
- Information About Application Availibility and Control
- How to Configure Cisco Application Visibility and Control
- Configuration Examples for Application Availibility and Control
- Additional References
- Feature Information for Application Visibility and Control
- Glossary
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Cisco Application Visibility and Control
- You are familiar with the information in Cisco IOS NetFlow Overview at http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/ios_netflow_ov.html
- You are familiar with the Modular QOS (MQC) information in the Applying QoS Features Using the MQC at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_mqc.html.
- You are familiar with Classifying Network Traffic Using NBAR in Cisco IOS XE Software http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html.
- You are familiar with Cisco IOS Quality of Service Solutions Command Reference http://www.cisco.com/en/US/products/ps11174/prod_command_reference_list.html
- You are familiar with the information in the Cisco Application Visibility and Control Collection Manager User Guide at http://www.cisco.com/en/US/products/ps6153/products_user_guide_list.html.
- The Cisco ASR 1000 Series Router is configured for IPv4 routing.
Note | More Cisco IOS Flexible NetFlow information resources are available at the Additional References. |
Information About Application Availibility and Control
Components of an Application Visibility and Control Network
The following internal and external components of an Application Visibility and Control network are descibed in detail in this section.
- Internal components (running on the Cisco ASR 1000 Series Router):
- External components (running on the separate platform from Cisco ASR 1000 Series Router):
The core components of the Cisco Application Visibility and Control solution are shown below.
- Cisco Network-Based Application Recognition
- Cisco Modular QOS
- Bandwidth Control
- Cisco NetFlow v9
- Cisco IOS Flexible NetFlow Traffic Records
- External Components
Cisco Network-Based Application Recognition
Cisco NBAR enables protocol detection for a network. Protocol detection is the process by which the system determines that a particular network flow is from a specific application. This process is performed using various techniques including payload signature matching, behavioral classification or classification based on Layer 7 parameters (sometimes called protocol sub-classification). Upon detection of a flow, a Protocol ID is assigned to it. The Protocol ID is then used by the solution to determine the appropriate actions on packets belonging to that flow.
Cisco Modular QOS
Standard Cisco Modular QOS (MQC) is used for the Cisco ASR 1000 Application Visibility and Control Modular QOS solution. It is used to create the application-aware policy of the solution.
Bandwidth Control
The Cisco Application Visibility and Control solution provides global bandwidth control by using pre-configured application categorization structure. This includes category (for example browsing), sub-category (for example streaming), or an application group (for example, flash-group) or application (for example, YouTube). This control allows service providers to set acceptable bandwidth consumption policies for different traffic classes. Bandwidth priority is provided by using platform policies.
Note | Examples of bandwidth control configuration are provided in Configuration Examples for Cisco Modular QOS (MQC). |
Cisco NetFlow v9
Cisco NetFlow export format Version 9 is a flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.
Cisco IOS Flexible NetFlow Traffic Records
Cisco IOS Flexible NetFlow uses the Cisco ASR 1000 Series Router infrastructure to provide application visibility. It exports data in the form of Flexible NetFlow records. These records are in the NetFlow version 9 format. The two types of Flexible NetFlow records are Usage Records and Transaction Records.
The figure below illustrates the packet fields used by the Transaction Records and Usage Records. The red fields are the key fields.
The following sections describe the two types of Flexible NetFlow records:
External Components
These solution components exist on platforms that are physically separate from the Cisco ASR 1000 Series Router.
Cisco Collection Manager
The Cisco Collection Manager is a set of software modules that runs on a server. It receives and processes Flexible NetFlow records. The processed records are stored in the Cisco Collection Manager database. The database can be either bundled or external.
The Cisco Collection Manager is covered in detail in the Cisco Application Visibility and Control Collection Manager User Guide.
Cisco Insight v3
Cisco Insight v3 is reporting platform software. It processes the formatted data from the Collection Manager database. It presents customized reports, charts, and statistics about the traffic. Cisco Insight v3 is a Web 2.0 application that is accessed with a browser.
Cisco Insight v3 is covered in detail in the Cisco Insight v3 User Guide.
Information About Cisco NBAR Memory for Cisco Application Visibility and Control
Cisco NBAR is an essential part of Cisco Application Visibility and Control. In general, Cisco NBAR is can increase application performance through better QoS and policying, and visibility into what applications are using the network by determining that a particular network flow is from a specific application. This is done using various techniques. Upon detection of a flow, a protocol ID is assigned to it. The protocol ID is then used by the solution to determine the appropriate actions on packets belonging to that flow.
Cisco Application Visibility and Control uses the NBAR flow table to store per flow information. It can only act on flows which have an active session in the flow table. The number of flows in the flow table affects the performance and capacity of the Cisco ASR 1000 Series Router. You can configure the amount of memory depending on the memory available in your router.
There is also a fixed memory limit. This prevents strain on the Cisco ASR 1000 Series Router when features other than the Cisco Application Visibility and Control allocate flow table memory. When a fixed memory limit is reached, the Cisco Application Visibility and Control flows supported by the Cisco ASR 1000 Series Router may drop below the number you configured.
The maximum and default number of flows and the fixed memory limit supported is show in the following table. The amounts are based on the specific Embedded Service Processor (ESP) in your Cisco ASR 1000 Series Router. See your router specifications to determine the ESP type.
Information About Cisco Modular QOS (MQC)
Standard Cisco Modular QOS (MQC) provides the control portion of Cisco Application Visibility and Control. Experience with Cisco QoS is required to implement a solution specific to your network.
- For specific information about configuring QoS with MQC, see Applying QoS Features Using the MQC at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_mqc.html .
- For information about configuring Cisco QoS, see the Cisco IOS Quality of Service Solutions Configuration Guide at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_4/qos_12_4_book.html
Basic configuration of Cisco QoS for Cisco Application Visibility and Control includes:
- Configuring user defined sub-application IDs or access control lists (ACLs).
- Defining the classes required to apply policy by using application IDs or Categories/Attributes.
-
Defining Monitoring action
- Define the Usage and Transaction Records of Cisco Application Visibility and Control. (See the How to Configure Cisco Application Visibility and Control).
- Attach the record generation directly under the interface or under a class map.
- Defining a QoS policy
-
Defining a monitoring policy
- Use policy-map for reporting
How to Configure Cisco Application Visibility and Control
How to Configure Cisco Application Visibility and Control
- New Commands and Keywords
- Configuring the Flow Exporter
- Creating Usage Records and Monitoring
- Creating Transaction Records and Monitoring
- Configuring Extracted Fields Records
New Commands and Keywords
The following commands and keywords are either new and introduced with the Cisco Application Visibility and Control feature or related to the feature.
- Cisco NetFlow commands for Cisco Application Visibility and Control
- Cisco NBAR and Cisco QoS Commands for Cisco Application Visibility and Control
Cisco NetFlow commands for Cisco Application Visibility and Control
These commands are Cisco NetFlow commands. Documentation for these commands can be found in the Cisco IOS NetFlow Command Reference http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_book.html.
- The granularity connection command
- The collect connection command
- The match connection transaction-id command
- The collect connection initiator command
- The collect connection new-connections command
- The collect connection sum-duration command
- The collect flow end-reason command
- The account-on-resolution keyword for the match application name command
- The event transaction-end keyword for the cache timeout command
Cisco NBAR and Cisco QoS Commands for Cisco Application Visibility and Control
These commands are Cisco NBAR and Cisco QoS commands. Documentation for these commands can be found in the Cisco IOS Quality of Service Solutions Command Reference at http://www.cisco.com/en/US/products/ps11174/prod_command_reference_list.html.
- match protocol attribute category
- match protocol attribute sub-category
- match protocol attribute application-group
- match protocol attribute encrypted
- match protocol attribute tunnel
- show ip nbar protocol-attribute
- show ip nbar attribute
- show ip nbar resources flow
- ip nbar resource flow max-sessions
Configuring the Flow Exporter
Perform the following tasks to configure Flexible NetFlow and bind Flexible NetFlow to an interface:
Creating the Flow Exporter
To configure the flow exporter, perform the following required task.
Note | You can export to a destination using either an IPv4 or IPv6 address. |
DETAILED STEPS
Verifying the Flow Exporter Configuration
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
|
| Step 2 |
show
running-config
flow
exporter
exporter-name
The show running-config flow exporter command shows the configuration commands of the flow exporter that you specify. Example:
Router# show running-config flow exporter EXPORTER-1
Building configuration...
Current configuration:
!
flow exporter EXPORTER-1
destination 10.24.88.60
source GigabitEthernet0/0/1
transport udp 2055
option interface-table timeout 300
option sampler-table timeout 300
option application-table timeout 300
!
end |
Creating Usage Records and Monitoring
This section is made up of the following procedures
- Configuring a Usage Record for AVC Phase 2
- Verifying Usage Records
- Configuring Usage Monitoring
- Verifying Usage Monitoring
Configuring a Usage Record for AVC Phase 2
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | flow record flow-record-name
Example: Router(config)# flow record my-input-usage-monitor |
Creates a flow record and enters flow record configuration mode. |
Step 4 | match interface input
Example: Router(config-flow-record)# match interface input |
Configures the input interface for the packet as a key field for the flow record. input--Traffic arrives on the Cisco router's input interface. |
Step 5 | match flow direction
Example: Router(config-flow-record)# match flow direction |
Configures the direction of the flow record as a key field. The direction is either input or output. |
Step 6 | match connection client {ipv4 | ipv6} address
Example: Router(config-flow-record)# match connection client ipv6 address |
Configures the Ipv6 address of the client as a key field for a flow record. |
Step 7 | match connection client transport port
Example: Router(config-flow-record)# match connection client transport port |
Configures the connection port of the client as a key field for a flow record. |
Step 8 | match connection server {ipv4 | ipv6} address
Example: Router(config-flow-record)# match connection server ipv6 address |
Configures the Ipv6 address of the server as a key field for a flow record. |
Step 9 | match connection server transport port
Example: Router(config-flow-record)# match connection server transport port |
Configures the connection port of the server as a key field for a flow record. |
Step 10 | match ipv4 {initiator | responder} address
Example: Router(config-flow-record)# match ipv4 initiator address |
(Optional) For IPv4 networks, configures the IPv4 address of the initiator or responder as a key field. The direction is either input or output. |
Step 11 | match ipv6 {initiator | responder} address
Example: Router(config-flow-record)# match ipv6 initiator address |
(Optional) For IPv6 networks, configures the IPv6 address of the initiator or responder as a key field. The direction is either input or output. |
Step 12 | match transport {initiator | responder} port
Example: Router(config-flow-record)# match transport initiator port |
(Optional) Configures the transport port of the initiator or responder as a key field. |
Step 13 | match routing vrf {input | output}
Example: Router(config-flow-record)# match routing vrf input |
(Optional) Configures the virtual routing and forwarding (VRF) ID for incoming or outgoing packets as a key field. |
Step 14 | match datalink {destination-vlan-id | source-vlan-id}
Example: Router(config-flow-record)# match datalink destination-vlan-id |
(Optional) Configures the destination VLAN ID as a key field. |
Step 15 | match datalink vlan {input | output}
Example: Router(config-flow-record)# match datalink vlan input |
(Optional) Configures the VLAN ID for incoming or outgoing packets as a key field. |
Step 16 | match datalink mac {destination | source} address {input | output}
Example: Router(config-flow-record)# match datalink mac destination address output |
(Optional) Configures the destination MAC address as a key field. |
Step 17 | match flow {class | qos-class}
Example: Router(config-flow-record)# match flow class |
Configures the use of the class ID as a key field for a flow record. |
Step 18 | match policy performance-monitor classification hierarchy
Example: Router(config-flow-record)# match policy performance-monitor classification hierarchy |
Configures the use of the Performance Monitor policy classification hierarchy as a key field for a flow record. |
Step 19 | match services waas segment
Example: Router(config-flow-record)# match services waas segment |
Configures the use of the WAAS segment as a key field for a flow record. |
Step 20 | collect interface output
Example: Router(config-flow-record)# collect interface output |
Configures the output interface as a non-key field for a flow record and enables collecting the output interface fields from the flows for the flow record. |
Step 21 | collect flow direction
Example: Router(config-flow-record)# collect flow direction |
Configures the flow direction as a non-key field for a flow record. |
Step 22 | collect timestamp sys-uptime first
Example: Router(config-flow-record)# collect timestamp sys-uptime first |
Configures the system uptime of the first seen packet in a flow as a nonkey field for a flow record. |
Step 23 | collect timestamp sys-uptime last
Example: Router(config-flow-record)# collect timestamp sys-uptime last |
Configures the system uptime of the last seen packet in a flow as a nonkey field for a flow record. |
Step 24 | collect counter bytes long
Example: Router(config-flow-record)# collect counter bytes long |
Configures the number of bytes in a flow as a nonkey field for a flow record. |
Step 25 | collect counter packets
Example: Router(config-flow-record)# collect counter packets |
Configures the number of packets in a flow as a nonkey field for a flow record. |
Step 26 | collect connection client {ipv4 | ipv6} address
Example: Router(config-flow-record)# collect connection client ipv6 address |
Configures the Ipv6 address of the client as a nonkey field for a flow record. |
Step 27 | collect connection client counter {bytes long | packets long | packets retransmitted}
Example: Router(config-flow-record)# collect connection client counter packets retransmitted |
Configures the number of the client packets retransmitted as a nonkey field for a flow record. |
Step 28 | collect connection client transport port
Example: Router(config-flow-record)# collect connection client transport port |
Configures the client connection port as a nonkey field for a flow record. |
Step 29 | collect connection new-connections
Example: Router(config-flow-record)# collect connection new-connections |
Counts the number of TCP or UDP connections which were opened during the observation period. The observation period may be specified by the flow start and end timestamps. |
Step 30 | collect connection sum-duration
Example: Router(config-flow-record)# collect connection sum-duration |
Aggregates the total time, in seconds, for all the TCP or UDP connections, which were in use during the observation period. For example, if there are five concurrent connections each for 10 seconds, the value would be 50 seconds. |
Step 31 | collect routing vrf {input | output}
Example: Router(config-flow-record)# collect routing vrf output |
Configures the virtual routing and forwarding (VRF) ID for incoming or outgoing packets output as a nonkey field for a flow record. |
Step 32 | collect connection delay application {sum | min | max}
Example: Router(config-flow-record)# collect connection delay application sum |
Configures the total amount of application delay as a nonkey field for a flow record. |
Step 33 | collect connection delay network {client-to-server | to-server [histogram { bucket1 | bucket2 | bucket3 | bucket4 | bucket5 | bucket6 | bucket7}] {sum | min | max}
Example: Router(config-flow-record)# collect connection delay network client-to-server sum |
Configures the total amount of network delay between the client and the server as a nonkey field for a flow record. |
Step 34 | collect connection delay response {client-to-server | to-client | to-server} {sum | min | max}
Example: Router(config-flow-record)# collect connection delay response client-to-server sum |
Configures the total amount of response delay between the client and the server as a nonkey field for a flow record. |
Step 35 | collect connection performance application-delay {sum | min | max}
Example: Router(config-flow-record)# collect connection performance application-delay sum |
Configures the total application delay as a nonkey field for a flow record. |
Step 36 | collect connection performance initiator bytes long
Example: Router(config-flow-record)# collect connection performance initiator bytes long |
Configures the number of long bytes for the Mediatrace initiator as a nonkey field for a flow record. |
Step 37 | collect connection performance initiator count re-transmitted-packets
Example: Router(config-flow-record)# collect connection performance initiator count re-transmitted-packets |
Configures the number of retrransmitted packets for the Mediatrace initiator as a nonkey field for a flow record. |
Step 38 | collect connection performance initiator network-delay {sum | min | max}
Example: Router(config-flow-record)# collect connection performance initiator network-delay sum |
Configures the total network delay for the Mediatrace initiator as a nonkey field for a flow record. |
Step 39 | collect connection performance initiator packets long
Example: Router(config-flow-record)# collect connection performance initiator packets long |
Configures the number of long packets for the Mediatrace initiator as a nonkey field for a flow record. |
Step 40 | collect connection performance network-delay {sum | min | max}
Example: Router(config-flow-record)# collect connection performance network-delay sum |
Configures the total network delay as a nonkey field for a flow record. |
Step 41 | collect connection performance new-transaction-time
Example: Router(config-flow-record)# collect connection performance new-transaction |
Configures the new transaction field as a nonkey field for a flow record. |
Step 42 | collect connection performance total-transaction-time {sum | min | max}
Example: Router(config-flow-record)# collect connection performance total-transaction-time sum |
Configures the total transaction time as a nonkey field for a flow record. |
Step 43 | collect connection performance total-transaction-time {sum | min | max}
Example: Router(config-flow-record)# collect connection performance total-transaction-time sum |
Configures the total transaction time as a nonkey field for a flow record. |
Step 44 | collect connection performance responder bytes long
Example: Router(config-flow-record)# collect connection performance responder bytes long |
Configures the number of long bytes for the Mediatrace responder as a nonkey field for a flow record. |
Step 45 | collect connection performance responder response-time {sum | min | max}
Example: Router(config-flow-record)# collect connection performance responder response-time sum |
Configures the total response time for the Mediatrace responder as a nonkey field for a flow record. |
Step 46 | collect connection performance responder network-delay {sum | min | max}
Example: Router(config-flow-record)# collect connection performance responder network-delay sum |
Configures the total network delay for the Mediatrace responder as a nonkey field for a flow record. |
Step 47 | collect connection performance responder count {histogram { bucket1 | bucket2 | bucket3 | bucket4 | bucket5 | bucket6 | bucket7} | late-responses | responses}
Example: Router(config-flow-record)# collect connection performance responder count late-responses |
Configures the number of late responses for the Mediatrace responder as a nonkey field for a flow record. |
Step 48 | collect connection performance responder packets long
Example: Router(config-flow-record)# collect connection performance responder packets long |
Configures the number of long packets for the Mediatrace responder as a nonkey field for a flow record. |
Step 49 | collect connection performance total-delay {sum | min | max}
Example: Router(config-flow-record)# collect connection performance total-delay sum |
Configures the total connection delay as a nonkey field for a flow record. |
Step 50 | collect connection performance total-transaction-time {sum | min | max}
Example: Router(config-flow-record)# collect connection performance total-transaction-time sum |
Configures the total transaction time as a nonkey field for a flow record. |
Step 51 | collect connection server {ipv4 | ipv6} address
Example: Router(config-flow-record)# collect connection server ipv6 address |
Configures the IPv6 address of the server as a nonkey field for a flow record. |
Step 52 | collect connection server counter {bytes long | packets long | packets retransmitted}
Example: Router(config-flow-record)# collect connection server counter packets retransmitted |
Configures the number of the server packets retransmitted as a nonkey field for a flow record. |
Step 53 | collect connection server transport port
Example: Router(config-flow-record)# collect connection server transport port |
Configures the server connection port as a nonkey field for a flow record. |
Step 54 | collect connection transaction {counter complete | duration {sum | min | max}}
Example: Router(config-flow-record)# collect connection transaction duration sum |
Configures the total duration of the transaction as a nonkey field for a flow record. |
Step 55 | collect datalink {destination-vlan-id | source-vlan-id}
Example: Router(config-flow-record)# collect datalink destination-vlan-id |
(Optional) Configures the destination VLAN ID as a nonkey field. |
Step 56 | collect datalink mac {destination | source} address {input | output}
Example: Router(config-flow-record)# collect datalink mac destination address input |
(Optional) Configures the destination MAC address as a nonkey field. |
Step 57 | collect datalink vlan {input | output}
Example: Router(config-flow-record)# collect datalink vlan input |
(Optional) Configures the VLAN ID for incoming or outgoing packets as a nonkey field. |
Step 58 | collect policy performance-monitor classification hierarchy
Example: Router(config-flow-record)# collect policy performance-monitor classification hierarchy |
Configures the use of the Performance Monitor policy classification hierarchy as a nonkey field for a flow record. |
Step 59 | collect services waas {passthrough-reason | segment}
Example: Router(config-flow-record)# collect services waas segment |
Configures the use of the WAAS segment as a nonkey field for a flow record. |
Step 60 | collect timestamp absolute {first | last}
Example: Router(config-flow-record)# collect timestamp absolute first |
Configures the use of the first timestamp as a nonkey field for a flow record. |
Step 61 | collect transport tcp {option map | window-size {sum | minimum | maximum} | maximum-segment-size}
Example: Router(config-flow-record)# collect connection performance initiator network-delay sum |
Configures the total network delay for the Mediatrace initiator as a nonkey field for a flow record. |
Step 62 | end
Example: Router(config-flow-record)# end |
Exits flow record configuration mode and returns to privileged EXEC mode. |
Verifying Usage Records
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
|
| Step 2 |
show
flow
record
[[name]
record-name
|
netflow-original
|
netflow
{ipv4
|
ipv6}
record
[peer]]
Displays the status and statistics for a flow record. Example: Router# show flow record name my-usage-monitor-record flow record my-input-usage-monitor match interface input match flow direction match application name account-on-resolution match ipv4 version collect interface output collect timestamp sys-uptime first collect timestamp sys-uptime last collect counter bytes long collect counter packets collect connection new-connections collect connection sum-duration collect routing vrf input Router# show flow record name my-output-usage-monitor-record flow record my-output-usage-monitor match application name account-on-resolution match flow direction match interface output collect interface input collect timestamp sys-uptime first collect timestamp sys-uptime last collect counter bytes long collect counter packets collect connection new-connections collect connection sum-duration collect routing vrf input |
Configuring Usage Monitoring
To configure usage monitoring, perform the following required task.
Note | You must configure separate flow monitors for both input and output directions to capture traffic in each direction. |
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode.
| ||
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. | ||
Step 3 |
flow
monitor
flow-monitor-name
Example: Router(config)# flow monitor my-input- usage-monitor |
Creates a a flow monitor/usage record and enters Cisco Flexible NetFlow flow monitor configuration mode.
| ||
Step 4 |
record
flow-record-name Example: Router(config-flow-monitor)# record my- input-usage-record |
Configures the record operation to operate on the usage record. | ||
Step 5 |
exporter
exporter-name
Example: Router(config-flow-monitor)# exporter EXPORTER-1 |
Specifies the name of an exporter that you created previously.
| ||
Step 6 |
cache type normal Example: Router(config-flow-monitor)# cache type normal |
(Optional) Configures parameters for the usage record.
| ||
Step 7 |
cache entries cache-entries Example: cache entries 5000 |
(Optional) Configures parameters for the usage record | ||
Step 8 |
cache timeout active 300 Example: cache timeout active 300 Example:
|
(Optional) Configures parameters for the usage record | ||
Step 9 |
cache timeout inactive 300 Example: cache timeout inactive 300 |
(Optional) Configures parameters for the usage record | ||
Step 10 |
exit
Example: Router(config-flow-monitor)# exit |
Exits Cisco Flexible NetFlow flow monitor configuration mode and returns to global configuration mode. | ||
Step 11 |
interface interface-type interface-number Example: Router(config)# interface et0/0 |
Enters interface configuration mode and configures the specific interface on which the usage record will record the different type of applications. | ||
Step 12 |
ip
flow
monitor
flow-monitor-name
input
Example: Router(config-if)# ip flow monitor my-input-usage-monitor input |
Attaches a specific flow monitor to monitor the input of the configured interface for the usage record.
| ||
Step 13 |
ip
flow
monitor
flow-monitor-name
output
Example: Router(config-if)# ip flow monitor my-output-usage-monitor output |
Attaches a specific flow monitor to monitor the output of the configured interface for the usage record.
| ||
Step 14 |
end
Example: Router(config-flow-monitor)# end |
Exits flow monitor configuration mode and returns to privileged EXEC mode. |
Verifying Usage Monitoring
To verify usage monitoring, perform the following optional task.
Note | To display the current status of a flow exporter, refer to the Verifying the Flow Exporter Configuration. |
Before you can display the flows in the flow monitor cache, the interface to which you applied the input flow monitor must be receiving traffic.
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
|
| Step 2 |
show
flow
monitor
[[name] monitor-name [cache [format {csv | record | table}]] [statistics]] Displays the status and statistics for a flow monitor. Example:
Router# show flow monitor name my-input-usage-monitor
flow monitor my-input-usage-monitor
record my-input-usage-monitor-record
exporter my-usage-monitor-exporter
cache type normal
cache entries 5000
cache timeout active 300
cache timeout inactive 300
or Example:
Router# show flow monitor name my-output-usage-monitor
flow monitor my-output-usage-monitor
record my-output-usage-monitor-record
exporter my-usage-monitor-exporter
cache type normal
cache entries 5000
cache timeout active 300
cache timeout inactive 300
|
| Step 3 |
show
interface
Displays the specific flow monitors attached to the interface. Example:
Router# show interface
interface et0/0
ip flow monitor my-input-usage-monitor input
ip flow monitor my-output-usage-monitor output
|
Creating Transaction Records and Monitoring
This section is made up of the following procedures:
- Configuring Transaction Records
- Verifying Transaction Records
- Configuring Transaction Records
- Verifying Transaction Records
Configuring Transaction Records
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | flow record flow-record-name
Example: Router(config)# flow record my-tr-monitor-record |
Creates a flow record and enters flow record configuration mode. |
Step 4 | match connection transaction-id
Example: Router(config-flow-record)# match connection transaction-id |
Specifies match criteria.
|
Step 5 |
collect interface input
Example: Router(config-flow-record)# collect interface input Example: Router(config-flow-record)# collect interface input |
Configures the input interface as a non-key field for a Cisco Flexible NetFlow flow record and enables collecting the input interface fields from the flows for the flow record. |
Step 6 |
collect interface output
Example: Router(config-flow-record)# collect interface output |
Configures the output interface as a non-key field for a Cisco Flexible NetFlow flow record and enables collecting the output interface fields from the flows for the flow record. |
Step 7 |
collect flow direction
Example: Router(config-flow-record)# collect flow direction |
Configures the flow direction as a non-key field for a Cisco Flexible NetFlow flow record. |
Step 8 |
collect ipv4 protocol
Example: Router(config-flow-record)# collect ipv4 protocol |
Configures one or more of the IPv4 fields as a nonkey field for a Cisco Flexible NetFlow flow record. protocol--Configures the IPv4 payload protocol field as a nonkey field and enables collecting the IPv4 value of the payload protocol field for the payload in the flows. |
Step 9 |
collect ipv4 source address
Example: Router(config-flow-record)# collect ipv4 source address |
Configures the IPv4 source address as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 10 |
collect ipv4 destination address
Example: Router(config-flow-record)# collect ipv4 destination address |
Configures the IPv4 destination address as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 11 |
collect ipv4 version
Example: Router(config-flow-record)# collect ipv4 version |
(Optional) For IPv4 networks, configures the IPv4 version as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 12 |
collect ipv6 version
Example: Router(config-flow-record)# collect ipv6 version |
(Optional) For IPv6 networks, configures the IPv6 version as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 13 |
collect routing vrf input
Example: Router(config-flow-record)# collect routing vrf input |
Configures the routing VRf input as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 14 |
collect transport source-port
Example: Router(config-flow-record)# collect transport source-port |
Configures one or more of the transport layer fields as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 15 |
collect transport destination-port
Example: Router(config-flow-record)# collect transport destination-port |
Configures one or more of the transport layer fields as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 16 |
collect connection initiator
Example: Router(config-flow-record)# collect connection initiator |
Configures the connection initiator as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 17 |
collect timestamp sys-uptime first
Example: Router(config-flow-record)# collect timestamp sys-uptime first |
Configures the system uptime of the first seen packet in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 18 |
collect timestamp sys-uptime last
Example: Router(config-flow-record)# collect timestamp sys-uptime last |
Configures the system uptime of the last seen packet in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 19 |
collect counter bytes long
Example: Router(config-flow-record)# collect counter bytes long |
Configures the number of bytes in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 20 |
collect counter packets
Example: Router(config-flow-record)# collect counter packets |
Configures the number of packets in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 21 |
collect flow sampler
Example: Router(config-flow-record)# collect flow sampler |
Reports the sampler-id of the sampler configured for this record. Using the sampler option template, the sampler name can be retrieved based on the sampler-id. |
Step 22 |
collect application name
Example: Router(config-flow-record)# collect application name |
Configures the use of the application name as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 23 |
collect flow end reason
Example: Router(config-flow-record)# collect flow end reason |
Configures the use of the end of the flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 24 |
collect application http host
Example: Router(config-flow-record)# collect application http host |
Configures the HTTP host as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 25 |
collect application nntp group-name
Example: Router(config-flow-record)# collect application nntp group-name |
Configures the NNTP group-name as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 26 |
collect application pop3 server
Example: Router(config-flow-record)# collect application pop3 server |
Configures the POP3 server as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 27 |
collect application nntp group-name
Example: Router(config-flow-record)# collect application nntp group-name |
Configures the NNTP group-name as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 28 |
collect application rtsp host-name
Example: Router(config-flow-record)# collect application rtsp host-name |
Configures the RTSP host-name as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 29 |
collect application sip destination
Example: Router(config-flow-record)# collect application sip destination |
Configures the SIP destination as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 30 |
collect application sip source
Example: Router(config-flow-record)# collect application sip source |
Configures the SIP source as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 31 |
collect application smtp sender
Example: Router(config-flow-record)# collect application smtp sender |
Configures the SMTP sender as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 32 |
collect application smtp server
Example: Router(config-flow-record)# collect application smtp server |
Configures the SMTP server as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 33 |
end
|
Exits flow record configuration mode and returns to privileged EXEC mode. |
Verifying Transaction Records
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
|
| Step 2 |
show
flow
record
name
record-name]
Displays the status and statistics for a flow record. Example: Router# show flow record name my-tr-monitor-record flow record my-tr-monitor-record match connection transaction-id collect interface input collect interface output collect flow direction collect ipv4 version collect ipv4 protocol collect ipv4 source address collect ipv4 destination address collect transport source-port collect transport destination-port collect connection initiator collect timestamp sys-uptime first collect timestamp sys-uptime last collect counter bytes long collect counter packets collect flow sampler collect application name collect flow end reason collect routing vrf input |
Configuring Transaction Records
To configure transaction records, perform the following required task.
Note | You must configure separate flow monitors for both input and output directions to capture traffic in each direction. |
DETAILED STEPS
| Command or Action | Purpose | |||||||
|---|---|---|---|---|---|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode. | ||||||
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. | ||||||
Step 3 |
flow
monitor
flow-monitor-name
Example: Router(config)# flow monitor my-tr-monitor |
Creates a a flow monitor/usage record and enters Cisco Flexible NetFlow flow monitor configuration mode.
| ||||||
Step 4 |
record
flow-monitor-name Example: Router(config-flow-monitor)# record my-tr-monitor-record |
Configures the record operation to operate on the usage record. | ||||||
Step 5 |
exporter
exporter-name
Example: Router(config-flow-monitor)# exporter my-tr-monitor-exporter |
Specifies the name of an exporter that you created previously. This is the exporter the usage record uses.
| ||||||
Step 6 | cache timeout event transaction-end
Example: Router(config-flow-monitor)# cache timeout event transaction-end Example:
|
Configures the timeout parameters for the usage record.
| ||||||
Step 7 | cache entries cache-entries
Example: Router(config-flow-monitor)# cache entries 30000 Example:
Example:
|
Configures parameters for the usage record.
| ||||||
Step 8 |
exit
Example: Router(config-flow-monitor)# exit |
Exits Cisco Flexible NetFlow flow monitor configuration mode and returns to global configuration mode. | ||||||
Step 9 | sampler sampler-name
Example: Router(config)# sampler my-tr-sampler |
Creates a Cisco Flexible NetFlow flow sampler and enters Cisco Flexible NetFlow sampler configuration mode. | ||||||
Step 10 | mode {deterministic | random} 1 out-of window-size
Example:
Example: Router(config-sampler)# mode random 1 out-of 1000 |
Specifies the type of sampling and the packet interval for a Cisco Flexible NetFlow sampler.
| ||||||
Step 11 | granularity connection
Example: Router(config-sampler)# granularity connection |
Samples connections and sends all packets for this given connection. This is opposed to per packet sampling where all connections are exported but for each connection only sampled packets are accounted.
| ||||||
Step 12 | interface interface-type interface-number
Example: Router(config)# interface et0/0 |
Enters interface configuration mode and configures the specific interface on which the usage record will record the different type of applications on. | ||||||
Step 13 |
ip
flow
monitor
flow-monitor-name
input
Example: Router(config-if)# ip flow monitor my-tr-monitor sampler my-tr-sampler input |
Attaches a specific flow monitor to monitor the input of the configured interface for the usage record. Use the usage record/flow monitor created for the input direction for the ip flow monitor flow-monitor-name inputcommand. | ||||||
Step 14 |
ip
flow
monitor
flow-monitor-name
output
Example: Router(config-if)# ip flow monitor my-tr-monitor sampler my-tr-sampler output |
Attaches a specific flow monitor to monitor the output of the configured interface for the usage record. Use the usage record/flow monitor created for the output direction for the ip flow monitor flow-monitor-name outputcommand. | ||||||
Step 15 |
end
Example: Router(config-flow-monitor)# end |
Leaves flow monitor configuration mode and returns to privileged EXEC mode. |
Verifying Transaction Records
To display the configuration of a flow monitor and a Cisco Flexible NetFlow sampler, perform the following optional procedure:
Note | To display the current status of a flow exporter, see the Verifying the Flow Exporter Configuration. |
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
|
| Step 2 |
show
flow
monitor
[name flow-monitor-name] Displays the configuration of a flow monitor. Example:
Router# show flow monitor name my-tr-monitor
flow monitor my-tr-monitor
record my-tr-monitor-record
exporter my-tr-monitor-exporter
cache timeout event transaction-end
cache entries 30000
|
| Step 3 |
show
sampler [[name] sampler-name] Displays the configuration of a Cisco Flexible NetFlow sampler. Example:
Router# show sampler name my-tr-sampler
sampler my-tr-sampler
mode random 1 out-of 100
granularity Connection
|
Configuring Extracted Fields Records
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode. |
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | flow record flow-record-name
Example: Router(config)# flow record my-tr-monitor-record |
Creates a flow record and enters flow record configuration mode. |
Step 4 | match connection transaction-id
Example: Router(config-flow-record)# match connection transaction-id |
Specifies match criteria.
|
Step 5 |
collect interface input
Example: Router(config-flow-record)# collect interface input Example: Router(config-flow-record)# collect interface input |
Configures the input interface as a non-key field for a Cisco Flexible NetFlow flow record and enables collecting the input interface fields from the flows for the flow record. |
Step 6 |
collect interface output
Example: Router(config-flow-record)# collect interface output |
Configures the output interface as a non-key field for a Cisco Flexible NetFlow flow record and enables collecting the output interface fields from the flows for the flow record. |
Step 7 |
collect flow direction
Example: Router(config-flow-record)# collect flow direction |
Configures the flow direction as a non-key field for a Cisco Flexible NetFlow flow record. |
Step 8 |
collect ipv4 protocol
Example: Router(config-flow-record)# collect ipv4 protocol |
Configures one or more of the IPv4 fields as a nonkey field for a Cisco Flexible NetFlow flow record. protocol--Configures the IPv4 payload protocol field as a nonkey field and enables collecting the IPv4 value of the payload protocol field for the payload in the flows. |
Step 9 |
collect ipv4 source address
Example: Router(config-flow-record)# collect ipv4 source address |
Configures the IPv4 source address as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 10 |
collect ipv4 destination address
Example: Router(config-flow-record)# collect ipv4 destination address |
Configures the IPv4 destination address as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 11 |
collect ipv4 version
Example: Router(config-flow-record)# collect ipv4 version |
(Optional) For IPv4 networks, configures the IPv4 version as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 12 |
collect ipv6 version
Example: Router(config-flow-record)# collect ipv6 version |
(Optional) For IPv6 networks, configures the IPv6 version as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 13 |
collect routing vrf input
Example: Router(config-flow-record)# collect routing vrf input |
Configures the routing VRf input as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 14 |
collect transport source-port
Example: Router(config-flow-record)# collect transport source-port |
Configures one or more of the transport layer fields as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 15 |
collect transport destination-port
Example: Router(config-flow-record)# collect transport destination-port |
Configures one or more of the transport layer fields as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 16 |
collect connection initiator
Example: Router(config-flow-record)# collect connection initiator |
Configures the connection initiator as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 17 |
collect timestamp sys-uptime first
Example: Router(config-flow-record)# collect timestamp sys-uptime first |
Configures the system uptime of the first seen packet in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 18 |
collect timestamp sys-uptime last
Example: Router(config-flow-record)# collect timestamp sys-uptime last |
Configures the system uptime of the last seen packet in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 19 |
collect counter bytes long
Example: Router(config-flow-record)# collect counter bytes long |
Configures the number of bytes in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 20 |
collect counter packets
Example: Router(config-flow-record)# collect counter packets |
Configures the number of packets in a flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 21 |
collect flow sampler
Example: Router(config-flow-record)# collect flow sampler |
Reports the sampler-id of the sampler configured for this record. Using the sampler option template, the sampler name can be retrieved based on the sampler-id. |
Step 22 |
collect application name
Example: Router(config-flow-record)# collect application name |
Configures the use of the application name as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 23 |
collect flow end reason
Example: Router(config-flow-record)# collect flow end reason |
Configures the use of the end of the flow as a nonkey field for a Cisco Flexible NetFlow flow record. |
Step 24 | end
|
Exits flow record configuration mode and returns to privileged EXEC mode. |
How to Configure Cisco NBAR Memory for Cisco Application Visibility and Control
For general information on configuring Cisco NBAR, refer to Classifying Network Traffic Using NBAR in Cisco IOS XE Software http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html
To configure NBAR flow table memory, perform the following procedure.
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
Step 1 |
enable
Example: Router> enable |
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip
nbar
resources
flow
max-sessions
number-of-sessions
Example: Router(config)# ip nbar resources flow max-sessions number-of-sessions |
Configures the maximum number of flows which can be allocated in the flow table.
|
Step 4 |
end
Example: Router(config)# end |
Leaves global configuration mode and returns to privileged EXEC mode. |
Displaying Cisco NBAR Information
DETAILED STEPS
| Step 1 |
enable
The enable command enters privileged EXEC mode (enter the password if prompted). Example:
Router> enable
Router#
| ||||||||||||||||
| Step 2 |
show ip nbar resources flow
Displays the NBAR flow statistics. Example:
Router# show ip nbar resources flow
Maximum no of sessions allowed : 2000000
Maximum memory usage allowed : 734003 KBytes
Active sessions : 1
Active memory usage : 49338 KBytes
Peak session : 1
Peak memory usage : 49338 KBytes
The table below describes the significant fields shown in the display.
|
Configuration Examples for Application Availibility and Control
Configuration Examples for Cisco Application Visibility and Control
Example Configuring Cisco Application Visibility and Control
The following example shows how to configure Cisco Application Visibility and Control. This sample starts in global configuration mode.
flow record my-total-input-usage-monitor-record match ipv4 version match interface input match flow direction collect routing vrf input collect ipv4 dscp collect interface output collect counter bytes long collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name collect connection new-connections collect connection sum-duration ! ! flow record my-total-output-usage-monitor-record match ipv4 version match interface output match flow direction collect routing vrf input collect ipv4 dscp collect interface input collect counter bytes long collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name collect connection new-connections collect connection sum-duration ! ! flow record my-ipv6-tr-monitor-record match connection transaction-id collect ipv6 version collect interface input collect interface output collect ipv6 protocol collect ipv6 source address collect ipv6 destination address collect transport source-port collect transport destination-port collect interface input collect interface output collect flow direction collect flow sampler collect flow end-reason collect counter bytes long collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name collect routing vrf input collect connection initiator ! ! flow exporter exp1 destination 10.56.128.231 transport udp 2055 option interface-table timeout 300 option sampler-table timeout 300 option application-attributes timeout 300 option application-table timeout 300 option vrf-table timeout 300 ! ! flow monitor input-usage-monitor record input-usage-record exporter exp1 cache timeout inactive 300 cache timeout active 300 cache entries 5000 cache size entries 10000 ! ! flow monitor output-usage-monitor record output-usage-record exporter exp1 cache timeout inactive 300 cache timeout active 300 cache entries 5000 cache size entries 10000 ! ! flow monitor my-total-input-usage-monitor record my-total-input-output-usage-monitor-record exporter exp1 cache timeout inactive 300 cache timeout active 300 cache entries 100 ! ! flow monitor my-total-output-usage-monitor record my-total-input-output-usage-monitor-record exporter exp1 cache timeout inactive 300 cache timeout active 300 cache entries 100 ! ! flow monitor my-ipv6-tr-monitor record my-ipv6-tr-monitor-record exporter my-tr-monitor-exporter cache timeout event transaction-end cache entries 20000 ! ! flow monitor tr-monitor record tr-record exporter exp1 cache timeout event transaction-end cache entries 30000 ! ! sampler my-sampler mode random 1 out-of 1000 granularity Connection ! interface GigabitEthernet0/1/0 ip address 10.56.128.82 255.255.255.0 negotiation auto ! ! For IPv4: ! interface GigabitEthernet0/1/1 description *** LAN***** ip address 1.1.1.254 255.255.255.0 ip flow monitor my-input-usage-monitor input ip flow monitor my-tr-monitor sampler my-sampler input ip flow monitor my-output-usage-monitor output ip flow monitor my-tr-monitor sampler my-sampler output ip flow monitor my-total-input-usage-monitor input ip flow monitor my-total-output-usage-monitor output ! For IPv6: ! interface GigabitEthernet0/1/1 description *** LAN***** ip address 1.1.1.254 255.255.255.0 ip flow monitor my-input-usage-monitor input ip flow monitor my-output-usage-monitor output ip flow monitor my-ipv6-tr-monitor sampler my-sampler input ip flow monitor my-ipv6-tr-monitor sampler my-sampler output ip flow monitor my-total-input-usage-monitor input ip flow monitor my-total-output-usage-monitor output ! ip flow monitor tr-monitor sampler my-sampler input no negotiation auto ! interface GigabitEthernet0/1/2 description *** WAN***** ip address 2.2.2.254 255.255.255.0 ip flow monitor input-usage-monitor input ip flow monitor output-usage-monitor output ip flow monitor tr-monitor sampler my-sampler output no negotiation auto
Configuration Examples for Cisco Modular QOS (MQC)
This section provides the following examples:
- Example Protocol Classification
- Example Attribute Classification
- Example Combination Classification
- Example Excluding an Application from a Category
- Example Sub-application Classification
- Example Destination-Based Policy
- Example Applying a QoS Policy
- Example Applying Different Policies to Different Interfaces
- Example Default QoS Policy
- Example Policy Hierarchy
Example Combination Classification
The following example shows how to classify FTP traffic, e-mail traffic, and a single application of BitTorrent. A class can contain the combination of application ID, attributes, or other classes:
class-map match-any ftp-mail-bittorrent-class match protocol attribute sub-category ftp match class-map mail-class match protocol bittorrent
Example Excluding an Application from a Category
The following example shows how to exclude edonkey from p2p. You first define a class in the policy-map based on edonkey.
class-map match-any class-edonkey
match protocol edonkey
class-map match-any class-p2p
match protocol attribute sub-category p2p
policy-map my-policy
class class-edonkey
<actions only for edonkey>
class class-p2p
<actions for p2p excluding edonkey>
interface eth0/0
service-policy input my-policy
Example Sub-application Classification
The following example shows a classification of a sub-application. Such a configuration does not impact the application ID definition. It adds a classification on the sub-application to be used in a match statement. This is different from an SCE "flavor" configuration which causes new applications (services in the SCE terms) to be created. The following example shows how to configure a 1 Gbps committed rate to myuploadserver.com, while a peak rate is applied to all other browsing traffic:
class-map match-any browsing-class match protocol attribute category browsing class-map match-all my-upload-server-class match protocol http url "*myuploadserver.com*" policy-map policy1 class my-upload-server-class police cir 1000000000 class browsing-class police pir 400000000
Example Destination-Based Policy
The following example shows a destination-based policy. A destination-based policy doesn't impact the application ID definition as used in the SCE. It adds a group of Layer 4 classification filters for use in a match statement. The following example provides policing of HTTP traffic that goes to 30.3.0.0/16 or 20.2.0.0/16. The match on access-group could be applied to any class level.
access-list 101 permit ip 30.3.0.0 0.0.255.255 any access-list 101 permit ip 20.2.2.0 0.0.255.255 any class-map match-all 2030-http-class match protocol http match access-group 101 policy-map policy1 class 2030-http-class police 4000
Example Applying a QoS Policy
The following example shows how to apply maximum bandwidth on an application by using a policer. In this example, a peak information rate (PIR) of 1 Gbps is enforced on peer-to-peer traffic. The policer is defined on the input direction of the interface.
class-map match-any p2p-class match protocol attribute sub-category p2p policy-map p2p-policy class p2p-class police pir 1000000000 interface eth0/0 service-policy input p2p-policy
The following example shows how to apply maximum bandwidth on an application by using a queue instead of a policer. In this example, a PIR of 2 Gbps is enforced on the peer-to-peer traffic. The queue is defined on the output direction of the interface.
class-map match-any p2p-class match protocol attribute sub-category p2p policy-map p2p-limit class p2p-class shape 200000000 interface eth0/0 service-policy output p2p-limit
The following example shows how to prioritize specific application over another application. In this example, all the traffic is directed to the same queue, but the peer-to-peer traffic gets a lower weight so it will be de-prioritized when the queue is full. The application prioritization can be enforced only on the output direction only because it is implemented with the queue.
class-map match-any p2p-class match protocol attribute sub-category p2p policy-map p2p-prio class p2p-class bandwidth remaining ratio 10 class class-default bandwidth remaining ratio 50 interface eth0/0 service-policy output p2p-prio
Example Applying Different Policies to Different Interfaces
The following example shows two policy maps, one for only FTP and one for FTP and peer-to-peer. The two policy maps apply to different interfaces:
class-map match-any ftp-class match protocol attribute sub-category ftp class-map match-any p2p-ftp-policy-class match protocol attribute sub-category p2p match class-map ftp-class policy-map p2p-ftp-policy class p2p-ftp-policy-class police pir 400000000 policy-map ftp-policy class ftp-class police pir 100000000 interface eth0/0 service-policy input p2p-ftp-policy interface eth1/1 service-policy input ftp-policy
Example Policy Hierarchy
The following example shows a policy hierarchy. In many cases, you need to apply a policy for classified traffic when applying an additional policy for a subset of this traffic. In the standard way of class order, this cannot apply. To configure such a policy, a policy hierarchy is used.
The following example shows how to set a default limit for file-sharing traffic at 400 Mbps. The traffic limit for peer-to-peer and FTP, which are subsets of file-sharing, is set at 100 Mbps.
class-map match-any p2p-ftp-policy-class match protocol attribute sub-category p2p match protocol attribute sub-category ftp class-map match-any file-sharing-class match protocol attribute category file-sharing policy-map p2p-ftp-policy class p2p-ftp-policy-class police pir 100000000 policy-map file-sharing-policy class file-sharing-class police pir 400000000 service-policy p2p-ftp-policy interface eth0/0 service-policy input file-sharing-policy
Additional References
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
NetFlow commands |
|
|
Overview of Cisco IOS NetFlow |
Cisco IOS NetFlow Overview |
|
List of the features documented in the Cisco IOS NetFlow Configuration Guide |
Cisco IOS NetFlow Features Roadmap |
|
The minimum information about and tasks required for configuring NetFlow and NetFlow Data Export |
Getting Started with Configuring NetFlow and NetFlow Data Export |
|
Tasks for configuring NetFlow to capture and export network traffic data |
Configuring NetFlow and NetFlow Data Export |
|
Tasks for configuring NetFlow multicast support |
Configuring NetFlow Multicast Accounting |
|
Tasks for detecting and analyzing network threats with NetFlow |
Detecting and Analyzing Network Threats With NetFlow |
|
Tasks for using Cisco MQC |
Applying QoS Features Using the MQC |
|
Tasks for configuring Cisco QoS |
Quality of Service Solutions Configuration Guide |
|
Tasks for configuring Cisco NBAR |
Classifying Network Traffic Using NBAR in Cisco IOS XE Software |
|
NBAR commands. |
MIBs
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Application Visibility and Control
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
| Table 3 | Feature Information for Application Visibility and Controll |
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Application Visibility and Control 1.0, including the following features: |
Cisco IOS XE Release 3.4 |
This feature enables you to perform th following Application Visibility and Control functions: Support for this feature was added for Cisco ASR 1000 Series Aggregation Services routers in Cisco IOS XE Release 3.4S.
The following commands were introduced or modified by this feature: , cache timeout, collect connection initiator, collect connection new-connections, collect connection sum-duration, collect flow end-reason, granularity connection, match application name, and match connection transaction-id . |
|
Flexible NetFlow: IPFIX Export Format |
15.2(4)M Cisco IOS XE Release 3.7S |
Enables sending export packets using the IPFIX export protocol. The export of extracted fields from NBAR is only supported over IPFIX. Support for this feature was added for Cisco ASR 1000 Series Aggregation Services routers in Cisco IOS XE Release 3.7S. The following command was introduced: export-protocol. |
|
Flexible NetFlow: Export to an IPv6 Address |
Cisco IOS XE Release 3.7S |
This feature enables Flexible NetFlow to export data to a destination using an IPv6 address. Support for this feature was added for Cisco ASR 1000 Series Aggregation Services routers in Cisco IOS XE Release 3.7S. The following command was introduced: destination. |
|
Flexible NetFlow: Extracted Fields Support |
Cisco IOS XE Release 3.7S |
Enables the collection of extracted fields using NBAR. The export of extracted fields is only supported over IPFIX. Support for this feature was added for Cisco ASR 1000 Series Aggregation Services routers in Cisco IOS XE Release 3.7S. The following commands were introduced or modified by this feature: collect http host, collect nntp group-name, collect pop3 server , collect rtsp host-name, collect sip destination, collect sip source, collect smtp server, ,and collect smtp sender. |
|
Application Visibility and Control 2.0, which includes the following features:
|
Cisco IOS XE Release 3.8S |
This feature enables you to perform th following Application Visibility and Control functions:
|
Glossary
Application ID--The application identifier is the unique definition of a specific Layer 2 to Layer 7 application. Also referred to as protocol-ID.
Application Recognition-- Classification of a flow that ends with an application ID. This can be stateless or stateful. Also called application detection.
Application Session--When a flow is associated with a particular protocol or application, this is referred to as a session. A session often implies a user login and logout, and may include the multiple flows of a particular subscriber.
BiFlow --A BiFlow is composed of packets associated with both the forward direction and the reverse direction between endpoints. Also referred to as a full flow or bi-directional flow. See RFC5101.
Cisco Collection Manager--The Cisco Collection Manager is a set of software modules that runs on a server. It receives and processes NetFlow Records. The processed records are stored in the Cisco Collection Manager database. The database can be either bundled or external.
Cisco Insight v3--Cisco Insight v3 is reporting platform software. It processes the formatted data from the Collection Manager database. It presents customized reports, charts, and statistics of the traffic. Cisco Insight v3 is a Web 2.0 application accessed by using a browser.
Flow --Unidirectional stream of packets between a given source and destination. Source and destination are each defined by a network-layer IP address and transport-layer source and destination port numbers.
MQC --Modular QoS CLI. A CLI structure that lets you create traffic polices and attach them to interfaces. A traffic policy contains a traffic class and one or more QoS features. The QoS features in the traffic policy determine how the classified traffic is treated.
NBAR 2 --Network-Based Application Recognition 2. A classification engine in Cisco IOS software that recognizes a wide variety of applications, including web-based applications and client/server applications that dynamically assign TCP or UDP port numbers. After the application is recognized, the network can invoke specific services for that application. NBAR is a key part of the Cisco Content Networking architecture and works with QoS features to enable you to use network bandwidth efficiently.
NetFlow --Cisco IOS security and accounting feature that maintains per-flow information.
NetFlow sampler --A set of properties that are defined in a NetFlow sampler map that has been applied to at least one physical interface or subinterface.
NetFlow sampler map --The definition of a set of properties (such as the sampling rate) for NetFlow sampling.
NetFlow v9 --NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.
ToS --type of service. Second byte in the IP header that indicates the desired quality of service for a specific datagram.
Transaction--A set of logical exchanges between endpoints. A typical example of transactions are the series of multiple HTTP GET transactions (each with a different URL) within the same flow. Typically there is one transaction within a flow.
UniFlow--A UniFlow is composed of packets sent from a single endpoint to another single endpoint. Also referred to as a half flow or uni-directional flow. See RFC5101.