Home > Technology > Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

Application Visibility and Control (AVC) (IOS Advantage Webinar: Deploying AVC Policies)

Date post: 22-Jan-2015
Category:
Author: get-your-build-on-with-software-for-the-network-beyond
View: 3,240 times
Download: 0 times
Share this document with a friend
Description:
Providing functions to application traffic requires the network to classify, share information and understand the traffic. Application Visibility and Control (AVC) technologies address the needs for application classification, monitoring activities and network policies enforcement (QoS, Performance Routing, etc.), allowing for simplified, accelerated and scalable deployments.
Embed Size (px)
Popular Tags:
of 77 /77
© 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies Jean Charles Griviaud and Ken Briley We’ll get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started.
Transcript
  • 1. Cisco IOS Advantage Webinars Deploying Application Visibility and Control Policies Jean Charles Griviaud and Ken Briley Well get started a few minutes past the top of the hour. Note: you may not hear any audio until we get started. 2012 Cisco and/or its affiliates. All rights reserved. 1

2. SpeakersPanelistsJean-Charles GriviaudKen BrileyIna Singh Madhavan ArunachalamProduct ManagerTechnical Leader Technical LeaderSoftware Engineer [email protected] Technical Marketing [email protected] ina[email protected] [email protected] 2010 Cisco and/or its affiliates. All rights reserved.2 3. Submit questions in Q&A panel and send to All PanelistsAvoid CHAT window for better access to panelists For Webex audio, select COMMUNICATE > Join Audio Broadcast For Webex call back, click ALLOW Phone buttonat the bottom of Participants side panel Where can I get the presentation? https://communities.cisco.com/docs/DOC-29594 Or send email to: [email protected] Please complete the post-event Survey Join us on July 11 for our next IOS Advantage Webinar:Flow Metadata for Enhanced Application Awareness 2010 Cisco and/or its affiliates. All rights reserved. 3 4. Introduction Use Case Deep Dive Visibility into WAN usage and application performance Non-business Traffic Impact Business Critical Applications Maximize Utilization and Availability of Internet Presence Maximize Utilization and Reliability of Applications over the WAN Summary 2010 Cisco and/or its affiliates. All rights reserved.4 5. SaaS IaaS/PaaS80% OF NEW APPS XAAS MARKET300% GROWTH 5 DEVICES PERWEB ENABLEDGROWING TO $241B BYIN VIDEOUSER BY 20162020TRAFFICEnsuring Application Performance Regardless of Location And Device Type Is More Important Than Ever 2010 Cisco and/or its affiliates. All rights reserved. 5 6. I want to stop unauthorized applications from using mynetwork bandwidthI could have avoided the down time if I know what is runningin my networkWe do not know how many are experiencing performanceissues We initially cannot tell if the issue is in the client, thenetwork, or in the backend serverWe lack historical data to proactively detect unwantedperformance trend and their root causesI need to know if my SLA is being met 2010 Cisco and/or its affiliates. All rights reserved.6 7. Make the Network Application AwareGain visibility into application running in theIntelligently prioritize and control application network, performance trend, and user traffic to maximize user experience experiences 2010 Cisco and/or its affiliates. All rights reserved.7 8. IOS PA App Visibility & ISR G2 FNF User Experience ReportISR G2ASR1KISR G2 App BWTransaction ASR1K Time ASR1K WebEx 3 Mb150 ms High Citrix10 Mb 500 ms Med NFv9 LowReporting Tools Application Reporting Tool Perf. Collection&Management Control Recognition Exporting ToolISR G2 & ASR Advanced reporting Use QoS or PfR to Identify applicationscollect application using L7 signaturestool aggregates control applicationbandwidth andand reportsnetwork usage to (NBAR2) or response timemetadata application improve applicationmetrics, and export performance performance to management tool 2010 Cisco and/or its affiliates. All rights reserved.8 9. SCE Classification+1000 SignaturesInnovations IOS NBAR Advanced Classification IPv6 Classification +150 Signatures Techniques Nested ClassificationApplication CategorizationOpen API 3rd Party Integration..NBAR2 List of protocols and applications supported by NBAR2http://wwwin.cisco.com/ios/tech/collateral/90364_product_bulletin_c25-627831.pdf Enhanced reporting with additional field extraction top browsing domain, top URL, browser type (Future) In-service Protocol Definition Update no IOS upgrade required 2010 Cisco and/or its affiliates. All rights reserved. 9 10. Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage andLack of cost effective visibility tools NBAR2, PAapplication performanceInsufficient information to PAM troubleshoot application performanceNon-business Traffic ImpactControl non-business criticalNBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and Complex and manual configuration PfR Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WANUtilize all the available WAN links 2010 Cisco and/or its affiliates. All rights reserved. 10 11. 11 2010 Cisco and/or its affiliates. All rights reserved.11 12. Layer 4 Monitoring Visibility for Today Networkbittorrentrtp gtalk netflixskypewebex unknown?http? 2010 Cisco and/or its affiliates. All rights reserved. 12 13. What the users seeWhat network admins see What can happen Increased Your network isLatency so slow I cannotget any workWAN done today ping? Problem I do not see anythingshow ip route? Applicationwrong traceroute?ProblemEnd Users show interface?Server ProblemUser ProblemNetwork Admin 2010 Cisco and/or its affiliates. All rights reserved. 13 1 14. ISR G2: Today ASR1K: XE 3.8S How do Iensure my SLA My email is met is slow!My query WANis taking long time!NFv9BranchData CenterReporting ToolKey Features BenefitsApplication Usage (BW, Top N)Visibility into application usage and performanceApplication Response Time (ART) MeasurementQuantify user experienceInteract with NBAR or NBAR2Troubleshoot application performanceStandard NFv9 export (future IPFIX)Track service levels for application deliveryMetric aggregation reduces number of flowrecords across WAN 2010 Cisco and/or its affiliates. All rights reserved.14 15. RequestApplication ServersClients ClientIOS Server Network PANetwork Client Network Server NetworkApplication ResponseDelay (CND)Delay (SND)Delay (AD)Network Delay (ND)Total Delay Separate application delivery path into multiple segments Server Network Delay (SND) approximates WAN Delay Latency per application 2010 Cisco and/or its affiliates. All rights reserved. 15 16. Users make 2 requests to http://sharepoint.cisco.com (IP=10.0.0.1)sharepoint.cisco.com(IP=1.1.1.1) Source IP Source Port Dest IP Dest Port ProtocolApplication Bytes 10.0.0.113352 1.1.1.1 80TCP Sharepoint 15000 1.1.1.1 8010.0.0.113352 TCP Sharepoint 100000 10.0.0.113353 1.1.1.1 80TCP Sharepoint 30000 1.1.1.1 8010.0.0.113353 TCP Sharepoint 200000What PA storesSource IP Dest IPDest PortProtocolApplication Clnt BytesSvr Bytes10.0.0.11.1.1.180 TCP Sharepoint 45000300000 What server and application user accesses and performance metrics 2010 Cisco and/or its affiliates. All rights reserved.16 17. Collect Traffic Volume using FNF Collect Traffic Volume using PArouter#show flow exporter statistics router#show flow exporter statisticsFlow Exporter fnf-export:Flow Exporter pa-export: Packet send statistics (last cleared Packet send statistics (last cleared 4d23h ago):4d23h ago):Client send statistics:Client send statistics:Client: Flow Monitor fnf Client: MACE EXPORTER GROUP MACE-EXP-1Records added: 3708444 Records added: 883751 - sent: 3708443 - sent:883751Bytes added: 218798196 Bytes added: 55676313 - sent: 218798137 - sent:55676313 Data from Cisco alpha network show 75% reduction in flow records 2010 Cisco and/or its affiliates. All rights reserved. 17 18. For YourReference Traditional FNF Metrics ART Metrics Application ID (from NBAR2) CND - Client Network Delay (min/max/sum) Client/Server Bytes SND Server Network Delay (min/max/sum) Client/Server Packets ND Network Delay (min/max/sum) Source MAC Address AD Application Delay (min/max/sum) Input/Output Interface Total Response Time (min/max/sum) IP DSCP Total Transaction Time (min/max/sum) Number of New Connections WAAS Express Metrics Number of Late Responses Input/Output Bytes Number of Responses by Response Time WAAS Connection Mode (7-bucket histogram) TFO, TFO/LZ, TFO/DRE, Number of Retransmissions TFO/LZ/DRE Number of Transactions Input/Output DRE Bytes Client/Server Bytes Input/Output LZ Bytes Client/Server Packets 2010 Cisco and/or its affiliates. All rights reserved. 18 19. IOS PAClient ServerQuantify UserSYN SNDSYN-ACKExperience CND Response Time (RT)ACKRequest 1t(First response pkt) t(Last request pkt)ACKRequest Quantify UserRequest 1 (Cont) RT Experience Transaction Time (TT) TT DATA 1DATADATA 2 3 t(Last response pkt) t(First request pkt)ACK 3 XDATA 4X DATA 5 Network Delay (ND)DATA 3 IdentifyResponseDATA 4 ND = CND + SND Server Retransmission PerformanceACK 6 Application Delay (AD) IssueDATA 6 AD = RT SNDRequest 2 2010 Cisco and/or its affiliates. All rights reserved. 19 20. For YourReference Collect application name flow exporter pa-export provided by NBAR2destination 172.30.104.128transport udp 9991 Configuration Steps!flow record type mace pa-record 1. Configure flow exporter collect application namecollect art all 2. Configure flow record type mace collect (..)!flow monitor type mace pa-monitor 3. Configure flow monitor type macerecord pa-recordexporter pa-export 4. Configure class-map !access-list 100 permit tcp any host 5. Configure policy-map type mace policy must 10.0.0.1 eq 80be named mace_globalclass-map match-any pa-trafficmatch access-group 100! 6. Configure mace enable on interfacepolicy-map type mace mace_globalclass pa-traffic Enable NBAR2 to flow monitor pa-monitor! identify applications, interface Serial0/0/0 not require after 15.2(4)M ip nbar protocol-discoverymace enable 2010 Cisco and/or its affiliates. All rights reserved. 20 21. Protocol discovery not required after 15.2(4)M flow record type mace pa-record interface Serial0/0/0collect application nameip nbar protocol-discoverycollect art all mace enable https://cisco.webex.com Se0/0/0(IP=192.168.100.100)IOS PA cisco.webex.com (IP=66.114.168.178) collect application name exports application ID field to reporting tool Without NBAR Src IP Dst IP Dst PortApp ID Resp Time 192.168.100.10066.114.168.178 443 0100 FlowRecord With NBARSrc IP Dst IPDst PortApp IDResp Time 192.168.100.10066.114.168.178443 0x0D00019E100Indicate this is 2010 Cisco and/or its affiliates. All rights reserved. webex application 21 22. For YourReference Before 15.2(4)M 15.2(4)M and later Do not need NBAR AppIDDo not configure collect Do not configure collect exportapplication name in flow application name in flow record type macerecord type mace Need NBAR AppID exportConfigure collectConfigure collect application name in flow application name in flow record type macerecord type mace Enable ip nbar protocol- discovery on the interface 2010 Cisco and/or its affiliates. All rights reserved. 22 23. flow record type mace mace-recordcollect datalink mac source address inputcollect ipv4 dscpcollect interface inputcollect interface outputcollect application namecollect counter client bytescollect counter server bytes Who sends Bittorrent?collect counter client packetscollect counter server packetscollect art allCollect Traffic Volume Information 2010 Cisco and/or its affiliates. All rights reserved. 23 24. Discover Top Users for the ApplicationDiscover Application Per-user 2010 Cisco and/or its affiliates. All rights reserved. 24 25. Which site is slowest?How is the Server performing?How is user experience at a site? 2010 Cisco and/or its affiliates. All rights reserved.25 26. What metrics do I need to look at to detect these problems?Application 1. Application Server(s) Problem ServerProblem2. Increased Network LatencyNetworkProblem3. Increased Packet Loss 2010 Cisco and/or its affiliates. All rights reserved.26 27. ResponseTime I know exactly whatis going on Your network ApplicationServer Need to Networkis so slow I Latency cannot get Delayunderstandany work donerelationship todaybetween theseNetwork metricsAdminTransaction Traffic TimeVolumeEnd Users 2010 Cisco and/or its affiliates. All rights reserved.27 28. Transaction TimeResponse Time Network seems fine Server DelayNetwork Latency End user experience is impacted because application server is slow 2010 Cisco and/or its affiliates. All rights reserved.28 29. Transaction Time Response Time Server Delay Network Latency Increased network latency impacts response time and transaction time 2010 Cisco and/or its affiliates. All rights reserved. 29 30. Transaction TimeResponse TimeTraffic volume goesdown whiletransaction time goesup Server Delay Network Latency Transaction time shoots up when other metrics remain the same 2010 Cisco and/or its affiliates. All rights reserved. 30 31. Use Cases/ScenariosISR G2ASR1K ManagementIdentify custom enterprise 15.2(4)M1 XE 3.8S PAM 2.0application based on URLPer network segment applicationToday XE 3.8S PAM 2.Xperformance reportIdentify which QoS class traffic 15.2(4)M1 XE 3.9S PAM 2.1flows into and the queue dropCustomers already have 15.2(4)M1 XE 3.8S Working withperformance monitoring tool and3rd party toolwant to use with AVCCustomers need IPFIX support 15.2(4)M1 XE 3.8S PAM 2.0NBAR2 Visibility into WAAS Roadmap XE 3.9S N/Acompressed trafficInternet Edge Visibility (SCEASR)XE 3.8S PAM 2.0 2010 Cisco and/or its affiliates. All rights reserved.31 32. ASR1K: XE 3.8S ISR G2: 15.2(4)M1 PAM 2.0Custom Enterprise ApplicationApp Server URI BWResp. TimeEnable enterprise applicationPayroll server1.example.com- 2M100msmonitoring and managementDoc. Management server2.example.com/doc1M250msSoftware Rep. server2.example.com/software 5M30sec Today: NBAR supports custom app by Cisco Prime Assurance port or values in payload Custom Application Definition & Report server1.example.com New: Custom application match on HTTP URL Configuration through PAMserver2.example.com Recognize custom app for reporting and for QoS policy/doc Documentation /software - Software 2010 Cisco and/or its affiliates. All rights reserved.32 33. FutureOffice 365 is slow WAN InternetClientHeadend NFv9/ Application IPFIX Server Delay Latency Break-down Report Application =Branch WAN Headend InternetServer Office 365 = 5 ms = 50 ms = 10 ms = 70 ms = 20 ms Faster problem resolution by providing break down network latency All devices report response time and latency metrics to PAM PAM correlates all metrics and provide end-to-end latency view of application delivery 2010 Cisco and/or its affiliates. All rights reserved. 333 34. CompanyProduct Use Cases Status PAM Network and App Monitoring. PAM 2.0 Adding PfR, new Control GUI (future)metrics in XE 3.8S Gomez & APM combined with App-Adding NBAR2, PA, WAAS DynaTrace aware Network Monitoring 5View App-aware Network Already support WAAS MonitoringAdding NBAR2, PA LiveActionControl (QoS) GUI, App-aware Already supports medianet Network Monitoring Adding NBAR2, PA, PfR Scrutinizer App-aware Network Already support PfR, medianet MonitoringAdding NBAR2, PAOthers: Living Object, Insight, CA 2010 Cisco and/or its affiliates. All rights reserved. 34 35. NBAR2 supportfor QoS configand monitoring New applicationperformancereport workflowfrom PA data 2010 Cisco and/or its affiliates. All rights reserved. 35 36. Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage andLack of cost effective visibility tools NBAR2, PAapplication performanceInsufficient information to PAM troubleshoot application performanceNon-business Traffic ImpactControl non-business criticalNBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and Complex and manual configuration PfR Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WANUtilize all the available WAN links 2010 Cisco and/or its affiliates. All rights reserved. 36 37. 2010 Cisco and/or its affiliates. All rights reserved. 37 38. Minimum Bandwidth Bandwidth action Maximum Bandwidth Police action Minimize Latency Priority action Change Flow Properties Set action, i.e. set dscpReduce Burst Shape action 2010 Cisco and/or its affiliates. All rights reserved. 38 39. IOS XE 3.4 S 15.2(2)T Match on applications or pre-defined attributesclass-map match-any p2p-class match protocol attribute application-group bittorrent-group match protocol kazaa2 match protocol attribute sub-category p2p-networking I want to exclude Viber and Skype from sub-category voice-video-chat-collaborationclass-map match-any excluded-apps Future: Custom application attributesmatch protocol skypeXE 3.8S, 15.2(4)M1match protocol viberclass-map match-all voice-video-chat-appmatch protocol attribute sub-category voice-video-chat-collaborationmatch not class-map excluded-apps Support information: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html 2010 Cisco and/or its affiliates. All rights reserved.39 40. Monitor QoS Performance Top Applicationover Time QoS Class MapStatistics, QueueDrops, Pre/PostTraffic Rate, fromCBWFQ MIBS QoS Config GUI planned for PAM 2.1 2010 Cisco and/or its affiliates. All rights reserved. 40 41. IOS XE 3.4 S15.2(2)Tpolicy-map wan_remaining%policy-map Shape_150M class Voice-Bearerclass class-defaultpriority percent 25shape average 150000000 600000 0 class HD-Videoservice-policy wan_remaining%priority percent 20 class Network-control interface Gig x/ybandwidth remaining percent 15queue-limit 100 description **** CIR = 150Mbps **** class Voice-Signalingbandwidth 150000bandwidth remaining percent 15service-policy output Shape_150Mqueue-limit 100class SD-Videobandwidth remaining percent 20 No guarantee forqueue-limit 200 business critical http class Businessbandwidth remaining percent 15queue-limit 250 class Bulkbandwidth remaining percent 10queue-limit 200 class class-defaultbandwidth remaining percent 25queue-limit 400 2010 Cisco and/or its affiliates. All rights reserved. 41 42. WAN Policy for Browsing Traffic Egress ApplicationBWPriority Browsing 5% (Remaining BW) N/A class-map match-any browsing match protocol attribute category browsing Committed BW(50% of the line) class-map match-any Business-browsingBusiness80% (Out of Browsing) Business match protocol http url *myserver.com* match protocol http url *salesforce.com* Browsing policy-map Business-browsing-policyExcess BWOther Browsing 20% (Out of Browsing) Default class Business-browsing(50% of the line)bandwidth remaining percent 80set dscp af 21 class class-defaultbandwidth remaining percent 20set dscp default policy-map wan_remaining% class Businessbandwidth remaining percent 11Remaining queue-limit 250 class browsing Allocations arebandwidth remaining percent 5service-policy Business-browsing-policy Class-Default:shown in original class class-default bandwidth remaining percent 24 Low Prioritypolicy queue-limit 40025% committed Browsing: interface Gig X/YBusiness- 5% BWservice-policy output wan_remaining%Browsing:80% of allBrowsing 2010 Cisco and/or its affiliates. All rights reserved. 42 43. After apply control policy Cisco PrimeNAM Top ApplicationChartclass-map match-all p2p-app match protocol attribute p2p-technology p2p-tech-yespolicy-map control-policy class p2p-apppolice 8000 conform-action transmit exceed-action drop 2010 Cisco and/or its affiliates. All rights reserved.44 44. class-map high 3 match protocol sharepointmatch protocol attribute application-group webex-groupclass-map mediummatch protocol attribute category net-adminclass-map lowmatch protocol attribute category file-sharing!policy-map my-priority-policyclass high priority percent 50class medium bandwidth remaining percent 50class low bandwidth remaining percent 30!policy-map my-network-policyclass class-default 1 shape average 50000000 2 service-policy my-priority-policy!interface GigabitEthernet0/0/2service-policy output my-network-policy 2010 Cisco and/or its affiliates. All rights reserved. 45 45. 123 Re-prioritize NoShaping Apply queuing High priority App shaping Without proper Application Transaction Time Bandwidth prioritization, users may suffer poor applicationHigh PriorityApp, e.g.Noresponseinchange timeSharepointapplication BWAfter re-prioritize highusage even withchanges app, itspriority in QoSresponse timepolicy Lowsignificantly Priority improves App, e.g. WindowsLow priority app Update response time isworse as it is beingmoved to lowerpriority traffic queue 2010 Cisco and/or its affiliates. All rights reserved. 46 46. Use Case IT Challenges AVC Technologies UsedVisibility into WAN usage andLack of cost effective visibility tools NBAR2, PAapplication performanceInsufficient information to PAM troubleshoot application performanceNon-business Traffic ImpactControl non-business criticalNBAR2, QoSBusiness Critical Applications applications from using the network PAM resourceMaximize Utilization and Complex and manual configuration PfR Internet PresenceAvailability of Internet to utilize all available internetPresence accessesMaximize Utilization and Protect critical applications from sub- PfR - WANReliability of Applications over optimal performance in the WANthe WANUtilize all the available WAN links 2010 Cisco and/or its affiliates. All rights reserved. 47 47. 2010 Cisco and/or its affiliates. All rights reserved. 48 48. Protecting critical applications while Maximizing bandwidth utilizationDetect loss > 10%Detect high jitterWANInternet Cloud ServiceVoice & Video VDI Best Effort trafficBest Effort traffic ISP-1 (Primary) ISP-2 (Secondary) SP-A (MPLS VPN) SP-B (MPLS VPN)Cloud Service & Load Balancing PolicyMultimedia & Critical Data Policy Protect business Cloud applications from network Protect voice and video qualitybrownout Latency > 200ms; Jitter > 30msLoss > 10% Protect VDI applications from brownouts Cloud Service preferred path ISP1 Loss > 5% Maximize all ISP bandwidth by load sharing other Voice & Video preferred path SP-AInternet traffic VDI preferred path SP-B Maximize utilization by load sharing 2010 Cisco and/or its affiliates. All rights reserved. 49 49. PassiveLink Destination Prefix Reachability Delay Loss Load balancing BGP - Egress: route injection or Max utilization Modifying the BGP Local Egress BW Ingress BW Learning Link grouping Preference attribute PfR Netflow Monitoring- Ingress: BGP AS-PATH Prepend Prefixes $Cost or AS Community Flows Need not be symmetrical ACL EIGRP Route Control DSCP Based Static Route InjectionActive ApplicationsApplication PIRO Reachability Delay Loss PerformanceJitterMOS Reachability PfR enables IP SLA featureApplication Delay Probes sourced from BR Dynamic PBR Loss ICMP probes learned or NBAR/CCE configured MOS TCP, UDP, JITTER need ip sla Jitter responder 2010 Cisco and/or its affiliates. All rights reserved.50 50 50. HQ PfR used to load balance the traffic MC New default policies based on load-balancing iBGP Cisco ASR1k is typical BR/MC with BRBRBR terminating WAN connectionseBGP eBGP 1GE 100M15%60% BGP routing 35% 10%BRs must be iBGP peersDefault routing orISP1ISP2Partial routes orFull routes ISP3 PfR can actively manage up to 20k PrefixesISP4 ISP5 concurrently (with ASR1000)12.4T/15.0.1M ISP6IOS-XE 3.3.0 Manual tuning using BGPEgress Local PreferenceIngress AS-PATH Prepend + specific routes 2010 Cisco and/or its affiliates. All rights reserved. 5151 51. HQ MCiBGPLearning Dest Prefixes (NetFlow)BRBR Monitoring Passive Global eBGP 55% 45% eBGPEgress BWISP1 ISP2Policies Load-Balancing (range)ISP3 Path Enforcement BGPISP4ISP5Inject BGP RouteISP6 BGP Local Pref 2010 Cisco and/or its affiliates. All rights reserved. 5252 52. HQ MCiBGPLearning Inside Prefixes (BGP)BRBR Monitoring Passive Global eBGP eBGP Ingress BW 20% 17%ISP1 ISP2Policies Load-Balancing (range)ISP3 Path EnforcementBGP ISP4ISP5 BGP AS-PATH PrependISP6BGP Community 2010 Cisco and/or its affiliates. All rights reserved. 5353 53. HQ IngressEgress MCDestination DelayLoss BRExitPrefixBWBW Traffic 10.1.1.1/3260 02040 BR1 Gi1/1Classes 10.1.10.0/24 110 05260 BR1 Gi1/2 NetFlowNetFlowBRBR 89 13410 BR2 Gi1/1CacheCache BR LinksIngress Egress BR1 Gig1/1 200 40 Exits BR2 Gig1/2 130 60 ISP1ISP2Border routers collect and report passive monitoring ISP3 statistics to the master controller approximately onceISP4 ISP5 per minute.BRs gather performance measurements using NetflowISP6BRs report Performance Metrics for Traffic Classes to the Master Controller 2010 Cisco and/or its affiliates. All rights reserved.54 54 54. Link Range Utilization Keep the usage on a set of exit links within a certain percentage range of each other pfr mastermax-range-utilization percent 10loggingMax Link Utilization! Upper threshold on the amount ofborder 10.4.5.4 key-chain pfrtraffic a specific link can carry interface Ethernet0/0 internal interface Ethernet0/1 externalmax-xmit-utilization percentage 90!border 10.4.5.5 key-chain pfrMax Prefixes interface Ethernet0/0 internal Limit the number of prefixes to 1000 interface Ethernet0/1 external Delete Prefix if not relearned in 60max-xmit-utilization percentage 90 Minutes!!learn prefixes 1000 expire after time 60Global Policies! Load Balancing enabled by default! Link OOP if :periodic 600 % Util > Lowest + 10 ! % Util > 90 Revaluate Exit every 10 Minutes 2010 Cisco and/or its affiliates. All rights reserved. 5555 55. HQ MC#sh pfr master traffic-class MC OER Prefix Statistics: Pas - Passive, Act - Active, S - Short term, L - Long term, Dly - Delay (ms), P - Percentage below threshold, Jit - Jitter (ms),iBGP MOS - Mean Opinion Score Los - Packet Loss (packets-per-million), Un - Unreachable (flows-per-million), E - Egress, I - Ingress, Bw - Bandwidth (kbps), N - Not applicable U - unknown, * - uncontrolled, + - control more specific, @ - active probe allBRBR # - Prefix monitor mode is Special, & - Blackholed Prefix % - Force Next-Hop, ^ - Prefix is deniedeBGP 55% 45% eBGP DstPrefixAppl_ID Dscp Prot SrcPort DstPort SrcPrefixFlags State TimeCurrBR CurrI/F ProtocolPasSDly PasLDly PasSUn PasLUn PasSLos PasLLos EBw IBwActSDly ActLDly ActSUn ActLUn ActSJit ActPMOS ActSLos ActLLos -------------------------------------------------------------------------------- 10.1.1.0/24N N NNNN 58INPOLICY600 0 00 10.4.5.5 Et0/1 0667BGPISP1 ISP2 UU0 0N NNN ISP3 10.1.2.0/24N N N NNNINPOLICY0 10.4.5.4 Et0/1BGP 2102100 00 016 2U U0 0N NN NISP4ISP5 [SNIP] 10.1.3.0/24N N N NNNISP6 INPOLICY 0 10.4.5.5 Et0/1BGP59 60 0 0 0 0 61 7UU0 0 N NN N MC# 2010 Cisco and/or its affiliates. All rights reserved.56 56 56. HQ R3#sh pfr master exits ============================================================================================== MC PfR Master Controller Exits: General Info: =============E - External iBGPI - InternalN/A - Not ApplicableUp/ID Name BorderInterface ifIdx IP Address Mask PolicyType DownBR --- ------------ --------------- ----------- ----- --------------- ---- ----------- ---- ---- BR 210.5.5.5 Et0/12 100.5.82.524 UtilE UP 110.4.4.4 Et0/12 100.4.81.424 UtilE UP Global Exit Policy: ===================eBGP 55% 45% eBGP Range Egress: In Policy - Max difference 4% between Exits 2 & 1 - Policy 10%Range Ingress: Out of Policy - Max difference 10% between Exits 2 & 1 - Policy 0%Util Egress:In Policy Util Ingress: In Policy Cost: In Policy Exits Performance: ================== EgressIngress---------------------------------------------------- ------------------------------------ ISP1 ISP2 ID Capacity MaxUtil Usage %RSVP POOL OOP Capacity MaxUtil Usage % OOP --- -------- -------- -------- --- -------------- ----- -------- -------- -------- --- -----2 3000 2700 1033 341 3000 2700 1161 38 N/A N/A 3000 3000 N/A N/A 3000 3000 1 0 N/A321 10 N/A ISP3 TC and BW Distribution: =======================# of TCsBW (kbps) Name/ID Current Controlled InPolicy Controlled Probe ActiveTotal Failed Unreach ISP4 ISP5(count) (fpm) ---- ---------------------------- ---------------------- ------ --------2 26 26 26103510330 01 20 20 20108811610 0 Exit Related TC Stats: ISP6 ====================== Priority highest nth------------------Number of TCs with range:1 45Number of TCs with util:046Number of TCs with cost: 0 0 Total number of TCs: 46 R3# 2010 Cisco and/or its affiliates. All rights reserved.57 57 57. HQMC Voice - Video Critical ApplicationBRBRRest of the Traffic Voice, Video, The Rest of the Critical Traffic Application based optimization Voice and Video traffic: primary path, check delay,WAN1WAN2 (IP-VPN, DMVPN)(IPVPN, DMVPN)loss, jitter fallback secondary Business Applications: primary path, check loss,utilization fallback secondary Data Applications: load balanced across SPs or use MC/BMC/B MC/B BRthe secondary pathR RR Target Discovery will be used 2010 Cisco and/or its affiliates. All rights reserved.58 58 58. HQMC LearningPrefixesTrafficClasses BRBR Prefixes + DSCP Applications WAN1 WAN2 (IP-VPN, DMVPN) (IPVPN, DMVPN)MonitoringFast Voice/Video Active Critical AppsPassive Rest MC/B MC/B MC/B BRRRR BR 2010 Cisco and/or its affiliates. All rights reserved. 5959 59. HQMC PoliciesBRBRVoice, Video,The Rest of the 1. Link-Group CriticalTraffic2. Loss Voice - Video3. JitterWAN1WAN24. Delay (IP-VPN, DMVPN)(IPVPN, DMVPN) 1. Link-Group Critical Application 2. Loss4. Delay MC/BMC/B MC/B BRR RR Rest of the Traffic Load-Balancing 2010 Cisco and/or its affiliates. All rights reserved.60 60 60. HQ TrafficClasses MCDestinationAppIngress EgressDSCP Delay LossBRExitPrefix IdBWBW10.1.1.1/32EF 600 20 40BR1 Gi1/1BRBR10.1.10.0/24 AF311100 52 60BR1 Gi1/2 -891 34 10BR2 Gi1/1 WAN1WAN2 (IP-VPN, DMVPN)(IPVPN, DMVPN) BRS gather performance measurements usingIP SLA probes The performance metrics of the synthetic traffic are measuredMC/B MC/B MC/B BR The results are applied to the traffic classRRR BR entry in the Master Controller database BRs report Performance Metrics for TrafficClasses 2010 Cisco and/or its affiliates. All rights reserved.61 61 61. HQMCDestinationAppIngressEgress DSCPDelay LossBRExitPrefix IdBW BW10.1.1.1/32 6002040 BR1Gi1/110.1.10.0/24 11005260 BR1Gi1/2BRBRNetFlowNetFlow 8913410 BR2Gi1/1 CacheCache TrafficClasses BRLinks Ingress Egress Exits BR1Gig1/1 200 40 WAN1WAN2 BR2Gig1/2 130 60(IP-VPN, DMVPN)(IPVPN, DMVPN) Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. MC/BMC/BMC/BBR BRs gather performance measurements using NetflowR R R BR BRs report Performance Metrics for Traffic Classes to the Master Controller 2010 Cisco and/or its affiliates. All rights reserved.62 62 62. Learningpfr master No need for learn-list per branch. Only one!learn-list for voice/video because Target learn Discovery is used throughput Automatically learn based on DSCP values ! for Voice, Video and Critical Applications list seq 10 refname LEARN_VIDEO Rest of the Traffic falls under global learning (kind of default class)traffic-class access-list VOICE filter BRANCH_PREFIX (traffic-class application nbar rtp-audio filter BRANCH) aggregation-type prefix-length 32 throughput ! list seq 20 refname LEARN_CRITICALtraffic-class access-list CRITICAL filter BRANCH_PREFIX (traffic-class application nbar citrix filter BRANCH) throughputGlobal Policies ! Apply for the rest of the traffic Load Balancing enabled by default !! mode route protocol pbr! IOS 15.2(3)T 2010 Cisco and/or its affiliates. All rights reserved. 63 63 63. MC#sh pfr master learn list Learn-List seq 20 refname LEARN_CRITICAL Learn-List seq 10 refname LEARN_VIDEOConfiguration:Configuration: Traffic-Class Access-list: BUSINESSTraffic-Class Access-list: VOICE Aggregation-type: prefix-length 24 Filter: BRANCH1_PREFIXLearn type: throughputAggregation-type: prefix-length 32 Session count: 50 Max count: 100 Learn type: throughputPolicies assigned: 20 Session count: 1000 Max count: 1000 Status: ACTIVEStats: Policies assigned: 10 Traffic-Class Count: 37 Status: ACTIVE Traffic-Class Learned:Stats: Appl Prefix 20.20.14.0/24 af31 256Traffic-Class Count: 4 Appl Prefix 20.20.6.0/24 af31 256Traffic-Class Learned: Appl Prefix 30.30.5.0/24 af31 256 Appl Prefix 20.20.0.12/32 ef 256Appl Prefix 20.20.8.0/24 af31 256 Appl Prefix 20.20.0.14/32 ef 256Appl Prefix 30.30.14.0/24 af31 256 Appl Prefix 30.30.0.11/32 ef 256 Appl Prefix 30.30.0.13/32 ef 256[SNIP] 2010 Cisco and/or its affiliates. All rights reserved.64 64 64. HQpfr-map MYMAP 10match pfr learn list LEARN_LIST_VIDEO_BRANCH1set periodic 90set delay threshold 200set loss threshold 50000 MC Active set jitter threshold 30set mode monitor fastset resolve loss priority 2 variance 5 Fast set resolve jitter priority 3 variance 5set resolve delay priority 4BR variance 5 BRActive Throughput no set resolve rangeno set resolve utilizationset probe frequency 4set active-probe jitter 20.9.9.9 target-port 2000 TCP, UDP, JITTER probe need ip sla responder WAN1WAN2 Whats needed:(IP-VPN)(IPVPN, DMVPN) Configure a pfr-map that matches prefixes or applications @ Remote-site1 Define the policies Define the jitter probesMC/B MC/B MC/BBRRRR And REPEAT for each remote site 2010 Cisco and/or its affiliates. All rights reserved.65 65 65. HQMC Active FastBRBRActive ThroughputWAN1 WAN2 PfR becomes multi-site aware(IP-VPN) (IPVPN, DMVPN) PfR utilizes a Peering between the Master Controllers Enables Automatic discovery of Branch router, prefixes and probe targetMC/B R MC/BRMC/B R BR Simplify the Active mode with Jitter probes 2010 Cisco and/or its affiliates. All rights reserved.66 66 66. HQSite HQPublishMC Prefix H1, H2, H3 ActiveResponder H FastBR BRActive ThroughputWAN1WAN2 Each MC announces its inside prefixes, (IP-VPN)(IPVPN, DMVPN) together with probe target address and site names MC/BMC/B MC/BBR Site 1Site 2Site 3R RR Publish Publish PublishPrefix APrefix BPrefix C, D, EResponder 1 Responder 2 Responder 3, 4 2010 Cisco and/or its affiliates. All rights reserved. 6767 67. HQMC Prefixes Responders Sites Prefix A Responder1 Site 1 Prefix B Responder2 Site 2BRBR Prefix C, D, EResponder3, 4 Site 3WAN1 WAN2 Mapping table built on each site(IP-VPN) (IPVPN, DMVPN) Allows automatic jitter probe configuration Allows automatic probe generationMC/B MC/B MC/B BR RRR 2010 Cisco and/or its affiliates. All rights reserved.68 68 68. pfr-map MAP-TEST3 10match pfr learn list LEARN_LIST_BRANCH1 pfr masterset periodic 90 policy-rules MYMAPset mode route controlmc-peer head-end Loopback1set delay threshold 200set loss threshold 50000target-discoveryset jitter threshold 30 [SNIP]set mode monitor fast !set resolve loss priority 2 variance 5pfr-map MYMAP 10set resolve jitter priority 3 variance 5set resolve delay priority 4 variance 5 match pfr learn list LEARN_LIST_BRANCHno set resolve rangeset periodic 90no set resolve utilizationset delay threshold 200set probe frequency 4set active-probe jitter 20.9.9.9 target-port 2000 set loss threshold 50000 pfr-map MAP-TEST3 15pfr-map MAP-TEST3 15 pfr-map MAP-TEST3 15match pfr learn list LEARN_LIST_BRANCH2pfr-map MAP-TEST3 15match pfr learn list LEARN_LIST_BRANCH2set jitter threshold 30pfr-map MAP-TEST3 15set periodic pfr learn list LEARN_LIST_BRANCH2 match 90pfr-map MAP-TEST3 15set periodic pfr learn list LEARN_LIST_BRANCH2match 90set delayperiodic pfr200MAP-TEST3 15 15 pfr-map set threshold learn list LEARN_LIST_BRANCH2 match 90 set mode monitor fastset delayperiodic pfr200MAP-TEST3 15 pfr-mapset threshold learn list LEARN_LIST_BRANCH2 match 90 set delayperiodic pfr200MAP-TEST3 15pfr-map set threshold learn list LEARN_LIST_BRANCH2match 90set loss threshold match pfr learn list LEARN_LIST_BRANCH250000set delayperiodic 90 set thresholdpfr-map MAP-TEST3set loss threshold match 200learn list LEARN_LIST_BRANCH250000 set loss threshold match 200MAP-TEST3 15 15set 30 50000pfr-map set delayperiodic pfr pfr-mapthreshold 90set jitter threshold set periodic pfr learn MAP-TEST3 15set resolve loss priority 2 variance 5 set threshold 50000 200MAP-TEST3set lossdelay threshold pfr-map 90list LEARN_LIST_BRANCH2set jitter threshold 30 periodic 90 learn list LEARN_LIST_BRANCH2set mode monitor setsetsetmatch pfrpfrpfr learn list LEARN_LIST_BRANCH2 set jitter threshold 30 periodic 200learn list LEARN_LIST_BRANCH2 set loss fast thresholdset threshold 50000 delay set loss fast 30 matchset jitter threshold setmatch 9090set mode monitor set delayperiodic 200 delay thresholdthreshold 50000set resolve losssetset lossvariance50000 200 loss threshold 5 threshold set jitter threshold setset periodicpriority fast 30 threshold set mode monitor set delayperiodic 902002set resolve jitter priority 3 variance 5set mode monitor threshold 50000 90 set jitter threshold 30set resolve loss priority fastdelay thresholdlossvariance 52set resolve jitter prioritysetsetsetset 303050000 200 set resolve lossset 3 variancemode5route control priority threshold 50000set jitter threshold 5 set mode monitor fastdelay threshold 200set jitter 32 variance set mode monitor thresholdloss 2 variancethresholdset resolve loss priority fastset resolve jitter prioritysetvariance 5 30 5 set resolve delay priority 4 variance 5set resolve delayjitter modevariance variance50000 200set mode 4 priority thresholdloss set resolve priorityjittersetsetfast 5 30 5 set monitor 2 5 loss threshold set resolve priority 3 variance threshold delayset resolve delayjitter modevariance variance50000monitor thresholdloss 2set resolve priorityjitter 3 variance 5 30 5 set resolve priority thresholdset set 4 priority fast lossmonitor 5 5 set resolve priorityjitter 3 variance 5 30 5set resolve priority threshold set set 4 priority fast set resolve delayjitter modevariance variance50000 lossset loss thresholdno set resolve range resolve loss priority fast2no set resolve rangeset set set jitter thresholdmonitor 2 variance 5 set resolve jitter priority 3 variance 5set resolve delay priority 4 variance 5no set resolve range resolve loss priority fastno set resolveresolve resolve modepriorityvariance30 5 5 5 set utilization setsetset 4 variance fast 5 delay priority monitor 2 5 no set resolveresolve resolve jitter priority variance setset range jitter priority 3no set resolve range jitter loss threshold 5no set resolveresolve resolve modeloss priority varianceset set set utilizationmonitor 2 3 variance delay priority 4 varianceset probe frequencyutilizationresolve priority priority variance 5 5set set set no set resolveresolve resolve modeloss 3 variance 5 no set resolve rangesetset4 set set delayjitter 2priority 4 variance 5no set resolveresolve resolve jitter priorityfast variance no set resolve range jitter monitorset probe frequencyutilization resolve priority 3 variance 5 5 4resolve delay priorityvariance 5 5 delay priority 4 2 no set resolve utilizationset active-probe jitterset resolveresolve jitter priorityvariance 5 5 no set resolve setsetset set 4 4 3resolve target-port loss variance varianceno set 20.9.9.9 range set probe frequencyutilization resolve 2000 priority variance 2set active-probe no set resolve range priority 4 3 no set jitter 20.9.9.9 range priority 4 variance 5no set resolve delayresolve utilizationset probe frequency 4set 4 target-port 2000 set active-probe jitterset resolve delayjitter 2000 variance 5 5 5 set probe frequencyutilizationno set resolve set resolve no 20.9.9.9 target-port priority varianceset active-probe jitterset resolve delay priority 4 3 variance setno set resolve 4 range resolve set probe frequencyutilization20.9.9.9 target-port 2000set probe frequency 4 no set resolve 4 range noresolveset probe frequencyutilization set active-probe jitterset resolve delay priority 4 variance 520.9.9.9 target-port 2000 noset resolve target-port 2000 set active-probe jitter 20.9.9.9 rangeset probe frequencyutilization no set resolve 4 set probe frequencyutilization no set resolve 4set active-probe jitter 20.9.9.9 range target-port 2000set active-probeset resolve nono jitter 20.9.9.9 target-port 2000 set probe frequencyutilization set resolve 4 set probe frequency 4 set active-probe jitter 20.9.9.9 target-port 2000 setno set resolve20.9.9.9 target-port 2000utilizationprobe frequency 4 set active-probe jitter set active-probe jitter 20.9.9.9 target-port 2000 setset probe frequency 4active-probe jitter 20.9.9.9 target-port 2000 2010 Cisco and/or its affiliates. All rights reserved. set active-probe jitter 20.9.9.9 target-port 200069 69. HQ 10.10.0.0/16 R3 LISTEN! MC 10.3.3.3pfr master policy-rules MYMAPmc-peer head-end Loopback0target-discovery BRBR Voice, Video,The Rest of theborder 10.4.4.4 key-chain pfr CriticalTrafficinterface Ethernet0/0 internalinterface Ethernet0/1 external link-group SP1 ! WAN1WAN2 border 10.5.5.5 key-chain pfr (IP-VPN, DMVPN)(IPVPN, DMVPN)interface Ethernet0/0 internalinterface Ethernet0/1 external link-group SP2 R10! SETUP The peering to the head-endpfr master MC/B MC/BMC/B BRpolicy-rules MYMAP R30.10.10.10 R 20.9.9.9RIOS 15.2(3)Tmc-peer 10.3.3.3 Loopback0target-discovery30.30.0.0/16 20.20.0.0/16 2010 Cisco and/or its affiliates. All rights reserved.70 70 70. HQ 10.10.0.0/16MC 10.3.3.3R3#sh pfr master target-discoveryPfR Target-Discovery ServicesMode: Static Domain: 59501Responder list: HQ_TARGET Inside-prefixes list: HQ_PREFIXSvcRtg: client-handle: 7 sub-handle: 6 pub-seq: 1 BRBR Voice, Video,The Rest of thePfR Target-Discovery Database (local) CriticalTrafficLocal-ID: 10.3.3.3Desc: R3 Target-list: 10.4.5.5, 10.4.5.4 WAN1WAN2 Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24 (IP-VPN, DMVPN)(IPVPN, DMVPN)PfR Target-Discovery Database (remote)MC-peer: 30.10.10.10Desc: R10 Target-list: 30.30.0.10 Prefix-list: 30.30.0.0/16 MC/B MC/BMC/B BRMC-peer: 20.9.9.9Desc: R9R30.10.10.10 R 20.9.9.9R Target-list: 20.20.0.9 Prefix-list: 20.20.0.0/16R3# 30.30.0.0/16 20.20.0.0/16 2010 Cisco and/or its affiliates. All rights reserved. 71 71 71. HQ10.10.0.0/16R3#sh pfr master active-probes target-discoveryMC 10.3.3.3PfR Master Controller active-probes (TD)Border = Border Roter running this probeMC-Peer = Remote MC associated with this targetType = Probe TypeTarget = Target AddressBRBRTPort = Target Port Voice, Video,The Rest of theN - Not applicable CriticalTrafficDestination Site Peer Addresses:MC-Peer TargetsWAN1WAN230.10.10.1030.30.0.10 (IP-VPN, DMVPN)(IPVPN, DMVPN)20.9.9.9 20.20.0.9The following Probes are running:BorderIdxState MC-Peer Type Target TPort10.4.4.4 2 TD-Actv 30.10.10.10jitter 30.30.0.10 500010.4.4.4 2 TD-Actv 30.10.10.10jitter 30.30.0.10 500010.5.5.5 2 TD-Actv 30.10.10.10jitter 30.30.0.10 5000MC/B MC/BMC/B BR10.4.4.4 2 TD-Actv 20.9.9.9jitter 20.20.0.9 5000R 30.10.10.10 R20.9.9.9R10.4.4.4 2 TD-Actv 20.9.9.9jitter 20.20.0.9 500010.5.5.5 2 TD-Actv 20.9.9.9jitter 20.20.0.9 5000R3#30.30.0.0/16 20.20.0.0/16 2010 Cisco and/or its affiliates. All rights reserved. 7272 72. HQ10.10.0.0/16 MC 10.3.3.3R10#sh pfr master target-discoveryPfR Target-Discovery ServicesMode: Dynamic Domain: 59501SvcRtg: client-handle: 2 sub-handle: 1 pub-seq: 1 BRBRVoice, Video,The Rest of thePfR Target-Discovery Database (local) CriticalTrafficLocal-ID: 30.10.10.10Desc: R10 Target-list: 30.30.0.10 Prefix-list: 30.30.0.0/16WAN1WAN2(IP-VPN, DMVPN)(IPVPN, DMVPN)PfR Target-Discovery Database (remote)MC-peer: 20.9.9.9Desc: R9 Target-list: 20.20.0.9 Prefix-list: 20.20.0.0/16MC-peer: 10.3.3.3Desc: R3 MC/B MC/BMC/B BR Target-list: 10.4.5.5, 10.4.5.4R 30.10.10.10 R20.9.9.9R Prefix-list: 10.10.4.0/24, 10.10.3.0/24, 10.10.2.0/24, 10.10.1.0/24R10# 30.30.0.0/16 20.20.0.0/16 2010 Cisco and/or its affiliates. All rights reserved.7373 73. Policies Thresholds pfr-map MYMAP 10 Applied to the voice and video traffic match pfr learn list LEARN_VIDEO Loss, delay and jitterMonitor mode fast set delay threshold 200 Actively probe all exits to get performance set loss threshold 50000 metrics set jitter threshold 30Policies Definition set mode monitor fast List all policies Assign priority set resolve loss priority 2 variance 5 Administrative policy: SP1 is the primary set resolve jitter priority 3 variance 5 path, fallback to SP2 if OOP set resolve delay priority 4 variance 5 set link-group SP1 fallback SP2Jitter Probe set probe frequency 4 Target Discovery is used set periodic 90 No need to manually define the probe target IOS 15.2(3)T 2010 Cisco and/or its affiliates. All rights reserved.74 74 74. Policies Thresholds pfr-map MYMAP 20 Applied to the voice and video traffic match pfr learn list LEARN_CRITICAL Loss, delay and jitter set delay threshold 120Monitor mode Active set loss threshold 200000 Actively probe all exits to get performancemetrics set mode monitor active throughputPolicies Definition set resolve delay priority 1 variance 20 List all policies set resolve loss priority 5 variance 10 Assign priority set link-group SP1 fallback SP2 Administrative policy: SP1 is the primarypath, fallback to SP2 if OOP set probe frequency 4 set periodic 90Active Probes Automatic configuration and generation ofprobes IOS 15.2(3)T 2010 Cisco and/or its affiliates. All rights reserved.75 75 75. !Link Range Utilization pfr master Keep the usage on a set of exit linkspolicy-rules MYMAPwithin a certain percentage range ofmax-range-utilization percent 22each other!mc-peer head-end Loopback0target-discovery!logging!! Default Policies! Global Policiesmode route protocol pbr Apply for the rest of the traffic ! Load Balancing enabled by default IOS 15.2(3)T 2010 Cisco and/or its affiliates. All rights reserved.76 76 76. 2010 Cisco and/or its affiliates. All rights reserved. 77 77. The Key Takeaways of this presentation were: NBAR2 and PA can be deployed to provide visibility at the remote branches, and providetool to proactively monitor application performance Implement application-aware QoS to better control application usage and maximizeperformance of critical applications PfR simplifies Internet Presence load balancing operation PfR protects critical applications from WAN brownout and maximize utilization ofavailable WAN links 2010 Cisco and/or its affiliates. All rights reserved. 78


Recommended