Having an application aware network performance management NetFlow solution will provide greater insight to not only what traffic is traversing the network, but how efficiently the traffic is traversing.
Cisco AVC: Performance Monitoring
A subset of Cisco Application Visibility and Control (Cisco AVC) is Application Response Time (ART). ART provides the engine to calculate application response times. ART used to be part of Measurement Aggregation and Correlation Engine (MACE). As of IOS v15.4.1 and IOS XE 3.8S, ART falls under the performance monitoring feature set.NetFlow Application Monitoring: Application Delay
With traditional NetFlow, the details of the conversation shown in Figure 1 would include the Source/Destination IP Address, Source/Designation Transport Layer Ports, IP Protocol, Type of Service (ToS), and Input Interface. The typical version 5 NetFlow Tuple
Figure 1: Network Response Times [Cisco]
With Cisco AVC performance monitoring configured, the router can collect an enormous amount of additional details as shown above: Client Network Delay, Server Network Delay, Network Delay, Application Delay, and Total Delay.
Configuring Application Performance Monitoring
Flexible NetFlow is the only way to configure the Cisco Performance Metrics. When configuring the flow record, the following collect statements will need to be included:
collect connection delay network to-server
collect connection delay network to-client
collect connection delay network client-to-server
collect connection delay response to-server
collect connection delay response client-to-server
collect connection delay application
With the above metrics configured, and the rest of the flexible NetFlow configuration, the example report in figure 2 should become available in your NetFlow solution:
Figure 2: Connections Application Delay
A final note on ART, it requires monitoring the flow in both directions to generate its calculations. Because of this, “ingress” and “egress” flow monitors are both required on interfaces.
NetFlow Application Monitoring: NBAR2
Along with the performance metrics report as seen above, layer seven application details are also available using Next Generation Network Based Application Recognition (NBAR2). Here are examples of the types of match and collect statements that can be used with regard to applications:
match application name
collect application http url
collect application http uri statistics
collect application http host
collect application http user-agent
collect application http referer
collect application rtsp host-name
collect application smtp server
collect application smtp sender
collect application pop3 server
collect application nntp group-name
collect application sip source
collect application sip destination
For an exemplar Cisco AVC Configuration, please refer to this blog. It should be noted that sending these additional flow data metrics will greatly increase the flow volume being sent to the collector. Please make sure the collector can handle the flow volume and there is ample disk storage.
More on Cisco Application Visibility and Control?
Looking for more information on Cisco AVC? Check out this webcast presented by Mike Patterson on how Cisco Application Visibility and Control Flow Exports turn Routers into Security Surveillance Solutions. If you have any questions, feel free to comment below or reach out to the Plixer Support Team at 207-324-8805 x4