Blog :: Netflow :: Network Operations

Cisco IOS AVC Configuration

Are you looking for a Cisco IOS AVC Configuration?  This configuration will work with IOS, not for IOS XE.

15.1(3)T is the minimum revision for performance monitor phase 1
15.1(4)(M2) is the minimum revision for performance monitor phase 2 (ART/MACE)

NOTE: ART Metrics(MACE) are rolled into performance Monitor beginning in 15.4(1)T and you won’t be able to run RTT and ART metrics at the same time.

Features available for reporting:  NBAR2 (1000+ applications), SIP, RTP, Jitter, HTTP HOST, network/application/server delay, retransmits and queue drops and more.

Cisco IOS AVC Configuration

Here is the configuration off our 3925: I have color-coded this to make things a little easier to understand.

interface GigabitEthernet0/1
service-policy type performance-monitor input RTPMON
service-policy type performance-monitor output RTPMON
mace enable

If you apply both the green and the blue portions to the interface you won’t receive any metrics from the TCP record (highlighted in orange). Ideally, one should consider just removing the TCP record from the performance monitoring profile if you want to use ART (MACE). The TCP elements get exported, they are just blank/empty. You could remove the entire record if you wanted to, however, if you don’t want to use ART (MACE) you can keep the TCP record portion in the configuration and it will properly export information.

Traffic classes should be defined according to your network. NBAR CANNOT use class-map “match” statements”. “match protocol” statements will be accepted by the configuration, but will not work.

class-map match-all realtime
match access-group 102
match dscp ef
class-map match-any mace-policy-http
match access-group 111
class-map match-any ICMP
match access-group 105
class-map match-all exchange
match protocol exchange
class-map match-any mace-policy
match access-group 110
class-map match-any catch-all
match access-group 104
class-map match-any TCP
match access-group 101

flow record type mace mace-record
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect waas all
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
!
!
flow record type mace mace-record-http
collect datalink mac source address input
collect ipv4 dscp
collect interface input
collect interface output
collect application name
collect waas all
collect counter client bytes
collect counter server bytes
collect counter client packets
collect counter server packets
collect art all
collect application http uri statistics
collect application http host
!
!
flow record type performance-monitor ICMP-Record
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match interface input
match interface output
match flow direction
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 length total
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport icmp ipv4 type
collect transport icmp ipv4 code
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect policy performance-monitor classification hierarchy
!
!
flow record type performance-monitor nbar-mon
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 length total
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp source-port
collect transport tcp destination-port
collect transport tcp flags
collect transport udp source-port
collect transport udp destination-port
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect policy performance-monitor classification hierarchy
!
!
flow record type performance-monitor TCP
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 source prefix
match ipv4 destination address
match ipv4 destination prefix
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing destination as
collect routing forwarding-status
collect routing next-hop address ipv4
collect ipv4 length total
collect ipv4 dscp
collect ipv4 id
collect ipv4 ttl
collect ipv4 source mask
collect ipv4 destination mask
collect transport round-trip-time
collect transport event packet-loss counter
collect transport tcp flags
collect counter bytes
collect counter packets
collect counter bytes rate
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect timestamp interval
collect application media bytes counter
collect application media packets rate
collect application media event
collect monitor event
collect application version
collect application vendor
collect policy performance-monitor classification hierarchy
!
!
flow record type performance-monitor RTP
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 source prefix
match ipv4 destination address
match ipv4 destination prefix
match transport source-port
match transport destination-port
match transport rtp ssrc
match interface input
match interface output
match flow direction
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing destination as
collect routing forwarding-status
collect routing next-hop address ipv4
collect ipv4 length total
collect ipv4 dscp
collect ipv4 id
collect ipv4 ttl
collect ipv4 source mask
collect ipv4 destination mask
collect transport packets expected counter
collect transport packets lost counter
collect transport packets lost rate
collect transport event packet-loss counter
collect transport rtp jitter mean
collect transport rtp jitter minimum
collect transport rtp jitter maximum
collect transport tcp flags
collect counter bytes
collect counter packets
collect counter bytes rate
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect timestamp interval
collect application media bytes counter
collect application media bytes rate
collect application media packets counter
collect application media packets rate
collect application media event
collect monitor event
collect application version
collect application vendor
collect policy performance-monitor classification hierarchy
!
!

flow exporter export-to-inside
description flexible NF v9
destination 10.1.4.66
source GigabitEthernet0/2
output-features
transport udp 2002
export-protocol ipfix
template data timeout 60
option interface-table
option c3pl-class-table
option c3pl-policy-table
option application-table
option application-attributes
option metadata-version-table

!
!
flow monitor type performance-monitor ICMP
description RTP stats
record ICMP-Record
exporter export-to-samplicator
cache timeout synchronized 10
!
!
flow monitor type performance-monitor nbar-mon
description regular nbar stats for non perfmon
record nbar-mon
exporter export-to-samplicator
cache entries 10000
cache timeout synchronized 10
!
!
flow monitor type performance-monitor RTP
description RTP stats
record RTP
exporter export-to-samplicator
cache timeout synchronized 10
!
!
flow monitor type performance-monitor TCP
description TCP stats
record TCP
exporter export-to-samplicator
cache entries 10000
cache timeout synchronized 60
!
!
flow monitor type mace mace-mon-http
record mace-record-http
exporter export-to-inside
cache timeout update 1
cache entries 4096
!
!
flow monitor type mace mace-mon
record mace-record
exporter export-to-inside
cache timeout update 1
cache entries 10000
!

policy-map type performance-monitor RTPMON
class realtime
  flow monitor RTP
class TCP
flow monitor TCP
class catch-all
  flow monitor nbar-mon
class ICMP
  flow monitor ICMP

policy-map type mace mace_global
class mace-policy
  flow monitor mace-mon
class mace-policy-http
  flow monitor mace-mon-http

interface GigabitEthernet0/1
service-policy type performance-monitor input RTPMON
service-policy type performance-monitor output RTPMON
mace enable

I hope the Cisco IOS AVC Configuration above helps.  If you need any assistance setting it up, please give us a call.

Related

briand

How to Use Flow Data as an Alternative to SSL Decryption

NetFlow has traditionally been limited to exporting fields contained within a packet header. With the influx of Content Delivery Networks (CDNs) like Akamai, Level3,

::

Cisco ART Support

I set out today to write about Cisco ART metrics as I was having trouble understanding the difference between it and technologies such as

::

How to monitor VoIP Traffic

This blog aims to do one thing, show you how to monitor VoIP traffic on your network. I get questions, almost daily, asking, “How

::