07/02/2018
Network Management (Tools, Netflow, NBAR, IP SLA)
Monitoring and Managing
- Know your network is doing well.
- Understand the trends in your network performance.
- Identify your bottlenecks and propose solutions.
- Proact – Don’t react.
Phases of optimizations and the tools
- Create a baseline – Netflow, NBAR, IP SLA
- Optimize Network – QoS, AutoQoS VoIP, AutoQoS Enterprise
- Measure / Adjust – Netflow, NBAR, IP SLA, Syslog
- Deploy Apps – Netflow, NBAR
Syslogging
| Level number | Severity | Description. |
|---|---|---|
| 0 | Emergencies | System is unusable. |
| 1 | Alert | Immediate action is needed. |
| 2 | Critical | Critical conditions. |
| 3 | Error | Error conditions. |
| 4 | Warning | Warning conditions. |
| 5 | Notification | Normal but significant conditions. |
| 6 | Informational | Informational messages only. |
| 7 | Debugging | Debugging messages only. |
- Key practices:
- Set the right date / time.
- Use the same IOS version ( different messages, severity ).
- Out of Band management ( security , performance ).
- Centralized logging server.
Netflow
- https://en.wikipedia.org/wiki/NetFlow
- Esed for Traffic accounting
- Heavily used by:
- Service Providers
- Network Planning
- Accounting and Billing
- Security
- Traffic Engineering
- Enterprise Customers
- Internet Conenction Monitoring
- User / Application Monitoring
- Security
- Service Providers
- NetFlow tracks Flows ( Sessions )
- IP Source Address
- IP Destination Address
- Source Port Number
- Destination Port Number
- Protocol type ( udp / tcp / etc )
- Input Interface
NBAR (Network Based Application Recognition) / AutoQoS
-
- Cisco NBAR
- WhitePaper AutoQoS
- Identifies Applications in traffic flows
- Inspects layer 2-4 , layer 7 data for supported applications ( around 90 supported )
- Expandable through IOS Upgrades and PDLMs (Packet Description Language Module)
- Integrates with QoS mechanics
- Integrats with SNMP mechanics
- Starting with NBAR
- sh ip nbar protocol-discovery stats bit-rate top-n 10
- Onboard IOS tools allow for top x reporting
- Gobs of monitoring tools use this data (MRTG, Cacti, Zabbix)
- Integrates into class-map ( QoS ) and AutoQoS Mechanics
AutoQoS
- Cisco AutoQoS
- Comes in two flavours:
- AutoQoS for VoIP ( Pre-defined policy-map templates)
- Creates about 40 lines of config
- AutoQoS for Enterprise ( application sniffing with NBAR )
- Uses NBAR to identify the key applications
- AutoQoS for VoIP ( Pre-defined policy-map templates)
- Trusted Mode ( Believes existing DSCP )
- Untrusted Mode ( Leverages NBAR Discovery )
IP SLA
-
- Cisco IP SLA
- Technically:
- A contract with a service level guarantee
- In Cisco: A method of measuring service level by sending test traffic.
- Able to Measure:
- Network Delay
- Packet loss
- Jitter
- Voice Quality
- SNMP Reporting also an option.
About The Author
