Frequently Asked Questions

How do I reinstall LiveAction?

  • Close the LiveAction client and stop the service.
  • Uninstall the old version of LiveAction.
  • Install the new version of LiveAction (your previous license should be found).
  • LiveAction should be installed. If your data directory is in the default location (“C:\LiveAction Server Data\2.x”) and you are simply reinstalling, the app should find your previous data automatically.

How do I migrate LiveAction to a new server?

Follow these instructions to migrate LiveAction from your current server:
Initial considerations
  • Please ensure that you have your license key.
  • Best practice: Have a backup admin account for LiveAction that is not used in case the primary account gets locked out.
On the old server:
  • Close the LiveAction client.
  • Export the LiveAction configuration.
  • Deactivate the LiveAction license using the Management Console.
  • Stop the service (using the Management Console.)
  • Make a backup copy of the following directories to migrate the LiveAction database to the new server (if the historical data is not necessary, this step can be skipped):
    • C:\LiveAction Server Data\2.X\cassandra
    • C:\LiveAction Server Data\2.X\netflow (for 2.5+, flowstore)
On the new server:
  • Apply and activate the license on the new server.
  • Import the previously saved LiveAction configuration file using the Import tool.
  • Close the LiveAction client and stop the service (using the Management Console).
  • In version 2.5x and higher, copy the previously backed up “Cassandra” and “flowstore” directories to the new server.
  • Restart LiveAction on the new server.

What should I do if I get a serial number validation error?

We have noticed strange cases in the past where the serial number of a device changes when iOSis upgraded. Please contact customer support and we will try to resolve your problem. To help us help you, please be prepared to provide information on the following topics:
  • What version of LiveAction you are using.
  • Export the device information by doing the following:
    • Right click Home and Export Data to find the .csv file and the serial number of the device in question.
    • Please send the .csv file and the serial number of the device in question.
  • Export the log files by doing the following:
    • From the Management Console, click Help –> Export Logs
    • Be prepared to send us the .zip file
  • Determine whether or not you are running the following command on your devices to possibly set the serial number manually:
    • “snmp-server chassis-id <custom-serial-num>”

What do I do if I am locked out of my account?

You can reset your password through another admin account, if there is one available. Otherwise, you can do the following:
  • Stop the LiveAction service
  • Rename the “server.conf” file to a backup name (i.e.: “server_backup.conf”) in your data directory.
    • Default Data Directory: C:\LiveAction Server Data\2.x
  • Backup the “C:\LiveAction Server Data\2.x\topology-layouts” directory to save your topology.
  • Restart the LiveAction service with the Management Console.
  • Restart the LiveAction Client.
  • Re-add your devices.
  • Close the LiveAction client and stop the LiveAction service.
  • Restore the “topology-layouts” directory and the files within (overwrite with the backed up files if necessary).
  • Restart the LiveAction service and client.  (Note: you may need to adjust the interfaces assigned to each router).
It is highly recommended to create a secondary admin account that you will not use regularly, as a backdoor.
As a suggestion, you may also want to adjust the user management settings here: Tools –> Options –> Security.
  • Tools –> Options –> Security
  • Raise the number of failed consecutive login attempts.

FAQ_securitysettings-4

Does LiveAction allow local authentication alongside LDAP?

LiveAction does allow local authentication alongside LDAP. If you are planning to migrate to LDAP and would like to test it with LiveAction.

How can I get LDAP to work with LiveAction using Microsoft AD?

  • Create a backup from the LiveAction Management Console.
  • On your AD Server, open a CLI and type in “dsquery user”.

FAQ_LDAP-CLI-5
FAQ_LDAP-folders-6

  • Open the LiveAction User Management.

FAQ_usermanagement-7

  • Create LiveAction users that correspond to LDAP users.
  • Select Allow LDAP Authentication, and click the Settings button.
  • Set the LDAP Authentication Mapping to match the result of the command “dsquery user” executed earlier.
    • For Example: 
    • If you see “CN=First Last,CN=Users,DC=company,DC=local”, your Base DN in LiveAction should be “cn=Users,dc=company,dc=local”. Map user to cn and the Base DN is everything in the dsquery output after “cn=<username>”
    • Base DN: cn=users,dc=sdfqa,dc=com
    • Map User to: cn

FAQ_LDAP-auth-settings-8

  • Click the Test Settings button and enter your username and password. Your username is the full name configured in Active Directory, not the “login” name.

FAQ_LDAP-auth-9

  • If you have issues with getting LDAP to work, you can import the previously backed up configuration file to revert back to local authentication.

With Active Directory LDAP, it is important to use the user’s Display Name, instead of the actual account name. You can verify this information by running the “dsquery user” command, or by looking at the account properties. The Display Name will be the login credentials used for LiveAction, when LDAP authentication is enabled.

FAQ_LDAP-directory-10
The red-bordered login name will not work during the LDAP test, whereas the green-bordered login name will.
FAQ_LDAP-test-auth-11

How many users can connect to a LiveAction server?

You may have a total of ten active sessions connecting to a LiveAction server at any time, but only one admin session. This is to ensure that key items (for example – alerting, device settings, etc.) are properly handled. Please see the user guide for more information about the different rule-based access control privileges available for each user type.

Why is LiveAction not working after moving my VM to another machine?

Windows 64-bit Operating System – Server 2008 or 2012 R2, Windows 7 (Professional or Ultimate) with .NET framework v3.5.1+

Linux RHEL/CENTOS 6.4 or 6.5 with GNOME UI

I am not seeing NBAR Application statistics in the QoS interface view. Why is that?

There is a known bug found in iOS 15.0 and higher where the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB is not populating NBAR application statistics (Cisco IOS bug ID: CSCty56850).

The following iOS versions fix this bug:
15.2(4)S – available in CCO now
15.2(4)M1 – available in CCO now
15.2(3)T2 – will be available after 10/12/2012
NBAR iOS.x – NOT WORKING
NBAR iOS.x – WORKING
FAQ_NBAR-notworking-12
NBAR IOS15.x – WORKING
FAQ_NBAR-working

What is best practice when applying a QoS policy to a sub interface?

Cisco suggests using a hierarchical policy since there are no hard bandwidth limits associated with the subinterface.
You can create a “shaping” policy in LiveAction and set a shape value to the “class-default” as in the screenshot below:

FAQ_QoS-settings-13
Notice the policy called “shape-a” is setting a shaping policy of 10Mbps. Then, drag another policy under class-default, as shown below:
FAQ_QoS-policy-14
Here is an example of the config using a policy called “a” and how it is associated with the hierarchical shaping policy called “shape-a”. It is then tied to a Gig sub interface in our lab setup.

policy-map a
class a
    bandwidth percent 80
class b
class c
policy-map shape-a
class class-default
    shape average 10000
  service-policy a
interface GigabitEthernet0/1.101
encapsulation dot1Q 101
ip address 10.2.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow ingress
ip flow egress
no cdp enable
service-policy output shape-a

end

I don't think I'm seeing any NetFlow data on my device but am not sure. How can I verify this?

In the LiveAction client, you can verify that you are not seeing any NetFlow data by selecting Reporting –> Flow –> Data Status, and clicking the Execute Flow Counts button.
FAQ_Flow-datastatus-15
FAQ_Flow-datastatus2-16

  • Flows should be coming in on port 2055, unless changed in the Management Console.
  • LiveAction may not read the flow data if it is coming from an IP address that was not used when adding it to the application.
    • If this is the case, you could try re-adding the device using the IP address being used to source NetFlow.
    • You could also potentially set the NetFlow source interface to correspond with the IP address used to add the device.
  • Ensure that there are no ACLs that could be blocking NetFlow out of the device.
  • If seeing strange NetFlow data or collisions please see: I am seeing strange flow data for various advanced NetFlow data.

I am seeing NetFlow data intermittently or the data looks strange for various advanced NetFlow features (for example -- Medianet, AVC, PfR.) Why is this happening?

If you are running Traditional NetFlow (TNF) and Medianet performance monitoring or other Flexible NetFlow (FNF) based technologies at the same time, there could be NetFlow version 9 template collisions. This is because FNF and TNF are not aware of each other. As a result, both technologies will assign template IDs to their records starting from template id 256, causing NetFlow template collisions resulting in strange data being displayed in LiveAction.
Solution:
A. Set TNF (Traditional NetFlow) export version to NetFlow version 5:
ip flow-export version 5

FAQ_Flow-strange-17

B. Use only flexible NetFlow-based configurations on the device to allow flexible NetFlow to manage all the templates and remove traditional NetFlow. Please find the example config below:

Example Flexible NetFlow config:
flow exporter LIVEACTION
destination 172.16.67.141
source Loopback 201
transport udp 2055
template data timeout 60
flow monitor IPV4FLOW
record netflow ipv4 original-input
exporter LIVEACTION
cache timeout inactive 10
cache timeout active 60
interface Gig0/0
ip flow monitor IPV4FLOW input
ip flow monitor IPV4FLOW output
The above example will result in the same data as the following traditional NetFlow config:
ip flow-cache timeout inactive 10
ip flow-cache timeout active 1
ip flow-export source Loopback201
ip flow-export version 9
ip flow-export template timeout-rate 1
ip flow-export destination 172.16.67.141 2055
interface Gig0/0
ip flow ingress
ip flow egress

Do you support NX-OS products?

Yes, we support NX-OS from a Flow perspective today and we will continue adding more NX-OS support in the future.

Does LiveAction support non-Cisco devices?

We support flow analysis for non-Cisco devices such as Alcatel, Extreme, Brocade, Hewlett-Packard, Juniper, NetVanta and nProbe, for example.

What types of Operating Systems will LiveAction work on?

Windows 64-bit Operating System – Server 2008 or 2012 R2, Windows 7 (Professional or Ultimate) with .NET framework v3.5.1+

Linux RHEL/CENTOS 6.4 or 6.5 with GNOME UI

How are devices discovered by LiveAction?

Via SNMP by specifying an IP address, subnet range, or a seed device.

Is there a limit of to the number of interfaces LiveAction supports on one device?

From a topology drawing perspective, we have a 100-interface limit so you can see them. In the future, we’re looking at grouping on the screen. For interface level alerts for up/down, errors or drops, we provide that for all interfaces. For layer 2 trunks and access ports and HW queue information, we show all interface. From a flow device view, we show flows from any interface that has been enabled.

Can LiveAction schedule periodic reports?

You can schedule daily, weekly and monthly reports via LiveAction Report Scheduler. The report can be sent as a PDF attachment or a hyperlink via emails.

Can I customize my dashboard with LiveAction?

Yes, you customize your dashboard by dragging different reports into a user-defined dashboard.

Does LiveAction support historical routing data?

We save raw data for flow and snmp for replay/rewind/fast-forward via our Flow DVR feature, but no historical routing table data.

Does LiveAction support foll FCAPS (Fault, Configuration, Accounting, Performance, Security) management?

LiveAction specializes in application and network performance with QoS Control. It offers alerting, visual path trace and other color-coded status for fault management, but no syslogging. It also provides network health functionality including network discovery and topology, network monitoring using NetFlow, IPFIX, SNMP, QoS, routing and LAN statistics, dashboard, Top N analysis, device CPU/memory usage, link utilization and interface up/down. LiveAction also supports NCCM via Netline Dancer integration and provides performance baselining and capacity planning via Flow, SNMP and IP SLA. As for Security, LiveAction can recognize DDoS-like behaviors and allows customers to create an access-list on-the-fly to block malicious traffic.

How do I activate my LiveAction license?

You have the option of choosing online or offline activation of your license, as follows:
Online Activation:
  • From the Management Console License Tab, select Activate License to start the License Activation Assistant.
  • Select Activate Online, then click Next.
  • If your server is directly connected to the Internet, select Direct connection. If your connection to the Internet is through a proxy server, select Use Proxy. Contact your administrator for your Proxy information, if necessary. Click Next.
  • If connection is successful, the Activating License screen will appear. Click Finish to complete license activation.
Offline Activation:
  • From the Management Console License Tab, select Activate License to start the License Activation Assistant.
  • Select Activate Offline, then click Next.
  • The License Number and Activation key will be displayed. This information must be sent to LiveAction to complete offline activation. Click Copy to store the information to the Windows clipboard and paste it into a text file to send to the LiveAction License Team.
  • Click Cancel to exit the License Activation Assistant. You can continue to use the software for up to seven days prior to completing the activation process.
  • Using another computer that has an Internet connection, e-mail your contact information and the saved License Number and Activation key to sales@liveaction.com. LiveAction will then process your license and send you a permanent key for the next step.
Load the Activation Key you received from LiveAction.
  • When you receive your new Activation Key file, copy it to a location that can be reached by the LiveAction server PC.
  • Start the Management Console and select the License tab. Select Upgrade License to restart the Licensing Assistant.
  • Select I have a valid license file¸ and then click Next.
  • On the License Location screen, browse to locate the Activation Key file that you saved. Click Finish to complete license activation.

How do I start LiveAction Client through a Java Webstart?

    • Make sure your LiveAction server is running.
    • Open a web browser and connect to your LiveAction server by typing the IP address followed by a colon (“:”) and the port number of the server start page (default=”8092”) as the URL.
    • For example:
      • http:// 192.168.1.2:8092/
      • or http:// localhost:8092/ if trying to run the client on the same PC as the server.
      • If “httpserver.secure” is specified “true” in the LiveAction Management Console, the URL must specify https as shown below:
        https:// 192.168.1.2:8092/
    • Click the link Launch LiveAction Client and accept the Java Webstart installation. This may take several minutes as all the files are downloaded and installed. Once installed you will be prompted to run the client and you will get the LiveAction login prompt.
    • If this is your first time logging into the LiveAction Client, login into the default administrator account and create users. The initial default admin credentials are as follows:
Username: admin
Password: admin

How do I export LiveAction logs for support?

  • From the Management Console:
    • Help –> Export Logs
FAQ_exportlogs
  • Select the file export location (choose Desktop for convenience) and send the logging zip file to LiveAction Support.

OME UI

How many devices can a LiveAction server handle?

Prior to LiveAction 4.0, each server can manage up to 500 devices. Thus, for networks of more than 500 devices, multiple servers would be needed, with each having its own network view and license. Beginning with LiveAction 4.0, we can support large-scale enterprise networks up to 40,000 devices with a single-pane-of-glass view across the entire network and one license, since the devices are being monitored via the collector nodes which provide horizontal scaling and report to the server.

What is LiveAction's flow rate?

Today, LiveAction can process 1M flows/sec via a special-purpose, high-performance database.

What are LiveSP main features?

Keywords: Overview, Implementation, User features.

LiveSP is a multi-tenant platform that delivers Communication Service Providers (CSP), Managed Service Providers (MSP) and network integrators with a powerful application-aware management tool, helping them to assure the delivery of WAN connectivity services to their business customers.
For all the traffic and applications going through the WAN links and accesses, for thousands of enterprise customers, LiveSP is divided into several modules that allow to:

  • display executive view of network and critical application KPIs;
  • drill down near real time dashboards and assess end-user experience with fine-grain end-to-end application performance metrics across LAN, WAN and Application servers;
  • troubleshoot hybrid network path (PFR) issues;
  • alert when critical application performance is out-of-policy;
  • report daily, executive view of your Network SLA
  • closely customize customers’ network (dashboard, alerting, site clustering, custom applications, etc.);
  • easily admin multi-tenant profiles and rights
  • monitor flow and polling collection.

What capabilities does LiveSP provide to build custom dashboards and reports?

Keywords: User features.

Dashboards are made of customizable dashlets. A dashlet may use various visualization formats and can be configured as easily as you build an Excel timeline graph:

  • pie, to display top nodes on one specific metrics (example: top loaded interfaces);•
  • bar graph, to display aggregated view for several metrics and nodes (example: traffic repartition per DSCP for citrix, gmail and ftp);
  • timeline, to visualize trend of KPIs (example: traffic per primary / secondary network for hybrid network);
  • gauge, to highlight performance status of a KPI (example: salesforce response time over the end-customer network);
  • table, to detail performance metrics for Top nodes (example: top path changes with jitter / drop / latency out-of-policy event count);
  • pie-line, to mix gauge and timeline visualization (example: business / leisure traffic repartition)

Reports can include images, text, date and shapes, to have a powerful communication tool.

Is it possible in LiveSP to have executive dashboards beside expert visualization?

Keywords: User features.

LiveSP is designed to give both non-specialists and specialists the right insight of network SLAs and end-user experience.

  • The home page provides a workspace to build an overview of network usage, performance and status.
  • The dashboard module provides a fully customizable tab-centric workspace. Admins browse the KPI library and mix in the same tab metrics coming from SNMP polling and IWAN features. End-users drill down near real-time data from one dashboard to another for more details or to spot the root cause of an issue.
  • The report module helps Service Providers structure their communication with their multiple enterprise customers. It turns application or network information from the LiveSP platform into synthetic, decision-driven and good looking PDF report. End-customer chose a template in the report library. They customize the timeframe and schedule a PDF e-mailing for daily / weekly / monthly reporting. Each widget is a dynamic object that is automatically updated when the report is sent.

Does LiveSP provide default resources out of the box, such as dashboards?

Keywords: User features.

LiveSP includes several resources out of the box: default dashboards, reports, alerting, home page, KPI, poller, etc. These resources are based on years of network monitoring expertise and make LiveSP available from day one for many use cases.

Can I drill down an issue for more details?

Keywords: User features.

Yes, the “drill down” feature is available across the platform. It will help IT managers to deep-dive, step-by-step by displaying the useful dashboards/visualization of their network.
When you select an element (site, application, DSCP, etc.), using the magnifying glass, from any module (home page, flow map, etc.), LiveSP will automatically display the available dashboards. Pick the view you need and LiveSP will switch on the new view, with the right scope on right time frame.
For example, you detect unusual spikes of traffic for ms-update. You need more details to understand who is updating its PC during working hours (thus generating a spike of WAN load). Click on the magnifying glass beside the ms-update legend. LiveSP will automatically propose the compliant dashboards.

What is the data retention period? Is there a way to admin the purge?

Keywords: Collection, User features.

When received, data is aggregated to minimize storage without deleting history. Available granularities are 5 minutes, hour and day. By default, data retention is 3 weeks for 5 minutes granularity, 3 months for 1-hour granularity, and day data are never purged. Specific KPI such as daily 5 minutes max period can, however, be stored for a longer period for capacity planning needs.

What does “near real time” dashboards” mean?

Keywords: Collection, User features, Implementation.

CPEs send flows on a scheduled period. Let’s take 5 minutes as the export period: for 5 minutes, the CPEs aggregate traffic. Then, they export the aggregated flows, the next 5 minutes (smooth export to prevent the spike of traffic in the collection link). LiveSP collects the data on the fly and starts data processing at the end of the five minutes export period. So when an event occurs, it will be displayed between 5:30 minutes (best case) to 14 minutes after the event (the worst case with the heavy load on the LiveSP servers).

Implementation

Has the end-customer any customization capabilities?

Keywords: User features.

Yes. End-customers (or account manager) can define a dedicated environment including dashboard, reports, alerting, custom application, site clustering. They can group sites in cluster to focus on specific area of their network. They can build their custom applications on top on NBAR2 dictionary.

How my customers connect to LiveSP? Is it possible to use SSO authentication?

Keywords: Implementation, User rights.

Service Providers administrators and operations teams access LiveSP using login and password, through a login page, or via Single Sign-On (SSO) from their internal portal. Customers access LiveSP preferably using SSO, via existing external portal. It prevents customer login/password administration on the LiveSP platform.
LiveSP is compliant with any SSO configuration. As SSO implementations are often different, LiveAction professional services team provides specific plugin compliant with your SSO environment (preferably RESTful or SOAP Web Services).

Does LiveSP alert me when one of my critical application is out of policy?

Keywords: User features.

LiveSP allows admins to configure alerts based on network or application metrics in order to increase visibility of end-user experience or network events. When the chosen KPI is above a threshold, an alert is raised.

Can I implement different levels of services depending on customer profiles?

Keywords: User features, Implementation, User rights.

LiveSP as a dedicated solution for Service Provider enables customer profiling in a unique instance. Depending on the offer a customer has subscribed to, end-user access specific features, KPI and resources (Dashboard, report, etc.). Service Provider can also decide to keep specific features for internal use in order to improve their operating efficiency and proactivity (scheduled reports, alerting).

customer profiles

What capabilities does LiveSP provide to troubleshoot hybrid network and Cisco PFR?

Keywords: User features.

When a VPN architecture is used and application traffic is transiting between sites, obtaining visibility on the flows is an important facet of the QoE management. With dynamic WAN paths, Cisco PFR, in-depth knowledge of the application flows is becoming even more critical.
With its WAN path module, LiveSP offers a simple and innovative visualization of the end-to-end flows. Designed for VPN set across a few or thousands of sites, it adapts to each enterprise context and builds maps showing the flow going through their network.
Combining traffic metrics and distribution with performance metrics, the flow map is an extremely effective tool to troubleshoot or optimize the network and application delivery infrastructure.

Is there a way to recognize an application which is not in the Cisco NBAR2 dictionary?

Keywords: IWAN, Admin features.

On Top of Cisco IWAN dictionary, LiveSP can recognize traffic based on IP, port, HTTP hostname, SSL (HTTPS) server name. The workflow is the following:

Does the flow match an embedded LiveSP customer specific application?

  • If no match, does it belong to the NBAR2 dictionary?
  • If no match, does it match with an IANA service based on well-known ports?
  • If no match then the flow is classified as unknown.

Cisco NBAR2

Does LiveSP support IP range discovery?

Keywords: Collection, Admin features, Implementation.

As a multi-tenant platform, LiveSP does not support network discovery. LiveSP needs information that cannot be discovered such as the client name for a specific IP address, and particular IWAN fields to process IWAN information. A seed file is required to enable LiveSP.

Can LiveSP poll CoS and IPSLA metrics?

Keywords: Collection, Implementation, Admin features.

Yes. Expert polling mode leverages a scripting interface to connect the monitored device and its counterparts (Provider Edge, IPSLA probe) and collect advanced metrics (CoS, IPSLA, Metrics, etc.). Admins can mix CLI, attributes coming from the topology and routers template to build advanced metrics such as traffic per CoS, IPSLA jitter, etc.

Standard SNMP polling mode helps admin to quickly add metrics based on OID (for example CPU, traffic, drop, etc.).

Is it possible to record and display raw flows coming from the router?

Keywords: Collection, Implementation, Admin features.

Yes, an expert mode is available on LiveSP. It records raw flows (data + template) coming from the specified CPE and make the data available for analysis. It helps admins troubleshoot issues on router template configuration.

What are the several flow record types that I see when I use the LiveSP raw flow analyzer?

Keywords: Collection, Admin features.

The flow record represents the atomic building block exported by the device. NFv9 and IPFIX define 4 types of flow records: template, data, options template, options data. While template and data records describe the actual live traffic, the two latter stand for static mapping information, such as devices, interfaces, applications, etc.

Does LiveSP provide DSCP fields?

Keywords: Collection, User features.

By using NBAR2 in the class-map, routers can identify traffic by NBAR2 application signature. This allows per-application policy control such as QoS, for example limit traffic rate for Netflix, Pandora, and iTunes applications, or guarantee bandwidth for business applications such as WebEx, Office 365, or Sharepoint.

LiveSP stores and reports metrics down to the DSCP level per application and interface. This helps know whether a given application may have been misclassified when there is a DSCP-based QoS.

What happens if a CPE is configured to send AVC information and then PFR and WAAS?

Keywords: Implementation, Collection, User rights, Admin features.

IWAN monitoring level may be configured through LiveSP provisioning for each CPE. If the CPE exports PFR data flows but provisioned only for AVC, the PFR flows will be ignored by LiveSP.

Is it possible to define his own Key Performance Indicators based on raw counters provided by the collection?

Keywords: Collection, Implementation, Admin features.

Yes, besides default KPI included in the KPI library, admins can define custom KPIs they need to assess the network and end-user experience. They use a graphical interface to build formulas mixing raw counters and operand. New KPIs are immediately available for building new graphs or tables.

Glossary

Glossary

Acronym Meaning Notes
AVC Application Visibility and Control Cisco Deep Packet Inspection feature embedded in routers. It enables application recognition based on signature and fields extraction.
ART Application Response Time Cisco passive probe embedded in routers. It enables application performance metrics such as latency per network part.
BR Border Router Cisco PFR component
COS Class Of Service
CSP Communication Service Providers
CSR Cloud Services Router
DPI Deep Packet Inspection
FE Field Extraction
FNF Flexible NetFlow Latest Netflow version
IP Internet Protocol Layer 3 datagram protocol.
IPFIX Internet Protocol Flow Information Export Industry standard for Netflow.
LAN Local Area Network
MACE Measurement, Aggregation, and Correlation Engine
MC Master Controller Cisco PFR component
MMA Metric Mediation Agent
MMON Media MONitoring
MSP Managed Service Providers
NAT Network Address Translation
DPI Deep Packet Inspection Generic name for application recognition engine over telecommunication network.
NBAR(2) Network Based Application Recognition Cisco Deep Packet Inspection Engine.
PA Performance Agent
PFR PerFormance Routing
SSO Single Sign On
SNMP Simple Network Management Protocol
SP Service Provider
TCP Transmission Control Protocol Layer 4 reliable transport mechanism.
UDP User Datagram Protocol Layer 4 transport mechanism. Connectionless transport layer protocol.
VRF Virtual Routing and Forwarding
WAAS Wide Area Application Services
WAN Wide Area Network

What is Cisco Intelligent WAN?

Key words: Cisco IWAN, Overview, Collection, Implementation.
Cisco is a feature bundle embedded in routers, targeted at improving end-user experience when they use applications over Wide Area Network (WAN). Cisco IWAN provides the ability to report your application performance metrics, enables per-application policy for granular control of application bandwidth use (AVC), monitors network performance and selects the best path for each Class of Service (Performance Routing, PFR), and optimize application traffic for faster response time and less bandwidth (WAAS).
Netflow version 9 and IPFIX are the protocols of choices for Cisco IWAN to export information from the routers.

How many applications can Cisco AVC recognize?

Keywords: Cisco IWAN, Overview, Collection, Implementation.

In the past, typical network traffic could easily be identified using well-known port number. HTTP, HTTPS, POP3, or IMAP were among common traffic seen in enterprise. Today, there is increasing number of applications which is delivered over HTTP – both business and recreational applications. And many applications use dynamic ports such as Exchange, and voice and video which are delivered over RTP. This makes them impossible to be identified by looking at port number.

NBAR2 is Cisco’s Deep Packet Inspection (DPI), based on application signature, and Field Extraction (FE) technologies, to retrieve fields such as HTTP URL, SIP domain, mail server, and so on. Application information such as Sharepoint, Netflix, or Google Docs is provided by NBAR2 signature dictionary, called protocol pack. The protocol pack is updated several times a year to include new applications. Version 16.0 includes more than 1500 signatures.

What is Cisco Intelligent Path Control, PFR?

Keywords: Cisco IWAN, Overview, Collection, Implementation.

PFR is part of Cisco IWAN. PFR monitors network performance and routes applications based on application performance policies and load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth. PFR is comprised of two major Cisco IOS components, a Master Controller (MC) and a Border Router (BR).

The Master Controller is a policy decision point at which policies are applied to various traffic classes that traverse the Border Router systems.

  • The hub master controller is the master controller at the hub-site, which is either a data center or a headquarter. This is the device where all policies are configured. It also acts as master controller for that site and makes optimization decision.
  • The branch master controller is the master controller at the branch-site. There is no policy configuration on this device. It receives policy from the Hub MC. This device acts as master controller for that site for making optimization decision.

Border Routers (BRs) are in the data forwarding path. Border Routers collect data from their Performance Monitor cache and smart probe results, provide a degree of aggregation of this information and influence the packet forwarding path as directed by the Master Controller to manage user traffic.

What is Netflow/IPFIX?

Keywords: Cisco IWAN, Collection, Implementation, Sizing.

Netflow provides the ability to collect IP network information as it enters or exits an interface. A Flow Record consists of keyed fields and non-keyed fields. Keyed fields are all field(s) which need to be unique in order for a new Flow Record cache entry to be created in the CPE memory. Non-keyed fields provide information such as metrics (byte count, packet count, latency or jitter). For every record, a cache table is created to track and store flow entry. A new cache entry is created when the keyed field(s) of the packet does not match existing cache entry. Otherwise, only the non-keyed fields are updated, such as byte count is incremented.

What makes Netflow collection different from SNMP monitoring?

Keywords: Cisco IWAN, Collection, Implementation, Sizing.

The key difference resides in the information access: SNMP requires collectors to request the information. Netflow collectors passively receive and process flows from all devices. For first case (polling), devices need to store the data available on request. With Netflow, devices send data once processed. Thus, if devices embed the right processing engines (Deep Packet Inspection, passive probe, etc.), one could have much more detail on traffic and performance using Netflow.

What are the differences between Netflow versions?

Netflow 5 (IPv4 specific)

NFv5 is the most commonly deployed version. The flows exported by the equipment provides 5-tuple keyed fields, source IP / port, destination IP / port and protocol, to describe the identities of the systems involved in the conversation and the amount of data transferred.

Flexible Netflow FNF V9 (IPv4 and IPv6 compatible)

Version 9 has brought FNF capability, which makes Netflow a highly versatile protocol. Its flexibility makes it particularly more relevant for complex reporting and heterogeneous data. Here are a few key components:

  • flexible key field aggregation;
  • variable number of data fields;
  • unidirectional or bidirectional;
  • sampled or not;
  • multi-vendor (430 standardized fields, thousands vendor-specific fields);
  • aggregated, synchronized or not for exports.

IPFIX

IPFIX (IP Flow Information eXport) also referred to as NFv10, IPFIX is the industry standardized version of Netflow. It builds on NFv9 for most of the features, and brings additional flexibility (variable-length fields, sub-application extracted fields, options-data, etc.).

Note: Netflow version 9 and IPFIX are the export protocols of choices for AVC, because they can accommodate flexible record format and multiple records required by Flexible Netflow infrastructure. IPFIX is recommended.

Does IWAN increase router CPU and memory load?

Keywords: Implementation, Collection, Cisco IWAN, Sizing.

Yes, compared to the relative simplicity of SNMP monitoring metrics, IWAN features comes at an expense on the network device in terms of memory (need for anticipation in configuring the cache size) and CPU (for advanced processing). Cisco has introduced EZPM in latest version of IWAN to decrease CPU load. Service providers have to check if the needed additional resources on routers is compliant with their existing portfolio (which router for which contracted bandwidth).

What is the Netflow impact on CPE performance?

Keywords: Implementation, Collection, Cisco IWAN.

Most architecture are compatible with Cisco IWAN, as it runs on top of an overlay transport protocol (DMVPN for IWAN 2). However, the concrete deployment of IWAN requires a Cisco Validated Design: Cisco provides online in-depth PDF guides for deployment and configuration.