© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars Flow Metadata for Enhanced Application Awareness
Karthik Dakshinamoorthy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Jean-Charles Griviaud
Product Line Manager [email protected]
Balaji B.L Technical Leader,
Engineering [email protected]
Panelists
Speaker
Karthik Dakshinamoorthy
Product Manager [email protected]
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event Survey
• For Webex audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? Or send email to: [email protected]
• Join us on August 1 for our next IOS Advantage Webinar: Efficient Data Center Design with FabricPath/TRILL www.cisco.com/go/iosadvantage
• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Flow Metadata Introduction
• Concept and Overview
• Key Use Cases
• Metadata enabled Network Services
• Metadata Producers and Consumers
• How does Metadata work?
• Metadata Configurations
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 5
Infrastructure
Borderless End-Point/User Services
Mobility Workplace Experience Video
Securely, Reliably, Seamlessly: AnyConnect, Mobile Collaboration
Borderless Network Services Borderless Management
and Policy Switching
Wireless
WAAS
Routing
Security
Mobility: Motion
Security: TrustSec
Voice/Video: Medianet
Green: EnergyWise
Application Performance
PROFESSIONAL SERVICES: Products to Systems to Architectures
Architecture for Agile Delivery of the Borderless Experience
Medianet and Application Performance: Metadata for enhanced network application awareness & easier service delivery
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 6
• Architectural play - Intelligent endpoints + intelligent network
• Bringing application awareness in the network
• Multiple video & voice, business critical applications intelligently sharing the same IP Network
• Intelligent Policy enforcement based on business rules
Enable Rich Media
Solutions
Optimize User Experience
Media Aware Routing
Resource Control
Media Monitoring
Media Optimization
Medianet Services Interface APIs
Cisco Video & Voice Applications
webex
Seamless Security
SAF
PfR
RSVP
Multicast
QoS
NetFlow
IPSLA
Flow Metadata
Media Services Proxy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Application complexity increases
Cloud and Virtualization centralize application
delivery
Multiple entities involved in delivering
applications
Identify growing applications using more than just port number
Problem isolation to minimize downtime and
business impact
Understand application performance from end
users perspective
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Today’s network needs to be aware of applications
Gain visibility into application running in the network,
performance trend, and user experiences
Intelligently prioritize and control application traffic to maximize user experience
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
IT Resources
Provision
Control
Optimize
Baseline
Network Adjustments
• Plan, configure, monitor, troubleshoot
• Sessions, endpoints and service infrastructure
• SLA measurements
Network Management
• Application acceleration, offload
• Reduce WAN traffic, application latency
Optimization
• Capacity planning • Visibility into network and
application behavior
• Dynamic troubleshooting
Monitoring and Instrumentation
• Prioritize business-critical traffic
• Meets established business policies and priorities
Control
• Automatic application recognition • Application Context awareness
Identification and Classification
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Metadata, Deep Packet Inspection (NBAR2)
Perf-Mon FNF IOS
PA HQoS PfR
App Experience
Voice/ Video
BW/ Export
Visibility Control
Management
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
MC/BR
BR
MC/BR
BR
MC/BR
BR
BR
HQ
PROBLEM
• What is going on in my network? • Voice Traffic classification • Video Traffic classification • Critical applications
SOLUTIONS
• Implicit: DPI (NBAR2, MSP) • Explicit: Metadata • Indirect: RSVP, Media Services Proxy
(MSP)
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 12
• Metadata is an architecture that enables end-to-end signaling of flow parameters and attributes to the network • Metadata can be explicitly produced by the end user, implicitly produced by the network DPI engine or indirectly produced by a proxy (e.g. Communications/Call manager)
• Metadata used by various network services like QoS, Netflow, Media monitoring, PBR etc to facilitate application aware deployments • Metadata would produce a set of “attributes” that the network can use for traffic classification and export • Leverage RSVP to became the Metadata transport protocol for L2 switches and L3 router
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 13
Metadata signaled path
The network proxy or the end point signals Metadata for a flow
I am a conferencing application I use non-encrypted RTP; My clock frequency is 90Khz; Timeout my flow after 120sec; My GSID is xxx;
I am a surveillance application I use encrypted RTP; My clock frequency is 120Khz; Timeout my flow after 90sec; My GSID is yyy;
1.1.1.1 10.1.1.1 2134 80 http ATTR_1
10.76.109.45 10.76.109.51 1200 2000 Telpresence ATTR_1 ATTR_2
10.76.109.45 10.76.109.50 450 5060 SIP ATTR_3
30.1.1.1 135.1.1.1 1500 1600 Telpresence ATTR_1 ATTR_2
20.1.1.1 125.1.1.1 1500 1600 Surveillance ATTR_3
Metadata Database
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Attributes CTS-3000, Telepresence Tandberg MOVI app-ID Telepresence-media rtp
sub-app-ID N/A N/A
application model, vendor, version
CTS-3000, 1.5, Cisco MOVI, 1.1, Cisco
end point model, version, model
N/A Apple, MAC, xxx
GSID/MPID xxx yyy
media-type Video audio
clock frequency 90 Khz 70 Khz
codec type MPEG-4 MPEG-2
flow bandwidth 15 Mbps 3 Mbps
device-class telepresence software-phone
Category/sub-category voice-and-video voice-and-video
application-group voice-video-chat-collaboration voice-video-chat-collaboration
(to be signaled from MSI on end point or MSP on the network)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
1. Application Creates Metadata
Met
adat
a D
B
Met
adat
a D
B
Met
adat
a D
B
IP Src IP Dst Prot L4 Src
L4 Dst
Application Vendor Dial From Dial To Caller ID
10.1.1.2 20.1.1.2 UDP 2000 4000 Video-Conference (Audio)
Cisco 83922564 85268229 Albert Albatross
Flow Identifier Metadata
10.1.1.2 10.1.1.2
3. Media Flow 2. Metadata Announcement
Export of data to NMS
QoS based on Metadata
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Multi Vendor Environment
Multi Application Environment
Multi Services Environment
Media Monitoring Netflow QoS
How do I manage these variations and diversity in the network??
With Medianet: Metadata + Media Services Proxy MSP !!!
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Auto device detection with MSP
Third Party support with MSP:
Metadata:
QoS, Netflow and Monitoring.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
With Metadata,
• • • •
Intelligent, automatic QoS remarking for soft-phones with Metadata
Metadata“device-class”
or “application”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
• How can device enforce policies if they don’t have uniform view of traffic ?
Eg: Rule: Prioritize Google News traffic from Marylou
• How can application information be propagated to enable smarter, consistent enforcement of network policies?
Classification based on ACL and DSCP
Classification based on DPI, ACL, DSCP
News
What do I know about this packet or flow ?
It has a DSCP = 0
it carries Google News application
What do I know about this packet or flow ?
it has a DSCP=0
it comes from Fast1/0 it comes from location “Desk1” it comes from user “Marylou”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• How to enforce a consistent network policy when classification are not available along the path ?
Eg: Rule: Prioritize Voice communication from Marylou to John ?
• Endpoint can provide information not available or visible on the wire
This flow has a DSCP = EF This flow contents RTP Voice
This packet has a DSCP=EF This packet comes from Fast1/0
This packet comes from location “Desk1” This packet comes from user “Marylou”
John
Voice communication between Marylou and John Voice communication started with application “X”
Packets has DSCP=EF I know lots of information from the application
that I’m not going to send to the wire
Marylou
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
device-class media-type
voice video voice-video data
Dynamic Attributes Media-type
App-ID
webex-client vmware-view wyse-zero-client cisco-phone
Device-class
desktop-conferencing room-conferencing physical-phone software-phone desktop-virtualization surveillance telepresence
Application-group
citrix-group vmware-group wyse-group
Sub-App-ID
traffic-type signaling-type transport-type
traffic-type
usb-redirection streaming tunnel realtime interactive bulk background sharing
signaling-type
sip h323 skinny mgcp bfcp
traffic-type
pcoip rdp ica
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Use Cases
Metadata Classification based on:
Configure performance monitoring on all Telepresence flows
Remark all surveillance traffic to CS4 Reroute Cisco Desktop conferencing traffic through the MPLS VPN link Determine % of video and audio-only flows from Netflow Export
Police interactive traffic from vmware client to 5 Mbps
application-group/device-class
device-class
vendor, device-class, device-sub-class
media-type
app-ID, sub-app-ID
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
match application citrix traffic-type interactive (ica tag 0) match application rtp match application cisco-phone
match application attribute device-class room-conferencing match application attribute device-class surveillance match application attribute media-type video
match application application-group webex-group match application application-group citrix-group
match application attribute category voice-and-video match application attribute category business-and-productivity-tools match application attribute sub-category remote-access-terminal
match metadata global-session-id <> match metadata end-point [model | vendor | version]
App-ID Based
Dynamic attribute based
Application Group based
Category Based
Metadata Based
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 24
Important charter in the App-Velocity space, enabling network as a platform for delivering intelligent network services for a multitude of applications
M M WAN
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 WebEx Video
10.76.109.45 10.76.109.50 450 5060 SIP
30.1.1.1 135.1.1.1 1500 1600 WebEx Video
20.1.1.1 125.1.1.1 1500 1600 Surveillance
Metadata Database
Network Infrastructure
Metadata Producers
Network Services
Network Readiness: ISRG2, Cat3k, Cat4k, ASR1k, Cat6k
MSI Based End points (WebEx, VXI, TP), MSP, NBAR
Video Monitoring, QoS, FNF, PBR, PfR
WebEx
VXI/VNA
TP/Tandberg
Video Monitoring
PfR/PBR
Netflow QoS
NBAR and MSP Producing Metadata
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 Telepresence
10.76.109.45 10.76.109.50 450 5060 Cisco-Phone
30.1.1.1 135.1.1.1 1500 1600 Telepresence
20.1.1.1 125.1.1.1 1500 1600 Surveillance
Metadata Database
All TP flows should be marked with DSCP=CS4
All Voice calls should be marked with DSCP=EF
MPLS- VPN
DMVPN
campus
SP could reset the DSCP value
Restore the DSCP value
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 WebEx Video
10.76.109.45 10.76.109.50 450 5060 SIP
30.1.1.1 135.1.1.1 1500 1600 WebEx Video
20.1.1.1 125.1.1.1 1500 1600 Surveillance
Metadata Database
MPLS- VPN
DMVPN
campus CE
Metadata Signaling
Policy on CE-1:
class-map match-all test match application WebEx
policy-map test class test set dscp af11
CE-1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 Telepresence
10.76.109.45 10.76.109.50 450 5060 SIP
30.1.1.1 135.1.1.1 1500 1600 Telepresence
20.1.1.1 125.1.1.1 1500 1600 Surveillance
Metadata Database
Using AppID to enable Monitoring: Enable performance-monitor on all Telepresence flows
I want to monitor ONLY the Telepresence flows
CUCM
Surveillance Manager
Perf-mon: Enable monitoring on these 5 tuples
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Global App ID Based Thresholds
Using AppID to set application specific thresholds
I want to monitor all the Telepresence flows, and pick up the thresholds automatically
CUCM Surveillance Manager
Perf-mon: Enable monitoring on these 5 tuples with derived thresholds
App ID Loss Jitter Latency Surveillance x x x Cisco-Phone x x x Telepresence x x x
Performance Monitor modules can apply thresholds to the flow being monitored based on its App-ID Threshold values can be built in for most popular video applications, or come from user configuration Administrator need not configure threshold explicitly for each individual monitoring session.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
RSVP signaled path
Propagate flow properties that VM can use instead of static configuration
I use non-encrypted RTP; My clock frequency is 90Khz; Timeout my flow after 120sec; My GSID is xxx;
I use encrypted RTP; My clock frequency is 120Khz; Timeout my flow after 90sec; My GSID is yyy;
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 Telpresence ATTR_1 ATTR_2
10.76.109.45 10.76.109.50 450 5060 SIP
30.1.1.1 135.1.1.1 1500 1600 Telpresence ATTR_1 ATTR_2
20.1.1.1 125.1.1.1 1500 1600 Surveillance ATTR_3
Metadata Database
Surveillance Manager
Fill in attributes in metadata database
VM: Configure flow monitors with metadata attribute
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• Most collectors today classify and display traffic profiles based on L4 port numbers
• With HTTP as the new TCP this might not be very granular to uniquely classify an application
• Metadata makes it possible for a network node to identify an application granularly
• This approach is similar to NBAR and a few collectors have integrated NBAR along with Netflow to list the App-ID alongside the 5-tuple
• With Metadata, lot many attributes other than App-ID can be exported to Netflow collectors
• Requires FNF integration with Metadata, that is already a planned deliverable; Note this support has to exist even though Video monitoring already exports some Metadata through its native FNF integration
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
NEs
Metadata Signaled by Switch using MSP
1.1.1.1 10.1.1.1 2134 80 IP Surveillance
10.76.109.45 10.76.109.51 1200 2000 Telepresence
10.76.109.45 10.76.109.50 450 5060 IP Surveillance
20.1.1.1 125.1.1.1 1500 1600 IP Surveillance
FNF on the NEs
Netflow Cache: SRC ADDR DST ADDR APP NAME ======== ======== ======== 1.1.1.1 10.1.1.1 IP Surveillance 10.76.109.45 10.76.109.51 Telepresence 10.76.109.45 10.76.109.51 IP Surveillance 20.1.1.1 125.1.1.1 IP Surveillance
Metadata Database
Flow Begins
IP Surveillance Cameras
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Per-Flow Metadata: GSID/MPID Clock Hz Codec Type Bandwidth
Metadata + FNF Integration
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
• Performance Routing improves application performance by enabling a performance-aware infrastructure that selects the best path across the network
• Network performance like reach ability, delay, loss, jitter, and Mean Opinion Score help select the best path based on application requirements
• Many current applications cannot be identified by port numbers or prescribed DSCP values based on which PfR/PBR can operate (i.e. dynamically route based on traffic type)
• Metadata provides the ability to the network to be cognizant of flow related attributes (e.g. nature of application and its parameters)
• Integrating Metadata with PfR can enable PfR to identify these applications and optimize routing for them
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
• PfR integration with Metadata exposes the App-ID and other Metadata attributes to the routing subsystem
• Pfr can use this per flow data to intelligently route traffic across various links based on application type or other Metadata attributes
• Leverage policy routing to redirect bandwidth intensive rich media across low cost links to enable gradual scaling of medianet architecture
Remote Office
Small Office
Bottlenecks
Best Metric Path
MPLS or Primary ISP
ISP B ISP C ISP A
SiSi
SiSi
SiSi
10.76.109.45 10.76.109.51 1200 2000 Telpresence ATTR_1 ATTR_2
30.1.1.1 135.1.1.1 1500 1600 Telpresence ATTR_1 ATTR_2
20.1.1.1 125.1.1.1 1500 1600 WebEx ATTR_3
Metadata Database
PfR selects different links for
TP and webex TP
webex
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
RSVP signaled path
I use non-encrypted RTP; My clock frequency is 90Khz; Timeout my flow after 120sec; My GSID is xxx;
I am a surveillance camera using RTSP. My clock frequency is 120Khz; Timeout my flow after 90sec; My GSID is yyy;
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 Telpresence ATTR_1 ATTR_2
FFoE::ABCD FF0E::DEAD 450 5060 SIP ATTR_1
30.1.1.1 135.1.1.1 1500 1600 Telpresence ATTR_1 ATTR_2
20.1.1.1 125.1.1.1 1500 1600 Surveillance ATTR_3
Metadata Database
Surveillance Manager
Fill in attributes in metadata database
Attributes used by VM, QoS, FNF, PfR etc
IPv6
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• Metadata match policies look familiar to NBAR C3PL? They should!
• Policy configuration remains the same, simplifying deployment
C3PL match
Metadata DB
NBAR
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 37
Media Services Interface (MSI) Media Services Proxy (MSP) NBAR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
• Metadata producers create metadata announcements Metadata producers may be anywhere along the flow path
Generally better to be at the source, or near the source
Producers Notes Platform/Release MSI (application) Direct application integration at
source of flow, before flow even starts
Shipping: WebEx Jabber Roadmap: VXC, CTS, Cannondale, Tandberg
NBAR (routers) DPI used to create metadata attributes then share downstream
Roadmap: ISRG2, ASR1k
MSP (routers & switches)
Light-weight DPI to create metadata attributes. Used locally or downstream
Shipping: ISRG2, Catalyst 4k Roadmap: Catalyst 3k
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
What can use metadata?
Consumer Function Platform/Release QoS / C3PL QoS services (match, remark,
WRED, shape etc) Shipping: ISRG2, ASR1k, cat4k Roadmap: Cat6k/Sup2T, Cat3k
Flexible NetFlow (FNF)
Reporting of metadata attributes Roadmap: ISRG2, ASR1k
Performance Monitoring
Enable monitoring based on Flow Metadata
Shipping: ISRG2 Roadmap: ASR1k, cat4k, cat3k
Policy Based Routing Determination of path based on metadata attribute
Roadmap: ISRG2, ASR1k
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
TCP/IP
Medianet
Auto-Registration
Configuration
Media Monitoring
Service Discovery
Host Monitoring
Resource Management
Middleware/API
Neighbor Discovery
Managem
ent – Policy
Media Services Interface (resides at the video endpoint):
API
Middleware
Host Stacks / Protocols
Media Services Interface Deliverables
MSI Reference implementation API SDK Simulation - Test environment Support - Documentation
Platform Portability Layer: Win, Mac, embedded Linux, mobile OS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
BR
MC/BR
BR
BR
HQ
1. WebEx/MSI generates metadata
2. Different WebEx media get different QoS policies.
5. DPI not available QoS policy driven
by metadata
3. DSCP remarked for SP
4. Traffic remarked back to enterprise values.
NBAR or metadata used
Performance Monitoring Internet /
WebEx DC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
WAN1 (IP-‐VPN)
WAN2 (IPVPN, DMVPN)
MC/BR
BR
MC/BR
BR
MC/BR
BR
BR
HQ
1. NBAR generates metadata from DPI analysis
2. QoS policy driven by metadata or NBAR. Basic DSCP markings
are not granular enough
5. DPI not available QoS policy driven
by metadata
3. DSCP remarked for SP
4. Traffic remarked back to enterprise values.
NBAR or metadata used
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
M M WAN
1.1.1.1 10.1.1.1 2134 80 http
10.76.109.45 10.76.109.51 1200 2000 WebEx Video
10.76.109.45 10.76.109.50 450 5060 SIP
30.1.1.1 135.1.1.1 1500 1600 WebEx Video
20.1.1.1 125.1.1.1 1500 1600 Surveillance
Metadata Database
Expand Production With NBAR Producing Metadata Content
NBAR Producing Metadata
NBAR detects flow/application and
fields through field extraction
Metadata can signal information
downstream
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Field Description Syntax Type h"pUrl URL extracted from the HTTP
transac8on. The URL is required per transaction
collect application http url
String
h"pHostName Host Name extracted from the HTTP transac8on. The URL is required per transaction
collect application http host-name
String
h"pUserAgent User agent field extracted from the HTTP transac8on
collect application http user-agent
String
h"pReferrer REFERRER extracted from the HTTP transac8on
collect application http referrer
String
h"pCookie COOKIE extracted from the HTTP transac8on
collect application http cookie
String
http
Field Description Syntax Type rtspHostName RTSP host name extracted
from the RTSP transaction String collect application rtsp host-
name
rtspSessionId RTSP session ID as seen on an RTSP SETUP request
String collect application rtsp session-id
rtspUrl RTSP URL String collect application rtsp url
rtspResponseDate RTSP DESCRIBE date String collect application rtsp response-date
encodingRate TBD Uint32 TBD
rtspSessionTitle Title for this RTSP stream String collect application rstp session-title
rtspServerId Name of the RTSP server String collect application rtsp server-id
rtsp
Coming Soon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Field Description Syntax Type sipMethod String collect application sip
method
sipSrcDomain Per transaction String collect application sip source-domain
sipSrcSubscriber Per transaction String collect application sip source-subscriber
sipDstDomain Per transaction String collect application sip destination-domain
sipDstSubscriber Per transaction String collect application sip destination-subscriber
sipCallID Call-ID extracted from the SIP transaction
Uint32 collect application sip call-id
sip
Field Description Syntax Type rtcpPacketLoss Average frac8onal upstream packet
loss for the session, taken from the RTCP flow. A value of 0xFFFF indicates that this field is undefined
collect application rtcp packet-loss
Uint16
rtcpJi"er Average upstream ji"er for the session in units of 1/65 millisecond, taken from the RTCP flow. A value of 0xFFFFFFFF indicates that this field is undefined
collect application rtcp jitter Uint32
rtpPayloadType Upstream RTP payload type for the session. A value of 0xFF indicates that this field was not available
collect application rtp payload-type
Uint8
rtpSsrc RTP SSRC collect application rtp ssrc Uint32
rtp/rtcp
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
G 3/1
G 5/1
G 4/1
Device/Flow Identification by MSP. Update Metadata in local node
Propagate Metadata to downstream nodes: Metadata Proxy
Metadata Signaling RSVP
Transport
Device Type – IPVS Camera, Conferencing
units IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Model Version Other properties
10.1.1.2 20.1.1.2 UDP 2000 4000 IP Surveillance Axis XYZ 1.2 …
Flow Identifier Metadata
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Metadata Database
IT-supported UC Clients
Best-effort Applications
MSP on Switch identifies surveillance applications, remarks packets
Packets from surveillance cameras sent to priority queue
M
IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Model Version Other properties
10.1.1.2 20.1.1.2 UDP 2000 4000 Surveillance Axis XYZ 1.2 …
Policy on switch:
class-map match-all test match application surveillance
policy-map test class test set dscp af11 AF11 queue (surveillance)
Egress Queues for other traffic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
WAN1 (IP-‐VPN)
MC/BR
MC/BR
BR
MC/BR
BR
BR
HQ
Branch
IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Dial From
Dial To User
Flow Identifier Metadata
MSI from endpoint
10.1.1.1 125.1.1.1 90 4080 1234 telepresence Cisco
MSP at Access
rtp 1001 2002 Bob
NBAR at Edge
telepresence-video
App-Layer
Priority-1
Priority-2 Priority-3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Dial From
Dial To User
Flow Identifier Metadata
telepresence-video
Cisco
rtp 1001 2002 Bob
telepresence
App-Layer
Priority-1
Priority-2 Priority-3
match succeeds for telepresence-video due to Priority-1
policy-map P1 class-map C1 match application rtp
class-map C2 match application telepresence-video
10.1.1.1 125.1.1.1 90 4080 1234
Packet
match fails!! match pass!!
Prioritizes more granular MSI classification BY DEFAULT in case of conflict
MSI
MSP
NBAR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
IP Src IP Dst Prot L4 Src L4 Dst Application Vendor Dial From
Dial To User
Flow Identifier
Metadata
telepresence-video
Cisco
rtp 1001 2002 Bob
telepresence
App-Layer
Priority-1
Priority-2 Priority-3
match succeeds for telepresence-video due to Priority-1
policy-map P1 class-map C1 match application rtp source msp
10.1.1.1 125.1.1.1 90 4080 1234
Packet
match pass!!
Prioritizes user specific source for backward compatibility
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Cisco Confidential Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 51
Metadata : How does it work?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Met
adat
a D
B
Met
adat
a D
B
10.1.1.2
QoS based on Metadata
Metadata consumer Metadata DB (1st: ISRG2 15.2(1)T)
Metadata announcement
Metadata producer (1st:WebEx client Dec 2011)
• Metadata protocol: announces flow parameters and attributes to network nodes along a path
• Metadata flow DB: maintains flow attribute information, and coordinates metadata producers/consumers.
Producer: creates metadata information Consumer: utilizes metadata information
• Nodes that do not support metadata will pass it silently
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Object Length Class-Num C-Type Payload Length Unused
Metadata-Payload (AppID)
RSVP Header
Session Object
Sender-Template Object
RSVP Specific Objects
Transport Object
RSVP Message
RSVP Transport Object
DCLASS Object
Policy Object (CAC-ID)
• Metadata sent only to concerned network nodes • No special hardware handling required for RSVP metadata • Keep data streams free of metadata • Encryption of data traffic not an issue • RSVP well suited for network path changes and is a standard hop-by-hop protocol
Why RSVP?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Cisco Confidential Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 54
Metadata Configurations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
• Metadata global CLI commands are moved to service internal (except “metadata flow”)
• End Point – Flow Specifications
• Source IP address – End point IP (Telepresence)
• Destination IP address – MCU (Telepresence Switch)
• Configuration Example
metadata flow <Enable Flow Metadata feature> metadata flow flow-specifier TP-A source-ip 1.1.1.1 source-port 1000 dest-ip 2.2.2.2 dest-port 1000 ip protocol [udp | tcp] [UDP is the default]
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
• End Point – Flow Params
• Application – Telepresence Video Stream
• Global Session ID – 12, Clock Freq – 2000 Khz
• Configuration Example:
metadata flow <Enable Flow Metadata feature> metadata flow session-params TP-A application name telepresence-media global-session-id 12 multi-party-session-id 11111111 clock-frequency 2000 ssrc 363636
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
• Flow Creation and Propagation
• Carries Flow Spec and Flow Attributes to the destination.
• RSVP is the Transport Protocol
• Follows the media path
metadata flow entry TP-A
session-params TP-A
flow-specifier TP-A
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Enable Classification on any Node in the network
class-map match-all test
match application telepresence-media (based on app-ID) [OR] match application attribute device-class desktop-conferencing
!
!
policy-map test
class test
set dscp af11
!
QOS Application
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
• Classify based on Global Session ID • Classify based on Multi Party Session ID
• Configuration Examples
class-map match-all test3
match metadata global-session-id 12
class-map match-all test1
match metadata multi-party-session-id 11111111
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
• Create Class MAP and Policy MAP class-map match-all test match application telepresence-media ! policy-map test class test set dscp af11 !
• Attach the policy to Interface interface Ethernet1/0 ip address 1.1.1.2 255.255.255.0 service-policy input test1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
• Flow Data Base with Source IP, Destination IP and Port information
• Available in every hop (node)
cat4k-1#show metadata flow table
Flow To From Protocol DPort SPort Ingress I/F Egress I/F SSRC
1 60.1.1.11 70.1.1.10 UDP 1722 50004 Gi3/47 Gi3/48 1716307277
cat4k-1#
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
Detailed information about a Flow with Attributes cat4k1#sh metadata flow local-flow-id 1
To From Protocol SPort DPort Ingress I/F Egress I/F
60.1.1.11 70.1.1.10 UDP 50000 6970 GigabitEthernet3/47
Metadata Attributes :
End Point Model : AXIS-Camera
Application Name : rtp
Application Tag : DDA64892
Device-class : “Surveillance”
Mime Type : H264
Payload Type : 96
Clock Frequency : 90000
Bandwidth : 50000
SSRC : 2986382046
•
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
• Metadata Debug Commands
Debug metadata flow all Debug metadata flow core [api | error | events ] Debug metadata flow table [api | error | events] Debug metadata enc-dec [details | error | events]