tech talk: learn what flow analysis tells us about network usage at ca world 2016

World®’16

TechTalk:LearnWhatFlowAnalysisTellsUsAboutNetworkUsageatCAWorld2016

DanielBrzoska,Advisor,Presales,CATechnologies

DO4T45T

DEVOPS— AGILEOPERATIONS

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation


Abstract

CA Network Flow Analysis provides deep visibility into the composition of network traffic to helptechnical staff deliver optimal application performance and validate data. Insight into who’susing the network and what they’re doing can be extremely useful for those who are responsiblefor network performance and resolving issues that impact business services. At last year’s CAWorld, we quietly monitored the traffic from the show floor to the outside world and were a bitsurprised to see how much traffic and bandwidth were being consumed by AppleTV, SharePointand Outlook. This year, we plan to monitor the show floor traffic again, compare it to last year’sdata and share the insight with you during this end-of-the-conference session. Come find outwhat CA Network Flow Analysis tells us about bandwidth usage at this year’s event. It’s notreality TV, but a reality session.

DanielBrzoskaCATechnologiesAdvisor,Presales


Agenda

CORECAPABILITIESOFAPPLICATION-AWARENETWORKMONITORING

NETWORKTRAFFICANALYSIS

QUESTIONS&ANSWERS

CANETWORKFLOWANALYSIS

NETWORKTRAFFICANALYSISFORCAWORLD2016

RECOMMENDEDSESSIONS/MUST-SEEDEMOS

1

2

3

4

5

6


NetworkTrafficAnalysis

NetworkDevicePerformance

ApplicationResponseTime

Analysis

UnifiedCommunications

QoE

AnomalyDetection

CommonDashboard&Reporting

CoreCapabilities


NetworkTrafficAnalysis

NetworkDevicePerformance

ApplicationResponseTime

Analysis

UnifiedCommunications

QoE

AnomalyDetection

CommonDashboard&Reporting

CoreCapabilities

NetworkTrafficAnalysisVisibilityintonetworktrafficcomposition,behavior,utilizationandtheimpactonapplicationperformance

• Identifyapplicationsrunningonthenetwork

• Identifythebandwidthassociatedwitheachapplication

• Linkcapacityforfuturegrowth


NetworkTrafficAnalysisVisibilityintoNetworkCompositionandBehavior

BetterApplicationPerformance

Arecriticalappsprioritizedoverlessimportantnetworktraffic?

Canyournetworkhandleincreasingvideoandvoicetraffic?

CanyouvalidatewhethercurrentQoS policiesareeffective?

Whatapplicationsarerunningonyournetwork?

Whichhostsareconsumingthemostbandwidth?

Whendoapplicationsconsumethemostbandwidth?

IsthenetworkexperiencingaDoSattack?

HowwillIknowifI’mover-provisioning?

Willincreasingbandwidthaddressexistingperformanceissues?

Howmuchlinkcapacityisneededinthenext6months?

FasterProblemResolution

LowerInfrastructureCosts

FOR


CANetworkFlowAnalysis

§ Easy. Single,datacenter-basedcollectionpointfornetworktrafficanalysis,withoutrequiringprobesorhardwareappliancestobedeployed&maintainedineachlocation

§ Comprehensive. 100%visibilityintohowthenetworkisbeingused—who’sconsumingnetworkresources,whatusersaredoing,wheretheirtrafficisgoingandhowthenetworkisprioritizingtheirtraffictoensurehighqualityuserexperiences

§ Proactive. PlanandmanagenetworkperformancewithQoS policyvalidation,capacitytrendsandanalysisandanomalydetection.

§ CiscoIVTCertified. EnhancedapplicationvisibilitywithCisco’sAVC-enableddevicesforrichaccounting,classificationandreportingofapplicationsrunningonthenetwork

100%VisibilityintoNetworkTrafficandBehavior

§


CiscoAVCOverview


AppAwarenesswithCiscoApplicationVisibility/Control

PervasiveAppVisibility BusinessPolicy-basedRules ComprehensiveReporting• Noadditionalhardware• Richdatacollectionusing

NetFlowv9/IPFIX• Easytointegrateintomany

reportingtools

• NoneedforcomplexIPandportACLs

• SeeinsideHTTPflowstoidentifyspecificCloudapplications

• Betteruseofcostlybandwidth• Per-branchandper-applicationlevel

reporting

VISIBILITYTO1000+APPS SMARTCAPACITYPLANNINGNOPROBES

PrivateCloud

Branch DC/Headquarters

WANNetFlow v9

Enterprise Edge

AVC

AVC

CSRProliferationof Devices

Users/Machines

60%ofITProfessionalsCitePerformanceasKeyChallengeforCloud

ISR

ASR

AVC

AVC


HowDoesCiscoAVCWork?


AVCOperation– ApplicationRecognition


AVCOperation– NBAR2

§ Detectoveronethousandapplicationsinitsfirstrelease;itsheuristicanalysisengineallowsNBAR2toidentifyapplicationsregardlessofportsapplicationsmayberunningon

§ SupportofNBAR2ProtocolPack(PP)allowsupdatingapplicationsignaturewhiletheroutersarerunning;newProtocolPackisreleasedeverymonth

§ ApplicationcategorizationusesNBAR2attributestogroupsimilarapplicationstosimplifyapplicationmanagementforbothclassificationandreporting

§ ExtractinformationfromapplicationsuchasHTTPURL,HTTP UserAgent,SIPURL,forexportorclassification


AVCOperation– PerformanceCollection&Exporting


Perf.andCollection– TrafficStatistics– Classification

§ 1byteofClassificationEngineID;theClassificationEnginecanbeconsideredasaspecificregistryforapplicationassignments

§ 3bytesofSelectorID;theSelectorIDlengthvariesdependingontheClassificationEngineID

§ ClassificationEngineIDdefinesthecontextfortheSelectorID;valuescanbeIANA(L3protocol,L4port),NBAR(NBAR2customapplication)orCisco(NBAR2DeepPacketInspection)

§ CANetworkFlowAnalysiscurrentlyonlysupportsEngineID13


CiscoAVCRequirementsandConfiguration


CiscoPlatformRequirements

§ AVCrequiresalicensetoenablethefunctionalitypresented

§ LicenseInfo:– ISRG2(Cisco880/890)–

AdvancedIPServices– ISRG2/CSR1000– AXLicense– ASR1000- AdvancedIPServices

(AIS)orAdvancedEnterpriseServices(AES)license,andinaddition,AVClicense(FLASR1-AVC-RTU)


ConfiguringAVC§ Createaflowrecord

“matchapplicationname”isrequiredtosendapplication

IDsforreportingbyCANetworkFlowAnalysis


ConfiguringAVC

§ Createaflowexporter

§ Createaflowmonitor

§ Applytointerfaces(LAN/WAN/Tunnel/Port-Channel)


CANetworkFlowAnalysisConfigurationtoSupportCiscoAVC


YoucanaddacompletesetofdefaultNBAR2applicationmappingrulesinabatchimportoperation;youperformthistaskonthecommandlinebyusingthenbar2.csvfilethatcomeswiththeproduct

Followthesesteps:

1. LogintotheCANetworkFlowAnalysisconsoleserverorstand-aloneserverasauserwhoisamemberoftheAdministratorsgroup

2. Openacommandprompt3. Navigatetothedirectorythatcontainsthenbar2.csvfile:Enterthefollowing

command:cd<install_path>\reporter\racmd where:4. <install_path>istheproductinstallationpath;thedefaultpathisC:\CA\NFA5. Enterthefollowingcommand:racmd -importnbar2.csv6. Ifanyerrorsoccurduringtheimport,errormessagesareshown;ifnomessageis

returned,theimportsucceededwithnoproblems

ImportApplicationMappingRules


ValidateNBAR2ApplicationMappingRules

§ OpenuptheCANetworkFlowAnalysisUI

§ ClickAdministration–ApplicationDefinitions

§ Thereshouldbe~11pagesofrules

§ KeyItemstolookfor:– RuleswithNBAR2Engine

IDandApplicationID


WhatDoesCiscoAVCDataLookLikeinCANetworkFlowAnalysis?


CAWorld2015Traffic

Applicationsbrokenoutby

NBAR2classification

CAWorld2016Traffic


Thankyou.

Stayconnectedatcommunities.ca.com


DevOps– AgileOps

FormoreinformationonDevOps– AgileOps,pleasevisit:http://cainc.to/wYXSg6

tech talk: learn what flow analysis tells us about network usage at ca world 2016

Technology