tech talk: learn what flow analysis tells us about network usage at ca world 2016
TRANSCRIPT
World®’16
TechTalk:LearnWhatFlowAnalysisTellsUsAboutNetworkUsageatCAWorld2016
DanielBrzoska,Advisor,Presales,CATechnologies
DO4T45T
DEVOPS— AGILEOPERATIONS
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
CA Network Flow Analysis provides deep visibility into the composition of network traffic to helptechnical staff deliver optimal application performance and validate data. Insight into who’susing the network and what they’re doing can be extremely useful for those who are responsiblefor network performance and resolving issues that impact business services. At last year’s CAWorld, we quietly monitored the traffic from the show floor to the outside world and were a bitsurprised to see how much traffic and bandwidth were being consumed by AppleTV, SharePointand Outlook. This year, we plan to monitor the show floor traffic again, compare it to last year’sdata and share the insight with you during this end-of-the-conference session. Come find outwhat CA Network Flow Analysis tells us about bandwidth usage at this year’s event. It’s notreality TV, but a reality session.
DanielBrzoskaCATechnologiesAdvisor,Presales
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
CORECAPABILITIESOFAPPLICATION-AWARENETWORKMONITORING
NETWORKTRAFFICANALYSIS
QUESTIONS&ANSWERS
CANETWORKFLOWANALYSIS
NETWORKTRAFFICANALYSISFORCAWORLD2016
RECOMMENDEDSESSIONS/MUST-SEEDEMOS
1
2
3
4
5
6
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NetworkTrafficAnalysis
NetworkDevicePerformance
ApplicationResponseTime
Analysis
UnifiedCommunications
QoE
AnomalyDetection
CommonDashboard&Reporting
CoreCapabilities
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NetworkTrafficAnalysis
NetworkDevicePerformance
ApplicationResponseTime
Analysis
UnifiedCommunications
QoE
AnomalyDetection
CommonDashboard&Reporting
CoreCapabilities
NetworkTrafficAnalysisVisibilityintonetworktrafficcomposition,behavior,utilizationandtheimpactonapplicationperformance
• Identifyapplicationsrunningonthenetwork
• Identifythebandwidthassociatedwitheachapplication
• Linkcapacityforfuturegrowth
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
NetworkTrafficAnalysisVisibilityintoNetworkCompositionandBehavior
BetterApplicationPerformance
Arecriticalappsprioritizedoverlessimportantnetworktraffic?
Canyournetworkhandleincreasingvideoandvoicetraffic?
CanyouvalidatewhethercurrentQoS policiesareeffective?
Whatapplicationsarerunningonyournetwork?
Whichhostsareconsumingthemostbandwidth?
Whendoapplicationsconsumethemostbandwidth?
IsthenetworkexperiencingaDoSattack?
HowwillIknowifI’mover-provisioning?
Willincreasingbandwidthaddressexistingperformanceissues?
Howmuchlinkcapacityisneededinthenext6months?
FasterProblemResolution
LowerInfrastructureCosts
FOR
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CANetworkFlowAnalysis
§ Easy. Single,datacenter-basedcollectionpointfornetworktrafficanalysis,withoutrequiringprobesorhardwareappliancestobedeployed&maintainedineachlocation
§ Comprehensive. 100%visibilityintohowthenetworkisbeingused—who’sconsumingnetworkresources,whatusersaredoing,wheretheirtrafficisgoingandhowthenetworkisprioritizingtheirtraffictoensurehighqualityuserexperiences
§ Proactive. PlanandmanagenetworkperformancewithQoS policyvalidation,capacitytrendsandanalysisandanomalydetection.
§ CiscoIVTCertified. EnhancedapplicationvisibilitywithCisco’sAVC-enableddevicesforrichaccounting,classificationandreportingofapplicationsrunningonthenetwork
100%VisibilityintoNetworkTrafficandBehavior
§
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AppAwarenesswithCiscoApplicationVisibility/Control
PervasiveAppVisibility BusinessPolicy-basedRules ComprehensiveReporting• Noadditionalhardware• Richdatacollectionusing
NetFlowv9/IPFIX• Easytointegrateintomany
reportingtools
• NoneedforcomplexIPandportACLs
• SeeinsideHTTPflowstoidentifyspecificCloudapplications
• Betteruseofcostlybandwidth• Per-branchandper-applicationlevel
reporting
VISIBILITYTO1000+APPS SMARTCAPACITYPLANNINGNOPROBES
PrivateCloud
Branch DC/Headquarters
WANNetFlow v9
Enterprise Edge
AVC
AVC
CSRProliferationof Devices
Users/Machines
60%ofITProfessionalsCitePerformanceasKeyChallengeforCloud
ISR
ASR
AVC
AVC
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AVCOperation– NBAR2
§ Detectoveronethousandapplicationsinitsfirstrelease;itsheuristicanalysisengineallowsNBAR2toidentifyapplicationsregardlessofportsapplicationsmayberunningon
§ SupportofNBAR2ProtocolPack(PP)allowsupdatingapplicationsignaturewhiletheroutersarerunning;newProtocolPackisreleasedeverymonth
§ ApplicationcategorizationusesNBAR2attributestogroupsimilarapplicationstosimplifyapplicationmanagementforbothclassificationandreporting
§ ExtractinformationfromapplicationsuchasHTTPURL,HTTP UserAgent,SIPURL,forexportorclassification
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Perf.andCollection– TrafficStatistics– Classification
§ 1byteofClassificationEngineID;theClassificationEnginecanbeconsideredasaspecificregistryforapplicationassignments
§ 3bytesofSelectorID;theSelectorIDlengthvariesdependingontheClassificationEngineID
§ ClassificationEngineIDdefinesthecontextfortheSelectorID;valuescanbeIANA(L3protocol,L4port),NBAR(NBAR2customapplication)orCisco(NBAR2DeepPacketInspection)
§ CANetworkFlowAnalysiscurrentlyonlysupportsEngineID13
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CiscoPlatformRequirements
§ AVCrequiresalicensetoenablethefunctionalitypresented
§ LicenseInfo:– ISRG2(Cisco880/890)–
AdvancedIPServices– ISRG2/CSR1000– AXLicense– ASR1000- AdvancedIPServices
(AIS)orAdvancedEnterpriseServices(AES)license,andinaddition,AVClicense(FLASR1-AVC-RTU)
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ConfiguringAVC§ Createaflowrecord
“matchapplicationname”isrequiredtosendapplication
IDsforreportingbyCANetworkFlowAnalysis
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ConfiguringAVC
§ Createaflowexporter
§ Createaflowmonitor
§ Applytointerfaces(LAN/WAN/Tunnel/Port-Channel)
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
YoucanaddacompletesetofdefaultNBAR2applicationmappingrulesinabatchimportoperation;youperformthistaskonthecommandlinebyusingthenbar2.csvfilethatcomeswiththeproduct
Followthesesteps:
1. LogintotheCANetworkFlowAnalysisconsoleserverorstand-aloneserverasauserwhoisamemberoftheAdministratorsgroup
2. Openacommandprompt3. Navigatetothedirectorythatcontainsthenbar2.csvfile:Enterthefollowing
command:cd<install_path>\reporter\racmd where:4. <install_path>istheproductinstallationpath;thedefaultpathisC:\CA\NFA5. Enterthefollowingcommand:racmd -importnbar2.csv6. Ifanyerrorsoccurduringtheimport,errormessagesareshown;ifnomessageis
returned,theimportsucceededwithnoproblems
ImportApplicationMappingRules
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ValidateNBAR2ApplicationMappingRules
§ OpenuptheCANetworkFlowAnalysisUI
§ ClickAdministration–ApplicationDefinitions
§ Thereshouldbe~11pagesofrules
§ KeyItemstolookfor:– RuleswithNBAR2Engine
IDandApplicationID
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAWorld2015Traffic
Applicationsbrokenoutby
NBAR2classification
CAWorld2016Traffic