{"id":712,"date":"2018-02-07T12:18:58","date_gmt":"2018-02-07T11:18:58","guid":{"rendered":"http:\/\/www.quisted.net\/?p=712"},"modified":"2018-02-07T12:18:58","modified_gmt":"2018-02-07T11:18:58","slug":"network-management-tools-netflow-nbar-ip-sla","status":"publish","type":"post","link":"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/","title":{"rendered":"Network Management (Tools, Netflow, NBAR, IP SLA)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#Monitoring_and_Managing\" >Monitoring and Managing<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#Phases_of_optimizations_and_the_tools\" >Phases of optimizations and the tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#Syslogging\" >Syslogging<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#Netflow\" >Netflow<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#NBAR_Network_Based_Application_Recognition_AutoQoS\" >NBAR (Network Based Application Recognition) \/ AutoQoS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#AutoQoS\" >AutoQoS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/07\/network-management-tools-netflow-nbar-ip-sla\/#IP_SLA\" >IP SLA<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Monitoring_and_Managing\"><\/span><span style=\"color: #3366ff;\">Monitoring and Managing<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Know your network is doing well.<\/li>\n<li>Understand the trends in your network performance.<\/li>\n<li>Identify your bottlenecks and propose solutions.<\/li>\n<li>Proact &#8211; Don&#8217;t react.<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"Phases_of_optimizations_and_the_tools\"><\/span><span style=\"color: #993366;\">Phases of optimizations and the tools<\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ol>\n<li><strong>Create a baseline &#8211; <\/strong><em>Netflow, NBAR, IP SLA<\/em><\/li>\n<li><strong>Optimize Network &#8211; <\/strong><em>QoS, AutoQoS VoIP, AutoQoS Enterprise<\/em><\/li>\n<li><strong>Measure \/ Adjust &#8211; <\/strong><em>Netflow, NBAR, IP SLA, Syslog<\/em><\/li>\n<li><strong>Deploy Apps &#8211; <\/strong><em>Netflow, NBAR<\/em><\/li>\n<\/ol>\n<ul>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/NetFlow\" target=\"_blank\" rel=\"noopener\">https:\/\/en.wikipedia.org\/wiki\/NetFlow<\/a><\/li>\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/ios-nx-os-software\/network-based-application-recognition-nbar\/prod_case_study09186a00800ad0ca.html\" target=\"_blank\" rel=\"noopener\">Cisco NBAR<\/a><\/li>\n<li><a href=\"https:\/\/www.cisco.com\/en\/US\/tech\/tk543\/tk759\/technologies_white_paper09186a00801348bc.shtml\" target=\"_blank\" rel=\"noopener\">WhitePaper AutoQoS<\/a><\/li>\n<li><a href=\"https:\/\/learningnetwork.cisco.com\/blogs\/vip-perspectives\/2017\/06\/13\/ip-sla-fundamentals\" target=\"_blank\" rel=\"noopener\">Cisco IP SLA<\/a><\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h4><span class=\"ez-toc-section\" id=\"Syslogging\"><\/span><span style=\"color: #993366;\">Syslogging<\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n<table id=\"tablepress-8\" class=\"tablepress tablepress-id-8\">\n<thead>\n<tr class=\"row-1\">\n\t<th class=\"column-1\">Level number<\/th><th class=\"column-2\">Severity<\/th><th class=\"column-3\">Description.<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-2\">\n\t<td class=\"column-1\">0<\/td><td class=\"column-2\">Emergencies<\/td><td class=\"column-3\">System is unusable.<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\">1<\/td><td class=\"column-2\">Alert<\/td><td class=\"column-3\">Immediate action is needed.<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\">2<\/td><td class=\"column-2\">Critical<\/td><td class=\"column-3\">Critical conditions.<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\">3<\/td><td class=\"column-2\">Error<\/td><td class=\"column-3\">Error conditions.<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\">4<\/td><td class=\"column-2\">Warning<\/td><td class=\"column-3\">Warning conditions.<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\">5<\/td><td class=\"column-2\">Notification<\/td><td class=\"column-3\">Normal but significant conditions.<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\">6<\/td><td class=\"column-2\">Informational<\/td><td class=\"column-3\">Informational messages only.<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\">7<\/td><td class=\"column-2\">Debugging<\/td><td class=\"column-3\">Debugging messages only.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<!-- #tablepress-8 from cache -->\n<ul>\n<li>Key practices:\n<ul>\n<li>Set the right date \/ time.<\/li>\n<li>Use the same IOS version ( different messages, severity ).<\/li>\n<li>Out of Band management ( security , performance ).<\/li>\n<li>Centralized logging server.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Netflow\"><\/span><span style=\"color: #993366;\">Netflow<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/NetFlow\" target=\"_blank\" rel=\"noopener\">https:\/\/en.wikipedia.org\/wiki\/NetFlow<\/a><\/li>\n<li>Esed for Traffic accounting<\/li>\n<li>Heavily used by:\n<ul>\n<li><strong>Service Providers<\/strong>\n<ul>\n<li><em>Network Planning<\/em><\/li>\n<li><em>Accounting and Billing<\/em><\/li>\n<li><em>Security<\/em><\/li>\n<li><em>Traffic Engineering<\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>Enterprise Customers<\/strong>\n<ul>\n<li><em>Internet Conenction Monitoring<\/em><\/li>\n<li><em>User \/ Application Monitoring<\/em><\/li>\n<li><em>Security<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #008000;\"><strong>NetFlow tracks Flows ( Sessions )<\/strong><\/span>\n<ul>\n<li><em>IP Source Address<\/em><\/li>\n<li><em>IP Destination Address<\/em><\/li>\n<li><em>Source Port Number<\/em><\/li>\n<li><em>Destination Port Number<\/em><\/li>\n<li><em>Protocol type ( udp \/ tcp \/ etc )<\/em><\/li>\n<li><em>Input Interface<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"NBAR_Network_Based_Application_Recognition_AutoQoS\"><\/span><span style=\"color: #993366;\">NBAR (<em>Network Based Application Recognition)<\/em> \/ AutoQoS<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/ios-nx-os-software\/network-based-application-recognition-nbar\/prod_case_study09186a00800ad0ca.html\" target=\"_blank\" rel=\"noopener\">Cisco NBAR<\/a><\/li>\n<li><a href=\"https:\/\/www.cisco.com\/en\/US\/tech\/tk543\/tk759\/technologies_white_paper09186a00801348bc.shtml\" target=\"_blank\" rel=\"noopener\">WhitePaper AutoQoS<\/a><\/li>\n<li>Identifies Applications in traffic flows<\/li>\n<li>Inspects layer 2-4 , layer 7 data for supported applications ( around <strong>90<\/strong> supported )<\/li>\n<li>Expandable through IOS Upgrades and <strong>PDLMs (Packet Description Language Module<\/strong>)<\/li>\n<li>Integrates with <strong>QoS<\/strong> mechanics<\/li>\n<li>Integrats with <strong>SNMP<\/strong> mechanics<\/li>\n<\/ul>\n<\/li>\n<li><strong>Starting with NBAR<\/strong>\n<ul>\n<li><em>sh ip nbar protocol-discovery stats bit-rate top-n 10<\/em><\/li>\n<li>Onboard IOS tools allow for top x reporting<\/li>\n<li>Gobs of monitoring tools use this data (<strong>MRTG, Cacti, Zabbix<\/strong>)<\/li>\n<li>Integrates into class-map ( <strong>QoS<\/strong> ) and <strong>AutoQoS<\/strong> Mechanics<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"AutoQoS\"><\/span><span style=\"color: #993366;\">AutoQoS<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/switches\/lan\/catalyst2960x\/software\/15-0_2_EX\/qos\/configuration_guide\/b_qos_152ex_2960-x_cg\/b_qos_152ex_2960-x_cg_chapter_011.html\" target=\"_blank\" rel=\"noopener\">Cisco AutoQoS<\/a><\/li>\n<li>Comes in two flavours:\n<ul>\n<li>AutoQoS for VoIP ( Pre-defined policy-map templates)\n<ul>\n<li>Creates about 40 lines of config<\/li>\n<\/ul>\n<\/li>\n<li>AutoQoS for Enterprise ( application sniffing with NBAR )\n<ul>\n<li>Uses NBAR to identify the key applications<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Trusted Mode ( Believes existing DSCP )<\/li>\n<li>Untrusted Mode ( Leverages NBAR Discovery )<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"IP_SLA\"><\/span><span style=\"color: #993366;\">IP SLA<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/learningnetwork.cisco.com\/blogs\/vip-perspectives\/2017\/06\/13\/ip-sla-fundamentals\" target=\"_blank\" rel=\"noopener\">Cisco IP SLA<\/a><\/li>\n<li><strong>Technically:<\/strong>\n<ul>\n<li>A contract with a service level guarantee<\/li>\n<li>In Cisco: A method of measuring service level by sending test traffic.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Able to Measure:<\/strong>\n<ul>\n<li><em>Network Delay<\/em><\/li>\n<li><em>Packet loss<\/em><\/li>\n<li><em>Jitter<\/em><\/li>\n<li><em>Voice Quality<\/em><\/li>\n<\/ul>\n<\/li>\n<li>SNMP Reporting also an option.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Monitoring and Managing Know your network is doing well. Understand the trends in your network performance. Identify your bottlenecks and propose solutions. Proact &#8211; Don&#8217;t react. Phases of optimizations and the tools Create a baseline &#8211; Netflow, NBAR, IP SLA Optimize Network &#8211; QoS, AutoQoS VoIP, AutoQoS Enterprise Measure \/ Adjust &#8211; Netflow, NBAR, IP [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[2],"tags":[25,52,60,69,70],"class_list":["post-712","post","type-post","status-publish","format-standard","hentry","category-arc","tag-autoqos","tag-ip-sla","tag-management","tag-nbar","tag-netflow"],"_links":{"self":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/comments?post=712"}],"version-history":[{"count":0,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/712\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/media?parent=712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/categories?post=712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/tags?post=712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}