How to monitor the performance routing on your traffic?
Author: Pascal Pratmarty – eye.lo Project Manager
Path Management from Cisco IWAN at a glance
The concept of an Intelligent WAN was initially raised Cisco in 2011, with the idea of giving WAN access network devices the capacity to adapt and optimize packet routing for a better user experience on key applications. In a nutshell, Cisco Path Management allows CPE network elements to dynamically alter routing decisions for site-to-site traffic to alternative paths. These choices are triggered by drops in performance metrics such as Latency, Jitter, or Packet Loss Rate.
- One master Controller defined as the Hub MC
- Centralized location for policy definition
The administrator configures performance policies into a component called the Hub Master Controller (responsible for an IWAN domain configuration): the information will automatically be published to all branch Master Controllers belonging to the same IWAN domain. As a result, passive traffic and performance probes are activated on the CPEs (also called Border Routers, or BR) to monitor and control the network paths per traffic class.
Next step: How to monitor the Path Management feature?
Live IWAN domains all require a reporting tool to answer legitimate concerns from client enterprises: Where is my traffic going? Am I efficiently using all network paths? What is the end user experience for my key applications? How and when does Cisco Path Management actually protect me when a problem occurs on a network path across my VPN network?
Cisco IWAN network elements share the ability to send near-real time information through Netflow and IPFIX:
- CPEs (also called “Border Routers”) may export detailed traffic and performance statistics per application (through NBAR and Cisco AVC performance monitors) and live performance statistics per Traffic Path
- Path Management Master Controllers may export Path Alert and Decision events.
eye.lo is LivingObjects’ multi-vendor IP network monitoring platform. It integrates a PlugIN which allows all Cisco IWAN features such as AVC, Path Management and WAAS to be leveraged.
Contrary to other Cisco Path monitoring platforms, this PlugIN analyses symmetric and asymmetric traffic data. It is therefore compatible with single AND multi Border Router architectures.
From this raw data, eye.lo’s analytics module enables key KPIs to be built in order to understand the Path Management feature and visualize:
- Historical network path performance
- Performance synthesis for each network type
- Why traffic moved from one path to another
- Visualization of traffic per DSCP and per Application for each link.
With these informations, Cisco Path Management feature is easily understood and policy rules can be optimized.
Exporting the right flows on the Cisco router
First, make sure that your architecture complies with Cisco Validated Design for IWAN. Here the documentation:
Let’s consider sites deployed with a single Border Router, where all WAN paths are managed by the same CPE. Here are a few tips we encourage you to follow. They aim at presenting best-practice for exporting the best information level (in terms of traffic, application visibility and performance metrics) to external monitoring tools.
1- Temper Smart Probing traffic level (by default 20 pps per traffic class) with ‘Zero-SLA’ or ‘Smart Probing’ Reduction feature, to limit the volume of synthetic traffic on your WAN links,
2- Simplify the AVC configuration with the Cisco or LivingObjects EZPM application performance profiles (10 lines, compared to over 100 lines with static performance monitors)
3- When IWAN covers only part of the enterprise VPN, attach AVC monitoring to the physical WAN interfaces on top of DMVPN tunnel interfaces. At LivingObjects we call this a ‘Mixed IWAN’ configuration. From our experience, it occurs when the enterprise does not upgrade the IOS for all its branch CPE routers or uses CPEs from other vendors.
In the example below, an IWAN domain with two paths (MPLS and INET), with only the data center and branch sites 1 to 3, has been configured. Branch sites 4 and 5 are interconnected with them only through the traditional Service Provider MPLS VPN.
Using Cisco IWAN metrics and eye.lo to monitor the Network
Cisco IWAN is designed to optimize network quality and end-user experience. In addition to these advanced features, IWAN exports traffic and performance metrics. From your reporting tool, you should expect to correlate these metrics into a simple environment. This will help you understand IWAN optimizations and decisions, along with application end-user experience.
The eye.lo Netflow collector processes and extracts meaning from the raw information in the Netflow records. eye.lo is able to:
- Recognize which server or client IP addresses belong to the customer site LAN.
- Store statistics separately for IWAN and non-IWAN interfaces.
- Compress data from all CPE devices into a coherent and optimized per-customer dataset.
- Correlate traffic-path-centric PfR flows with application-centric AVC flows (matching with the DSCP information field).
- Adapt dynamically to any type or generation of flows (v9/v10, Traditional Netflow, Flexible Netflow, AVC Performance Monitors…).
- Enrich individual flow information with the customers’ tailor-made custom applications, created on-demand with no configuration impact on the routers, (drawn from many potential characteristics, such as the IP address, the transport port, the DNS server name, the recognized NBAR application…).
With these core capabilities, Eye.lo leverages Cisco IWAN metrics into a default set of Key Performance Indicators (KPIs) and dashboards, enabling users to fully understand the traffic on hybrid networks. Its intuitive and flexible interface also enables end users to build their custom KPIs and dashboards on-the-fly to focus on particular topics.
- Compare WAN networks (MPLS / Internet) or Service Providers in terms of volume of ‘out-of-policy’ events
- Recognise application categories that make up the traffic for each network
- Start your day with the list of Top 10 sites that have generated out-of-policy events
- Pinpoint the context and cause for RouteChange events with performance metrics
- List top applications impacted by a RouteChange event on a site, and check whether the average user experience has been impacted in the process
- Measure the traffic distribution between a branch site and the different data centers
We will share more tips in other articles:
– How to monitor traffic and application performance in the context of multiple BR per site?
– How can you monitor WAAS optimization?
Please stay tuned!