AVC-Export:Monitoring

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Application Name)
Line 27: Line 27:
  option application-table
  option application-table
</pre>
</pre>
 +
 +
<br>
 +
 +
If you want to get more information regarding the various attributes of a particular application, you can configure the following option under the flow exporter:
 +
 +
<pre>
 +
flow exporter <my-exporter>
 +
option application-attribute
 +
</pre>
 +
<br>
<br>

Revision as of 09:59, 11 December 2012



Contents




Application Name

NBAR Application name provides the information regarding the L7 level information for a particular flow, e.g HTTP, FTP, SIP etc.. There is an ID exported by ART, which explains which application this flow belongs to. The Application-ID is divided into two parts: Engine-ID:Classification-id.

First 8 bits provides the information about engine, which classified this flow. For example: IANA-L4, CANA-L3 etc. The rest of the 24 bits provides information about the application, for example 80 (HTTP) etc. The CLI for this field is: 

collect application name


It is exported against FNF field ID 95. It is supported in both the export formats i.e. netflow-v9 and IPFIX. With this CLI, only the application ID would be exported. The application-id would be a number which may not be understood by collector. To resolve this issue, there is an option to export the mapping table between the application ID and the application name. This option is configurable under flow exporter command. Here is the cli: 

flow exporter <my-exporter>
 option application-table


If you want to get more information regarding the various attributes of a particular application, you can configure the following option under the flow exporter: 

flow exporter <my-exporter>
 option application-attribute



PA Metrics

PA provides the basic metrics for both TCP and UDP protocols and for both IPv4 and IPv6. Some of the metrics are dynamically exported in the form of the delta value for the interval. These include the client/server bytes and packets metrics. In addition, PA server/client bytes/packets metrics are for layer-3 measurements and in a TCP flow are counted up to the second FIN. The rest of the metrics are relatively static and remain the same across different export intervals.

PA keeps exporting the measurements as long as the flow stays active. As a consequence, the collector might occasionally observe zero values for dynamic metrics such as the client/server bytes/packets. For all the UDP flows, the TCP related metrics such as ART metrics would be zero. Another note for the Input/Output interface metrics is that these are corresponding to the interface from which the flow enters/leaves the box.

All the PA metrics can be exported either through Netflow v9 or IPFIX protocol. PA metrics are summarized below.


Field Name Export ID CLI Description
Application ID 95 collect application name exports application ID field (coming from NBAR2) to reporting tool.
Client Bytes 1 collect counter client bytes Total bytes sent by initiator of the connection. Counted up to the second FIN if for a TCP flow.
Client Packets 2 collect counter client packets Total packets sent by initiator of the connection. Counted up to the second FIN if for a TCP flow.
Interface Input 10 collect interface input Interface name from which flow is entering the box.
Interface Output 14 collect interface output Interface name from which flow is exiting out the box.
Server Bytes 23 collect counter server bytes Total bytes sent by responder of the connection. Counted up to the second FIN if for a TCP flow.
Server Packets 24 collect counter server packets Total packets sent by responder of the connection. Counted up to the second FIN if for a TCP flow.
Datalink Mac Source Address Input 56 collect datalink mac source address input MAC address of source device from Input side
IPv4 DSCP 195 collect ipv4 dscp IPv4 DSCP value
IPv6 DSCP 195 collect ipv6 dscp IPv6 DSCP value


ART Metrics


Field Name Export ID CLI Description
Client Network Time [sum/min/max]
  • 42084 (sum)
  • 42085 (max)
  • 42086 (min)
  • collect art client network time sum
  • collect art client network time minimum
  • collect art client network time maximum
The round trip time between SYN-ACK & ACK and also called Client Network Delay (CND). CND = T8 – T5
Server Network Time [sum/min/max]
  • 42087(sum)
  • 42088(max)
  • 42089(min)
  • collect art server network time sum
  • collect art server network time minimum
  • collect art server network time maximum
The round trip time between SYN & SYN-ACK and also called Server Network Delay (SND).

SND = T5 - T2

Network Time [sum/min/max]
  • 42081(sum)
  • 42082(max)
  • 42083(min)
  • collect art network time sum
  • collect art network time minimum
  • collect art network time maximum
The round trip time that is the summation of CND and SND. It is also called Network Delay (ND).
Server Response Time [sum/min/max]
  • 42074(sum)
  • 42075(max)
  • 42076(min)
  • collect art server response time sum
  • collect art server response time minimum
  • collect art server response time maximum
The time taken by an application to respond to a request. It is also called Application Delay (AD) or Application Response Time.
  • AD = RT – SND
  • min_AD = min_RT – sum_SND/no. of sessions
  • max_AD = max_RT – sum_SND/no. of sessions
  • sum_AD = sum_RT – (sum_SND*no. of responses)/no. of sessions
Response Time [sum/min/max]
  • 42071(sum)
  • 42072(max)
  • 42073(min)
  • collect art response time sum
  • collect art response time minimum
  • collect art response time maximum
The amount of time between the Client REQ and the 1st Server RESP. The Client request could contain multiple packets and we consider the time of last received client packet.
Total Response Time [sum/min/max]
  • 42077(sum)
  • 42078(max)
  • 42079(min)
  • collect art total response time sum
  • collect art total response time minimum
  • collect art total response time maximum
The total time taken from the moment the client sends the request until the 1st response packet from the server is delivered to the client. It is also known as Total Delay (TD).
  • TD = RT + CND
  • min_totalDelay = min(min_RT + sum_CND/no. of sessions, responses + min_CND)
  • max_totalDelay = max(max_RT + sum_CND/no. of sessions, sum_RT/no. of responses + max_CND)
  • sum_totalDelay = sum_RT + (sum_CND* No of responses) /no. of sessions.
Total Transaction Time [sum/min/max]
  • 42041(sum)
  • 42042(max)
  • 42043(min)
  • collect art total transaction time sum
  • collect art total transaction time minimum
  • collect art total transaction time maximum
The amount of time between the client request and the final response packet from the server. It is measured and exported on receiving either a new request from client (which indicates end of current transaction) or the first FIN packet.
ART Client Bytes / Packets
  • 231(bytes)
  • 42033(packets)
  • collect art client bytes
  • collect art client packets
Byte & Packet count for all the client packets.
  • ART client/server bytes/packets will be reported when the flow is completed or the first server response packet is received.
  • For long-lived flows, e.g. if flow duration is longer than 2 export cycles, the following behavior is expected
  • client/server bytes/packets will be reported when first server response packet is received;
  • those metrics may not be updated during the intermediate export cycle before flow is completed or transaction ends.
  • During the export cycle when flow is completed, client/server bytes/packets will be updated and reported.
ART Server Bytes / Packets
  • 232(bytes)
  • 42034(packets)
  • collect art server bytes
  • collect art server packets
Byte & Packet count for all the server packets.
  • ART client/server bytes/packets will be reported when the flow is completed or the first server response packet is received
  • For long-lived flows, e.g. if flow duration is longer than 2 export cycles, the following behavior is expected
  • client/server bytes/packets will be reported when first server response packet is received;
  • those metrics may not be updated during the intermediate export cycle before flow is completed.
  • During the export cycle when flow is completed, client/server bytes/packets will be updated and reported.
ART Count New Connections
  • 42050
  • collect art count new connections
Number of TCP sessions established (3-way handshake). It is also called Number of connections (sessions).
ART Count Responses
  • 42060
  • collect art count responses
Number of Req-Rsp pair received within the monitoring interval
Responses histogram buckets (7- bucket histogram))
  • 42061-42067
  • collect art count responses histogram
Number of responses by response time in 7-bucket histogram.
  • Threshold values for 7 buckets are 2, 5, 10, 50, 100, 500, 1000 milliseconds;
  • Bucket 1, response time < 2 milliseconds;
  • Bucket 2, response time is between 2-5 milliseconds;
  • Bucket 3, response time is between 5-10 milliseconds;
  • Bucket 4, response time is between 10-50 milliseconds;
  • Bucket 5, response time is between 50-100 milliseconds;
  • Bucket 6, response time is between 100-500 milliseconds;
  • Bucket 7, response time is between 500 - 1000 milliseconds;
  • If response time is great than 1000 milliseconds, it will be considered as timeout. This response is not considered towards the min/max/sum response time calculation. Nor is it considered for ART packets/bytes metrics calculation.
  • For example, if response time is equal to 9 milliseconds, it will goes to bucket 3;
Art Count Late Responses
  • 42068
  • collect art count late responses
Number of responses received after the max Response Time. Current threshold of timeout is 1 second. Also called Number of late responses (timeouts)
Art Count Transactions
  • 42040
  • collect art count transactions
Total number of Transactions for all TCP connections.
  • A new transaction is counted under any one of the following 3 conditions:
  1. Receiving a data packet from client request while the previous packet state is server response;
  2. Receiving a client FIN packet while the previous packet state is server response;
  3. Receiving a server FIN packet while the previous packet state is server response;
Art Count Retransmissions
  • 42036
  • collect art count retransmissions
Packet count for possible retransmitted packets with the same sequence number as the last received packet. The metric is for client retransmission only.
Art All Metrics
  • N/A
  • collect art all
Single CLI to collect all the ART related metrics in mace. This CLI works as a replacement of all the ART related collect statements in a flow record.


Top Domain, URL Hit Count Report


Field Name Export ID CLI Description
policy qos classification hierarchy
  • 41000
  • collect policy qos classification hierarchy
Report application class of service hierarchy
policy qos queue index
  • 42128
  • collect policy qos queue drops
Queue Index
policy qos queue drops
  • 42129
  • collect policy qos queue drops
Number of drops in the queue


QoS Class-ID, Queue Drops and Queue Hierarchy



Rating: 5.0/5 (3 votes cast)

Retrieved from "http://docwiki.cisco.com/wiki/AVC-Export:Monitoring"
Personal tools