AVC-Export:Monitoring
From DocWiki
(→Application Name) |
|||
Line 27: | Line 27: | ||
option application-table | option application-table | ||
</pre> | </pre> | ||
+ | |||
+ | <br> | ||
+ | |||
+ | If you want to get more information regarding the various attributes of a particular application, you can configure the following option under the flow exporter: | ||
+ | |||
+ | <pre> | ||
+ | flow exporter <my-exporter> | ||
+ | option application-attribute | ||
+ | </pre> | ||
+ | |||
<br> | <br> |
Revision as of 09:59, 11 December 2012
Contents |
Application Name
NBAR Application name provides the information regarding the L7 level information for a particular flow, e.g HTTP, FTP, SIP etc.. There is an ID exported by ART, which explains which application this flow belongs to. The Application-ID is divided into two parts: Engine-ID:Classification-id.
First 8 bits provides the information about engine, which classified this flow. For example: IANA-L4, CANA-L3 etc. The rest of the 24 bits provides information about the application, for example 80 (HTTP) etc. The CLI for this field is:
collect application name
It is exported against FNF field ID 95. It is supported in both the export formats i.e. netflow-v9 and IPFIX. With this CLI, only the application ID would be exported. The application-id would be a number which may not be understood by collector. To resolve this issue, there is an option to export the mapping table between the application ID and the application name. This option is configurable under flow exporter command. Here is the cli:
flow exporter <my-exporter> option application-table
If you want to get more information regarding the various attributes of a particular application, you can configure the following option under the flow exporter:
flow exporter <my-exporter> option application-attribute
PA Metrics
PA provides the basic metrics for both TCP and UDP protocols and for both IPv4 and IPv6. Some of the metrics are dynamically exported in the form of the delta value for the interval. These include the client/server bytes and packets metrics. In addition, PA server/client bytes/packets metrics are for layer-3 measurements and in a TCP flow are counted up to the second FIN. The rest of the metrics are relatively static and remain the same across different export intervals.
PA keeps exporting the measurements as long as the flow stays active. As a consequence, the collector might occasionally observe zero values for dynamic metrics such as the client/server bytes/packets. For all the UDP flows, the TCP related metrics such as ART metrics would be zero. Another note for the Input/Output interface metrics is that these are corresponding to the interface from which the flow enters/leaves the box.
All the PA metrics can be exported either through Netflow v9 or IPFIX protocol. PA metrics are summarized below.
Field Name | Export ID | CLI | Description |
Application ID | 95 | collect application name | exports application ID field (coming from NBAR2) to reporting tool. |
Client Bytes | 1 | collect counter client bytes | Total bytes sent by initiator of the connection. Counted up to the second FIN if for a TCP flow. |
Client Packets | 2 | collect counter client packets | Total packets sent by initiator of the connection. Counted up to the second FIN if for a TCP flow. |
Interface Input | 10 | collect interface input | Interface name from which flow is entering the box. |
Interface Output | 14 | collect interface output | Interface name from which flow is exiting out the box. |
Server Bytes | 23 | collect counter server bytes | Total bytes sent by responder of the connection. Counted up to the second FIN if for a TCP flow. |
Server Packets | 24 | collect counter server packets | Total packets sent by responder of the connection. Counted up to the second FIN if for a TCP flow. |
Datalink Mac Source Address Input | 56 | collect datalink mac source address input | MAC address of source device from Input side |
IPv4 DSCP | 195 | collect ipv4 dscp | IPv4 DSCP value |
IPv6 DSCP | 195 | collect ipv6 dscp | IPv6 DSCP value |
ART Metrics
Field Name | Export ID | CLI | Description |
Client Network Time [sum/min/max] |
|
| The round trip time between SYN-ACK & ACK and also called Client Network Delay (CND). CND = T8 – T5 |
Server Network Time [sum/min/max] |
|
| The round trip time between SYN & SYN-ACK and also called Server Network Delay (SND).
SND = T5 - T2 |
Network Time [sum/min/max] |
|
| The round trip time that is the summation of CND and SND. It is also called Network Delay (ND). |
Server Response Time [sum/min/max] |
|
| The time taken by an application to respond to a request. It is also called Application Delay (AD) or Application Response Time.
|
Response Time [sum/min/max] |
|
| The amount of time between the Client REQ and the 1st Server RESP. The Client request could contain multiple packets and we consider the time of last received client packet. |
Total Response Time [sum/min/max] |
|
| The total time taken from the moment the client sends the request until the 1st response packet from the server is delivered to the client. It is also known as Total Delay (TD).
|
Total Transaction Time [sum/min/max] |
|
| The amount of time between the client request and the final response packet from the server. It is measured and exported on receiving either a new request from client (which indicates end of current transaction) or the first FIN packet. |
ART Client Bytes / Packets |
|
| Byte & Packet count for all the client packets.
|
ART Server Bytes / Packets |
|
| Byte & Packet count for all the server packets.
|
ART Count New Connections |
|
| Number of TCP sessions established (3-way handshake). It is also called Number of connections (sessions). |
ART Count Responses |
|
| Number of Req-Rsp pair received within the monitoring interval |
Responses histogram buckets (7- bucket histogram)) |
|
| Number of responses by response time in 7-bucket histogram.
|
Art Count Late Responses |
|
| Number of responses received after the max Response Time. Current threshold of timeout is 1 second. Also called Number of late responses (timeouts) |
Art Count Transactions |
|
| Total number of Transactions for all TCP connections.
|
Art Count Retransmissions |
|
| Packet count for possible retransmitted packets with the same sequence number as the last received packet. The metric is for client retransmission only. |
Art All Metrics |
|
| Single CLI to collect all the ART related metrics in mace. This CLI works as a replacement of all the ART related collect statements in a flow record. |
Top Domain, URL Hit Count Report
Field Name | Export ID | CLI | Description |
policy qos classification hierarchy |
|
| Report application class of service hierarchy |
policy qos queue index |
|
| Queue Index |
policy qos queue drops |
|
| Number of drops in the queue |
QoS Class-ID, Queue Drops and Queue Hierarchy