I've been involved with Cisco DNA Center and things Cisco DNA/SDA related for several years...and watching from the wings I'd gotten all hot and bothered about the potential of one aspect of Cisco DNAC Center....Assurance! And you don't need to be running SDA to leverage this capability!
Assurance is a set of capabilities within DNAC to monitor various aspects of the network to make sure the most important problems show up at the NOC, with as much information as possible (in some cases with a series of remediation recommends to boot!)
The Assurance screens within DNAC show us the follow:
Overall Health - a high level snapshot of the health of the entire managed network
Network Health - focused on the devices that make up the network
Client Health - the end user view of the network!
Application Health - here's where Beards gets excited....
I'll focus on Application Health and talk about the types of data used to build this view of the business network! No surprises - it's built around my pet topics - NBARv2, Netflow and performance monitors! On the wireless side it stretches out to AVC Netflow, wireless streaming telemetry from the WLCs and AP, and the ability to monitor the new AP1800S sensor's view of the client perspective! Extremely useful!!
Within DNAC we can 'provision' devices with what is called a Telemetry Profile - a canned set of template configurations for sending critical information to DNAC's Assurance capabilities.
Types of Network Telemetry Profiles
Maximal Visibility - only possible on ISR4K/ASR1K routers (turns on syslog and Application Visibility)
Optimal Visibility - for switches (turns on syslog)
Disable Visibility - no syslog or app visibility
It's at this point that Beards gets curious...we can guess what the configs may look like on a router but what's possible on the switches?!
So I've got these lovely NBARv2/FNF capable Cat 9k switches but I can't turn on App Visibility?
Well there's nothing to stop you from configuring something like our template NBARv2 and FNF configurations on the switches - so I did!
!
flow record FLOWREC
match ipv4 version
match ipv4 protocol
match application name
match connection client ipv4 address
match connection server ipv4 address
match connection server transport port
match flow observation point
collect flow direction
collect timestamp absolute first
collect timestamp absolute last
collect connection initiator
collect connection new-connections
collect connection server counter packets long
collect connection client counter packets long
collect connection server counter bytes network long
collect connection client counter bytes network long
!
!
flow exporter 172.31.51.191
destination 172.31.51.191
transport udp 6007
!
!
flow exporter FLOWEXP
destination 172.31.51.191
transport udp 6007
option interface-table
option application-table
!
!
flow monitor FLOWMON
exporter FLOWEXP
record FLOWREC
!
interface GigabitEthernet1/0/1
description Edge1_to_AP3800-1
switchport access vlan 58
switchport mode access
ip flow monitor FLOWMON input
ip flow monitor FLOWMON output
ip nbar protocol-discovery
!
interface GigabitEthernet1/0/2
description Edge1_to_UCS1_PCI_eth2
switchport access vlan 54
switchport mode access
ip flow monitor FLOWMON input
ip flow monitor FLOWMON output
ip nbar protocol-discovery
!
Note the older Netflow v5 configuration that DNAC put onto the switch - I left it there so DNAC wouldn't get upset about that part of the config being missing (not sure it would but no harm!)
Also note the NBAR and 'ip flow monitor' lines are put onto access or routed interfaces on the switch - can't put them on VLANs.
And while it's not officially supported yet and doesn't represent Application Health in the way it would from routers (no performance monitor data), you will see the application volume from your switches...
Here we see YouTube hammering away from our wired client connected to the lab's Cat 9K! CPU impact? 1-2% CPU load....
Experiment over....definitely not at the stage of recommending this but wanted to give some insight into what's possible already...
Not all there yet - but exciting possibilities!
Beards out! ? : {)
No comments:
Post a Comment