You are previewing Network Management: Accounting and Performance Strategies.
O'Reilly logo
Network Management: Accounting and Performance Strategies

Book Description

Network Management: Accounting and Performance Strategies

The definitive guide to collecting usage information from Cisco networks

Benoit Claise, CCIE® No. 2868

Ralf Wolter

Understanding network performance and effectiveness is now crucial to business success. To ensure user satisfaction, both service providers and enterprise IT teams must provide service-level agreements (SLA) to the users of their networks–and then consistently deliver on those commitments. Now, two of the Cisco® leading network performance and accounting experts bring together all the knowledge network professionals need to do so.

Network Management: Accounting and Performance Strategies imparts a deep understanding of Cisco IOS® embedded management for monitoring and optimizing performance, together with proven best strategies for both accounting and performance management.

Benoit Claise and Ralf Wolter begin by introducing the role of accounting and performance management in today’s large-scale data and voice networks. They present widely accepted performance standards and definitions, along with today’s best practice methodologies for data collection.

Next, they turn to Cisco devices and the Cisco IOS Software, illuminating embedded management and device instrumentation features that enable you to thoroughly characterize performance, plan network enhancements, and anticipate potential problems and prevent them. Network standards, technologies, and Cisco solutions covered in depth include Simple Network Management Protocol (SNMP) and Management Information Bases (MIB), Remote Monitoring (RMON), IP accounting, NetFlow, BGP policy accounting, AAA Accounting, Network Based Application Recognition (NBAR), and IP SLA (formerly known as SAA). For each, the authors present practical examples and hands-on techniques.

The book concludes with chapter-length scenarios that walk you through accounting and performance management for five different applications: data network monitoring, capacity planning, billing, security, and voice network performance.

Network Management: Accounting and Performance Strategies will be indispensable to every professional concerned with network performance, effectiveness, or profitability, especially NMS/OSS architects, network and service designers, network administrators, and anyone responsible for network accounting or billing.

Benoit Claise, CCIE® No. 2868, is a Cisco Distinguished Engineer working as an architect for embedded management and device instrumentation. His area of expertise includes accounting, performance, and fault management. Claise is a contributor to the NetFlow standardization at the IETF in the IPFIX and PSAMP Working Groups. He joined Cisco in 1996 as a customer support engineer in the Technical Assistance Center network management team and became an escalation engineer before joining the engineering team.

Ralf Wolter is a senior manager, consulting engineering at Cisco. He leads the Cisco Core and NMS/OSS consulting team for Europe, works closely with corporate engineering, and supports large-scale customer projects. He specializes in device instrumentation related to accounting and performance management.

  • Compare accounting methods and choose the best approach for you

  • Apply network performance best practices to your network

  • Leverage built-in Cisco IOS network management system components to quantify performance

  • Uncover trends in performance statistics to help avoid service degradation before it occurs

  • Identify under use of network paths, so you can improve overall network efficiency

  • Walk through hands-on case studies that address monitoring, capacity planning, billing, security, and voice networks

  • Understand Cisco network performance, deliver on your SLAs, and improve accounting and billing

  • This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

    Table of Contents

    1. Copyright
      1. Dedications
    2. About the Authors
    3. About the Technical Reviewers
    4. Acknowledgments
    5. Icons Used in This Book
    6. Command Syntax Conventions
    7. Introduction
      1. Goals and Methods
      2. Who Should Read This Book?
      3. How This Book Is Organized
    8. I. Data Collection and Methodology Standards
      1. 1. Understanding the Need for Accounting and Performance Management
        1. Definitions and the Relationship Between Accounting and Performance Management
          1. Defining Accounting Management
          2. Defining Performance Management
          3. The Relationship Between Accounting and Performance
          4. A Complementary Solution
        2. The Purposes of Accounting
          1. Network Monitoring
          2. User Monitoring and Profiling
          3. Application Monitoring and Profiling
          4. Capacity Planning
            1. Link Capacity Planning
            2. Network-Wide Capacity Planning
          5. Traffic Profiling and Engineering
          6. Peering and Transit Agreements
          7. Billing
            1. Volume-Based Billing
            2. Destination-Sensitive Billing
            3. Destination and Source-Sensitive Billing
            4. Quality-of-Service Billing
            5. Application and Content-Based Billing
            6. Time/Connection-Based Billing
            7. Voice over IP (VoIP) and IP Telephony (IPT) Billing
          8. Security Analysis
        3. Purposes of Performance
          1. Device Performance Monitoring
            1. Network Element Performance Monitoring
            2. System and Server Performance Monitoring
          2. Network Performance Monitoring
          3. Service Monitoring
          4. Baselining
          5. Fault Management
        4. Applying the Information to the Business
        5. Summary
      2. 2. Data Collection Methodology
        1. Data Collection Details: What to Collect
          1. What Are the Keys?
          2. What Are the Values?
            1. Value Versus Key Example: DiffServ Code Point
            2. Value Versus Key Example: BGP Autonomous System Path
          3. What Are the Required Versus Nice-to-Have Types of Data?
          4. Data Types List
          5. Example: Application Monitoring
          6. Example: Traffic Matrix
          7. Example: SLA Monitoring
        2. Defining the User
        3. Metering Methods: How to Collect Data Records
          1. Active Versus Passive Monitoring
          2. Passive Monitoring Concepts
            1. Full Collection
            2. Partial Collection
            3. Filtering Versus Sampling
            4. Sampling Methods
              1. Deterministic Sampling
              2. Deterministic Packet Sampling: 1 in N
              3. Deterministic Time-Based Packet Sampling
              4. Deterministic Size-Based Sampling
              5. Random Sampling
              6. Random Packet Sampling
              7. Random Flow Sampling
              8. Probabilistic Packet Sampling
              9. Stratified Sampling
            5. Filtering at the Network Element
          3. Active Monitoring Concepts
            1. Concepts for Generating Synthetic Traffic
              1. Device Availability
              2. Network Availability
              3. Service Availability
            2. Active Monitoring Technologies and Tools: ping, traceroute, and IP SLA
          4. Best Practice: How to Position Active and Passive Monitoring
          5. Outlook: Passive Monitoring for One-Way Delay Analysis
        4. Metering Positions: Where to Collect Data Records
          1. Network Element Versus End Device Collection
          2. Edge Versus Core Collection
          3. Embedded Versus External Device Collection
          4. Ingress Versus Egress Collection
          5. Flow Destination or Source Lookup
          6. Technology-Dependent Special Constraints
        5. Collection Infrastructure: How to Collect Data Records
          1. Pull Versus Push Model
          2. Event-Based Model
          3. Export Protocols
            1. SNMP
              1. Connection Mode, Congestion Handling, and Reliability
              2. Send and Retrieve Frequency
            2. NetFlow
              1. Connection Mode, Congestion Handling, and Reliability
              2. Send and Retrieve Frequency
            3. FTP
              1. Connection Mode, Congestion Handling, and Reliability
            4. Authentication, Authorization, and Accounting (AAA) Architecture
              1. Connection Mode, Congestion Handling, and Reliability
              2. Send and Retrieve Frequency
          4. Network Design for the Collection Infrastructure
          5. Communication Concepts
          6. Collection Server Concepts
            1. Placing the Collection Server (Centralized, Distributed)
            2. Real-Time Requirements
              1. Connection Mode, Congestion Handling, and Reliability
              2. Send and Retrieve Frequency
        6. Mediation Device Functionality: How to Process Data Records
          1. Filtering
          2. Estimation from Sampling
          3. Threshold Monitoring
          4. Data Aggregation
          5. Data Record Correlation and Enrichment
          6. Flow De-Duplication
          7. Data Record Formatting and Storage
        7. Security Considerations: How to Ensure Data Authenticity and Integrity
          1. Source Authentication
          2. Ensuring Data and Device Integrity
          3. Denial-of-Service (DoS) Attacks
        8. Summary
      3. 3. Accounting and Performance Standards and Definitions
        1. Understanding Standards and Standards Organizations
        2. Architectural and Framework Standards: The TMN/FCAPS Model (ITU-T)
          1. Fault Management
          2. Configuration Management
          3. Accounting Management
          4. Performance Management
          5. Security Management
          6. The TMN Framework
        3. Architectural and Framework Standards: the eTOM Model (TMF)
        4. Informational IETF Standards
          1. IETF RFC 2924, Accounting Attributes and Record Formats
          2. IETF RFC 2975, Introduction to Accounting Management
        5. Information Modeling
        6. Data Collection Protocols: SNMP, SMI, and MIB
          1. Internet Management Model and Terminology
          2. MIB Modules and Object Identifiers
          3. SMI Definitions
          4. SNMP Versions
          5. References for SMIv1 and SMIv2
        7. Data Collection Protocols: NetFlow Version 9 and IPFIX Export Protocols
          1. NetFlow Version 9 Export Protocol
            1. The Template Mechanism
            2. The Export Protocol
            3. NetFlow Version 9 Export Protocol Example
          2. IPFIX
            1. The IPFIX Export Protocol
            2. Work in Progress
            3. IPFIX References
        8. Data Collection Protocols: PSAMP
          1. PSAMP Protocol Specifications
          2. PSAMP References
        9. Data Collection Protocols: AAA (RADIUS, Diameter, and TACACS+)
          1. RADIUS
          2. TACACS+
          3. Diameter
        10. Data Collection Protocols: IPDR
        11. Data Collection Protocols: CMISE/CMIP and GDMO
        12. Service Notions
        13. Summary
    9. II. Implementations on the Cisco Devices
      1. 4. SNMP and MIBs
        1. MIBs
        2. IOS Support for SNMP Versions
        3. net-snmp Utilities
        4. CLI Operations and Configuration Example for SNMPv2c
          1. SNMPv2c Configuration Example
          2. SNMPv2c Data Retrieval
          3. Displaying SNMPv2c Statistics
        5. CLI Operations and Configuration Examples for SNMPv3
          1. authNoPriv SNMP Example
          2. authPriv SNMP Example
        6. MIB Table Retrieval Example
        7. MIB Functional Area Comparison Table
        8. General-Purpose MIBs for Accounting and Performance
          1. MIB-II (RFC 1213), IF-MIB (RFC 2863), and CISCO-IF-EXTENSION-MIB
          2. CISCO-PING-MIB
            1. Relevant MIB Objects (Read-Write)
            2. Relevant MIB Objects (Read-Only)
          3. CISCO-PROCESS-MIB
          4. CISCO-ENVMON-MIB and CISCO-HEALTH-MONITOR-MIB
          5. CISCO-MEMORY-POOL-MIB
          6. CISCO-DATA-COLLECTION-MIB
        9. Advanced Device Instrumentation
        10. Technology-Specific MIBs for Accounting and Performance
          1. Frame Relay
          2. MPLS
            1. MPLS Label Switch Router (LSR) MIB (RFC 3813)
            2. MPLS Traffic Engineering MIB (RFC 3812)
          3. IPv6
          4. Multicast
            1. Interface Group MIB (RFC 2863)
            2. RMON-MIB (RFC 1757)
            3. Multicast Routing MIB for IPv4 (RFC 2932)
          5. VLAN
            1. Community String Indexing
            2. Additional Monitoring Parameters
          6. Traffic Management and Control
            1. CISCO-CAR-MIB
            2. CISCO-CLASS-BASED-QOS-MIB
          7. Telephony
            1. Dial Control Management MIB (RFC 2128)
            2. CISCO-VOICE-DIAL-CONTROL-MIB
            3. CISCO-VOICE-COMMON-DIAL-CONTROL-MIB
            4. CISCO-CALL-HISTORY-MIB
            5. SIP MIB
        11. Creating New MIB Objects: EXPRESSION-MIB
          1. EXPRESSION-MIB Examples
          2. EVENT-MIB Associated with EXPRESSION-MIB
        12. Obtaining MIBs
      2. 5. RMON
        1. RMON 1 and RMON 2 MIBs
          1. RMON Principles
          2. Supported Devices and IOS Versions
          3. Cisco NAM Modules
          4. CLI Operations
          5. SNMP Operations
            1. RMON Row Concept
            2. Operations to Activate the Network Layer Host Group from the RMON 2 MIB
          6. Examples
            1. Initial Configuration
            2. Collection Monitoring
        2. DSMON MIB
          1. DSMON MIB Principles
          2. Supported Devices and IOS Versions
          3. CLI Operations
          4. SNMP Operations
          5. Examples
        3. SMON MIB
          1. Supported Devices and IOS Versions
          2. CLI Operations
          3. SNMP Operations
          4. Examples
          5. Collection Monitoring
        4. APM MIB and ART MIB
          1. Supported Devices and IOS Versions
          2. CLI Operations
          3. SNMP Operations
          4. Examples
          5. Collection Monitoring
        5. Applicability
        6. Further Reading
      3. 6. IP Accounting
        1. IP Accounting (Layer 3)
          1. IP Accounting (Layer 3) Principles
          2. Supported Devices and IOS Versions
          3. CLI Operations
          4. SNMP Operations
          5. Examples (CLI and SNMP)
            1. Initial Configuration
            2. Collection Monitoring
        2. IP Accounting Access Control List (ACL)
          1. IP Accounting ACL Principles
          2. Supported Devices and IOS Versions
          3. CLI Operations
          4. SNMP Operations
          5. Examples (CLI and SNMP)
            1. Initial Configuration
            2. Collection Monitoring
        3. IP Accounting MAC Address
          1. IP Accounting MAC Address Principles
          2. Supported Devices and IOS Versions
          3. CLI Operations
          4. SNMP Operations
          5. Examples (CLI and SNMP)
            1. Initial Configuration
            2. Collection Monitoring
        4. IP Accounting Precedence
          1. IP Accounting Precedence Principles
          2. Supported Devices and IOS Versions
          3. CLI Operations
          4. SNMP Operations
          5. Examples (CLI and SNMP)
            1. Initial Configuration
            2. Collection Monitoring
        5. Applicability
      4. 7. NetFlow
        1. Fundamentals of NetFlow
          1. Flow Definition
          2. Cache Concept
          3. Aging Flows on a Router
          4. Aging Flows on a Catalyst
          5. Export Version and Related Information Elements
            1. NetFlow Version 1: The Beginning
            2. NetFlow Version 5: The Foundation
            3. NetFlow Version 7: Catalyst-Specific
            4. NetFlow Version 8: Router-Based Aggregation
              1. Selecting a NetFlow Aggregation Scheme
            5. NetFlow Version 9: Flexible and Extensible
            6. NetFlow Version 10: IPFIX
            7. Comparison of Information Elements and NetFlow Version
          6. Supported Interfaces
          7. Export Protocol: UDP or SCTP
          8. NetFlow Device-Level Architecture: Combining the Elements
          9. Cisco NetFlow Collector
        2. CLI Operations
        3. SNMP Operations with the NETFLOW-MIB
        4. Example: NetFlow Version 5 on a Router
        5. Example: NetFlow Configuration on the Catalyst
        6. Example: NetFlow Version 8
        7. Example: NetFlow Version 9
        8. New Features Supported with NetFlow Version 9
          1. SCTP Export
          2. Sampled NetFlow
            1. Packet-Based Sampling on the Routers
              1. Step 1: Defining a NetFlow Sampler Map
              2. Step 2: Applying a NetFlow Sampler Map to an Interface
              3. Step 3: Checking the NetFlow Cache
              4. Sending the Flow-Sampler Information
            2. Flow-Based Sampled NetFlow on the Catalyst
          3. NetFlow Input Filters
          4. MPLS-Aware NetFlow
          5. BGP Next-Hop Information Element
          6. NetFlow Multicast
          7. NetFlow Layer 2 and Security Monitoring Exports
          8. Top Talkers
          9. Flexible NetFlow
            1. Fields in Flexible NetFlow
            2. Packet Sections
            3. Flexible NetFlow Cache Types
            4. Comparison of Original NetFlow and Flexible NetFlow
            5. CLI Operations
            6. Flexible NetFlow Examples
        9. Deployment Guidelines
        10. Supported Devices and IOS Versions
      5. 8. BGP Policy Accounting
        1. Input BGP Policy Accounting
        2. Output BGP Policy Accounting
        3. Summary of All Four BGP Policy Accounting Combinations
        4. Fundamentals
        5. BGP Policy Accounting Commands
        6. SNMP Operations
        7. Examples (CLI and SNMP)
          1. Initial Configuration
          2. Collection Monitoring
        8. Destination-Sensitive Services
          1. Destination-Sensitive Billing
            1. Destination-Sensitive Billing Example
          2. Destination-Sensitive Traffic Shaping (DSTS)
            1. Destination-Sensitive Traffic Shaping Example
        9. Applicability
      6. 9. AAA Accounting
        1. Fundamentals of AAA Accounting
        2. High-Level Comparison of RADIUS, TACACS+, and Diameter
        3. RADIUS
          1. RADIUS Attributes
          2. RADIUS CLI Operations
          3. Voice Extensions for RADIUS
            1. Concept of Call Legs
            2. RADIUS Accounting with the Vendor-Specific Attribute
            3. RADIUS Accounting with the Overloaded Acct-Session-Id
            4. Comparing the Vendor-Specific Attribute and the Acct-Session-Id
            5. CLI Operations for VoIP Accounting with RADIUS
              1. Example 1: Using RADIUS Attribute 44, Acct-Session-Id
              2. Example 2: Using the Overloaded RADIUS Attribute 44
              3. Example 3: RADIUS Records from the SIP Proxy Server
        4. Diameter Details
      7. 10. NBAR
        1. NBAR Functionality
          1. Distributed NBAR
          2. NBAR Classification Details
            1. Classification of HTTP by URL, Host, or MIME
            2. Classification of Citrix ICA Traffic by Application Name
          3. NBAR Packet Description Language Module (PDLM)
          4. NBAR Scope
        2. Supported Devices and IOS Versions
        3. NBAR Protocol Discovery (PD) MIB
          1. NBAR Supported Protocols
          2. NBAR Protocol Discovery Statistics
          3. NBAR Top-N Statistics
          4. NBAR Protocol Discovery Thresholds, Traps, and History
        4. NBAR Configuration Commands
        5. NBAR show Commands
        6. NBAR Examples (CLI and SNMP)
          1. Basic NBAR Configuration
          2. Custom Application Example
          3. Limiting Peer-to-Peer Traffic
          4. HTTP Requests Payload Inspection
        7. NBAR Applicability
      8. 11. IP SLA
        1. Measured Metrics: What to Measure
          1. Network Delay
          2. Jitter
          3. Packet Loss
          4. Measurement Accuracy
          5. TCP Connect
          6. DHCP and DNS Response Time
          7. HTTP Response Time
          8. Linking Metrics to Applications
        2. Operations: How to Measure
          1. Operations Parameters
            1. Frequency
            2. Number of Packets
            3. Interpacket Interval
            4. Packet Size
            5. Timeout
            6. Lifetime
            7. Start Time
          2. MPLS VPN Awareness
          3. IP SLA Responder
          4. Operation Types
            1. ICMP Operations
              1. ICMP Echo Operation
              2. ICMP Path Echo Operation
              3. ICMP Path Jitter Operation
              4. Summary of ICMP Operations
          5. UDP Operations
            1. UDP Echo Operation
            2. UDP Jitter Operation
            3. VoIP UDP Jitter Operation
          6. TCP Connect Operation
          7. FTP Operation
          8. DHCP Operation
          9. DNS Operation
          10. HTTP Operation
          11. Frame Relay Operation
          12. ATM Operation
          13. VoIP Gatekeeper Registration Delay Monitoring Operation
          14. VoIP Call Setup (Post-Dial Delay) Monitoring Operation
          15. RTP-Based VoIP Operation
          16. DLSw+ Operation
        3. IP SLA CLI Operations
        4. SNMP Operations with the CISCO-RTTMON-MIB
        5. Application-Specific Scenario: HTTP
        6. Application-Specific Scenario: VoIP
        7. Advanced Features
          1. Scheduling
            1. Recurring Function
            2. Multiple Operation Scheduling
            3. Random Scheduling
          2. Distribution of Statistics
          3. History Collection
          4. Thresholds and Notifications
          5. Enhanced Object Tracking for IP SLA
        8. Implementation Considerations
          1. Supported Devices and IOS Versions
          2. Performance Impact
          3. Accuracy
          4. Security Considerations
          5. IP SLA Deployment
            1. IP SLA Architecture and Best Practices
            2. NMS Applications
      9. 12. Summary of Data Collection Methodology
        1. Applicability
    10. III. Assigning Technologies to Solutions
      1. 13. Monitoring Scenarios
        1. Network Blueprint for Monitoring
        2. Device and Link Performance
        3. Network Connectivity and Performance
        4. Application Monitoring
        5. Service Monitoring and Routing Optimization
      2. 14. Capacity Planning Scenarios
        1. Link Capacity Planning
        2. Network Blueprint for Capacity Planning
        3. Problem Space
        4. Capacity Planning Tools
        5. Methods for Generating the Core Traffic Matrix
          1. NetFlow BGP Next Hop ToS Aggregation
          2. Flexible NetFlow
          3. MPLS-Aware NetFlow
          4. BGP Passive Peer on the NetFlow Collector
          5. BGP Policy Accounting
          6. Other Methods
        6. Additional Considerations: Peer-to-Peer Traffic
        7. Summary
      3. 15. Voice Scenarios
        1. Network Blueprint for IP Telephony
        2. Voice Performance Measurement
          1. Standards and Technology
            1. Mean Opinion Scores (MOS)
            2. Impairment/Calculated Planning Impairment Factor (ICPIF)
          2. Network Elements in the Voice Path
            1. Passive Voice Performance Measurement
            2. Active Voice Performance Measurement
          3. Cisco CallManager (CCM)
          4. Application Examples
            1. Network Analysis Module
            2. CiscoWorks Unified Operations Manager
        3. Voice Accounting
          1. Standards and Technology
          2. Network Elements in the Voice Path
          3. Gateway, Gatekeeper, Multimedia Conference Manager
          4. Cisco CallManager (CCM)
          5. Application Example
        4. Is Your Network Ready for IP Telephony?
      4. 16. Security Scenarios
        1. Network Blueprint for Security Management
        2. Security Management Process
          1. Preparation
          2. Identification
          3. Classification
            1. NetFlow
            2. Network-Based Application Recognition (NBAR)
            3. Network Analysis Module (NAM)
            4. Other Attack Classification Features
          4. Trace Back
          5. Reaction
          6. Postmortem
        3. Summary
      5. 17. Billing Scenarios
        1. Network Blueprint for Billing
        2. Billing Approaches
          1. Time-Based Billing
            1. pWLAN
            2. Dial-In
          2. Volume-Based Billing
            1. Residential Broadband Access (DSL or Cable)
            2. Transit and Peering Agreements
          3. Destination-Sensitive Billing
          4. Time- and Distance-Based Billing
          5. Service-Based Billing
            1. Video on Demand (VoD)
          6. Enterprise Departmental Charge Back
          7. Flat Rate Billing
        3. Summary