Since CBQoS pertains to the use of bandwidth on the interfaces of your Cisco devices, the best way to define your objectives for CBQoS class and policy
creation is to establish the trend of bandwidth use on your network at the interface level.
Assuming you have Cisco devices setup to export flow data—if not, see "Adding Flow-Enabled Devices and Interfaces to the Orion Database" on page 67—and
Chapter 6: Working with NTA
NTA is showing the devices in the NetFlow Sources resource (NETFLOW on the main toolbar), begin by examining each node for traffic statistics useful traffic information.
The following steps cover the basic process for using NTA to analyze flow data in preparation to defining a CBQoS strategy. These steps mainly are meant to give general guidance on how to use NTA in analyzing your current traffic as pertains to determining CBQoS needs. Improvising your analysis will most likely be necessary to gain the right level of knowledge and insight into the way your network is handling traffic, so that using CBQoS, instead of simply increasing bandwidth, can be a workable solution for you.
To gather traffic information for an interface:
1. Start the Orion Web Console in the Orion program folder.
2. Click NETFLOW in the toolbar.
3. Click a relevant node in the list of NetFlow Sources.
4. Click an interface for which you want to analyze the traffic. This brings up an Interface Details view for the interface.
5. Set the time frame for which you want to examine traffic statistics.
For example, with the intention of understanding what happens with traffic in a representative month, you might set an Absolute Time Period that
includes the first and last day of the most recently concluded month.
Note: Based on what you observe with this data slice you would decide if you need to look at other slices for comparison.
6. Click Submit.
7. Set the flow direction for which you want to review the traffic.
8. Click Submit.
9. Use a combination of Top XX resources on the Interface Details to analyze how traffic data is flowing through the interface. For example:
Use the Top XX Applications to view the applications that were used to send the most traffic through the interface.
The goal is to determine the amount of critical data applications typically transfer in the representative time period. You also want to discover the applications that are consuming bandwidth unrelated to the purposes of your organization, such as recreational YouTube streaming.
You probably need to follow-up on what you see in the Top XX Applications by viewing Top XX Conversations or by using another tool—a packet sniffer (WireShark) or Cisco Network Based Application Recognition (NBAR)—to discover the exact identity of the bandwidth-consuming applications. For example, based on available layer 3 and 4 information that it has, Top XX Applications might only list the application as HTTP. By cross-references with Top XX Conversations, or by digging deeper with other tools, you can often discover other data (ports, IP addresses) that lead you to the actual applications (Flash for YouTube videos, for example) involved in generating the real bandwidth-intensive data.
Use the Top XX Conversations to view the endpoints involved in the highest bandwidth-consuming conversations and if there is a pattern to when the conversations took place and which endpoints were involved.
The goal is to discover predictable recurrent uses of bandwidth related the purpose of your business or organization. Again, you also want to discover the uses of bandwidth that are not related to the primary purposes of your organization, so that you can de-prioritize this traffic when you put it in a CBQoS class.
In this case, since the conversation gives you endpoints, you can use DNS (nslookup) to discover within which each endpoint is operating. Knowing the domain often helps identify the type of data involved. For example, finding out that one of the endpoints is operating within youtube.com tells you that audio or video data is being transferred.
Chapter 6: Working with NTA
Use Top XX Traffic Sources/Destinations by Countries to view the countries whose traffic is most serviced through the interface.
If you are using Persistent DNS instead of On Demand DNS, you can view the domains responsible for the highest levels of data transfer through the interface and correlate those levels with statistics in the other Top XX resources. For information on using persistent instead of on-demand DNS, see "Configuring DNS and NetBIOS Resolution" on page 101.
Viewing traffic history in this way you probably will observe obvious top priorities for shaping the use of bandwidth on the interface.
10. Repeat steps 3 through 9 for each flow-enabled Cisco device for which you might need to create CBQoS policies.
11. Based on what your traffic analysis reveals, for each interface rank and group the types of data you discovered according to their importance to your organization or to the experience of those who use the critical applications for which the type of data is passed over the network.
12. Translate the groups of data types into CBQoS class maps and work to define policy maps that would result in an allocation of interface bandwidth that match your rankings.
The goal is to have traffic flowing through the interface so that in cases of peak, if traffic exceeds bandwidth, shaping occurs based on the desired priority.