cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
175
Views
5
Helpful
3
Replies
Beginner

Model Driven Telemetry - NBAR Oper model

Hi,

 

I'm developing a gRPC stream collector for IOS-XE model driven telemetry. 

 

One of the metrics we're collecting is the FNF top talkers from the following YANG model: https://github.com/YangModels/yang/blob/master/vendor/cisco/xe/16111/Cisco-IOS-XE-flow-monitor-oper.yang 

 

However, I found out this model doesn't support  the application ID field.

 

Therefore, I would like to know whether there is any existing YANG operational model for NBAR protocol-discovery, which would replicate the equivalent of 

show ip nbar protocol-discovery interface $interfacename
show ip nbar protocol-discovery stats byte-count
show ip nbar protocol-discovery top-n

Thanks in advance.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Model Driven Telemetry - NBAR Oper model


@lucabrasi wrote:

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 


Hi luca,

 

if you can't find the correct leaf/reference in the data-model, it means that you can only export application info within the netflow datastream and visualize it in the netflow collector.
This doesn't mean that this detail won't be integrated in the next releases for the sensor.

Another option, if you need a detailed app classification with discovery and analysis of unclassified traffic too, there's SD-AVC which relies on NBAR2. However, not all XE platforms are supported.

 

 

 

Regards

 

 

 

View solution in original post

3 REPLIES 3
Cisco Employee

Re: Model Driven Telemetry - NBAR Oper model

Hi luca,


No, unfortunately NBAR oper doesn't exist at the moment.

You must enable the application id mapping under FNF config.
It should be supported.
Something like :

!
flow record MONITOR
match application name
match ipv4 source address
match ipv4 destination address
collect interface input
collect counter packets
!
flow monitor FLOW
record MONITOR
!
interface FastEthernet0/0
ip address 172.x.x.x 255.255.255.252
ip flow monitor FLOW input
!
end

 Be sure to use the correct YANG data-model for your software release to retrieve correct information.

I think the one you posted was ok.

 

 

Best regards

Beginner

Re: Model Driven Telemetry - NBAR Oper model

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 

Only key fields listed here are supported : https://github.com/YangModels/yang/blob/1d293269b6514251446e9f7652e70ca38e3055af/vendor/cisco/xe/16121/Cisco-IOS-XE-flow-monitor-oper.yang#L183 

 

So if you configure an unsupported field in the flow record, the telemetry subscription won't send any message.

 

Having Flexible Netflow application and IPFIX fields supported in the YANG data model would be awesome.

 

Cisco Employee

Re: Model Driven Telemetry - NBAR Oper model


@lucabrasi wrote:

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 


Hi luca,

 

if you can't find the correct leaf/reference in the data-model, it means that you can only export application info within the netflow datastream and visualize it in the netflow collector.
This doesn't mean that this detail won't be integrated in the next releases for the sensor.

Another option, if you need a detailed app classification with discovery and analysis of unclassified traffic too, there's SD-AVC which relies on NBAR2. However, not all XE platforms are supported.

 

 

 

Regards

 

 

 

View solution in original post

Content for Community-Ad
August's Community Spotlight Awards