Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1972
Views
5
Helpful
3
Replies

Model Driven Telemetry - NBAR Oper model

Go to solution
lucabrasi
Level 1
Level 1

‎09-30-2019 09:59 PM

Hi,

 

I'm developing a gRPC stream collector for IOS-XE model driven telemetry. 

 

One of the metrics we're collecting is the FNF top talkers from the following YANG model: https://github.com/YangModels/yang/blob/master/vendor/cisco/xe/16111/Cisco-IOS-XE-flow-monitor-oper.yang 

 

However, I found out this model doesn't support  the application ID field.

 

Therefore, I would like to know whether there is any existing YANG operational model for NBAR protocol-discovery, which would replicate the equivalent of 

show ip nbar protocol-discovery interface $interfacename
show ip nbar protocol-discovery stats byte-count
show ip nbar protocol-discovery top-n

Thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pigallo
Cisco Employee
Cisco Employee
In response to lucabrasi

‎11-08-2019 02:50 AM

@lucabrasi wrote:

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 

Hi luca,

 

if you can't find the correct leaf/reference in the data-model, it means that you can only export application info within the netflow datastream and visualize it in the netflow collector.
This doesn't mean that this detail won't be integrated in the next releases for the sensor.

Another option, if you need a detailed app classification with discovery and analysis of unclassified traffic too, there's SD-AVC which relies on NBAR2. However, not all XE platforms are supported.

 

 

 

Regards

 

 

 

View solution in original post

3 Replies 3

Go to solution
pigallo
Cisco Employee
Cisco Employee

‎10-31-2019 10:12 AM

Hi luca,


No, unfortunately NBAR oper doesn't exist at the moment.

You must enable the application id mapping under FNF config.
It should be supported.
Something like :

!
flow record MONITOR
match application name
match ipv4 source address
match ipv4 destination address
collect interface input
collect counter packets
!
flow monitor FLOW
record MONITOR
!
interface FastEthernet0/0
ip address 172.x.x.x 255.255.255.252
ip flow monitor FLOW input
!
end

 Be sure to use the correct YANG data-model for your software release to retrieve correct information.

I think the one you posted was ok.

 

 

Best regards

0 Helpful

Go to solution
lucabrasi
Level 1
Level 1
In response to pigallo

‎11-07-2019 09:41 PM

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 

Only key fields listed here are supported : https://github.com/YangModels/yang/blob/1d293269b6514251446e9f7652e70ca38e3055af/vendor/cisco/xe/16121/Cisco-IOS-XE-flow-monitor-oper.yang#L183 

 

So if you configure an unsupported field in the flow record, the telemetry subscription won't send any message.

 

Having Flexible Netflow application and IPFIX fields supported in the YANG data model would be awesome.

 

0 Helpful

Go to solution
pigallo
Cisco Employee
Cisco Employee
In response to lucabrasi

‎11-08-2019 02:50 AM

@lucabrasi wrote:

Hi @pigallo ,

 

Unfortunately, using the "application name" is not a supported field in the YANG data model.

 

Hi luca,

 

if you can't find the correct leaf/reference in the data-model, it means that you can only export application info within the netflow datastream and visualize it in the netflow collector.
This doesn't mean that this detail won't be integrated in the next releases for the sensor.

Another option, if you need a detailed app classification with discovery and analysis of unclassified traffic too, there's SD-AVC which relies on NBAR2. However, not all XE platforms are supported.

 

 

 

Regards

 

 

 

Customers Also Viewed These Support Documents
Top