Eric Yu (CCIE 14590) is a customer support engineer at Cisco responsible for supporting video performance on Cisco Borderless Network solutions. He has 10 years of experience in the telecommunications industry designing data and voice networks. Previous to his current role, he worked as a network consulting engineer for Cisco Advanced Services, responsible for designing and implementing Cisco Unified Communications for Fortune 500 enterprises. Eric holds CCIE certification on routing and switching.
Technical Leader Micheal O'Brien was helping Eric to answer few of the questions asked during the session.
Q. In what Cisco IOS software release was Medianet introduced? Is it only an IOS that we need to run or is there any specific product connected to Medianet?
A. In order to know the minimum Cisco IOS software release for using medianet feature, refer to Cisco Networking Capabilities for Medianet for more information on the data sheet. In order to run medianet you need to have combination of both hardware and software. Medianet runs only on specific hardware at this point of time and on each specific hardware platform there is minimum requirement such as software licenses that needs to be activated for some of the features to work.
Q. Can you use Medianet for other apps besides Telepresence such as voice calls?
A. Yes. You can use Medianet for other apps besides Telepresence such as switches traffic and mare traffic. You can use class-maps in order to define the traffic classes and then you can apply, for example, performance monitor or mediatrace services.
Q. What are the core L2/L3 devices between the 4k and ISR-G2s?
A. In order to build this lab, I used a pair of Catalyst 6500 switches.
Note: This question is based on network diagram used in the presentation.
Q. Although medianet commands not yet available, it would make sense to have a design guide to map the 11 medianet QoS classes into the data center. For example, how do you deal with the limited QoS classes (qos-groups) on N5K?
A. Good questions! Metadata helps solve this issue by the assignment of QoS by Application ID rather than using other ACL classifications.
Q. From slide 15, any suggestions to implement Medianet QoS classifications to N5K, for example, 6 qos-groups, overlap between CoS 3 FCoE and voice signaling, and what to do with various video streaming vs. broadcast traffic?
A. Medianet is not supported on the N5K yet, and I believe it is on the roadmap but there are no dates yet. The ASR1K can support Medianet and most of the features to which Eric refers. Refer to our data sheet for platform dependencies. Use our design guide.
Note: This question is based on slide number 15 in the presentation.
Q. So in an enterprise, there really is no additional cost unless you want the GUI. You can upgrade your switches to the correct Cisco IOS software release/ feature set (if needed, might be cost involved) but you can setup your new Media aware network (QoS) w/o any $$.
A. Yes. No extra cost for Medianet specific features and long as you have new Cisco IOS images (Cisco IOS Software Release 15.1.3T or later) on ISR's and have enterprise level image.
Q. What is the meaning of 5-tuple?
A. 5-tuple = IP source and destination addresses and port numbers (4) and the IP protocol type for UDP is 17.
Q. Are there plans to integrate MediaNet functionality in the Nexus platforms?
A.Yes, Nexus platforms are on the roadmap, but I cannot provide you dates just yet.
Q. Does the web tool support the former Tandberg products that are now Telepresence? Looks like a good add on to a HD Telepresence sale.
A.Cisco Prime Collaboration Mgr - fully supports all video monitoring features including Perf-Mon, Mediatrace, and IPSLA-VO. Nearly all Tandberg endpoint are support with CPCM today and more capabilities available in the next release like MSI and Metadata.
Q. Does it require the use of Cisco IOS Software Release 15.0.x on 6500 to support this function? Does 12.2.xx support it?
A.The 6500 currently supports Performance Monitor and Mediatrace with Cisco IOS Software Release 15.0(1) SY or later. 6500 does not support Metadata today, but it is on the roadmap.
Q. But the DSCP is still 0 until the ISR-G2 see the 5 tuple and remaps it on the WAN side but it would remain on the LAN as DSCP 0?
Q. What ports and protocols are required to be enabled on the mediatrace routers? tcp/22? udp/snmp?
A. Mediatrace uses RSVP as a transport mechanism. RSVP uses IP protocol 46. So be sure that you have IP protocol 46 allowed. If the IP protocol 46 gets denied anywhere, the mediatrace messages stops at the point where it was actually filtered. You only get mediatrace report up to that device hop that dropped the message.
Q. What authentication is required to be able to use the mediatrace feature? More specifically, can an unauthorized user glean network information from the network devices by using mediatrace? Is it limited to specific users? Can I restrict access via TACACS?
A. That is really a good question. If I don not want my first year help desk guy to trace the sessions, you can always use AAA authorization to define the user level access.
Q. Will mediatrace work if there is a non-mediatrace capable device in the path?
A.You do not have to have medianet features installed everywhere on your network for the mediatrace to work. If the devices in a network do not support mediatrace, those routers treat the RSVP messages like any other type of IP packets. The routers that do not support mediatrace are not able to interpret RSVP messages and it drops the packet like any other data packet. From the concept perspective, when you get the final printout of what performance is like for every single hop, when you get to that devices which does not understand mediatrace, you essentially get an IP address like a quick lift that tells that media path took these network device hops from point A to point B and one hop does not support mediatrace. It uses traceroute to detect that IP address, the specific hop in the network.
Q. Are there any authentication mechanisms around these RSVP messages? Is it possible to prevent a user port from initiating a mediatrace request to enumerating each network hop (say from an attached router)?
A. If you are referring to Metadata, then you can setup authentication if you wish, by default it is not required to make Flow Metadata work. But you can set it up for added security.
Q. How does it scale?
A.Perf-Mon and Mediatrace scales very well. You have safe guards, which can limit Maximum number of flows to monitor or Mediatrace sessions. See the configuration guide for more details.
Q. So with Mediatrace, I think the biggest feature that I see as advantageous is if it shows the DSCP marking on departure of the CE and then arrival on the CE at the other end. However does it show it in the middle being the PE unless the PE is enabled?
A. Yes.The main advantage of Mediatrace is that it shows the DSCP marking on departure of the CE and then arrival on the CE at the other end, which is highly useful in troubleshooting MT. However, it does not show in the middle unless the PE is enabled.
Q. What are the results if traversing a SP network that you a) do not have access to and b) probably does not have mediatrace enable?
A. Mediatrace only provides performance stats for devices that are Medianet enabled. So unless the SP enables mediatrace within their own network, Mediatrace passes-thru the SP network safely unless the SP blocks RSVP or NAT is used.
Q. What about ASA or FWSM? Does it support Mediatrace?
A. At this time the ASA does not support Mediatrace, and to my knowledge I have not seen this on the roadmap for the ASA.
Q. It does not appear Mediatrace is supported on NX-OS - any estimate?
A. Cisco does not support Mediatrace on the NX-OS platforms yet, but it is on our roadmap for a future release.
Q. What ports need to be open on firewalls for metadata flow?
A. Just IP (RSVP) protocol type 46. However Mediatrace breaks when using NAT, which does address translation.
Q. Does each intermediate device store an RSVP session state with application information until the flow is terminated? If so, what kinds of flow limits are there?
A. RSVP refreshes Metadata every 30 seconds, so the state is refreshed in 30-sec intervals. You can enable Metadata on specific interfaces to limit the number of flows being monitored.
Q. What are the limitations, for example, number of flows? At what point does the amount of data crush the router?
Q.When should I enable metadata flow globally versus as per interface?
A. One way to restrict how metadata flow messages propagate to the network is essentially by turning on metadata flow for specific interface. For example, if in a router that has 3 interfaces, if you want to restrict the metadata flow only on 2 interfaces, it can be done if you turn on metadata flow on those specific interface and not globally. It is more of a policy on how you control the metadata signal messages.
Q. How can I find out what applications are supported via Metadata?
A. From Cisco's prospective Jabber 9.0, Cisco WebEx and some of the Telepresence running new firmware are supported. Refer to NBAR2 Protocol Library for a more complete list of applications.
Q. Does NBAR work against Cisco’s recommendation for marking traffic on switches instead of routers?
A. In a multi-site environment that the WAN support QoS, sometimes it is best to apply QoS at the WAN edge rather than the access layer.
Q. By default NBAR v1 is configured with a port-map list, for example, HTTP is mapped to TCP/80. What is the purpose of the port-map if NBAR is doing a full layer-7 payload inspection to determine traffic type?
A. Eric did not answer the question since it requires understanding of specific scenario of this question.
Q. Can you provide the download link for MSI?
A. The Media Services Interface (MSI) is a software development kit that Cisco rich-media applications such as the Cisco WebEx Meeting Client, Cisco Jabber for Windows, the Cisco Video Surveillance 4500 IP Camera. Visit Cisco CDN site for more details.
Q. How can the devices distinguish between the different flows for the different applications?
A. The system Media Services Interface (MSI) essentially is an API that the application developer can leverage. For example, a WebEx application developer knows MSIs and it is up to the developer to leverage what MSIs can offer and announce in to the network. For time being MSIs are not open to the developer community yet and it is applied for specific Cisco end points at this point of time.
I bought cisco 1941 a while ago to try the traffic engineering with ipv6 support in ipv4 tunnel unfortunately it did not work for me on the current version 5.2, I would like to update the software now in order to try the feture in new softwar, but I do no...
i want to know how to manage trafic using policies.I mean how i can tell my SD-WAN to send for exemple ICMP by public-internet and as buckup in mpls, and send web trafic in mpls and as buckup in public-internet. Thank you for the help.
Repurposed a switch from a 3 member stack. #3 is being repurposed. Running IOS v16.12.04 Factory reset by pushing the Mode button 3 times to get into ROMMON, and followed procedures listed at https://community.cisco.com/t5/switching/c9300...
Hi I have below doubts please someone help on this. 1. Why etherchannel configuration is not advisable for odd ports 2. is that possible to do etherchannel Ethernet and fiber together when both are in same speed. 3. Four links are in etherc...
Hello, everyone, I have an RV082 router, but from a while back I've had problems with my network, some micros have lost Internet access, even access folders from the network, but don't browse, if I try to get a new ip through Windows solutions, I get a me...