Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6390
Views
5
Helpful
4
Replies

Flow Metadata for WebEX via proxy

Go to solution
Mitsuhiro Nakamura
Cisco Employee
Cisco Employee

‎09-18-2012 03:12 AM - edited ‎03-03-2019 06:45 AM

Hi,

My customer is using WebEX meeting center via proxy server.

Therefore, destination port number of WebEX packet is 8080.

In this case, Is this packet discriminable by flow metadata?

Regards,

Mitsuhiro

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aakhter
Cisco Employee
Cisco Employee

‎09-27-2012 01:41 PM

Hi Mitsuhiro,

If a proxy server is in the path between the WebEx meeting client and the WebEx Data Center. The flows between the client and proxy server will be represented by flow metadata. From the proxy server to the WebEx data center the flows will not be represented by flow metadata. For proxy traversal there would need to be integration within the proxy (think of something similar to a metadata ALG) for metadata.

[PC]-------[proxy]-----Internet----[WebEx DC]

[PC] to [proxy] will be covered for metadata.

[proxy] to [WebEx DC] is currently not covered by metadata.

In a non-proxy situation (eg. the video flow below), the metadata coverage would be between the [PC] and up to the NAT/FW.

In the example below, the proxy server is 10.81.74.42 port 9090. The client is 10.4.9.12. There are 4 flows that are represented (control, data, data and video). The video traffic is UDP traffic and directly going to the Internet without going via a proxy. In other instances the video flow itself might have gone via the proxy server.

====

3009R1-BB0206#show metadata flow table

Flow To             From           Protocol DPort SPort Ingress Egress SSRC

7     10.81.74.42     10.4.9.12       TCP     9090 38319 Gi1/0   Gi0/1   0

5     10.81.74.42     10.4.9.12       TCP     9090 38313 Gi1/0   Gi0/1   0

6     10.81.74.42     10.4.9.12       TCP     9090 38315 Gi1/0   Gi0/1   0

8     64.68.119.235   10.4.9.12       UDP     9000 63300 Gi1/0   Gi0/1   0

3009R1-BB0206#show metadata flow local-flow-id 5

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38313   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 6

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38315   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 7

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38319   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   control

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - control

Unknown Identifier (147)   : [ 00 00 00 0A ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Unknown Identifier (149)   : [ 00 00 00 0A ]

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 8

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

64.68.119.235   10.4.9.12       UDP     63300   9000   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   voice-video-chat-collaboration

Application Device Class   :   desktop-conferencing

Application Media Type     :   video

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - video

Unknown Identifier (147)   : [ 00 00 00 05 ]

Unknown Identifier (148)   : [ 00 00 00 02 ]

Unknown Identifier (150)   : [ 00 00 00 01 ]

Matched filters :

Direction: IN:

Direction: OUT:

View solution in original post

4 Replies 4

Go to solution
Mitsuhiro Nakamura
Cisco Employee
Cisco Employee

‎09-25-2012 12:46 AM

How does metadata recognize the flow of WebEX?

Any comments would be really appreciated

Regards,

Mitsuhiro

0 Helpful

Go to solution
Eric Yu
Level 1
Level 1

‎09-26-2012 11:06 AM

Hi Mitsuhiro,

Please let me paraphrase your question just so I can understand the inquiry. 

"How do metadata consumers recognize a webex flow?"

On one hand Metadata consumers are network devices that can uses metadata attributes for a purpose; for example CP3L can be used build a QoS policy against learned Metadata attriburtes. In this example, class maps can be configured to match on an application's metadata attributes.

On the other hand, when there are consumers there will be producers. In flow metadata's case,  an example producers would be webex client with MSI. The metadata flow enabled webex endpoint announces a metadata signaling message that carries  information such as the flow's 5-tuple information and other descriptive flow attributes. In this example, the webex metadata producer  will announce into the network metadata attributes of the webex session.

regards,

Eric

0 Helpful

Go to solution
Eric Yu
Level 1
Level 1

‎09-26-2012 11:18 AM

Hi Mitsuro,

Webex session thru a proxy server on a specific port number does not affect the metadata attributes of the webex flow. Metadata flow signaling messages that carry metadata attributes are transported with IP protocol 46. To ensure end to end propagation of the application metadata attributes, IP protocol 46 packets must be permited.

regards,

Eric

0 Helpful

Go to solution
aakhter
Cisco Employee
Cisco Employee

‎09-27-2012 01:41 PM

Hi Mitsuhiro,

If a proxy server is in the path between the WebEx meeting client and the WebEx Data Center. The flows between the client and proxy server will be represented by flow metadata. From the proxy server to the WebEx data center the flows will not be represented by flow metadata. For proxy traversal there would need to be integration within the proxy (think of something similar to a metadata ALG) for metadata.

[PC]-------[proxy]-----Internet----[WebEx DC]

[PC] to [proxy] will be covered for metadata.

[proxy] to [WebEx DC] is currently not covered by metadata.

In a non-proxy situation (eg. the video flow below), the metadata coverage would be between the [PC] and up to the NAT/FW.

In the example below, the proxy server is 10.81.74.42 port 9090. The client is 10.4.9.12. There are 4 flows that are represented (control, data, data and video). The video traffic is UDP traffic and directly going to the Internet without going via a proxy. In other instances the video flow itself might have gone via the proxy server.

====

3009R1-BB0206#show metadata flow table

Flow To             From           Protocol DPort SPort Ingress Egress SSRC

7     10.81.74.42     10.4.9.12       TCP     9090 38319 Gi1/0   Gi0/1   0

5     10.81.74.42     10.4.9.12       TCP     9090 38313 Gi1/0   Gi0/1   0

6     10.81.74.42     10.4.9.12       TCP     9090 38315 Gi1/0   Gi0/1   0

8     64.68.119.235   10.4.9.12       UDP     9000 63300 Gi1/0   Gi0/1   0

3009R1-BB0206#show metadata flow local-flow-id 5

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38313   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 6

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38315   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 7

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38319   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   control

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - control

Unknown Identifier (147)   : [ 00 00 00 0A ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Unknown Identifier (149)   : [ 00 00 00 0A ]

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 8

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

64.68.119.235   10.4.9.12       UDP     63300   9000   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   voice-video-chat-collaboration

Application Device Class   :   desktop-conferencing

Application Media Type     :   video

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - video

Unknown Identifier (147)   : [ 00 00 00 05 ]

Unknown Identifier (148)   : [ 00 00 00 02 ]

Unknown Identifier (150)   : [ 00 00 00 01 ]

Matched filters :

Direction: IN:

Direction: OUT:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card