cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6309
Views
5
Helpful
4
Replies

Flow Metadata for WebEX via proxy

Mitsuhiro Nakamura
Cisco Employee
Cisco Employee

Hi,

My customer is using WebEX meeting center via proxy server.

Therefore, destination port number of WebEX packet is 8080.

In this case, Is this packet discriminable by flow metadata?

Regards,

Mitsuhiro

1 Accepted Solution

Accepted Solutions

aakhter
Cisco Employee
Cisco Employee

Hi Mitsuhiro,

If a proxy server is in the path between the WebEx meeting client and the WebEx Data Center. The flows between the client and proxy server will be represented by flow metadata. From the proxy server to the WebEx data center the flows will not be represented by flow metadata. For proxy traversal there would need to be integration within the proxy (think of something similar to a metadata ALG) for metadata.

[PC]-------[proxy]-----Internet----[WebEx DC]

[PC] to [proxy] will be covered for metadata.

[proxy] to [WebEx DC] is currently not covered by metadata.

In a non-proxy situation (eg. the video flow below), the metadata coverage would be between the [PC] and up to the NAT/FW.

In the example below, the proxy server is 10.81.74.42 port 9090. The client is 10.4.9.12. There are 4 flows that are represented (control, data, data and video). The video traffic is UDP traffic and directly going to the Internet without going via a proxy. In other instances the video flow itself might have gone via the proxy server.

====

3009R1-BB0206#show metadata flow table

Flow To             From           Protocol DPort SPort Ingress Egress SSRC

7     10.81.74.42     10.4.9.12       TCP     9090 38319 Gi1/0   Gi0/1   0

5     10.81.74.42     10.4.9.12       TCP     9090 38313 Gi1/0   Gi0/1   0

6     10.81.74.42     10.4.9.12       TCP     9090 38315 Gi1/0   Gi0/1   0

8     64.68.119.235   10.4.9.12       UDP     9000 63300 Gi1/0   Gi0/1   0

3009R1-BB0206#show metadata flow local-flow-id 5

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38313   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 6

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38315   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 7

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38319   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   control

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - control

Unknown Identifier (147)   : [ 00 00 00 0A ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Unknown Identifier (149)   : [ 00 00 00 0A ]

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 8

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

64.68.119.235   10.4.9.12       UDP     63300   9000   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   voice-video-chat-collaboration

Application Device Class   :   desktop-conferencing

Application Media Type     :   video

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - video

Unknown Identifier (147)   : [ 00 00 00 05 ]

Unknown Identifier (148)   : [ 00 00 00 02 ]

Unknown Identifier (150)   : [ 00 00 00 01 ]

Matched filters :

Direction: IN:

Direction: OUT:

View solution in original post

4 Replies 4

Mitsuhiro Nakamura
Cisco Employee
Cisco Employee

How does metadata recognize the flow of WebEX?

Any comments would be really appreciated

Regards,

Mitsuhiro

Eric Yu
Level 1
Level 1

Hi Mitsuhiro,

Please let me paraphrase your question just so I can understand the inquiry. 

"How do metadata consumers recognize a webex flow?"

On one hand Metadata consumers are network devices that can uses metadata attributes for a purpose; for example CP3L can be used build a QoS policy against learned Metadata attriburtes. In this example, class maps can be configured to match on an application's metadata attributes.

On the other hand, when there are consumers there will be producers. In flow metadata's case,  an example producers would be webex client with MSI. The metadata flow enabled webex endpoint announces a metadata signaling message that carries  information such as the flow's 5-tuple information and other descriptive flow attributes. In this example, the webex metadata producer  will announce into the network metadata attributes of the webex session.

regards,

Eric

Eric Yu
Level 1
Level 1

Hi Mitsuro,

Webex session thru a proxy server on a specific port number does not affect the metadata attributes of the webex flow. Metadata flow signaling messages that carry metadata attributes are transported with IP protocol 46. To ensure end to end propagation of the application metadata attributes, IP protocol 46 packets must be permited.

regards,

Eric

aakhter
Cisco Employee
Cisco Employee

Hi Mitsuhiro,

If a proxy server is in the path between the WebEx meeting client and the WebEx Data Center. The flows between the client and proxy server will be represented by flow metadata. From the proxy server to the WebEx data center the flows will not be represented by flow metadata. For proxy traversal there would need to be integration within the proxy (think of something similar to a metadata ALG) for metadata.

[PC]-------[proxy]-----Internet----[WebEx DC]

[PC] to [proxy] will be covered for metadata.

[proxy] to [WebEx DC] is currently not covered by metadata.

In a non-proxy situation (eg. the video flow below), the metadata coverage would be between the [PC] and up to the NAT/FW.

In the example below, the proxy server is 10.81.74.42 port 9090. The client is 10.4.9.12. There are 4 flows that are represented (control, data, data and video). The video traffic is UDP traffic and directly going to the Internet without going via a proxy. In other instances the video flow itself might have gone via the proxy server.

====

3009R1-BB0206#show metadata flow table

Flow To             From           Protocol DPort SPort Ingress Egress SSRC

7     10.81.74.42     10.4.9.12       TCP     9090 38319 Gi1/0   Gi0/1   0

5     10.81.74.42     10.4.9.12       TCP     9090 38313 Gi1/0   Gi0/1   0

6     10.81.74.42     10.4.9.12       TCP     9090 38315 Gi1/0   Gi0/1   0

8     64.68.119.235   10.4.9.12       UDP     9000 63300 Gi1/0   Gi0/1   0

3009R1-BB0206#show metadata flow local-flow-id 5

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38313   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 6

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38315   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Group           :   webex-group

Application Vendor         :   Cisco Systems, Inc.

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   data

Unknown Identifier (147)   : [ 00 00 00 06 ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Application Name           :   webex-meeting

Application Version         :   T27

End Point Model             :   webex-meeting client - data

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 7

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

10.81.74.42     10.4.9.12       TCP     38319   9090   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   control-and-signaling

Application Device Class   :   desktop-conferencing

Application Media Type     :   control

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - control

Unknown Identifier (147)   : [ 00 00 00 0A ]

Unknown Identifier (148)   : [ 00 00 00 06 ]

Unknown Identifier (150)   : [ 00 00 00 02 ]

Unknown Identifier (149)   : [ 00 00 00 0A ]

Matched filters :

Direction: IN:

Direction: OUT:

3009R1-BB0206#show metadata flow local-flow-id 8

To             From           Protocol SPort   DPort   Ingress I/F             Egress I/F    

64.68.119.235   10.4.9.12       UDP     63300   9000   GigabitEthernet1/0       GigabitEthernet0/1

Metadata Attributes :

Application Tag             :   414 ()

Application Name           :   webex-meeting

Application Group           :   webex-group

Application Category       :   voice-video

Application Sub Category   :   voice-video-chat-collaboration

Application Device Class   :   desktop-conferencing

Application Media Type     :   video

Application Vendor         :   Cisco Systems, Inc.

Application Version         :   t27

End Point Model             :   webex-meeting client - video

Unknown Identifier (147)   : [ 00 00 00 05 ]

Unknown Identifier (148)   : [ 00 00 00 02 ]

Unknown Identifier (150)   : [ 00 00 00 01 ]

Matched filters :

Direction: IN:

Direction: OUT:

Review Cisco Networking for a $25 gift card