Solved: Assurance - Application Health

lazuardinurfaiz1503 · ‎09-17-2020

Hi all.

I have a Cisco DNA Center running version 1.3.1.5, also a couple of Nexus 9500 as Server Farm Switch running version 7.0(3)I7(6), Catalyst 9407 as Access Switch running version 16.9.4, and Catalyst 9500 as Core Switch running version 16.9.3. I've enable Telemetry with Maximal Visibility on Core and Access Switch and Optimal Visibility on Server Farm Switch.

My goal is to enable Application Health on Assurance section.

Is there any step that I missed? Thank you.

BCCLTGIT30081 · ‎09-20-2020

1) "Lan" keyword mentioned in router and core switch interface description

I have configured LAN key word on router interface facing core switch.Between router and core switch, there is a edge switch. Should I configure LAN keyword as well on those edge switch?

**** the interface must have a L3 IP address between Router and Edge (as in your case) with "lan" keyword

2) IPDT is enabled on all access interface whose application visibility is needed.

I am not clear on this point. Should I enable IPDT on Server Farm Switch on port facing to server?

when access device is discovered in DNAC, it implies IPDT on all access ports (though due to bug may not be applied on stack having more than 3 switches). below are commands which got pushed by DNAC while device is discovered for IPDT.

device-tracking tracking
!
device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable

On access Interface:

device-tracking attach-policy IPDT_MAX_10

3) Below commands will be automatically pushed by DNAC on router, if not pushed automatically just disable the router telemetry and enable it again. get the device resync with DNAC.

I am not seeing those commands on my router yet. I did what you told me, and it still not shown.

***** though it must work but if not pushed than you can manually also add below commands:

performance monitor context tesseract profile application-performance
exporter destination <DNAC VIP> source <preferably loopback> transport udp port 6007
traffic-monitor application-client-server-stats
traffic-monitor application-response-time
traffic-monitor media

ON interface apply traffic monitor

performance monitor context tesseract

View solution in original post

BCCLTGIT30081 · ‎09-17-2020

Please ensure "lan" keyword is there in description of the interface & make sure that Apexk9 license is installed on on the router.

BCCLTGIT30081 · ‎09-17-2020

Note: application visibility is not supported on Switch till now

lazuardinurfaiz1503 · ‎09-17-2020

All servers is connected to a Server Farm Switch. The gateway for the servers is not in a router. I have a WAN router with L3 connectivity to the Server / Server Farm Switch. Will it gonna work? The router has the appxk9 license activated.

BCCLTGIT30081 · ‎09-20-2020

Yes the application visibility will be captured from router as entire traffic is being passed from router to core switch.

please ensure following points:

1) "Lan" keyword mentioned in router and core switch interface description

2) IPDT is enabled on all access interface whose application visibility is needed.

3) Below commands will be automatically pushed by DNAC on router, if not pushed automatically just disable the router telemetry and enable it again. get the device resync with DNAC.

performance monitor context tesseract profile application-performance
exporter destination <DNAC VIP Address> source <preferably loopback> transport udp port 6007
traffic-monitor application-client-server-stats
traffic-monitor application-response-time
traffic-monitor media

below command will be pushed by DNAC on Router's LAN interface:

performance monitor context tesseract

lazuardinurfaiz1503 · ‎09-20-2020

1) "Lan" keyword mentioned in router and core switch interface description

I have configured LAN key word on router interface facing core switch.
Between router and core switch, there is a edge switch. Should I configure LAN keyword as well on those edge switch?

2) IPDT is enabled on all access interface whose application visibility is needed.

I am not clear on this point. Should I enable IPDT on Server Farm Switch on port facing to server?

3) Below commands will be automatically pushed by DNAC on router, if not pushed automatically just disable the router telemetry and enable it again. get the device resync with DNAC.

I am not seeing those commands on my router yet. I did what you told me, and it still not shown.

BCCLTGIT30081 · ‎09-20-2020

1) "Lan" keyword mentioned in router and core switch interface description

I have configured LAN key word on router interface facing core switch.Between router and core switch, there is a edge switch. Should I configure LAN keyword as well on those edge switch?

**** the interface must have a L3 IP address between Router and Edge (as in your case) with "lan" keyword

2) IPDT is enabled on all access interface whose application visibility is needed.

I am not clear on this point. Should I enable IPDT on Server Farm Switch on port facing to server?

when access device is discovered in DNAC, it implies IPDT on all access ports (though due to bug may not be applied on stack having more than 3 switches). below are commands which got pushed by DNAC while device is discovered for IPDT.

device-tracking tracking
!
device-tracking policy IPDT_MAX_10
limit address-count 10
no protocol udp
tracking enable

On access Interface:

device-tracking attach-policy IPDT_MAX_10

3) Below commands will be automatically pushed by DNAC on router, if not pushed automatically just disable the router telemetry and enable it again. get the device resync with DNAC.

I am not seeing those commands on my router yet. I did what you told me, and it still not shown.

***** though it must work but if not pushed than you can manually also add below commands:

performance monitor context tesseract profile application-performance
exporter destination <DNAC VIP> source <preferably loopback> transport udp port 6007
traffic-monitor application-client-server-stats
traffic-monitor application-response-time
traffic-monitor media

ON interface apply traffic monitor

performance monitor context tesseract

lazuardinurfaiz1503 · ‎09-22-2020

1) Let met get this clear. So this is my topology :

WAN Router Gi0/0/0 - Edge Switch Gi0/0/1 - Po1 (Te1/1/1 Te1/1/2) - Core Switch Po1 (Te1/1/1 Te1/1/2 ) - Po2 (Te1/1/3 Te1/1/4 ) - Server Farm Switch Po2 (Te1/1/3 Te1/1/4) - Te2/0/1 - Server

I have to put LAN keyword on all of those interface?

2) I saw those IPDT configuration on my LAN switch (Catalyst 9500) , but none on my Server Farm Switch (Nexus 9500). Is it right?

3) I ended up manually configure these on my router.

performance monitor context tesseract profile application-performance
exporter destination <DNAC VIP> source <preferably loopback> transport udp port 6007
traffic-monitor application-client-server-stats
traffic-monitor application-response-time
traffic-monitor media

ON interface apply traffic monitor

performance monitor context tesseract

I still not able to get data on my Application Health dashboard.

BCCLTGIT30081 · ‎09-20-2020

If still not worked, plz confirm