The drive for QoS has become very strong in recent years because of evolving needs for enterprises to carry different types of services including voice, video, streaming music, web pages and email on a single link. One of the most complex tasks of a network architect is to design a robust network and also ensure the quality of end to end applications delivered across branch locations and data centers.

Quality of Service refers to the ability to provide better treatment for some applications over other services in the network. The primary goal of implementing QoS in business critical networks includes priority routing for critical applications through dedicated bandwidth, controlling jitter and latency. Now a day’s most of the enterprises rely on the service provider network for their day to day branch office transactions.

Typically, networks operate on the basis of best-effort delivery, in which all traffic has an equal priority and an equal chance of being delivered. When congestion results, all traffic have an equal chance of being dropped. QoS selects network traffic, prioritizes it according to its relative importance and uses congestion avoidance to provide priority-indexed treatment. Configuring QoS can also limit the bandwidth used by non critical network traffic and so makes network performance more predictable and bandwidth utilization much more effective.

Configuring and validating quality of service involve four steps.

A.    Application discovery and grouping

B.    Implementing Quality of Service (QoS)

C.    Verification of QoS treatment for interested traffic

D.    Validating QoS configuration for application performance

This blog focuses on application discovery and grouping of similar type of applications.

Application discovery and grouping:

To apply QoS policies, it is very important to identify applications that are competing for bandwidth. NetFlow and NBAR is an excellent data source to identify most of the applications. NetFlow exports consist of port and protocol information which can be mapped to a well known application conversation. Cisco embeds NBAR (Network Based Application Recognition) engine that can identify traffic up to the application layer. It is extremely useful in identifying peer-to-peer applications.

ManageEngine NetFlow Analyzer is a unique blend of NetFlow and NBAR technologies. In addition to static NetFlow based port and protocol application detection, it also supports NBAR to identify most of the peer-to-peer applications.

Application identified through NetFlow data export

Application identified through NetFlow data export

NetFlow port and protocol based application detection:

NetFlow Analyzer maintains the port and protocol mapping for more than 1500 applications for application classification. Additionally it is also possible to map new applications that are running on particular IP address/range or a range of ports.  These applications can be grouped into single application. For example, the user can classify all the database applications like Oracle, MySql, MS-Sql in to one group called the database group.

Application distribution graph over time

Application distribution graph over time

NBAR (Network Based Application Recognition)

Intelligent application classification by examining the data payload helps ensure the network bandwidth is used efficiently by working with QoS feature. Unlike NetFlow, which relies on port & protocol for application categorization, NBAR approach is useful in dealing with malicious software using known ports to fake being “priority traffic”, as well as non-standard applications using non-determinant ports. The biggest advantage in using NetFlow Analyzer is that the user can enable NBAR on the fly from the web GUI for instant visibility and can it turn off at peak times to save CPU cycles for routing.NBAR is supported in most Cisco switches and routers and values are retrieved through SNMP. It is possible to identify applications like Kazaa, Edonkey and Skype, which use dynamic ports to transfer data. NBAR does deep packet inspection of traffic to identify these applications which normally cannot be identified with NetFlow and reports on the bandwidth they occupied.

Based on the results, we can group applications under various categories. The grouping can be done as delay sensitive applications like voice or real time video in one category, applications that use high bandwidth in another and those that are tolerant to packet loss or delay can be considered as another group. In the next blog, we will discuss about implementing QoS policies for these groups of applications based on their business criticality and priority.

Raj

ManageEngine NetFlow Analyzer