Analyzing ART using NetFlow Analyzer

NetFlow Analyzer | February 27, 2014 | 3 min read

Network administrators evaluate an application’s performance by measuring response time, round trip time, packet loss, and delay. However, this method poses certain limitations because you can monitor only the applications, servers, and network devices within the hosted network boundary. And, if the applications are hosted in the cloud, monitoring is almost impossible.

When users complain of delayed response from applications hosted in the cloud, the actual delay could be due to the application, client network, server network, transaction, or response time. Therefore, tracking the actual reason could be a cumbersome, time-consuming, and tedious. In such scenarios, the network admin needs a powerful tool like Cisco Application Visibility and Control (AVC) that helps analyze these metrics in a jiffy!

Implementing AVC

AVC combines several technologies to help network admins quickly analyze and narrow down the bottlenecks. One of the technologies that AVC uses is application response time (ART).

Using ART, you can gauge the performance of thousands of applications on the network. The following scenario helps explain how this works. Company A has subscribed to various cloud services and primarily uses WebEx to host online web sessions, TelePresence for video conference, and Dropbox for online storage.

Let’s say there is a drop in the performance of WebEx and Telepresence. The company already runs on Cisco technology with the Cisco ISR g2 platform as its WAN router, the network administrator configures Cisco AVC ART on the Cisco ISR platform as follows:

flow exporter NFA


source GigabitEthernet0/0


transport udp 9996

export-protocol netflow-v9

template data timeout 60

option interface-table

option application-table

option application-attributes

option metadata-version-table



class-map match any NFA_ART

match any



flow record type mace NFA

collect ipv4 dscp

collect interface input

collect interface output

collect application name

collect counter client bytes

collect counter server bytes

collect counter client packets

collect counter server packets

collect art all



flow record type performance-monitor NFA_NBAR

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

match interface output

match flow direction

match application name

collect datalink dot1q vlan input

collect datalink dot1q vlan output

collect routing destination as

collect routing next-hop address ipv4

collect ipv4 dscp

collect ipv4 id

collect ipv4 source prefix

collect ipv4 source mask

collect ipv4 destination mask

collect transport tcp source-port

collect transport tcp destination-port

collect transport tcp flags

collect transport udp source-port

collect transport udp destination-port

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last



flow monitor type performance-monitor NFA

record NFA_NBAR

exporter NFA

cache timeout synchronized 60



flow monitor type mace NFA-ART

record NFA

exporter NFA



policy-map type performance-monitor NFA

class class-default

flow monitor NFA



policy-map type mace mace_global

class NFA_ART

flow monitor NFA_ART


Applying the monitor to interface and enabling MACE on the interface to collect ART metrics

interface GigabitEthernet0/0

ip address x.x.x.x

service-policy type performance-monitor input NFA

service-policy type performance-monitor output NFA

mace enable

Interpreting ART

To interpret ART metrics, the easiest option is to parse them using a NetFlow analysis tool such as Netflow Analyzer from ManageEngine. NetFlow Analyzer brings with it easy-to-use bandwidth monitoring software. In addition, NetFlow Analyzer supports Cisco AVC and can be deployed anywhere on the network to collect metrics and generate reports. Here are some of the ART reports that NetFlow Analyzer generates:

ARTResponse TimeNew ConnectionRetransmissionTransactionTrafficUsing these reports, a network admin can easily narrow down the problem. If the problem is on the client network, the admin might reinforce some strong QoS policies on the edge router to prioritize business-critical application traffic. And, if the delay is due to the application or server network, the cloud service provider may have to tweak the service.

Watch this space for more on application performance analysis. In the next blog, we’ll discuss  the benefits of another technology that’s part of Cisco AVC.

Supported IOS

Cisco ASR 1000 platform: IOS XE 3.4S or above

Cisco ISR G2 :  IOS Release 15M&T

You can download NetFlow Analyzer version which supports Cisco AVC from here.

Interested in evaluating the Cisco AVC reporting available in NetFlow Analyzer. Get in touch with NetFlow Analyzer TAC by sending an email to