Cisco Performance Monitor: Maximizing Network Efficiency

Cisco Performance Monitor is a network monitoring tool that enables users to monitor the flow of packets in their network and become aware of any issues that might impact the flow before it starts to significantly impact the performance of the application in question. Performance monitoring is especially important for video traffic because high-quality interactive video traffic is highly sensitive to network issues. Even minor issues that may not affect other applications can have dramatic effects on video quality.

Cisco Performance Monitor uses similar software components and commands as Cisco NetFlow and Cisco Flexible NetFlow. It provides statistics on packets flowing through a router and is the standard for acquiring IP operational data from IP networks. It provides data to support network and security monitoring, network planning, traffic analysis, and IP accounting.

The configuration for Cisco Performance Monitor involves the following steps:

- Configuring Flow Exporter

- Configuring Flow Record

- Configuring Flow Monitor

- Creating Policy for performance monitor

- Attaching the policy to monitored interfaces

How to configure Cisco Performance Monitor

Cisco Performance Monitor is an extension of Flexible NetFlow (FNF) that allows you to monitor the flow of packets in your network and become aware of any issues that might impact the flow before it starts to significantly impact the performance of the application in question. Performance monitoring is especially important for video traffic because high-quality interactive video traffic is highly sensitive to network issues.

To configure Cisco Performance Monitor, you need the following items:

• Flow record: This is where you configure the metrics that you want to collect. The command syntax is: `flow record type performance-monitor record-name`.
• Flow exporter: This is where you configure the server that you want to export your metrics to. The command syntax is: `flow exporter exporter-name`.
• Flow monitor: This is where you link the flow record and flow exporter together. The command syntax is: `flow monitor type performance-monitor monitor-name`.
• Class-map: This is used to define what traffic you want to monitor. The command syntax is: `class-map class-name`.
• Policy-map: This is where you add all your class maps. The command syntax is: `policy-map type performance-monitor policy-name`.
• Interface: The policy-map is added to the interface. You can choose between inbound, outbound, or both directions. The command syntax is: `service-policy type performance-monitor {input | output} policy-name`.

Flow record type performance-monitor FLOW_RECORD_TCP

Match ipv4 protocol

Match ipv4 source address

Match ipv4 source prefix

Match ipv4 destination address

Match ipv4 destination prefix

Match transport source-port

Match transport destination-port

Collect routing forwarding-status

Collect ipv4 dscp

Collect ipv4 ttl

Collect ipv4 source mask

Collect ipv4 destination mask

Collect transport round-trip-time

Collect transport event packet-loss counter

Collect interface input

Collect interface output

Collect counter bytes

Collect counter packets

Collect counter bytes rate

Collect timestamp interval

Collect application media bytes counter

Collect application media packets rate

Collect application media event

Collect monitor event

Flow exporter NETFLOW_SERVER

Destination 192.168.2.200

Source GigabitEthernet 0/1

Transport udp 2055

Template data timeout 60

Flow monitor type performance-monitor FLOW_MONITOR_RTP

Record FLOW_RECORD_RTP

Exporter NETFLOW_SERVER

Flow monitor type performance-monitor FLOW_MONITOR_TCP

Record FLOW_RECORD_TCP

Export NETFLOW_SERVER

Class-map TCP

Match access-group name TCP_TRAFFIC

Class-map RTP

Match access-group name UDP_TRAFFIC

Policy-map type performance-monitor PERFORMANCE_MONITOR

Class TCP

Flow monitor FLOW_MONITOR_TCP

Class RTP

Flow monitor FLOW_MONITOR_RTP

Interface GigabitEthernet 0/2

Service-policy type performance-monitor input PERFORMANCE_MONITOR

Service-policy type performance-monitor output PERFORMANCE_MONITOR

There are two ways to configure Performance Monitor:

• Manual: You configure all the items mentioned above yourself.
• Easy Performance Monitor (ezPM): This is a simplified configuration that only requires a few commands. It includes Cisco-validated records, monitors, class-maps, policy-maps, etc.

Cisco Performance Monitor components

Cisco Performance Monitor is an extension of Flexible NetFlow (FNF) and enables you to monitor the flow of packets in your network and become aware of any issues that might impact the flow before it starts to significantly impact the performance of the application in question. Performance monitoring is especially important for video traffic because high-quality interactive video traffic is highly sensitive to network issues.

The configuration of Cisco Performance Monitor involves the following components:

Flow Exporter

The flow exporter defines the destination to which NetFlow packets are exported.

Flow Record

Here, you define records that correspond to Performance and regular Flexible NetFlow fields.

Flow Monitor

A flow monitor caches all the traffic passing through the applied interface, and the flow exporter will export all the traffic as UDP datagrams to the NetFlow server.

Flow Class

A class specifies the filter that determines which flow traffic to monitor.

Policy

The policy creation for Performance Monitor involves specifying the flow monitor, the metrics to monitor, and the parameters for the flow monitor.

Attaching the Policy to the Monitored Interface

The created policy is then attached to an interface for performance monitoring.

Cisco Performance Monitor data monitoring

Cisco Performance Monitor is an extension of Flexible NetFlow (FNF) that enables you to monitor the flow of packets in your network and become aware of any issues that might impact the flow before it starts to significantly impact the performance of the application in question. Performance monitoring is especially important for video traffic because high-quality interactive video traffic is highly sensitive to network issues.

Cisco Performance Monitor uses similar software components and commands as Cisco NetFlow and Cisco Flexible NetFlow, so familiarity with these products will help you to understand how to configure Cisco Performance Monitor.

To configure Cisco Performance Monitor, you need to configure the following:

• Flow record: This is where you specify the metrics that you want to collect.
• Flow exporter: This is where you specify the server that you want to export your metrics to.
• Flow monitor: This is where you link the flow record and flow exporter together.
• Class-map: This is where you define what traffic you want to monitor.
• Policy-map: This is where you add all of your class maps.
• Interface: The policy-map is added to the interface. You can choose between inbound, outbound, or both directions.

• Flow record: Use the "flow record type performance-monitor" command to specify the metrics that you want to collect. You can collect various metrics such as IPv4 source and destination addresses, transport source and destination ports, routing forwarding status, IPv4 DSCP, IPv4 TTL, transport round-trip time, transport event packet-loss counter, interface input and output, counter bytes and packets, application media bytes and packets, etc.
• Flow exporter: Use the "flow exporter" command to specify the server that you want to export your metrics to. You need to specify the destination, source interface, transport protocol, and template data timeout.
• Flow monitor: Use the "flow monitor type performance-monitor" command to link the flow record and flow exporter together. You need to specify the flow record and flow exporter that you configured in the previous steps.
• Class-map: Use the "class-map" command to define what traffic you want to monitor. You can use access lists and match criteria to specify the traffic.
• Policy-map: Use the "policy-map type performance-monitor" command to add all of your class maps. You need to specify the class, flow monitor, and monitor parameters.
• Interface: Use the "service-policy type performance-monitor" command to apply the policy-map to the interface. You can choose between input, output, or both directions.

You can also use Easy Performance Monitor (ezPM), which is a simplified configuration that only requires a few commands. ezPM includes Cisco-validated records, monitors, class-maps, policy-maps, etc.

Cisco Performance Monitor limitations

Cisco Performance Monitor has some limitations on the Catalyst 6000 platform. These include:

Limitations on the types of interfaces that can be monitored. The tables below show which types of interfaces are supported for ingress and egress monitoring on the Catalyst 6500 platform.

Table 1: Support for Ingress Interfaces

• Layer 3 Sub-interface (a)
• Layer 3 port channels
• Layer 3 port-channel sub-interface (a)
• Partial (see the third bullet below)
• Layer 2 Physical (Switched) Ports
• Layer 2 Port-channels

Table 2: Support for Egress Interfaces

• Layer 3 Sub-interface (a)
• Layer 3 port channels
• Layer 3 port-channel sub-interface (a)
• Layer 2 Physical (Switched) Ports
• Layer 2 Port-channels
• Performance monitoring on VRFs is not supported.
• Performance monitoring of multicast flows is supported only on the ingress direction.
• Routed traffic from a trunk port on a VLAN interface cannot be monitored because the source VLAN interface for the traffic cannot be identified.
• Performance monitoring policies on the egress of a VLAN interface will not monitor traffic getting bridged within the VLAN due to hardware limitations.
• Cloned packets from egress policies can only be software rate-limited, resulting in high interrupt CPU usage when many flows are being monitored.
• Egress performance monitoring introduces several microseconds of additional latency to the frame switching.
• Performance monitoring is not supported for packets switched using the Fast (CEF) Path.
• Lawful intercept and performance monitoring use the same mechanism for cloning packets, and the Lawful Intercept feature takes precedence. Therefore, performance monitoring does not function when the Lawful Intercept feature is enabled.
• Performance monitoring uses the same mechanism as other features, such as Optimized ACL logging, VACL Capture, IPv6 Copy, etc. The feature that is enabled first takes precedence, and the others are blocked from being configured.
• When reacts (including media-stop) are configured under a performance monitoring policy, and the traffic is unstable, syslog messages are logged into the buffer and not printed on the console screen.

Cisco Performance Monitor also has the following restrictions:

On Cisco ASR 1000 Series Aggregation Services Routers, you can configure only 30 fields in a flow record.

Cisco Performance Monitor troubleshooting

Troubleshooting Cisco Performance Monitor involves a series of steps that can be taken to ensure that the monitor is collecting data.

Firstly, the user should check the configuration and status of the flow exporter using the command:

Show flow exporter

Next, the user should check the configuration and status of the flow record using the command:

Show flow record type performance-monitor

The user should then check the configuration and status of the flow monitor using the commands:

Show flow monitor type performance-monitor

Show running-config flow monitor

The user should then check the configuration and status of the flow class using the command:

Show policy-map type performance-monitor or show class-map

The user should then check the configuration and status of the flow policy using the command:

Show policy-map type performance-monitor

Finally, the user should check the configuration and status of the service policy using the commands:

Show performance monitor history

Show performance monitor status

Show policy-map ypre performance-monitor interface

If the user has followed the above steps and is still unable to verify that the Cisco Performance Monitor is collecting data, they should complete the following steps:

The interface to which the user applied the input flow monitor must be receiving traffic that meets the criteria defined by the original flow record before the user can display the flows in the flow monitor cache.

The user should use the following command:

Show policy-map type performance-monitor [interface interface-name] [class class-name] [input | output]

The user should then use the following command:

Show performance monitor status [interface interface name [filter] | policy policy-map-name class class-map-name [filter]] | filter]

Where filter = {ip {source-addr source-prefix | any} {dst-addr dst-prefix | any} | {tcp | udp} {source-addr source-prefix | any} {[eq | lt | gt number | range min max | ssrc {ssrc-number | any} | {{dst-addr dst-prefix | any} eq | lt | gt number | range min max | ssrc {ssrc-number | any}}

Finally, the user should use the following command:

Show performance monitor history [interval {all | number [start number]] | interface interface name [filter] | policy policy-map-name class class-map-name [filter]] | filter]

Where filter = {ip {source-addr source-prefix | any} {dst-addr dst-prefix | any} | {tcp | udp} {source-addr source-prefix | any} {[eq | lt | gt number | range min max | ssrc {ssrc-number | any} | {{dst-addr dst-prefix | any} eq | lt | gt number | range min max | ssrc {ssrc-number | any}}

Frequently asked questions