はじめに
この記事はシスコの有志による Cisco Systems Japan Advent Calendar 2022 (一枚目) の 4日目として投稿しています。
2017年版: https://qiita.com/advent-calendar/2017/cisco
2018年版: https://qiita.com/advent-calendar/2018/cisco
2019年版: https://qiita.com/advent-calendar/2019/cisco
2020年版: https://qiita.com/advent-calendar/2020/cisco
2020年版(2枚目): https://qiita.com/advent-calendar/2020/cisco2
2021年版: https://qiita.com/advent-calendar/2021/cisco
2021年版(2枚目): https://qiita.com/advent-calendar/2021/cisco2
2022年版(1,2): https://qiita.com/advent-calendar/2022/cisco
今年も有志50名ですね!すごい!
1. これはなに?
- IOS XE CLIからメータリング項目を眺めて妄想(=ネットワークのビッグデータなのです)
- ネットワークは宝の山なんだよ、とそれっぽいことを言うネタ
- Ciscoのスイッチやルーターってこんなの入ってるんだ、というトリビア的な話題
- Cisco DNA CenterやMerakiの裏側でも使われているという確認
- LANやWANから多くのデータを取り出してもっともっと活用できる可能性がある、という話
1.1 背景
- クラウド活用が当たり前になり、キャンパスLANやWAN、SASEなどを組み合わせて企業ネットワークのあり方も相当変わってきたと思います。
- 帯域幅や切替速度といったネットワーク接続性の要件に加えて、アプリケーションの可視化や体感品質の把握、利用者や端末の動き、そこから得られる気づき(インサイト)といった要素に重点が移ってきました。
- 利用者や利用端末の動きから得られるデータを活用したセキュリティの強化やマネタイズ(デジタルマーケティングなど)に繋がる事例が増えています。
- ネットワークの”ビッグデータ”をどう活用するか?ここにもAI活用の可能性があります。
- いわゆるモノやヒトに関するデータは「お宝」なのですが、特にモノやヒトに近いところ(=ネットワークアクセスまたはエッジ)で取得できる機能とその実装をいくつか見ていきたいと思います。
- ネットワーク技術者はもちろん、アプリケーション開発者の方にとっては特に、ネットワークから様々な情報が取り出せる可能性があることを知っていただきたいと思います。
1.2 ネットワークエッジ装置からのエクスポート(出力)
- 元々ネットワーク可視化のデファクトとして使われてきた NetFlow version 5 では、装置での測定(メータリング)と外部への出力(エクスポート)の両方を意味しました。
- ここには問題があり、メータリングは、装置の機能や能力といった固有の内容であるのに対し、エクスポートは、外部コレクターとやり取りをするための標準手順である(または仕様が公開されている)ことが求められるという点です。
- フローを識別する要素(タプル)も、7タプルとか5タプルとか一般的に言われますが、MACアドレスやVlanによってフローを識別したい人もいます。
- したがって、現在主流である NetFlow version9 または、IPFIX (NetFlow version10ともよばれます)では、完全にメータリングとエクスポートを分離し、プロトコルとしてはエクスポート メカニズムに特化することで、デファクトスタンダード、そして完全な標準化に成功しました(RFC7011, 7012, 7013など)。
- 現在は、オープンソースのものや商用製品など、多岐にわたる NetFlow コレクターが存在します。
1.3 ネットワークエッジ装置でのメータリング(測定)
- メータリングに焦点を当ててみましょう。すなわち、装置がどのような内容を計測・出力できるかどうか?
- シスコの実装では、切り離されたメータリング部分を自由にコンフィグでき、その適用箇所やネットワーク用途によって測定内容をチューニングできる機能を、Flexible NetFlow としてリリースしました(2010年頃)。
- 「Flexible NetFlowでメータリング項目を設定し、NetFlow v9 で送信する。」というのが正しい言い方となります。
- 「フロー」を識別するタプル要素も、コンフィグで決められるようになっています。
- 標準化やベンダー共通であるということに重点を置くと、エクスポートメカニズムの共通化が話題の中心になってしまうのですが、あえてこの記事ではメータリングにフォーカスしたいと思います。実に様々な内容が取得できる可能性が考えられた作りになっていることを伝えたいからです。
2. ネットワークエッジでのデータ測定の例
早速コマンドを見ていきます。
show flow exporter export-ids netflow-v9
show flow exporter export-ids ipfix
- NetFlow v9/IPFIX(エクスポートメカニズム)による送信可能な測定項目のID一覧を出力
- IOS的に測定項目対象として考慮されている内容を見て楽しむ(今回の趣旨)
IOSにコーディングされているだけで、装置/ハードウェアとして未サポートの項目も多々あるので注意
2.1 Catalyst 9300の場合
Catalyst 9300の出力を見てみましょう...こんなにあるの?(IOS XE 17.07.01)
Cat9300TMT3W#show flow exporter export-ids ipfix
Export IDs used by fields in IPFIX export format:
misc unsupported : 37027
datalink source-vlan-id : 58
datalink destination-vlan-id : 59
datalink encap-size : 242
datalink ethertype : 256
datalink length header : 240
datalink length payload : 241
datalink section header : 315
datalink vlan input : 58
datalink dot1q vlan input : 243
datalink dot1q vlan output : 254
datalink dot1q ce-vlan : 245
datalink dot1q priority : 244
datalink dot1q ce-priority : 246
datalink l2vpn metro vcid : 247
datalink l2vpn metro vctype : 248
datalink mac source address input : 56
datalink mac source address output : 81
datalink mac destination address input : 80
datalink mac destination address output : 57
ip version : 60
ip tos : 5
ip dscp : 195
ip precedence : 196
ip protocol : 4
ip ttl : 192
ip ttl minimum : 52
ip ttl maximum : 53
ip length header : 189
ip length payload : 204
ip length total : 224
ip length total minimum : 25
ip length total maximum : 26
ip fragmentation flags : 197
ip fragmentation offset : 88
ip fragmentation id : 54
ip section header : 313
ip section payload : 314
routing source as : 16
routing destination as : 17
routing source as peer : 129
routing destination as peer : 128
routing source as 4-octet : 16
routing destination as 4-octet : 17
routing source as peer 4-octet : 129
routing destination as peer 4-octet : 128
routing source traffic-index : 92
routing destination traffic-index : 93
routing forwarding-status : 89
routing is-multicast : 206
routing multicast replication-factor : 99
routing vrf input : 234
routing vrf name : 236
routing next-hop address ipv4 : 15
routing next-hop address ipv4 bgp : 18
routing next-hop address ipv6 : 62
routing next-hop address ipv6 bgp : 63
ipv4 header-length : 207
ipv4 total-length : 190
ipv4 source address : 8
ipv4 source prefix : 44
ipv4 source mask : 9
ipv4 destination address : 12
ipv4 destination prefix : 45
ipv4 destination mask : 13
ipv4 option map : 208
ipv6 flow-label : 31
ipv6 next-header : 193
ipv6 payload-length : 191
ipv6 extension map : 64
ipv6 source address : 27
ipv6 source prefix : 170
ipv6 source mask : 29
ipv6 destination address : 28
ipv6 destination prefix : 169
ipv6 destination mask : 30
transport source-port : 7
transport destination-port : 11
transport packets expected counter : 37014
transport packets expected counter long : 37014
transport packets expected counter permane : 37015
transport packets lost counter : 37019
transport packets lost counter long : 37019
transport packets lost counter permanent : 37020
transport packets lost rate : 37021
transport round-trip-time : 37016
transport event packet-loss counter : 37017
transport event packet-loss counter long : 37017
transport event packet-loss counter perman : 37018
transport rtp jitter mean : 37023
transport rtp jitter minimum : 37024
transport rtp jitter maximum : 37025
transport rtp ssrc : 37022
transport icmp ipv4 type : 176
transport icmp ipv4 code : 177
transport icmp ipv6 type : 178
transport icmp ipv6 code : 179
transport igmp type : 33
transport tcp source-port : 182
transport tcp destination-port : 183
transport tcp sequence-number : 184
transport tcp acknowledgement-number : 185
transport tcp header-length : 188
transport tcp window-size : 186
transport tcp urgent-pointer : 187
transport tcp flags : 6
transport tcp option map : 209
transport udp source-port : 180
transport udp destination-port : 181
transport udp message-length : 205
interface input snmp : 10
interface output snmp : 14
interface input snmp short : 10
interface output snmp short : 14
interface input physical snmp : 252
interface output physical snmp : 253
interface name short : 82
interface name long : 83
flow direction : 61
flow exporter : 144
flow sampler : 48
flow sampler algorithm export : 49
flow sampler interval : 50
flow sampler name : 84
flow class : 51
flow class export : 95
flow class name : 96
flow class description : 94
stats error absolute : 320
flow cts source group-tag : 34000
flow cts destination group-tag : 34001
counter flows : 3
counter bytes : 1
counter bytes long : 1
counter packets : 2
counter packets long : 2
counter bytes replicated : 20
counter bytes replicated long : 20
counter packets replicated : 19
counter packets replicated long : 19
counter bytes squared long : 198
counter bytes permanent : 85
counter packets permanent : 86
counter bytes replicated permanent : 175
counter packets replicated permanent : 174
counter bytes squared permanent : 199
counter bytes exported : 40
counter packets exported : 41
counter bytes rate : 37003
counter packets rate : 37002
counter flows exported : 42
counter packets dropped : 37000
counter packets dropped long : 37000
counter packets dropped permanent : 37001
timestamp sys-uptime first : 22
timestamp sys-uptime last : 21
timestamp interval : 37013
timestamp absolute first : 152
timestamp absolute last : 153
application id : 95
application name : 96
application description : 94
application media bytes counter : 37004
application media bytes counter long : 37004
application media bytes counter permanent : 37005
application media bytes rate : 37006
application media packets counter : 37007
application media packets counter long : 37007
application media packets counter permanen : 37008
application media packets rate : 37009
application media packets rate variation : 37010
application media event : 37011
monitor event : 37012
waas dre input : 36000
waas dre output : 36001
waas lz input : 36002
waas lz output : 36003
waas original bytes : 36004
waas optimised bytes : 36005
waas application : 36006
waas class : 36007
waas connection mode : 36008
art response time sum : 42071
art response time minimum : 42073
art response time maximum : 42072
art server response time sum : 42074
art server response time minimum : 42076
art server response time maximum : 42075
art network time sum : 42081
art network time minimum : 42083
art network time maximum : 42082
art client network time sum : 42084
art client network time minimum : 42086
art client network time maximum : 42085
art server network time sum : 42087
art server network time minimum : 42089
art server network time maximum : 42088
art total response time sum : 42077
art total response time minimum : 42079
art total response time maximum : 42078
art total transaction time sum : 42041
art total transaction time minimum : 42043
art total transaction time maximum : 42042
art count transactions : 42040
art server packets : 299
art server bytes : 232
art count retransmissions : 42036
art client packets : 298
art client bytes : 231
art count new connections : 42050
art count responses : 42060
art count late responses : 42068
waas bytes input : 36009
waas bytes output : 36010
waas optimization segment : 42020
art count responses histogram bucket1 : 42061
art count responses histogram bucket2 : 42062
art count responses histogram bucket3 : 42063
art count responses histogram bucket4 : 42064
art count responses histogram bucket5 : 42065
art count responses histogram bucket6 : 42066
art count responses histogram bucket7 : 42067
counter server bytes : 23
counter server packets : 24
datalink event : 43000
datalink event extended : 43002
flow end-reason : 136
connection initiator : 239
connection new-connections : 278
connection sum-duration : 279
connection transaction-id : 280
counter bytes rate per-flow : 37028
counter bytes rate per-flow min : 37029
counter bytes rate per-flow max : 37030
counter packets rate per-flow : 37031
counter packets rate per-flow min : 37032
counter packets rate per-flow max : 37033
application media bytes rate per-flow min : 37035
application media bytes rate per-flow max : 37036
application media packets rate variation m : 37038
application media packets rate variation m : 37039
transport rtp flow count : 37040
transport event packet-loss counter min : 37044
transport event packet-loss counter max : 37045
transport packets lost counter min : 37042
transport packets lost counter max : 37043
transport tcp flow count : 37049
transport round-trip-time min : 37052
transport round-trip-time max : 37053
transport round-trip-time sum : 37050
transport round-trip-time samples : 37051
application media bytes rate per-flow : 37034
transport rtp payload-type : 37041
transport packets lost rate min : 37047
transport packets lost rate max : 37048
flow active timeout : 36
flow end : 153
package id : 32775
access string : 32789
info string : 32790
link id : 32810
mos worst 100 : 42115
mos quality : 42123
mos total count : 42124
counter server bytes : 23
counter server packets : 24
flow class wide : 95
counter packets dropped permanent short : 37001
transport packets lost counter permanent s : 37020
transport round-trip-time sum short : 37050
transport packet loss : 65
transport unreachability : 66
tranport latency : 67
data points : 68
variance : 69
pfr br ipv4 address : 39000
pfr status : 39001
reason id : 39002
threshold : 39003
pfr priority : 39004
long-term round-trip-time : 39006
mos below : 39007
rsvp bw pool : 39008
flow left time : 39009
bw percentage : 39010
bw fee : 39011
transport source-port min : 39012
transport source-port max : 39013
transport destination-port min : 39014
transport destination-port max : 39015
application version : 105
application version name : 106
application vendor : 107
metadata global-session-id : 37054
metadata multi-party-session-id : 37055
metadata clock-rate : 37056
capacity : 39016
ingress bw : 39017
ingress bw long : 39017
max ingress bw : 39018
egress bw : 39019
egress bw long : 39019
max egress bw : 39020
ingress rollup bw : 39021
egress rollup bw : 39022
kth rollup bw : 39023
link group name : 39024
bgp community : 39025
bgp prepend : 39026
entrance downgrade : 39027
discard rollup count : 39028
l4r server ipv4 address : 44000
l4r server transport port : 44001
l4r server ipv6 address : 44002
l4r event : 44003
l4r event timestamp : 44004
flow id : 148
application category name : 45000
application sub category name : 45001
application group name : 45002
p2p technology : 288
tunnel technology : 289
encrypted technology : 290
server response time average : 37059
refused sessions : 37060
client network delay average : 37061
server network delay average : 37062
network delay average : 37063
application delay average : 37064
session time minimum : 37065
session time maximum : 37066
session time average : 37067
transaction time average : 37068
closed sessions : 37069
retransmitted packets : 37070
transport bytes out-of-order : 37071
client throughput average : 37072
unresponsive sessions : 37073
transport packets out-of-order : 37074
IPv4 source observation node : 37075
IPv4 destination observation node : 37076
IPv6 source observation node : 37077
IPv6 destination observation node : 37078
pfr one-way-delay sum : 37079
pfr one-way-delay samples : 37080
pfr one-way-delay : 37081
packet arrival timestamp : 37082
transport tcp window-size minimum : 37083
transport tcp window-size maximum : 37084
transport tcp window-size average : 37085
transport tcp maximum-segment-size : 37086
sub application tag : 97
sub application name : 109
sub application description : 110
datalink vlan output : 59
application http uri statistics : 42125
flow sampler hash digest-value : 326
c3pl class cce-id : 41001
c3pl class name : 41002
c3pl class type : 41003
c3pl policy cce-id : 41004
c3pl policy name : 41005
c3pl policy type : 41006
mpls label 1 ttl : 200
mpls label 1 exp : 203
mpls label 1 type : 46
mpls label 1 details : 70
mpls label 2 details : 71
mpls label 3 details : 72
mpls label 4 details : 73
mpls label 5 details : 74
mpls label 6 details : 75
time inter-packet-gap histogram : 42126
time inter-packet-gap histogram reverse : 42127
template parameter range end : 111
template identifier : 145
template element identifier : 303
transport tcp window-size sum : 37091
timestamp absolute monitoring-interval end : 360
transport rtp jitter mean sum : 37093
application media packets rate variation s : 37094
connection delay response to-server sum : 42071
connection delay response to-server min : 42073
connection delay response to-server max : 42072
connection server counter responses : 42060
connection delay response to-server histog : 42061
connection delay response to-server histog : 42062
connection delay response to-server histog : 42063
connection delay response to-server histog : 42064
connection delay response to-server histog : 42065
connection delay response to-server histog : 42066
connection delay response to-server histog : 42067
connection delay response to-server histog : 42068
connection delay network to-server sum : 42087
connection delay network to-server min : 42089
connection delay network to-server max : 42088
connection delay network to-client sum : 42084
connection delay network to-client min : 42086
connection delay network to-client max : 42085
connection client counter packets retransm : 42036
connection delay network client-to-server : 42081
connection delay network client-to-server : 42083
connection delay network client-to-server : 42082
connection delay application sum : 42074
connection delay application min : 42076
connection delay application max : 42075
connection delay response client-to-server : 42077
connection delay response client-to-server : 42079
connection delay response client-to-server : 42078
connection transaction duration sum : 42041
connection transaction duration min : 42043
connection transaction duration max : 42042
connection transaction counter complete : 42040
connection server counter bytes long : 232
connection server counter packets long : 299
connection client counter bytes long : 231
connection client counter packets long : 298
connection client ipv4 address : 45004
connection client transport port : 45008
connection client ipv6 address : 45006
connection server ipv4 address : 45005
connection server transport port : 45009
connection server ipv6 address : 45007
routing vrf output : 235
services waas segment : 42020
services waas passthrough-reason : 42021
policy qos classification hierarchy : 41000
policy performance-monitor classification : 41000
template enterprise number : 346
policy qos queue index : 42128
policy qos queue drops : 42129
counter bytes layer2 : 352
counter bytes layer2 long : 352
counter bytes layer2 permanent : 353
transport tcp option map long : 209
timestamp absolute monitoring-interval sta : 359
transport tcp window-size average sum : 37095
flow cts source group-tag name : 34002
connection id : 45010
application video resolution width last : 37500
application video resolution height last : 37501
application video frame rate : 37502
application video payload bitrate average : 37503
application video payload bitrate fluctuat : 37504
application video frame I counter frames : 37505
application video frame I counter packets : 37506
application video frame I counter bytes : 37507
application video frame STR counter frames : 37508
application video frame STR counter packet : 37509
application video frame STR counter bytes : 37510
application video frame LTR counter frames : 37511
application video frame LTR counter packet : 37512
application video frame LTR counter bytes : 37513
application video frame super-P counter fr : 37514
application video frame super-P counter pa : 37515
application video frame super-P counter by : 37516
application video frame NR counter frames : 37517
application video frame NR counter packets : 37518
application video frame NR counter bytes : 37519
application video frame I slice-quantizati : 37520
application video frame STR slice-quantiza : 37521
application video frame LTR slice-quantiza : 37522
application video frame super-P slice-quan : 37523
application video frame NR slice-quantizat : 37524
application video eMOS compression bitstre : 37525
application video eMOS compression network : 37526
application video frame I counter packets : 37527
application video frame STR counter packet : 37528
application video frame LTR counter packet : 37529
application video frame super-P counter pa : 37530
application video frame NR counter packets : 37531
application video frame percentage damaged : 37532
application video eMOS packet-loss bitstre : 37533
application video eMOS packet-loss network : 37534
application video scene-complexity : 37535
application video level-of-motion : 37536
transport rtp sequence-number : 37537
transport rtp sequence-number last : 37538
services pfr class-tag-id : 39029
services pfr mc-id : 39030
interface input type : 368
interface output type : 369
interface input fex-node-id : 41101
interface output fex-node-id : 41102
flow username : 371
interface power : 41103
monitor device-type : 41104
transport tcp maximum-segment-size : 37086
wireless ssid : 147
wireless ap mac address : 367
wireless client mac address : 365
wireless client ipv4 address : 366
ip dscp output : 98
pbhk mapped ipv4 address : 44005
pbhk mapped transport port : 44006
pbhk event : 44007
pbhk event timestamp : 44008
transport rtp jitter inter arrival sum : 37096
transport rtp jitter inter arrival samples : 37097
transport rtp jitter inter arrival mean : 37098
pfr site source id ipv4 : 37099
pfr site destination id ipv4 : 37100
transport bytes lost : 37101
transport bytes expected : 37102
transport bytes lost rate : 37103
transport jitter mean : 385
transport jitter mean : 386
transport jitter mean : 387
connection client counter bytes retransmit : 42035
connection server counter bytes retransmit : 42037
connection server counter packets retransm : 42038
counter bytes long aor : 1
counter packets long aor : 2
timestamp sys-uptime first aor : 22
application voice number called : 37200
application voice number calling : 37201
application voice setup time : 37202
application voice call duration : 37203
application voice rx bad-packet : 37204
application voice rx out-of-sequence : 37205
application voice codec id : 37206
application voice play delay current : 37207
application voice play delay minimum : 37208
application voice play delay maximum : 37209
application voice sip call-id : 37210
application voice router global-call-id : 37211
application voice delay round-trip : 37212
application voice delay end-point : 37213
application voice r-factor 1 : 37214
application voice r-factor 2 : 37215
application voice mos conversation : 37216
application voice mos listening : 37217
application voice concealment-ratio averag : 37218
application voice jitter configured type : 37219
application voice jitter configured minimu : 37220
application voice jitter configured maximu : 37221
application voice jitter configured initia : 37222
application voice rx early-packet count : 37223
application voice rx late-packet count : 37224
application voice jitter buffer-overrun : 37225
application voice packet conceal-count : 37226
flow monitor : 143
application http uri statistics : 42125
flow observation point : 138
pfr site source id ipv6 : 37099
pfr site destination id ipv6 : 37100
network delay sum : 37104
network delay sample : 37105
pfr counter event error traffic-class miti : 37106
pfr counter event error traffic-class miti : 37107
pfr counter event error traffic-class miti : 37108
pfr site source prefix ipv4 : 37109
pfr site destination prefix ipv4 : 37110
pfr site source prefix ipv6 : 37111
pfr site destination prefix ipv6 : 37112
pfr site source prefix mask ipv4 : 37113
pfr site destination prefix mask ipv4 : 37114
pfr site source prefix mask ipv6 : 37115
pfr site destination prefix mask ipv6 : 37116
connection server counter bytes network lo : 41105
connection client counter bytes network lo : 41106
connection server counter bytes transport : 232
connection client counter bytes transport : 231
connection concurrent-connections : 42018
application transaction counter new : 42019
connection delay network long-lived to-ser : 42022
connection delay network long-lived to-cli : 42023
connection delay network long-lived client : 42024
connection delay network client-to-server : 42025
connection delay network to-server num-sam : 42026
connection delay network to-client num-sam : 42027
ipv4 source address nat : 225
ipv4 destination address nat : 226
transport source-port nat : 227
transport destination-port nat : 228
policy firewall class name : 100
policy firewall event : 233
policy firewall event extended : 35001
policy firewall event extended description : 35010
policy firewall event timestamp : 323
policy firewall event level : 33003
policy firewall event level id : 33004
policy firewall zone-pair id : 35007
policy firewall zone-pair name : 35009
policy firewall incomplete count : 35012
policy firewall incomplete high-watermark : 35005
policy firewall incomplete rate : 35006
policy firewall blackout time : 35004
policy firewall sessions maximum : 35008
policy firewall configured value : 33005
flow class : 51
wireless afd drop packets : 41107
wireless afd accept packets : 41108
wireless afd drop bytes : 41109
wireless afd accept bytes : 41110
audio rtp packets lost : 33050
audio rtp packets expected : 33051
audio rtp fwd out-of-sequence sum : 33052
audio rtp seconds ok : 33053
audio rtp seconds concealed : 33054
audio rtp seconds concealed severe : 33055
audio rtp jitter ticks : 33056
audio g107 impairment : 33057
audio g107 lossRate : 33058
audio g107 codec baseline : 33059
audio g107 codec baseline bpl : 33060
audio g107 impairment one-way-delay : 33061
audio concealment ratio now : 33062
audio concealment ratio minimum : 33063
audio concealment ratio maximum : 33064
audio concealment time : 33065
audio speech time : 33066
audio packets ok : 33067
audio packets cs : 33068
audio packets scs : 33069
audio packets rtp : 33070
audio packets silence : 33071
audio duration receive : 33072
audio duration receive voice : 33073
audio duration early packet : 33074
audio duration clock adjust : 33075
audio duration playout increase : 33076
audio duration playout decrease : 33077
audio duration late discard : 33078
audio frame size : 33079
audio frames-per-packet : 33080
audio frame arriving times difference : 33081
audio frame arriving times difference vari : 33082
audio noise level current : 33083
audio noise level average : 33084
audio noise level minimum : 33085
audio noise level maximum : 33086
audio noise level configured : 33087
audio snr current : 33088
audio snr average : 33089
audio snr minimum : 33090
audio snr maximum : 33091
audio snr configured : 33092
pfr service provider tag identifier : 37117
pfr label identifier : 37118
routing pw destination address : 432
flow cts switch derived-sgt : 34004
application traffic-class : 45011
application business-relevance : 45012
iOAM my node-id : 38001
iOAM my node name : 38002
start timestamp : 38003
end timestamp : 38004
IOAM packet counter : 38005
IOAM byte count : 38006
IOAM cs0 packet counter : 38007
IOAM cs0 byte count : 38008
IOAM cs1 packet counter : 38009
IOAM cs1 byte count : 38010
IOAM cs2 packet counter : 38011
IOAM cs2 byte count : 38012
IOAM cs3 packet counter : 38013
IOAM cs3 byte count : 38014
IOAM cs4 packet counter : 38015
IOAM cs4 byte count : 38016
IOAM cs5 packet counter : 38017
IOAM cs5 byte count : 38018
IOAM cs6 packet counter : 38019
IOAM cs6 byte count : 38020
IOAM cs7 packet counter : 38021
IOAM cs7 byte count : 38022
IOAM lost packet counter : 38023
IOAM duplicate packet counter : 38024
IOAM reordered packet counter : 38025
IOAM highest PPC sequence number : 38026
iOAM node-id : 38027
ipv6 protocol filed : 38028
iOAM E2E Header : 38029
iOAM Path Map : 38030
iOAM number of nodes : 38031
iOAM node1 id : 38032
iOAM node1 in if id : 38033
iOAM node1 eif id : 38034
iOAM node2 id : 38035
iOAM node2 in if id : 38036
iOAM node2 eif id : 38037
iOAM node3 id : 38038
iOAM node3 in if id : 38039
iOAM node3 eif id : 38040
iOAM node4 id : 38041
iOAM node4 in if id : 38042
iOAM node4 eif id : 38043
iOAM Application metadata : 38044
iOAM sfc-id : 38045
iOAM sfc validated count : 38046
iOAM sfc invalidated count : 38047
ipv4 splt : 44941
ipv4 idp : 44940
ipv4 bd : 44944
application set name : 44999
vxlan vnid : 351
vxlan sgt : 33200
vxlan flags : 33201
application family name : 44998
overlay session id input : 45200
overlay session id output : 45201
routing vrf service : 45202
tloc table overlay session id : 45203
tloc local system ip address : 45204
tloc local color : 45205
tloc remote system ip address : 45206
tloc remote color : 45207
tloc tunnel protocol : 45208
connection id long : 45209
bandwidth used : 37300
bandwidth used percentage : 37301
Layer3 Virtual-Private-Network ID : 482
drop cause id : 45210
counter bytes sdwan dropped long : 45211
sdwan sla-not-met : 45212
sdwan preferred-color-not-met : 45213
sdwan qos-queue-id : 45214
drop cause name : 45215
counter packets sdwan dropped long : 37000
counter packets appqoe fec-d-pkts : 45216
counter packets appqoe fec-r-pkts : 45217
counter packets appqoe pkt-dup-d-pkts-orig : 45218
counter packets appqoe pkt-dup-d-pkts-dup : 45219
counter packets appqoe pkt-dup-r-pkts : 45220
counter packets sdwan pkt-cxp-d-pkts : 45221
counter bytes appqoe ssl-read : 45222
counter bytes appqoe ssl-written : 45223
counter bytes appqoe ssl-en-read : 45224
counter bytes appqoe ssl-en-written : 45225
counter bytes appqoe ssl-de-read : 45226
counter bytes appqoe ssl-de-written : 45227
vxlan vtep input : 33202
vxlan vtep output : 33203
appqoe ssl service type : 45228
appqoe ssl traffic type : 45229
appqoe ssl policy action : 45230
sdwan traffic-category : 45231
ulogging fw-zp-id : 35007
ulogging fw-zone-id-array : 45232
ulogging fw-zone-id : 45233
ulogging fw-class-id : 41001
ulogging fw-policy-id : 41004
ulogging fw-proto-id : 45234
ulogging fw-action : 45235
ulogging fw-drop-reason-id : 35001
ulogging fw-end-flow-reason : 45236
ulogging fw-src-ipv4-addr-translated : 225
ulogging fw-dst-ipv4-addr-translated : 226
ulogging fw-src-port-translated : 227
ulogging fw-dst-port-translated : 228
ulogging fw-zp-name : 35009
ulogging fw-zone-name : 45237
ulogging fw-action-name : 45238
ulogging fw-proto-name : 45239
ulogging fw-drop-reason : 35010
ulogging fw-end-flow-reason-name : 45240
ulogging utd-policy-id-array : 45251
ulogging utd-policy-id : 45252
ulogging utd-action-id-array : 45253
ulogging utd-action-id : 45254
ulogging utd-ips-pri : 45255
ulogging utd-ips-sid : 45256
ulogging utd-ips-gid : 45257
ulogging utd-ips-cid : 45258
ulogging utd-urlf-url-hash : 45259
ulogging utd-urlf-url-category : 45260
ulogging utd-urlf-url-reputation : 45261
ulogging utd-urlf-app-name : 45262
ulogging utd-amp-dispos : 45263
ulogging utd-amp-filename-hash : 45264
ulogging utd-amp-file-type : 45265
ulogging utd-amp-file-hash : 45266
ulogging utd-amp-malname-hash : 45267
ulogging utd-drop-reason-id : 45268
ulogging sdvt-drop-reason-id : 45269
ulogging utd-policy-name : 45270
ulogging utd-urlf-url-str : 45271
ulogging utd-amp-filename : 45272
ulogging utd-amp-malware-name : 45273
ulogging utd-action-name : 45274
ulogging utd-amp-dispos-name : 45275
ulogging utd-amp-filetype-name : 45276
ulogging utd-urlf-category-name : 45277
ulogging utd-drop-reason-name : 45278
ulogging sdvt-drop-reason-name : 45279
counter bytes sdwan pkt-cxp-d-bytes long : 45280
appqoe action : 45281
appqoe sn-ip : 45282
appqoe pass-reason : 45283
appqoe dre-input-bytes : 45284
appqoe dre-input-packets : 45285
appqoe flags : 45286
sdwan service-area : 45287
ulogging utd-ips-policy-id : 45247
ulogging utd-ips-action-id : 45248
ulogging utd-urlf-policy-id : 45249
ulogging utd-urlf-action-id : 45250
ulogging utd-amp-policy-id : 45252
ulogging utd-amp-action-id : 45254
ulogging utd-urlf-reason-id : 45288
ulogging utd-urlf-reason-name : 45289
ulogging flow-direction : 45290
routing distinguisher : 90
sdwan tenant global id : 45291
sdwan tenant vpn id : 45292
2.2 ISR4300 の場合
ISR 4300だと...(ここをクリック)(IOS XE 17.8.1a)
C4331-02#show flow exporter export-ids ipfix
Export IDs used by fields in IPFIX export format:
misc unsupported : 37027
datalink source-vlan-id : 58
datalink destination-vlan-id : 59
datalink encap-size : 242
datalink ethertype : 256
datalink length header : 240
datalink length payload : 241
datalink section header : 315
datalink vlan input : 58
datalink dot1q vlan input : 243
datalink dot1q vlan output : 254
datalink dot1q ce-vlan : 245
datalink dot1q priority : 244
datalink dot1q ce-priority : 246
datalink l2vpn metro vcid : 247
datalink l2vpn metro vctype : 248
datalink mac source address input : 56
datalink mac source address output : 81
datalink mac destination address input : 80
datalink mac destination address output : 57
ip version : 60
ip tos : 5
ip dscp : 195
ip precedence : 196
ip protocol : 4
ip ttl : 192
ip ttl minimum : 52
ip ttl maximum : 53
ip length header : 189
ip length payload : 204
ip length total : 224
ip length total minimum : 25
ip length total maximum : 26
ip fragmentation flags : 197
ip fragmentation offset : 88
ip fragmentation id : 54
ip section header : 313
ip section payload : 314
routing source as : 16
routing destination as : 17
routing source as peer : 129
routing destination as peer : 128
routing source as 4-octet : 16
routing destination as 4-octet : 17
routing source as peer 4-octet : 129
routing destination as peer 4-octet : 128
routing source traffic-index : 92
routing destination traffic-index : 93
routing forwarding-status : 89
routing is-multicast : 206
routing multicast replication-factor : 99
routing vrf input : 234
routing vrf name : 236
routing next-hop address ipv4 : 15
routing next-hop address ipv4 bgp : 18
routing next-hop address ipv6 : 62
routing next-hop address ipv6 bgp : 63
ipv4 header-length : 207
ipv4 total-length : 190
ipv4 source address : 8
ipv4 source prefix : 44
ipv4 source mask : 9
ipv4 destination address : 12
ipv4 destination prefix : 45
ipv4 destination mask : 13
ipv4 option map : 208
ipv6 flow-label : 31
ipv6 next-header : 193
ipv6 payload-length : 191
ipv6 extension map : 64
ipv6 source address : 27
ipv6 source prefix : 170
ipv6 source mask : 29
ipv6 destination address : 28
ipv6 destination prefix : 169
ipv6 destination mask : 30
transport source-port : 7
transport destination-port : 11
transport packets expected counter : 37014
transport packets expected counter long : 37014
transport packets expected counter permane : 37015
transport packets lost counter : 37019
transport packets lost counter long : 37019
transport packets lost counter permanent : 37020
transport packets lost rate : 37021
transport round-trip-time : 37016
transport event packet-loss counter : 37017
transport event packet-loss counter long : 37017
transport event packet-loss counter perman : 37018
transport rtp jitter mean : 37023
transport rtp jitter minimum : 37024
transport rtp jitter maximum : 37025
transport rtp ssrc : 37022
transport icmp ipv4 type : 176
transport icmp ipv4 code : 177
transport icmp ipv6 type : 178
transport icmp ipv6 code : 179
transport igmp type : 33
transport tcp source-port : 182
transport tcp destination-port : 183
transport tcp sequence-number : 184
transport tcp acknowledgement-number : 185
transport tcp header-length : 188
transport tcp window-size : 186
transport tcp urgent-pointer : 187
transport tcp flags : 6
transport tcp option map : 209
transport udp source-port : 180
transport udp destination-port : 181
transport udp message-length : 205
interface input snmp : 10
interface output snmp : 14
interface input snmp short : 10
interface output snmp short : 14
interface input physical snmp : 252
interface output physical snmp : 253
interface name short : 82
interface name long : 83
flow direction : 61
flow exporter : 144
flow sampler : 48
flow sampler algorithm export : 49
flow sampler interval : 50
flow sampler name : 84
flow class : 51
flow class export : 95
flow class name : 96
flow class description : 94
stats error absolute : 320
flow cts source group-tag : 34000
flow cts destination group-tag : 34001
counter flows : 3
counter bytes : 1
counter bytes long : 1
counter packets : 2
counter packets long : 2
counter bytes replicated : 20
counter bytes replicated long : 20
counter packets replicated : 19
counter packets replicated long : 19
counter bytes squared long : 198
counter bytes permanent : 85
counter packets permanent : 86
counter bytes replicated permanent : 175
counter packets replicated permanent : 174
counter bytes squared permanent : 199
counter bytes exported : 40
counter packets exported : 41
counter bytes rate : 37003
counter packets rate : 37002
counter flows exported : 42
counter packets dropped : 37000
counter packets dropped long : 37000
counter packets dropped permanent : 37001
timestamp sys-uptime first : 22
timestamp sys-uptime last : 21
timestamp interval : 37013
timestamp absolute first : 152
timestamp absolute last : 153
application id : 95
application name : 96
application description : 94
application media bytes counter : 37004
application media bytes counter long : 37004
application media bytes counter permanent : 37005
application media bytes rate : 37006
application media packets counter : 37007
application media packets counter long : 37007
application media packets counter permanen : 37008
application media packets rate : 37009
application media packets rate variation : 37010
application media event : 37011
monitor event : 37012
waas dre input : 36000
waas dre output : 36001
waas lz input : 36002
waas lz output : 36003
waas original bytes : 36004
waas optimised bytes : 36005
waas application : 36006
waas class : 36007
waas connection mode : 36008
art response time sum : 42071
art response time minimum : 42073
art response time maximum : 42072
art server response time sum : 42074
art server response time minimum : 42076
art server response time maximum : 42075
art network time sum : 42081
art network time minimum : 42083
art network time maximum : 42082
art client network time sum : 42084
art client network time minimum : 42086
art client network time maximum : 42085
art server network time sum : 42087
art server network time minimum : 42089
art server network time maximum : 42088
art total response time sum : 42077
art total response time minimum : 42079
art total response time maximum : 42078
art total transaction time sum : 42041
art total transaction time minimum : 42043
art total transaction time maximum : 42042
art count transactions : 42040
art server packets : 299
art server bytes : 232
art count retransmissions : 42036
art client packets : 298
art client bytes : 231
art count new connections : 42050
art count responses : 42060
art count late responses : 42068
waas bytes input : 36009
waas bytes output : 36010
waas optimization segment : 42020
art count responses histogram bucket1 : 42061
art count responses histogram bucket2 : 42062
art count responses histogram bucket3 : 42063
art count responses histogram bucket4 : 42064
art count responses histogram bucket5 : 42065
art count responses histogram bucket6 : 42066
art count responses histogram bucket7 : 42067
counter server bytes : 23
counter server packets : 24
datalink event : 43000
datalink event extended : 43002
flow end-reason : 136
connection initiator : 239
connection new-connections : 278
connection sum-duration : 279
connection transaction-id : 280
counter bytes rate per-flow : 37028
counter bytes rate per-flow min : 37029
counter bytes rate per-flow max : 37030
counter packets rate per-flow : 37031
counter packets rate per-flow min : 37032
counter packets rate per-flow max : 37033
application media bytes rate per-flow min : 37035
application media bytes rate per-flow max : 37036
application media packets rate variation m : 37038
application media packets rate variation m : 37039
transport rtp flow count : 37040
transport event packet-loss counter min : 37044
transport event packet-loss counter max : 37045
transport packets lost counter min : 37042
transport packets lost counter max : 37043
transport tcp flow count : 37049
transport round-trip-time min : 37052
transport round-trip-time max : 37053
transport round-trip-time sum : 37050
transport round-trip-time samples : 37051
application media bytes rate per-flow : 37034
transport rtp payload-type : 37041
transport packets lost rate min : 37047
transport packets lost rate max : 37048
flow active timeout : 36
flow end : 153
package id : 32775
access string : 32789
info string : 32790
link id : 32810
mos worst 100 : 42115
mos quality : 42123
mos total count : 42124
counter server bytes : 23
counter server packets : 24
flow class wide : 95
counter packets dropped permanent short : 37001
transport packets lost counter permanent s : 37020
transport round-trip-time sum short : 37050
transport packet loss : 65
transport unreachability : 66
tranport latency : 67
data points : 68
variance : 69
pfr br ipv4 address : 39000
pfr status : 39001
reason id : 39002
threshold : 39003
pfr priority : 39004
long-term round-trip-time : 39006
mos below : 39007
rsvp bw pool : 39008
flow left time : 39009
bw percentage : 39010
bw fee : 39011
transport source-port min : 39012
transport source-port max : 39013
transport destination-port min : 39014
transport destination-port max : 39015
application version : 105
application version name : 106
application vendor : 107
metadata global-session-id : 37054
metadata multi-party-session-id : 37055
metadata clock-rate : 37056
capacity : 39016
ingress bw : 39017
ingress bw long : 39017
max ingress bw : 39018
egress bw : 39019
egress bw long : 39019
max egress bw : 39020
ingress rollup bw : 39021
egress rollup bw : 39022
kth rollup bw : 39023
link group name : 39024
bgp community : 39025
bgp prepend : 39026
entrance downgrade : 39027
discard rollup count : 39028
l4r server ipv4 address : 44000
l4r server transport port : 44001
l4r server ipv6 address : 44002
l4r event : 44003
l4r event timestamp : 44004
flow id : 148
application category name : 45000
application sub category name : 45001
application group name : 45002
p2p technology : 288
tunnel technology : 289
encrypted technology : 290
server response time average : 37059
refused sessions : 37060
client network delay average : 37061
server network delay average : 37062
network delay average : 37063
application delay average : 37064
session time minimum : 37065
session time maximum : 37066
session time average : 37067
transaction time average : 37068
closed sessions : 37069
retransmitted packets : 37070
transport bytes out-of-order : 37071
client throughput average : 37072
unresponsive sessions : 37073
transport packets out-of-order : 37074
IPv4 source observation node : 37075
IPv4 destination observation node : 37076
IPv6 source observation node : 37077
IPv6 destination observation node : 37078
pfr one-way-delay sum : 37079
pfr one-way-delay samples : 37080
pfr one-way-delay : 37081
packet arrival timestamp : 37082
transport tcp window-size minimum : 37083
transport tcp window-size maximum : 37084
transport tcp window-size average : 37085
transport tcp maximum-segment-size : 37086
sub application tag : 97
sub application name : 109
sub application description : 110
datalink vlan output : 59
application http uri statistics : 42125
flow sampler hash digest-value : 326
c3pl class cce-id : 41001
c3pl class name : 41002
c3pl class type : 41003
c3pl policy cce-id : 41004
c3pl policy name : 41005
c3pl policy type : 41006
mpls label 1 ttl : 200
mpls label 1 exp : 203
mpls label 1 type : 46
mpls label 1 details : 70
mpls label 2 details : 71
mpls label 3 details : 72
mpls label 4 details : 73
mpls label 5 details : 74
mpls label 6 details : 75
time inter-packet-gap histogram : 42126
time inter-packet-gap histogram reverse : 42127
template parameter range end : 111
template identifier : 145
template element identifier : 303
transport tcp window-size sum : 37091
timestamp absolute monitoring-interval end : 360
transport rtp jitter mean sum : 37093
application media packets rate variation s : 37094
connection delay response to-server sum : 42071
connection delay response to-server min : 42073
connection delay response to-server max : 42072
connection server counter responses : 42060
connection delay response to-server histog : 42061
connection delay response to-server histog : 42062
connection delay response to-server histog : 42063
connection delay response to-server histog : 42064
connection delay response to-server histog : 42065
connection delay response to-server histog : 42066
connection delay response to-server histog : 42067
connection delay response to-server histog : 42068
connection delay network to-server sum : 42087
connection delay network to-server min : 42089
connection delay network to-server max : 42088
connection delay network to-client sum : 42084
connection delay network to-client min : 42086
connection delay network to-client max : 42085
connection client counter packets retransm : 42036
connection delay network client-to-server : 42081
connection delay network client-to-server : 42083
connection delay network client-to-server : 42082
connection delay application sum : 42074
connection delay application min : 42076
connection delay application max : 42075
connection delay response client-to-server : 42077
connection delay response client-to-server : 42079
connection delay response client-to-server : 42078
connection transaction duration sum : 42041
connection transaction duration min : 42043
connection transaction duration max : 42042
connection transaction counter complete : 42040
connection server counter bytes long : 232
connection server counter packets long : 299
connection client counter bytes long : 231
connection client counter packets long : 298
connection client ipv4 address : 45004
connection client transport port : 45008
connection client ipv6 address : 45006
connection server ipv4 address : 45005
connection server transport port : 45009
connection server ipv6 address : 45007
routing vrf output : 235
services waas segment : 42020
services waas passthrough-reason : 42021
policy qos classification hierarchy : 41000
policy performance-monitor classification : 41000
template enterprise number : 346
policy qos queue index : 42128
policy qos queue drops : 42129
counter bytes layer2 : 352
counter bytes layer2 long : 352
counter bytes layer2 permanent : 353
transport tcp option map long : 209
timestamp absolute monitoring-interval sta : 359
transport tcp window-size average sum : 37095
flow cts source group-tag name : 34002
connection id : 45010
application video resolution width last : 37500
application video resolution height last : 37501
application video frame rate : 37502
application video payload bitrate average : 37503
application video payload bitrate fluctuat : 37504
application video frame I counter frames : 37505
application video frame I counter packets : 37506
application video frame I counter bytes : 37507
application video frame STR counter frames : 37508
application video frame STR counter packet : 37509
application video frame STR counter bytes : 37510
application video frame LTR counter frames : 37511
application video frame LTR counter packet : 37512
application video frame LTR counter bytes : 37513
application video frame super-P counter fr : 37514
application video frame super-P counter pa : 37515
application video frame super-P counter by : 37516
application video frame NR counter frames : 37517
application video frame NR counter packets : 37518
application video frame NR counter bytes : 37519
application video frame I slice-quantizati : 37520
application video frame STR slice-quantiza : 37521
application video frame LTR slice-quantiza : 37522
application video frame super-P slice-quan : 37523
application video frame NR slice-quantizat : 37524
application video eMOS compression bitstre : 37525
application video eMOS compression network : 37526
application video frame I counter packets : 37527
application video frame STR counter packet : 37528
application video frame LTR counter packet : 37529
application video frame super-P counter pa : 37530
application video frame NR counter packets : 37531
application video frame percentage damaged : 37532
application video eMOS packet-loss bitstre : 37533
application video eMOS packet-loss network : 37534
application video scene-complexity : 37535
application video level-of-motion : 37536
transport rtp sequence-number : 37537
transport rtp sequence-number last : 37538
services pfr class-tag-id : 39029
services pfr mc-id : 39030
interface input type : 368
interface output type : 369
interface input fex-node-id : 41101
interface output fex-node-id : 41102
flow username : 371
interface power : 41103
monitor device-type : 41104
transport tcp maximum-segment-size : 37086
wireless ssid : 147
wireless ap mac address : 367
wireless client mac address : 365
wireless client ipv4 address : 366
ip dscp output : 98
pbhk mapped ipv4 address : 44005
pbhk mapped transport port : 44006
pbhk event : 44007
pbhk event timestamp : 44008
transport rtp jitter inter arrival sum : 37096
transport rtp jitter inter arrival samples : 37097
transport rtp jitter inter arrival mean : 37098
pfr site source id ipv4 : 37099
pfr site destination id ipv4 : 37100
transport bytes lost : 37101
transport bytes expected : 37102
transport bytes lost rate : 37103
transport jitter mean : 385
transport jitter mean : 386
transport jitter mean : 387
connection client counter bytes retransmit : 42035
connection server counter bytes retransmit : 42037
connection server counter packets retransm : 42038
counter bytes long aor : 1
counter packets long aor : 2
timestamp sys-uptime first aor : 22
application voice number called : 37200
application voice number calling : 37201
application voice setup time : 37202
application voice call duration : 37203
application voice rx bad-packet : 37204
application voice rx out-of-sequence : 37205
application voice codec id : 37206
application voice play delay current : 37207
application voice play delay minimum : 37208
application voice play delay maximum : 37209
application voice sip call-id : 37210
application voice router global-call-id : 37211
application voice delay round-trip : 37212
application voice delay end-point : 37213
application voice r-factor 1 : 37214
application voice r-factor 2 : 37215
application voice mos conversation : 37216
application voice mos listening : 37217
application voice concealment-ratio averag : 37218
application voice jitter configured type : 37219
application voice jitter configured minimu : 37220
application voice jitter configured maximu : 37221
application voice jitter configured initia : 37222
application voice rx early-packet count : 37223
application voice rx late-packet count : 37224
application voice jitter buffer-overrun : 37225
application voice packet conceal-count : 37226
flow monitor : 143
application http uri statistics : 42125
flow observation point : 138
pfr site source id ipv6 : 37099
pfr site destination id ipv6 : 37100
network delay sum : 37104
network delay sample : 37105
pfr counter event error traffic-class miti : 37106
pfr counter event error traffic-class miti : 37107
pfr counter event error traffic-class miti : 37108
pfr site source prefix ipv4 : 37109
pfr site destination prefix ipv4 : 37110
pfr site source prefix ipv6 : 37111
pfr site destination prefix ipv6 : 37112
pfr site source prefix mask ipv4 : 37113
pfr site destination prefix mask ipv4 : 37114
pfr site source prefix mask ipv6 : 37115
pfr site destination prefix mask ipv6 : 37116
connection server counter bytes network lo : 41105
connection client counter bytes network lo : 41106
connection server counter bytes transport : 232
connection client counter bytes transport : 231
connection concurrent-connections : 42018
application transaction counter new : 42019
connection delay network long-lived to-ser : 42022
connection delay network long-lived to-cli : 42023
connection delay network long-lived client : 42024
connection delay network client-to-server : 42025
connection delay network to-server num-sam : 42026
connection delay network to-client num-sam : 42027
ipv4 source address nat : 225
ipv4 destination address nat : 226
transport source-port nat : 227
transport destination-port nat : 228
policy firewall class name : 100
policy firewall event : 233
policy firewall event extended : 35001
policy firewall event extended description : 35010
policy firewall event timestamp : 323
policy firewall event level : 33003
policy firewall event level id : 33004
policy firewall zone-pair id : 35007
policy firewall zone-pair name : 35009
policy firewall incomplete count : 35012
policy firewall incomplete high-watermark : 35005
policy firewall incomplete rate : 35006
policy firewall blackout time : 35004
policy firewall sessions maximum : 35008
policy firewall configured value : 33005
flow class : 51
wireless afd drop packets : 41107
wireless afd accept packets : 41108
wireless afd drop bytes : 41109
wireless afd accept bytes : 41110
audio rtp packets lost : 33050
audio rtp packets expected : 33051
audio rtp fwd out-of-sequence sum : 33052
audio rtp seconds ok : 33053
audio rtp seconds concealed : 33054
audio rtp seconds concealed severe : 33055
audio rtp jitter ticks : 33056
audio g107 impairment : 33057
audio g107 lossRate : 33058
audio g107 codec baseline : 33059
audio g107 codec baseline bpl : 33060
audio g107 impairment one-way-delay : 33061
audio concealment ratio now : 33062
audio concealment ratio minimum : 33063
audio concealment ratio maximum : 33064
audio concealment time : 33065
audio speech time : 33066
audio packets ok : 33067
audio packets cs : 33068
audio packets scs : 33069
audio packets rtp : 33070
audio packets silence : 33071
audio duration receive : 33072
audio duration receive voice : 33073
audio duration early packet : 33074
audio duration clock adjust : 33075
audio duration playout increase : 33076
audio duration playout decrease : 33077
audio duration late discard : 33078
audio frame size : 33079
audio frames-per-packet : 33080
audio frame arriving times difference : 33081
audio frame arriving times difference vari : 33082
audio noise level current : 33083
audio noise level average : 33084
audio noise level minimum : 33085
audio noise level maximum : 33086
audio noise level configured : 33087
audio snr current : 33088
audio snr average : 33089
audio snr minimum : 33090
audio snr maximum : 33091
audio snr configured : 33092
pfr service provider tag identifier : 37117
pfr label identifier : 37118
routing pw destination address : 432
flow cts switch derived-sgt : 34004
application traffic-class : 45011
application business-relevance : 45012
iOAM my node-id : 38001
iOAM my node name : 38002
start timestamp : 38003
end timestamp : 38004
IOAM packet counter : 38005
IOAM byte count : 38006
IOAM cs0 packet counter : 38007
IOAM cs0 byte count : 38008
IOAM cs1 packet counter : 38009
IOAM cs1 byte count : 38010
IOAM cs2 packet counter : 38011
IOAM cs2 byte count : 38012
IOAM cs3 packet counter : 38013
IOAM cs3 byte count : 38014
IOAM cs4 packet counter : 38015
IOAM cs4 byte count : 38016
IOAM cs5 packet counter : 38017
IOAM cs5 byte count : 38018
IOAM cs6 packet counter : 38019
IOAM cs6 byte count : 38020
IOAM cs7 packet counter : 38021
IOAM cs7 byte count : 38022
IOAM lost packet counter : 38023
IOAM duplicate packet counter : 38024
IOAM reordered packet counter : 38025
IOAM highest PPC sequence number : 38026
iOAM node-id : 38027
ipv6 protocol filed : 38028
iOAM E2E Header : 38029
iOAM Path Map : 38030
iOAM number of nodes : 38031
iOAM node1 id : 38032
iOAM node1 in if id : 38033
iOAM node1 eif id : 38034
iOAM node2 id : 38035
iOAM node2 in if id : 38036
iOAM node2 eif id : 38037
iOAM node3 id : 38038
iOAM node3 in if id : 38039
iOAM node3 eif id : 38040
iOAM node4 id : 38041
iOAM node4 in if id : 38042
iOAM node4 eif id : 38043
iOAM Application metadata : 38044
iOAM sfc-id : 38045
iOAM sfc validated count : 38046
iOAM sfc invalidated count : 38047
ipv4 splt : 44941
ipv4 idp : 44940
ipv4 bd : 44944
application set name : 44999
vxlan vnid : 351
vxlan sgt : 33200
vxlan flags : 33201
application family name : 44998
overlay session id input : 45200
overlay session id output : 45201
routing vrf service : 45202
tloc table overlay session id : 45203
tloc local system ip address : 45204
tloc local color : 45205
tloc remote system ip address : 45206
tloc remote color : 45207
tloc tunnel protocol : 45208
connection id long : 45209
bandwidth used : 37300
bandwidth used percentage : 37301
Layer3 Virtual-Private-Network ID : 482
drop cause id : 45210
counter bytes sdwan dropped long : 45211
sdwan sla-not-met : 45212
sdwan preferred-color-not-met : 45213
sdwan qos-queue-id : 45214
drop cause name : 45215
counter packets sdwan dropped long : 37000
counter packets appqoe fec-d-pkts : 45216
counter packets appqoe fec-r-pkts : 45217
counter packets appqoe pkt-dup-d-pkts-orig : 45218
counter packets appqoe pkt-dup-d-pkts-dup : 45219
counter packets appqoe pkt-dup-r-pkts : 45220
counter packets sdwan pkt-cxp-d-pkts : 45221
counter bytes appqoe ssl-read : 45222
counter bytes appqoe ssl-written : 45223
counter bytes appqoe ssl-en-read : 45224
counter bytes appqoe ssl-en-written : 45225
counter bytes appqoe ssl-de-read : 45226
counter bytes appqoe ssl-de-written : 45227
vxlan vtep input : 33202
vxlan vtep output : 33203
appqoe ssl service type : 45228
appqoe ssl traffic type : 45229
appqoe ssl policy action : 45230
sdwan traffic-category : 45231
ulogging fw-zp-id : 35007
ulogging fw-zone-id-array : 45232
ulogging fw-zone-id : 45233
ulogging fw-class-id : 41001
ulogging fw-policy-id : 41004
ulogging fw-proto-id : 45234
ulogging fw-action : 45235
ulogging fw-drop-reason-id : 35001
ulogging fw-end-flow-reason : 45236
ulogging fw-src-ipv4-addr-translated : 225
ulogging fw-dst-ipv4-addr-translated : 226
ulogging fw-src-port-translated : 227
ulogging fw-dst-port-translated : 228
ulogging fw-zp-name : 35009
ulogging fw-zone-name : 45237
ulogging fw-action-name : 45238
ulogging fw-proto-name : 45239
ulogging fw-drop-reason : 35010
ulogging fw-end-flow-reason-name : 45240
ulogging utd-policy-id-array : 45251
ulogging utd-policy-id : 45252
ulogging utd-action-id-array : 45253
ulogging utd-action-id : 45254
ulogging utd-ips-pri : 45255
ulogging utd-ips-sid : 45256
ulogging utd-ips-gid : 45257
ulogging utd-ips-cid : 45258
ulogging utd-urlf-url-hash : 45259
ulogging utd-urlf-url-category : 45260
ulogging utd-urlf-url-reputation : 45261
ulogging utd-urlf-app-name : 45262
ulogging utd-amp-dispos : 45263
ulogging utd-amp-filename-hash : 45264
ulogging utd-amp-file-type : 45265
ulogging utd-amp-file-hash : 45266
ulogging utd-amp-malname-hash : 45267
ulogging utd-drop-reason-id : 45268
ulogging sdvt-drop-reason-id : 45269
ulogging utd-policy-name : 45270
ulogging utd-urlf-url-str : 45271
ulogging utd-amp-filename : 45272
ulogging utd-amp-malware-name : 45273
ulogging utd-action-name : 45274
ulogging utd-amp-dispos-name : 45275
ulogging utd-amp-filetype-name : 45276
ulogging utd-urlf-category-name : 45277
ulogging utd-drop-reason-name : 45278
ulogging sdvt-drop-reason-name : 45279
counter bytes sdwan pkt-cxp-d-bytes long : 45280
appqoe action : 45281
appqoe sn-ip : 45282
appqoe pass-reason : 45283
appqoe dre-input-bytes : 45284
appqoe dre-input-packets : 45285
appqoe flags : 45286
sdwan service-area : 45287
ulogging utd-ips-policy-id : 45247
ulogging utd-ips-action-id : 45248
ulogging utd-urlf-policy-id : 45249
ulogging utd-urlf-action-id : 45250
ulogging utd-amp-policy-id : 45252
ulogging utd-amp-action-id : 45254
ulogging utd-urlf-reason-id : 45288
ulogging utd-urlf-reason-name : 45289
ulogging flow-direction : 45290
routing distinguisher : 90
sdwan tenant global id : 45291
sdwan tenant vpn id : 45292
application dns requests : 50001
application dns delay response sum : 50002
余談
- メータリング項目にはそれぞれIDが割り振られていることに注目
- NetFlow v5では、測定も出力も固定だったので、IDなどは不要でした
- わざわざ出さなくてもいい出力までお節介に出してくれるところが可愛い↓😲
C4331-02#show flow exporter export-ids ?
ipfix IPFIX (Version 10)
netflow-v5 NetFlow Version 5
netflow-v9 NetFlow Version 9
C4331-02#show flow exporter export-ids netflow-v5
NetFlow Version 5 does not use IDs.
2.3 フィルターしてみる
眺めてみましょう♪
2.3.1 SD-WAN
C4331-02#show flow exporter export-ids ipfix | i sdwan
counter bytes sdwan dropped long : 45211
sdwan sla-not-met : 45212
sdwan preferred-color-not-met : 45213
sdwan qos-queue-id : 45214
counter packets sdwan dropped long : 37000
counter packets sdwan pkt-cxp-d-pkts : 45221
sdwan traffic-category : 45231
counter bytes sdwan pkt-cxp-d-bytes long : 45280
sdwan service-area : 45287
sdwan tenant global id : 45291
sdwan tenant vpn id : 45292
2.3.2 AppQoE
C4331-02#show flow exporter export-ids ipfix | i qoe
counter packets appqoe fec-d-pkts : 45216
counter packets appqoe fec-r-pkts : 45217
counter packets appqoe pkt-dup-d-pkts-orig : 45218
counter packets appqoe pkt-dup-d-pkts-dup : 45219
counter packets appqoe pkt-dup-r-pkts : 45220
counter bytes appqoe ssl-read : 45222
counter bytes appqoe ssl-written : 45223
counter bytes appqoe ssl-en-read : 45224
counter bytes appqoe ssl-en-written : 45225
counter bytes appqoe ssl-de-read : 45226
counter bytes appqoe ssl-de-written : 45227
appqoe ssl service type : 45228
appqoe ssl traffic type : 45229
appqoe ssl policy action : 45230
appqoe action : 45281
appqoe sn-ip : 45282
appqoe pass-reason : 45283
appqoe dre-input-bytes : 45284
appqoe dre-input-packets : 45285
appqoe flags : 45286
2.3.3 ART (Application Response Time)
C4331-02#show flow exporter export-ids ipfix | i art
art response time sum : 42071
art response time minimum : 42073
art response time maximum : 42072
art server response time sum : 42074
art server response time minimum : 42076
art server response time maximum : 42075
art network time sum : 42081
art network time minimum : 42083
art network time maximum : 42082
art client network time sum : 42084
art client network time minimum : 42086
art client network time maximum : 42085
art server network time sum : 42087
art server network time minimum : 42089
art server network time maximum : 42088
art total response time sum : 42077
art total response time minimum : 42079
art total response time maximum : 42078
art total transaction time sum : 42041
art total transaction time minimum : 42043
art total transaction time maximum : 42042
art count transactions : 42040
art server packets : 299
art server bytes : 232
art count retransmissions : 42036
art client packets : 298
art client bytes : 231
art count new connections : 42050
art count responses : 42060
art count late responses : 42068
art count responses histogram bucket1 : 42061
art count responses histogram bucket2 : 42062
art count responses histogram bucket3 : 42063
art count responses histogram bucket4 : 42064
art count responses histogram bucket5 : 42065
art count responses histogram bucket6 : 42066
art count responses histogram bucket7 : 42067
metadata multi-party-session-id : 37055
start timestamp : 38003
2.3.4 VXLAN
C4331-02#show flow exporter export-ids ipfix | i vxlan
vxlan vnid : 351
vxlan sgt : 33200
vxlan flags : 33201
vxlan vtep input : 33202
vxlan vtep output : 33203
2.3.5 Wireless
C4331-02#show flow exporter export-ids ipfix | i wireless
wireless ssid : 147
wireless ap mac address : 367
wireless client mac address : 365
wireless client ipv4 address : 366
wireless afd drop packets : 41107
wireless afd accept packets : 41108
wireless afd drop bytes : 41109
wireless afd accept bytes : 41110
2.3.6 Application
C4331-02#show flow exporter export-ids ipfix | i application
application id : 95
application name : 96
application description : 94
application media bytes counter : 37004
application media bytes counter long : 37004
application media bytes counter permanent : 37005
application media bytes rate : 37006
application media packets counter : 37007
application media packets counter long : 37007
application media packets counter permanen : 37008
application media packets rate : 37009
application media packets rate variation : 37010
application media event : 37011
waas application : 36006
application media bytes rate per-flow min : 37035
application media bytes rate per-flow max : 37036
application media packets rate variation m : 37038
application media packets rate variation m : 37039
application media bytes rate per-flow : 37034
application version : 105
application version name : 106
application vendor : 107
application category name : 45000
application sub category name : 45001
application group name : 45002
application delay average : 37064
sub application tag : 97
sub application name : 109
sub application description : 110
application http uri statistics : 42125
application media packets rate variation s : 37094
connection delay application sum : 42074
connection delay application min : 42076
connection delay application max : 42075
application video resolution width last : 37500
application video resolution height last : 37501
application video frame rate : 37502
application video payload bitrate average : 37503
application video payload bitrate fluctuat : 37504
application video frame I counter frames : 37505
application video frame I counter packets : 37506
application video frame I counter bytes : 37507
application video frame STR counter frames : 37508
application video frame STR counter packet : 37509
application video frame STR counter bytes : 37510
application video frame LTR counter frames : 37511
application video frame LTR counter packet : 37512
application video frame LTR counter bytes : 37513
application video frame super-P counter fr : 37514
application video frame super-P counter pa : 37515
application video frame super-P counter by : 37516
application video frame NR counter frames : 37517
application video frame NR counter packets : 37518
application video frame NR counter bytes : 37519
application video frame I slice-quantizati : 37520
application video frame STR slice-quantiza : 37521
application video frame LTR slice-quantiza : 37522
application video frame super-P slice-quan : 37523
application video frame NR slice-quantizat : 37524
application video eMOS compression bitstre : 37525
application video eMOS compression network : 37526
application video frame I counter packets : 37527
application video frame STR counter packet : 37528
application video frame LTR counter packet : 37529
application video frame super-P counter pa : 37530
application video frame NR counter packets : 37531
application video frame percentage damaged : 37532
application video eMOS packet-loss bitstre : 37533
application video eMOS packet-loss network : 37534
application video scene-complexity : 37535
application video level-of-motion : 37536
application voice number called : 37200
application voice number calling : 37201
application voice setup time : 37202
application voice call duration : 37203
application voice rx bad-packet : 37204
application voice rx out-of-sequence : 37205
application voice codec id : 37206
application voice play delay current : 37207
application voice play delay minimum : 37208
application voice play delay maximum : 37209
application voice sip call-id : 37210
application voice router global-call-id : 37211
application voice delay round-trip : 37212
application voice delay end-point : 37213
application voice r-factor 1 : 37214
application voice r-factor 2 : 37215
application voice mos conversation : 37216
application voice mos listening : 37217
application voice concealment-ratio averag : 37218
application voice jitter configured type : 37219
application voice jitter configured minimu : 37220
application voice jitter configured maximu : 37221
application voice jitter configured initia : 37222
application voice rx early-packet count : 37223
application voice rx late-packet count : 37224
application voice jitter buffer-overrun : 37225
application voice packet conceal-count : 37226
application http uri statistics : 42125
application transaction counter new : 42019
application traffic-class : 45011
application business-relevance : 45012
application set name : 44999
application family name : 44998
application dns requests : 50001
application dns delay response sum : 50002
めちゃめちゃありますね!眺めているだけで想像力をかき立てられるけど、企業向けルーターやスイッチって、こんなに進化しているんだね。
3. コントローラーでのネットワークデータ活用例
前半は、IOS XEレベルで、さまざまなメータリングが可能になっているらしき様子を眺めてみました。後半では、それがどのように実際に活用されているのか、コントローラーの観点からみていきましょう。
具体的には、シスコの企業向けコントローラーのフラッグシップであるCisco DNA Centerと、クラウド管理型ネットワークのCisco Merakiを見ていきます。
特に、Cisco Merakiは2022年6月に、Catalyst9000スイッチの監視に対応したことが大きな話題となりました。Cisco MerakiはCatalyst9000に対してどのような設定を投入して活用するのか、気になるところです。ちなみに今ならキャンペーン中だそうです😀
3.1 Cisco DNA Centerによるアシュアランスのための設定例
Cisco DNA Centerは、ネットワークの可視化やAI分析のために複数の設定を行います。SyslogやSNMPに加えて、NetFlowやTelemetry Subscriptionをクリッククリックで勝手に設定してくれます。そのため、よく言えばオペレータはコマンドやNetconfの知識がなくても使えてしまうのですが、装置レベルでは何が起こっているのかが見えにくかったりします。
3.1.1 DNACアシュアランスが投入するEzPM(イージーピーエム)
まずはDNACがルーターに投入するNetFlowの設定を見ていきます。DNACアシュアランスを利用するための設定は、DNACからテレメトリ有効化時に自動で投入されるため、コマンドラインで手打ちする必要はありません。
config t
Enter configuration commands, one per line. End with CNTL/Z.
C4331-02(config)#performance monitor context tesseract profile application-assurance ...(1)
C4331-02(config-perf-mon)#exporter destination 10.71.130.2 source GigabitEthernet0/0/0 transport udp port 6007 ...(2)
C4331-02(config-perf-mon)#traffic-monitor assurance-monitor ...(3)
C4331-02(config-perf-mon)#traffic-monitor assurance-rtp-monitor ...(3)
C4331-02(config-perf-mon)#interface GigabitEthernet0/0/1
C4331-02(config-if)#performance monitor context tesseract ...(4)
C4331-02(config-if)#do write mem
Building configuration...
[OK]
C4331-02(config-if)#
これだけ!?? と思われるかもしれません。実はこれはEzPM (Easy Performance Monitor)という仕組みで、特に大量のパラメーターを設定するFlexible NetFlowという機能に対して、ユースケースごとに一気に設定できるようにFlexible NetFlowの設定を固めた、マクロのようなIOS XEの機能です。
解説。
- パフォーマンスモニターのコンテクストを作って...
- その中にExporterも書いちゃって...
- トラフィックモニターの塊を割り当てて...
- コンテクストをインターフェースにアタッチします。
EzPMの設定内のメータリング部分は、「プロファイル > トラフィックモニター」という構造になっています。この例では application-assurance プロファイルの中の assurance-monitor と assurance-rtp-monitor の二つを使っていることが分かります。
ここで出てくる任意コンテクスト名で使われている Tesseract というのは、DNACアシュアランスのコードネームだそうです。
それでは、DNACが投入したEzPMコンテクストであるTesseractの中身は、以下のコマンドで確認できます。これによって、DNACアシュアランスが使うNetFlow設定の実態が確認できました(2022/12現在)。
show performance monitor context tesseract configuration
3.1.2 DNACアシュアランスが投入するNetFlowの中身
DNACによって設定されたEzPMコンテクストの中身。こちらをクリック。
C4331-02#show performance monitor context tesseract configuration
!===============================================================================
! Equivalent Configuration of Context tesseract !
!===============================================================================
!Exporters
!==========
!
flow exporter tesseract-1
description performance monitor context tesseract exporter
destination 10.71.130.2
source GigabitEthernet0/0/0
transport udp 6007
export-protocol ipfix
template data timeout 300
option interface-table timeout 300
option vrf-table timeout 300
option sampler-table timeout 300
option application-table timeout 300
option application-attributes timeout 300
!
!Access Lists
!=============
!Class-maps
!===========
!Samplers
!=========
!Records and Monitors
!=====================
!
flow record tesseract-app_assurance_ipv4
description ezPM record
match ipv4 version
match ipv4 protocol
match application name
match connection client ipv4 address
match connection server ipv4 address
match connection server transport port
match flow observation point
collect routing vrf input
collect flow direction
collect timestamp absolute first
collect timestamp absolute last
collect connection initiator
collect connection new-connections
collect connection server counter responses
collect connection delay network to-server sum
collect connection client counter packets retransmitted
collect connection delay network client-to-server sum
collect connection delay application sum
collect connection server counter packets long
collect connection client counter packets long
collect connection server counter packets retransmitted
collect connection server counter bytes network long
collect connection client counter bytes network long
!
!
flow monitor tesseract-app_assurance_ipv4
description ezPM monitor
exporter tesseract-1
cache timeout active 60
cache entries 1350
record tesseract-app_assurance_ipv4
!
!
flow record tesseract-app_assurance_ipv6
description ezPM record
match ipv6 version
match ipv6 protocol
match application name
match connection client ipv6 address
match connection server transport port
match connection server ipv6 address
match flow observation point
collect routing vrf input
collect flow direction
collect timestamp absolute first
collect timestamp absolute last
collect connection initiator
collect connection new-connections
collect connection server counter responses
collect connection delay network to-server sum
collect connection client counter packets retransmitted
collect connection delay network client-to-server sum
collect connection delay application sum
collect connection server counter packets long
collect connection client counter packets long
collect connection server counter packets retransmitted
collect connection server counter bytes network long
collect connection client counter bytes network long
!
!
flow monitor tesseract-app_assurance_ipv6
description ezPM monitor
exporter tesseract-1
cache timeout active 60
cache entries 1350
record tesseract-app_assurance_ipv6
!
!
flow record tesseract-app_assurance_rtp_ipv4
description ezPM record
match ipv4 version
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport rtp ssrc
match flow direction
match flow observation point
collect routing vrf input
collect transport packets lost counter
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect application name
collect connection initiator
collect transport rtp payload-type
collect transport rtp jitter mean sum
!
!
flow monitor tesseract-app_assurance_rtp_ipv4
description ezPM monitor
exporter tesseract-1
cache timeout active 60
cache entries 200
record tesseract-app_assurance_rtp_ipv4
!
!
flow record tesseract-app_assurance_rtp_ipv6
description ezPM record
match ipv6 version
match ipv6 protocol
match ipv6 source address
match ipv6 destination address
match transport source-port
match transport destination-port
match transport rtp ssrc
match flow direction
match flow observation point
collect routing vrf input
collect transport packets lost counter
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect application name
collect connection initiator
collect transport rtp payload-type
collect transport rtp jitter mean sum
!
!
flow monitor tesseract-app_assurance_rtp_ipv6
description ezPM monitor
exporter tesseract-1
cache timeout active 60
cache entries 200
record tesseract-app_assurance_rtp_ipv6
!
!Interface Attachments
!======================
interface GigabitEthernet0/0/1
ip flow monitor tesseract-app_assurance_ipv4 input
ip flow monitor tesseract-app_assurance_ipv4 output
ipv6 flow monitor tesseract-app_assurance_ipv6 input
ipv6 flow monitor tesseract-app_assurance_ipv6 output
ip flow monitor tesseract-app_assurance_rtp_ipv4 input
ip flow monitor tesseract-app_assurance_rtp_ipv4 output
ipv6 flow monitor tesseract-app_assurance_rtp_ipv6 input
ipv6 flow monitor tesseract-app_assurance_rtp_ipv6 output
測定パラメーターが多いこと自体は良いのですが、これだけの内容を手打ちするはほぼ不可能というか、組み合わせパターンを考えるのも現実的ではないですよね。コントローラー側の要件に合わせた設定を、コントローラーから、GUIのみで投入できる形態が増えてます。
ネットワーク装置の観点では、もちろん汎用プロトコルに対応したあらゆるNMS/コントローラーに対応するのですが、このように装置の膨大な測定項目を簡単に扱えるようになっているところが、専用コントローラーの強みと言えますね。
DNACからルーターに対して、EzPMを使って設定を投入しているところが、また可愛いポイントです。
3.1.3 EzPM Profiles
私がテストしているISR4331では、6つのプロファイルが確認できます。これらのプロファイルがそれぞれ、設定を束ねたマクロの単位になっています。(DNACはapplication-assuranceのプロファイルを使っていました)
C4331-02#show performance monitor profile ?
application-assurance Application assurance profile
application-experience Application eXperience performance monitor profile
application-performance Application performance profile
application-statistics Application statistics profile
sdwan-fnf SDWAN NetFlow profile
sdwan-performance SDWAN performance profile
3.1.4 EzPM Profile: sdwan-performance
参考までに、sdwan-performanceプロファイルの中身を貼り付けておきます。一つ一つの設定項目を超えて、このように使って欲しいという、開発側の意図が見えて面白いし、監視を考える上で非常に参考になります。
EzPM Profile: sdwan-performance
C4331-02#show performance monitor profile sdwan-performance
!! Performance monitor profile: sdwan-performance
!! description: SDWAN performance profile
!! Performance Monitor based profile
!! Fine-grain NBAR based profile
!! CLI 'traffic-monitor all' is enabled
!! Exporter template:
flow exporter ezpm_exporter
description performance monitor context %s exporter
source loopback 0
destination 10.10.10.0
export-protocol ipfix
template data timeout 600
option application-table timeout 600
option sampler-table timeout 600
option sub-application-table timeout 600
option application-attributes timeout 600
option interface-table timeout 600
option tunnel-tloc-table timeout 600
exit
!! Traffic monitor: art-cor-saas
!! Attr: customizable
!! User knobs: ipv4/ipv6 cache-size class-and class-replace cache-type interval-timeout
!! Classification (ACL):
ip access-list extended art_cxp_ipv4_tcp ! Attr: ipv4-in ipv4-out
permit tcp any any
exit
!! Classification (Class-maps):
class-map match-all art_cxp_ipv4 ! Attr: ipv4-in ipv4-out child
!! match class-map UserDefined
match access-group name art_cxp_ipv4_tcp
exit
class-map match-all art_cxp_art_ipv4 ! Attr: ipv4-in ipv4-out parent
match class-map art_cxp_ipv4
match class-map art_ipv4
exit
!! Flow monitors and records:
flow record type performance-monitor art_cxp_ipv4
match ipv4 protocol
match application name
match connection client ipv4 address
match connection server ipv4 address
match connection server transport port
match timestamp absolute monitoring-interval start
match flow observation point
match routing vrf service
collect ipv4 dscp
collect interface input
collect interface output
collect flow sampler
collect timestamp absolute first
collect timestamp absolute last
collect connection new-connections
collect connection server counter responses
collect connection delay network to-server sum
collect connection delay network to-server min
collect connection delay network to-server max
collect connection delay network to-client sum
collect connection delay network to-client min
collect connection delay network to-client max
collect connection client counter packets retransmitted
collect connection delay application sum
collect connection delay application min
collect connection delay application max
collect connection server counter packets long
collect connection client counter packets long
collect connection client counter bytes retransmitted
collect connection server counter bytes retransmitted
collect connection server counter packets retransmitted
collect connection server counter bytes network long
collect connection client counter bytes network long
collect overlay session id input
collect overlay session id output
collect counter packets sdwan pkt-cxp-d-pkts
collect sdwan traffic-category
collect counter bytes sdwan pkt-cxp-d-bytes long
collect sdwan service-area
exit
flow monitor type performance-monitor art_cxp_ipv4 ! Attr: ipv4-in ipv4-out
record art_cxp_ipv4
history size 0
cache type synchronized
cache timeout synchronized 60
cache timeout active 60
cache timeout inactive 15
cache entries 900
exit
!! end Traffic monitor: art-cor-saas
!! Traffic monitor: application-response-time
!! Attr: customizable
!! User knobs: ipv4/ipv6 cache-size class-and class-replace cache-type interval-timeout
!! Classification (ACL):
ip access-list extended art_ipv4_tcp ! Attr: ipv4-in ipv4-out
permit tcp any any
exit
!! Classification (Class-maps):
class-map match-all art_ipv4 ! Attr: ipv4-in ipv4-out child
!! match class-map UserDefined
match access-group name art_ipv4_tcp
exit
class-map match-all art_cxp_art_ipv4 ! Attr: ipv4-in ipv4-out parent
match class-map art_cxp_ipv4
match class-map art_ipv4
exit
!! Flow monitors and records:
flow record type performance-monitor art_ipv4
match ipv4 protocol
match application name
match connection client ipv4 address
match connection server ipv4 address
match connection server transport port
match timestamp absolute monitoring-interval start
match flow observation point
match routing vrf service
collect ipv4 dscp
collect ipv4 ttl
collect interface input
collect interface output
collect flow direction
collect flow sampler
collect timestamp absolute first
collect timestamp absolute last
collect connection initiator
collect connection new-connections
collect connection sum-duration
collect connection delay response to-server sum
collect connection server counter responses
collect connection delay response to-server histogram late
collect connection delay network to-server sum
collect connection delay network to-client sum
collect connection client counter packets retransmitted
collect connection delay network client-to-server sum
collect connection delay application sum
collect connection delay response client-to-server sum
collect connection transaction duration sum
collect connection transaction duration min
collect connection transaction duration max
collect connection transaction counter complete
collect connection server counter bytes long
collect connection server counter packets long
collect connection client counter bytes long
collect connection client counter packets long
collect connection client counter bytes retransmitted
collect connection server counter bytes retransmitted
collect connection server counter packets retransmitted
collect connection server counter bytes network long
collect connection client counter bytes network long
collect connection delay network client-to-server num-samples
collect connection delay network to-server num-samples
collect connection delay network to-client num-samples
collect overlay session id input
collect overlay session id output
exit
flow monitor type performance-monitor art_ipv4 ! Attr: ipv4-in ipv4-out
record art_ipv4
history size 0
cache type synchronized
cache timeout synchronized 60
cache timeout active 60
cache timeout inactive 15
cache entries 900
exit
!! end Traffic monitor: application-response-time
!! Traffic monitor: media
!! Attr: customizable
!! User knobs: ipv4/ipv6 cache-size class-and class-replace interval-timeout
!! Classification (ACL):
ip access-list extended media_ipv4_udp ! Attr: ipv4-in ipv4-out
permit udp any any
exit
!! Classification (Class-maps):
class-map match-any media_app ! Attr: ipv4-in ipv4-out
match protocol rtp in-app-hierarchy
exit
class-map match-all media_ipv4 ! Attr: ipv4-in ipv4-out
!! match class-map UserDefined
match access-group name media_ipv4_udp
match class-map media_app
exit
!! Flow monitors and records:
flow record type performance-monitor media_ipv4
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport rtp ssrc
match flow direction
match timestamp absolute monitoring-interval start
match flow observation point
collect routing forwarding-status
collect ipv4 dscp
collect ipv4 ttl
collect transport packets expected counter
collect transport packets lost counter
collect transport packets lost rate
collect transport rtp jitter mean
collect transport rtp jitter minimum
collect transport rtp jitter maximum
collect interface input
collect interface output
collect flow sampler
collect counter bytes long
collect counter packets
collect counter bytes rate
collect timestamp absolute first
collect timestamp absolute last
collect application name
collect application media bytes counter
collect application media bytes rate
collect application media packets counter
collect application media packets rate
collect connection initiator
collect connection new-connections
collect transport rtp payload-type
collect transport rtp jitter mean sum
collect overlay session id input
collect overlay session id output
collect routing vrf service
exit
flow monitor type performance-monitor media_ipv4 ! Attr: ipv4-in ipv4-out fixed-cache-sz
record media_ipv4
history size 0
cache type synchronized
cache timeout synchronized 60
cache entries 16000
exit
!! end Traffic monitor: media
!! end (Traffic monitors)
policy-map type performance-monitor policy-in ! Attr: account-on-resolution
parameter default account-on-resolution
class art_cxp_art_ipv4 ! application-response-time
flow monitor art_ipv4
flow monitor art_cxp_ipv4
class art_cxp_art_ipv4 ! art-cor-saas
flow monitor art_ipv4
flow monitor art_cxp_ipv4
class art_cxp_ipv4 ! art-cor-saas
flow monitor art_cxp_ipv4
class art_ipv4 ! application-response-time
flow monitor art_ipv4
class media_ipv4 ! media
flow monitor media_ipv4
exit
exit
!! Policy-map attachment to interface:
!! service-policy type performance-monitor input policy-in
policy-map type performance-monitor policy-out ! Attr: account-on-resolution
parameter default account-on-resolution
class art_cxp_art_ipv4 ! application-response-time
flow monitor art_ipv4
flow monitor art_cxp_ipv4
class art_cxp_art_ipv4 ! art-cor-saas
flow monitor art_ipv4
flow monitor art_cxp_ipv4
class art_cxp_ipv4 ! art-cor-saas
flow monitor art_cxp_ipv4
class art_ipv4 ! application-response-time
flow monitor art_ipv4
class media_ipv4 ! media
flow monitor media_ipv4
exit
exit
!! Policy-map attachment to interface:
!! service-policy type performance-monitor output policy-out
!! end of sdwan-performance profile definition
3.1.5 DNACが装置に投入するテレメトリサブスクリプション
※本記事では深掘りしませんが、DNACが装置に投入するテレメトリサブスクリプションの設定も参考までに記録しておきます。
DNACが装置に対して投入するテレメトリサブスクリプションのNetconfコールのボディ例
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<edit-config>
<target>
<running/>
</target>
<default-operation>merge</default-operation>
<config>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>602</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<period><![CDATA[360000]]></period>
<tdl-uri><![CDATA[/services;serviceName=ios_emul_oper/lisp_routers;top_id=0/sessions]]></tdl-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>603</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<no-synch-on-start><![CDATA[false]]></no-synch-on-start>
<tdl-uri><![CDATA[/services;serviceName=iosevent/lisp_tcp_session_state]]></tdl-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>604</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<period><![CDATA[360000]]></period>
<nested-uri><![CDATA[/services;serviceName=ios_emul_oper/lisp_routers;top_id=0/instances;iid=0/af;iaftype=LISP_TDL_IAF_IPV4/lisp_publisher]]></nested-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>605</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<no-synch-on-start><![CDATA[false]]></no-synch-on-start>
<tdl-uri><![CDATA[/services;serviceName=iosevent/lisp_pubsub_session_state]]></tdl-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>606</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<period><![CDATA[360000]]></period>
<nested-uri><![CDATA[/services;serviceName=ios_emul_oper/lisp_routers;top_id=0/remote_locator_sets;name=default-etr-locator-set-ipv4/rem_loc_set_rlocs_si]]></nested-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
<mdt-config-data xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-mdt-cfg">
<mdt-subscription>
<subscription-id>607</subscription-id>
<base>
<rcvr-type>rcvr-type-protocol</rcvr-type>
<stream><![CDATA[native]]></stream>
<encoding><![CDATA[encode-tdl]]></encoding>
<no-synch-on-start><![CDATA[false]]></no-synch-on-start>
<tdl-uri><![CDATA[/services;serviceName=iosevent/lisp_etr_si_type]]></tdl-uri>
<source-address>10.71.130.25</source-address>
</base>
<mdt-receiver-names>
<mdt-receiver-name>
<name><![CDATA[DNAC_ASSURANCE_RECEIVER]]></name>
</mdt-receiver-name>
</mdt-receiver-names>
</mdt-subscription>
</mdt-config-data>
</config>
</edit-config>
</rpc>
投入されたテレメトリ設定。ルーターの場合は少ないです。
C4331-02#show run | sec telemetry
telemetry ietf subscription 602
encoding encode-tdl
filter tdl-uri /services;serviceName=ios_emul_oper/lisp_routers;top_id=0/sessions
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy periodic 360000
receiver name DNAC_ASSURANCE_RECEIVER
telemetry ietf subscription 603
encoding encode-tdl
filter tdl-uri /services;serviceName=iosevent/lisp_tcp_session_state
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy on-change
receiver name DNAC_ASSURANCE_RECEIVER
telemetry ietf subscription 604
encoding encode-tdl
filter nested-uri /services;serviceName=ios_emul_oper/lisp_routers;top_id=0/instances;iid=0/af;iaftype=LISP_TDL_IAF_IPV4/lisp_publisher
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy periodic 360000
receiver name DNAC_ASSURANCE_RECEIVER
telemetry ietf subscription 605
encoding encode-tdl
filter tdl-uri /services;serviceName=iosevent/lisp_pubsub_session_state
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy on-change
receiver name DNAC_ASSURANCE_RECEIVER
telemetry ietf subscription 606
encoding encode-tdl
filter nested-uri /services;serviceName=ios_emul_oper/lisp_routers;top_id=0/remote_locator_sets;name=default-etr-locator-set-ipv4/rem_loc_set_rlocs_si
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy periodic 360000
receiver name DNAC_ASSURANCE_RECEIVER
telemetry ietf subscription 607
encoding encode-tdl
filter tdl-uri /services;serviceName=iosevent/lisp_etr_si_type
receiver-type protocol
source-address 10.71.130.25
stream native
update-policy on-change
receiver name DNAC_ASSURANCE_RECEIVER
telemetry receiver protocol DNAC_ASSURANCE_RECEIVER
host ip-address 10.71.130.2 25103
protocol tls-native profile sdn-network-infra-iwan
どこで使われているのかわかりにくいNetconfやTelemetryが、こんな風に浸透して活用されてたのですね!!
3.2 Meraki クラウドによる Catalystスイッチの監視
2022年6月のCiscoLiveイベントにて、MerakiクラウドからCatalyst9000シリーズスイッチ(の一部)が管理できる機能が発表され、Merakiダッシュボードから即日利用可能となりました!
詳しい設定や機能については本家を参照いただくとして、以下のアプリを使ってCatalyst9000スイッチをMerakiダッシュボードに登録するときのNetFlow設定(とテレメトリ設定)に注目してみます。
3.2.1 MerakiクラウドオンボーディングアプリがCatalyst9000スイッチに投入するNetFlow設定
Merakiクラウドに登録時に自動投入されたFlow関連の設定は以下です。collect application http hostは個別にアクセスしたURI Hostアドレスを取得する設定ですが、こんなことまでスイッチにやらせるのですね😀
MerakiクラウドオンボーディングアプリがCatalyst9000スイッチに投入するNetFlow設定
+flow record MERAKI_AVC_HTTP_SSL_IPV4
+match application name
+match connection client ipv4 address
+match connection server ipv4 address
+match connection server transport port
+match flow observation point
+match ipv4 protocol
+match ipv4 version
+collect application http host
+collect application ssl common-name
+collect connection client counter bytes network long
+collect connection client counter packets long
+collect connection initiator
+collect connection new-connections
+collect connection server counter bytes network long
+collect connection server counter packets long
+collect datalink mac source address input
+collect datalink mac source address output
+collect flow direction
+collect timestamp absolute first
+collect timestamp absolute last
+flow record MERAKI_AVC_HTTP_SSL_IPV6
+match application name
+match connection client ipv6 address
+match connection server ipv6 address
+match connection server transport port
+match flow observation point
+match ipv6 protocol
+match ipv6 version
+collect application http host
+collect application ssl common-name
+collect connection client counter bytes network long
+collect connection client counter packets long
+collect connection initiator
+collect connection new-connections
+collect connection server counter bytes network long
+collect connection server counter packets long
+collect datalink mac source address input
+collect datalink mac source address output
+collect flow direction
+collect timestamp absolute first
+collect timestamp absolute last
+flow exporter MERAKI_AVC
+destination local file-export default <--- ★17.2以降
+export-protocol ipfix
+option interface-table timeout 300
+option application-table
+option application-attributes
+flow monitor MERAKI_AVC_IPV4
+exporter MERAKI_AVC
+cache timeout inactive 60
+cache timeout active 300
+cache entries 65536
+record MERAKI_AVC_HTTP_SSL_IPV4
+flow monitor MERAKI_AVC_IPV6
+exporter MERAKI_AVC
+cache timeout inactive 60
+cache timeout active 300
+cache entries 65536
+record MERAKI_AVC_HTTP_SSL_IPV6
+flow file-export default <--- ★17.2以降、パブリックなネットワーク越しに測定データをHTTPで送る仕組み
+destination 18.232.244.158 transport http dest-port 18088 upload-path api/ipfixfilecollector/890f52f0-c986-4721-bbad-be211d0bc536/f3c9ddb3-da52-4354-aee1-62bd28084480/92564474-3d7b-40ef-875a-f5bbf1a9c481/post_file
+file max-size 10
+file max-count 2
+file max-create-interval 5
3.2.2 Catalyst9000 スイッチから MerakiクラウドへのFlow Exportがシブい
一つ注目すべき点は、Flow exportは通常の企業ネットワーク内部ではUDPを使って送信するのですが、Merakiクラウドはインターネット上にあるため、Exportの仕組みに工夫が加えられています。これはIOS XE17.2以降でサポートされた機能ですが、フローコレクタに対して直接送信するのではなく、一旦ローカルにファイルを作成して、それをHTTPSを使ってMerakiクラウドに対して送信しています。
この部分です。
+flow exporter MERAKI_AVC
+destination local file-export default <--- ★17.2以降
+export-protocol ipfix
+option interface-table timeout 300
+option application-table
+option application-attributes
+flow file-export default <--- ★17.2以降、パブリックなネットワーク越しに測定データをHTTPで送る仕組み
+destination 18.232.244.158 transport http dest-port 18088 upload-path api/ipfixfilecollector/890f52f0-c986-4721-bbad-be211d0bc536/f3c9ddb3-da52-4354-aee1-62bd28084480/92564474-3d7b-40ef-875a-f5bbf1a9c481/post_file
+file max-size 10
+file max-count 2
+file max-create-interval 5
昔からのNetFlow屋さんにとっては、おっ!??と思うポイントでした。パブリッククラウド時代に合わせた機能拡張ですね。
3.2.3 Merakiクラウドオンボーディングアプリが装置に投入するテレメトリサブスクリプション
本記事では深掘りしませんが、Merakiクラウドオンボーディングアプリが装置に投入するテレメトリサブスクリプションの設定も参考までに記録しておきます。こちらはIP直書きなど生々しいですが、特に上の設定と対比してみると、フローとして測定されて送信される内容と、装置の情報やイベントとしてPubSub型で送信される内容が使い分けられていることがよくわかります。
MerakiクラウドオンボーディングアプリがCatalyst9000スイッチを監視する際に投入するテレメトリ設定
+telemetry ietf subscription 1001
+encoding encode-tdl
+filter tdl-uri /services;serviceName=sman_oper/control_process
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1002
+encoding encode-tdl
+filter tdl-transform MERAKI_INTF_STATS_DELTA
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1003
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_detail
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1004
+encoding encode-tdl
+filter nested-uri /services;serviceName=sman_oper/control_process;fru=BINOS_FRU_RP;slotnum=0;baynum=0;chassisnum=1?load_avg_minute
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1007
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/platform_component
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1011
+encoding encode-tdl
+filter tdl-uri /services;serviceName=smevent/sessionevent
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1012
+encoding encode-tdl
+filter tdl-uri /services;serviceName=sessmgr_oper/session_context_data
+stream native
+update-policy periodic 360000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1013
+encoding encode-tdl
+filter tdl-uri /services;serviceName=iosevent/sisf_mac_oper_state
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1014
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/sisf_db_wired_mac
+stream native
+update-policy periodic 360000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1015
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/poe_port_detail
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1016
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/poe_module
+stream native
+update-policy periodic 60000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1018
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_detail
+stream native
+update-policy periodic 360000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1020
+encoding encode-tdl
+filter tdl-uri /services;serviceName=stkmevent/stkmevent
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1021
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_oper/switch_oper_info
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1030
+encoding encode-tdl
+filter tdl-uri /services;serviceName=iosevent/platform_component_state_update
+stream native
+update-policy on-change
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 1031
+encoding encode-tdl
+filter tdl-uri /services;serviceName=ios_emul_oper/entity_information
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry ietf subscription 2002
+encoding encode-tdl
+filter tdl-transform MERAKI_PORTCHANNEL_STATS_DELTA
+stream native
+update-policy periodic 30000
+receiver ip address 18.232.244.158 25103 protocol cloud-native
+telemetry transform MERAKI_INTF_STATS_DELTA
+input table tbl_interfaces_state
+field ipv4
+field name
+field speed
+field if_index
+field description
+field oper_status
+field admin_status
+field phys_address
+field interface_type
+field statistics.rx_pps
+field statistics.tx_pps
+field statistics.in_octets
+field statistics.out_errors
+field ether_state.media_type
+field statistics.in_errors_64
+field statistics.out_discards
+field statistics.in_crc_errors
+field statistics.out_octets_64
+field intf_ext_state.error_type
+field statistics.in_discards_64
+field statistics.in_unicast_pkts
+field statistics.out_unicast_pkts
+field ether_stats.in_jabber_frames
+field statistics.in_broadcast_pkts
+field statistics.in_multicast_pkts
+field statistics.out_broadcast_pkts
+field statistics.out_multicast_pkts
+field ether_stats.in_fragment_frames
+field ether_stats.in_oversize_frames
+field ether_stats.in_mac_pause_frames
+field statistics.in_unknown_protos_64
+field ether_stats.out_mac_pause_frames
+field intf_ext_state.port_error_reason
+field ether_state.negotiated_port_speed
+field ether_state.negotiated_duplex_mode
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_fcs_errors
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_duplex_status
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_symbol_errors
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_frame_too_longs
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_late_collisions
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_alignment_errors
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_carrier_sense_errors
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_excessive_collisions
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_single_collision_frames
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_multiple_collision_frames
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_internal_mac_receive_errors
+field ether_stats.dot3_counters.dot3_error_counters_v2.dot3_internal_mac_transmit_errors
+join-key name
+logical-op and
+type mandatory
+uri /services;serviceName=ios_emul_oper/interface
+operation 1
+output-field 1
+field tbl_interfaces_state.name
+output-field 2
+field tbl_interfaces_state.if_index
+output-field 3
+field tbl_interfaces_state.interface_type
+output-field 4
+field tbl_interfaces_state.description
+output-field 5
+field tbl_interfaces_state.admin_status
+output-field 6
+field tbl_interfaces_state.oper_status
+output-field 7
+field tbl_interfaces_state.speed
+output-field 8
+field tbl_interfaces_state.ipv4
+output-field 9
+field tbl_interfaces_state.phys_address
+output-field 10
+field tbl_interfaces_state.statistics.in_unknown_protos_64
+output-field 11
+field tbl_interfaces_state.statistics.in_octets
+output-field 12
+field tbl_interfaces_state.statistics.out_octets_64
+output-field 13
+field tbl_interfaces_state.statistics.in_errors_64
+output-field 14
+field tbl_interfaces_state.statistics.out_errors
+output-field 15
+field tbl_interfaces_state.statistics.in_unicast_pkts
+output-field 16
+field tbl_interfaces_state.statistics.out_unicast_pkts
+output-field 17
+field tbl_interfaces_state.statistics.in_multicast_pkts
+output-field 18
+field tbl_interfaces_state.statistics.out_multicast_pkts
+output-field 19
+field tbl_interfaces_state.statistics.in_broadcast_pkts
+output-field 20
+field tbl_interfaces_state.statistics.out_broadcast_pkts
+output-field 21
+field tbl_interfaces_state.statistics.in_discards_64
+output-field 22
+field tbl_interfaces_state.statistics.out_discards
+output-field 23
+field tbl_interfaces_state.statistics.tx_pps
+output-field 24
+field tbl_interfaces_state.statistics.rx_pps
+output-field 25
+field tbl_interfaces_state.ether_state.media_type
+output-field 26
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_single_collision_frames
+output-field 27
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_multiple_collision_frames
+output-field 28
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_late_collisions
+output-field 29
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_excessive_collisions
+output-field 30
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_frame_too_longs
+output-field 31
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_alignment_errors
+output-field 32
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_fcs_errors
+output-field 33
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_carrier_sense_errors
+output-field 34
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_internal_mac_receive_errors
+output-field 35
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_internal_mac_transmit_errors
+output-field 36
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_symbol_errors
+output-field 37
+field tbl_interfaces_state.ether_stats.dot3_counters.dot3_error_counters_v2.dot3_duplex_status
+output-field 38
+field tbl_interfaces_state.ether_stats.in_mac_pause_frames
+output-field 39
+field tbl_interfaces_state.ether_stats.out_mac_pause_frames
+output-field 40
+field tbl_interfaces_state.ether_stats.in_oversize_frames
+output-field 41
+field tbl_interfaces_state.ether_stats.in_jabber_frames
+output-field 42
+field tbl_interfaces_state.ether_stats.in_fragment_frames
+output-field 43
+field tbl_interfaces_state.ether_state.negotiated_duplex_mode
+output-field 44
+field tbl_interfaces_state.ether_state.negotiated_port_speed
+output-field 45
+field tbl_interfaces_state.statistics.in_crc_errors
+output-field 46
+field tbl_interfaces_state.intf_ext_state.error_type
+output-field 47
+field tbl_interfaces_state.intf_ext_state.port_error_reason
+specified
+telemetry transform MERAKI_PORTCHANNEL_STATS_DELTA
+input table tbl_interfaces_state
+field ipv4
+field name
+field speed
+field if_index
+field description
+field oper_status
+field admin_status
+field phys_address
+field interface_type
+field interface_class
+field statistics.rx_pps
+field statistics.tx_pps
+field statistics.in_octets
+field statistics.out_errors
+field statistics.in_errors_64
+field statistics.out_discards
+field statistics.out_octets_64
+field statistics.in_discards_64
+field statistics.in_unicast_pkts
+field statistics.out_unicast_pkts
+field statistics.in_broadcast_pkts
+field statistics.in_multicast_pkts
+field statistics.out_broadcast_pkts
+field statistics.out_multicast_pkts
+field statistics.in_unknown_protos_64
+join-key name
+logical-op and
+type mandatory
+uri /services;serviceName=ios_emul_oper/interface
+operation 1
+filter 1
+condition operator eq
+condition value INTF_CLASS_UNSPECIFIED
+field tbl_interfaces_state.interface_class
+logical-op and
+logical-op next and
+filter 2
+event on-change
+field tbl_interfaces_state.name
+logical-op next or
+logical-op or
+output-field 1
+field tbl_interfaces_state.name
+output-field 2
+field tbl_interfaces_state.if_index
+output-field 3
+field tbl_interfaces_state.interface_type
+output-field 4
+field tbl_interfaces_state.description
+output-field 5
+field tbl_interfaces_state.admin_status
+output-field 6
+field tbl_interfaces_state.oper_status
+output-field 7
+field tbl_interfaces_state.speed
+output-field 8
+field tbl_interfaces_state.ipv4
+output-field 9
+field tbl_interfaces_state.phys_address
+output-field 10
+field tbl_interfaces_state.statistics.in_unknown_protos_64
+output-field 11
+field tbl_interfaces_state.statistics.in_octets
+output-field 12
+field tbl_interfaces_state.statistics.out_octets_64
+output-field 13
+field tbl_interfaces_state.statistics.in_errors_64
+output-field 14
+field tbl_interfaces_state.statistics.out_errors
+output-field 15
+field tbl_interfaces_state.statistics.in_unicast_pkts
+output-field 16
+field tbl_interfaces_state.statistics.out_unicast_pkts
+output-field 17
+field tbl_interfaces_state.statistics.in_multicast_pkts
+output-field 18
+field tbl_interfaces_state.statistics.out_multicast_pkts
+output-field 19
+field tbl_interfaces_state.statistics.in_broadcast_pkts
+output-field 20
+field tbl_interfaces_state.statistics.out_broadcast_pkts
+output-field 21
+field tbl_interfaces_state.statistics.in_discards_64
+output-field 22
+field tbl_interfaces_state.statistics.out_discards
+output-field 23
+field tbl_interfaces_state.statistics.tx_pps
+output-field 24
+field tbl_interfaces_state.statistics.rx_pps
+specified
4. まとめ
自分で言うのもアレですけど長い...。万が一、最後まで見ていただいた方いらっしゃれば本当にありがとうございます。元々、2017年に書いたブログ「ネットワークで計測」を深掘りを更新したいな〜と思って書き始めた本記事ですが、せっかくなのでDNACやMerakiの話も入れてみようと思って強引に一つにしたところ長くなってしまいました。
ネットワーク装置でリッチなデータを収集できること、効率的に取り出して利活用すること、それらがスケーラビリティや転送性能と両立すること、これは今後もますます大事になってきます。今日現在においても、ネットワークデータの活用レベルは、特にエンタープライズITでは高いとは言えず、もっと活用されるべきと考えています。
クラウド時代においてもネットワークアクセス層から得られるお宝をじゃんじゃん活用して、セキュリティや容量設計にとどまらず、人の動きやふるまいのトラッキング、たえず進化するアプリケーションの動きに追随するネットワークなど、いろんなところに役立つソリューションを提供していきたいです。また、データそのものを汎用的に取り出せる仕組みも進化しています(装置のAPIやコントローラーのAPIなど)。われわれネットワークエンジニアだけでなく、アプリケーション開発者をはじめ、世の中のデータエンジニアとの接点がもっと増えることも期待しています。
この記事では、メーカーのエンジニアとして面白いなぁと思うポイントを、装置およびコントローラーの両面から深掘りしました。これは単に私が興味がある内容であって、あまりセミナー等で説明する枠がなかったりするのですが、もしどなたか似たような関心や興味をお持ちの方に届くと嬉しいです。
ルーターやスイッチといったネットワーク装置と、DNACやMerakiのようなコントローラーを組み合わせたユースケースはどんどん進化しています。いい意味で破壊的なユースケースを、シンプルな運用管理性とともに提示していくことはメーカーエンジニアにとってはとってもクリエイティブなお仕事だと思っています。