Cisco Performance Visibility Manager User Manual

Cisco Performance Visibility Manager 1.0 Technical Implementation Guide

Corporate Headquarters

Cisco Systems Inc. 170 West Tasman Drive San Jose, Ca 95134-1706 USA

http://www.cisco.com/en/US/products/sw/netmgtsw/index.html

Tel: 408 525-4000 800-553-NETS (6387) FAX: 4008 526-4100

Corporate Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Cyprus Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright © 2004 Cisco Systems, Inc. All rights reserved. CCIP, CCSP, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0402R)

Printed in the USA

European Headquarters

Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100

the Cisco Web site at www.cisco.com/go/offices

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883

Asia Pacific Headquarters

Cisco Systems, Inc. 168 Robinson Road #28-01 Capital Tower Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799

Page 2 of 66

TECHNICAL IMPLEMENTATION GUIDE

Cisco Performance Visibility Manager 1.0

INTRODUCTION............................................................................................................................................................................4

DATA COLLECTION AND TRAFFIC ANALYSIS ..........................................................................................................................4

TRAFFIC ANALYSIS INCLUDING TOP-N ANALYSIS..................................................................................................................4

ART MONITORING.......................................................................................................................................................................4

HISTORICAL INFORMATION........................................................................................................................................................4

REAL TIME AND TRENDING REPORTS .......................................................................................................................................4

PROACTIVE MONITORING...........................................................................................................................................................4

NAM GUI DRILL DOWN ..............................................................................................................................................................5

CISCOWORKS AND LDAP INTEGRATION..................................................................................................................................5

DEPLOYMENT CONSIDERATIONS AND PLANNING ..........................................................................................................6

STEPS IN THE PVM DEPLOYMENT PROCESS.............................................................................................................................6

Basic questions about the Problems to be addressed..............................................................................................................7

Placing Cisco NAM in Your Network.....................................................................................................................................7

Typical workflow for deploying Cisco PVM............................................................................................................................8

Configure the NAMs in Your Network....................................................................................................................................8

Deploy PVM and add the NAMs in Cisco PVM......................................................................................................................8

Create the Datasource Groups (DSGs) in Cisco PVM............................................................................................................9

Start monitoring your network using Cisco PVM...................................................................................................................9

USAGE SCENARIOS....................................................................................................................................................................10

NAM SETUP................................................................................................................................................................................10

CISCO PVM INITIAL SETUP.......................................................................................................................................................11

USAGE SCENARIOS: GATHER STATISTICS AND TEST MONITORING AND TROUBLESHOOTING .......................................19

Scenario 1: Traffic Profiling .................................................................................................................................................19

Scenario 2: Proactive Monitoring .........................................................................................................................................25

Scenario 3: Troubleshooting .................................................................................................................................................31

OVERVIEW OF PVM FUNCTIONALITY .....................................................................................................................................35

Traffic Analysis using Cisco PVM ........................................................................................................................................35

Application Response Time Analysis in Cisco PVM.............................................................................................................42

Baselining and Alerts in Cisco PVM.....................................................................................................................................46

CISCO PVM REQUIREMENTS AND SIZING............................................................................................................................... 51

CISCO PVM INSTALLATION AND UNINSTALLATION.............................................................................................................52

MAINTAINING AND TROUBLESHOOTING CISCO PVM...........................................................................................................56

CONCLUSION...............................................................................................................................................................................59

APPENDIX .....................................................................................................................................................................................60

DEPLOYMENT Q&A...................................................................................................................................................................60

DEPLOYMENT TROUBLESHOOTING.........................................................................................................................................63

FOR MORE INFORMATION.........................................................................................................................................................65

Page 3 of 66

INTRODUCTION

The Cisco® Performance Visibility Manager is an enterprise-level, centralized network management tool that enhances the Cisco Network Analysis Module (NAM) for Cisco Catalyst centralized and integrated End-to-End (E2E) network view, by aggregating and correlating information from multiple NAMs that are strategically deployed in the network. Cisco PVM is highly scalable, and uses a highly extensible architecture which makes it easy to add additional Cisco device instrumentation like Netflow, IP SLA agent and NBAR in future releases.

Cisco PVM is a feature-rich network management tool.

The following features are currently available in PVM 1.0.

Data Collection and Traffic Analysis

Cisco PVM collects traffic statistics from multiple NAMs and aggregates the information based on user-defined datasource groups to provide you an intuitive and integrated end-to-end view of your network, allowing you to quickly pinpoint trouble spots.

Traffic Analysis including Top-N Analysis

Cisco PVM’s Traffic Analysis, including Top-N Analysis, provides unparalleled visibility into the traffic running in your network. By aggregating and analyzing traffic in real time, you can detect and troubleshoot problems in the network before the users are adversely affected. PVM has the capability to aggregate real-time information for up to 7 days. You can traverse back in time and troubleshoot a client problem.

6500 Series switches, 7600 Series routers and Branch Routers series. Cisco PVM provides a

ART Monitoring

Cisco PVM’s Application Response Time Monitoring feature lets you correlate response time data from various NAMs and provides you with information on how much time the traffic spent in the network. Armed with this information, you can quickly identify whether the problem is in the network or in the application, and direct resources toward solving the issue instead of identifying it.

Historical Information

Cisco PVM provides a highly scalable datastore for retaining historical traffic information. The raw traffic data and the historical aggregated data are by default stored for long periods of time (up to 3 years) in the datastore.

Real Time and Trending reports

Cisco PVM also provides comprehensive real-time and trending reports to help you with effective capacity planning, trend analysis, and network status monitoring. Cisco PVM includes a rich set of report suites and a highly flexible scheduler. The ability to automatically run reports, when used in conjunction with real-time and trending reports is invaluable when trying to monitor your network and troubleshooting it. Also, reports are automatically archived so that traffic statistics are available even if the data is purged from the data store.

Proactive Monitoring

Cisco PVM’s baselining and alerting feature provides an invaluable tool to proactively monitor your network. By using this policy-based feature you can automatically baseline your network traffic patterns so you can be alerted in case of any deviations. With Cisco PVM, you can set dynamic thresholds, which allow you to account for expected variations in traffic patterns while still retaining the ability to identify anomalous traffic patterns.

Cisco Internal Use Only

Page 4 of 66

NAM GUI Drill down

Cisco PVM provides you the ability to drill down into the NAM GUI for more detailed and efficient troubleshooting, once it has been identified with the help of PVM’s traffic analysis and monitoring components.

CiscoWorks and LDAP Integration

Cisco PVM provides integration with CiscoWorks DCR and LDAP directories and you can efficiently administer your network equipment, users and credentials.

Cisco Internal Use Only

Page 5 of 66

DEPLOYMENT CONSIDERATIONS AND PLANNING

Cisco PVM works in conjunction with the Cisco Network Analysis Modules (NAMs) to provide you in-depth visibility into your network traffic. In Cisco PVM 1.0, traffic statistics are collected from the NAMs and their associated Switches/Routers. Technologies such as RSPAN and Netflow can be used to gather data from other devices.

Cisco PVM communicates with the NAMs and their associated devices through SNMP. The data that is gathered from the NAM modules comes from the SNMP MIBs (Management Information Bases) that the NAM supports (RMON, DSMON and ART). Cisco PVM collects SMON (VLAN statistics) and mini-RMON (port statistics) and MIB II (interface statistics) information directly from switches and routers.

Once NAMs have been deployed and configured, Cisco PVM can be installed and deployed on any machine that meets the hardware and

software requirements and has network access to the deployed NAMs and their devices. Figure 1 shows a sample deployment scenario.

Sample Deployment Scenario: PVM in LAN and WAN

HEADQUARTERS

Data Center

PVM

Traffic statistics from vario us NAMs are collected, aggregated and correlated by PVM

REMOTE OFFICE

3845

WAN

Cloud

NAM

BRANCH A

NAM

Catalyst 6500 With NAM

NAMNAM

2851

Network Management Technology Group

Figure 1. Cisco PVM 1.0 Deployment

444

Steps in the PVM Deployment Process

The steps in the PVM deployment process are as follows. High level descriptions of each of these steps are provided in the sections that follow.

1. Get answers to the basic questions about the network problems to be addressed (as listed in the following section).

2. Determine the optimal locations where you can place Cisco NAMs in your network.

3. Set up the Cisco NAMs and configure them to collect the desired statistics to solve the problem.

4. Deploy Cisco PVM and add the NAMs and their associated devices in PVM.

Cisco Internal Use Only

Page 6 of 66

5. Create the appropriate datasource groupings of NAMs and/or Switch/Routers to aggregate data from.

6. Use the Traffic Analysis features of Cisco PVM to identify or troubleshoot the problem.

Basic questions about the Problems to be addressed

To decide how to deploy Cisco PVM and Cisco NAM-1/NAM-2 in the network, first answer some questions that address the purpose and needs of the administrator and how Cisco PVM and the Cisco NAMs can provide an accurate analysis. This approach helps ensure the effective use of Cisco PVM and the Cisco NAMs that it depends on for traffic data and minimizes the actual cost of deployment.

The following questions help in deployment planning:

• Is there a specific application or response-time problem?

• Employing voice or data QoS delivery?

• Is the network monitoring for trending, capacity planning, or fault management?

• Are there acute problems? If so, what are they?

• Is the network experiencing some combination of these problems?

A clear understanding of the objectives of monitoring would help make appropriate deployment decisions and would aid in using the Cisco PVM to your best advantage.

Placing Cisco NAM in Your Network

Once you have answers to the questions the next step is to determine the optimal locations where you can place Cisco NAMs in your network to get the statistics

Following are suggestions addressing the questions mentioned:

• For addressing a specific application or response-time problem, place the NAM near the center where servers are located and also

near the client either in access or distribution layer or on a branch router.

• To monitor QOS, follow one of the following. (1) If you have a configuration where the marking is retained end-end, place NAMs

centrally and monitor the DSCP values. (2) If the marking are set to change at various layers, place NAMs in those layers.

• For trending and capacity planning, place NAMs at strategic locations in your network such as core/distribution layers, and data

center/server farm levels. If you would like get capacity planning information on branch traffic, then place NAMs at the level as well.

• To troubleshoot a problem, it is necessary to have NAMs at a location very close to problems. Since you are aware of your network

and most common areas of problems, you would be the best judge of this location. For example, one warehouse has a problem on its Miami branch where they see huge overload on their circuit between 3:30-4 on Fridays. Hence it is critical for them to have NAMs in their branch location to easily login and troubleshoot this problem from PVM.

Following is a list of recommendations on possible placement of Cisco NAMs in your network.

• Distribution Layer: Placing the Cisco NAMs at the distribution layer is highly recommended as this layer yields LAN aggregation that is

perfect for providing a NAM with rich data such as application and host usage. One or more Cisco NAMs can be placed at this layer to take advantage of gathering data on applications, hosts, conversations, virtual LANs (VLANs), and VoIP.

• Server Farms: Place near server farms (Web, FTP, and Domain Name System [DNS], for example), data centers, or near IP telephony

devices (Cisco CallManager), IP phones, and gateways where the Cisco NAM can see request-response exchanges between servers and clients and provide rich traffic analysis, including ART.

Cisco Internal Use Only

Page 7 of 66

• Access Layer: Place Cisco NAMs at the access layer only if critical clients are required to be monitored. IP phones, for example, can be

monitored for latency or for adequate response to and from Cisco CallManagers.

• WAN Edge: Place Cisco NAMs at the WAN edge to gather WAN statistics from Optical Services Module (OSM) or FlexWAN interfaces, or

to collect NetFlow statistics on remote NetFlow-enabled routers. This can provide usage statistics for links, applications (protocol distributions), hosts, and conversations, which can be useful for trending data and capacity planning.

• Branch Office: Place Cisco NAMs in the branch office to troubleshoot remote sites, similar to being on the campus, but taking full

advantage of the remote accessibility and local data collection of the Cisco NAMs.

Typical workflow for deploying Cisco PVM

A user can expect to perform the following steps in deploying PVM.

Figure 2. Typical workflow for Deploying Cisco PVM

Initial steps of work flow such as installation and walk through of general PVM functionality are detailed in a section after the usage scenarios.

Configure the NAMs in Your Network

Once the NAMs have been strategically deployed in the network, it is imperative that they be configured to collect the appropriate statistics that can aid you in answering the questions you have about the traffic on your network. Cisco NAMs collect some traffic statistics by default. However, it is always a good practice to verify and ensure that the core statistics that you are interested in are indeed configured to be collected by the NAM. For more details on configuring NAMs consult the NAM Deployment Guide.

Note: The configuration of the NAMs can also be done after importing them into PVM.

Deploy PVM and add the NAMs in Cisco PVM

Once the NAMs have been deployed and configured, you can deploy PVM on any machine that meets the system requirements for PVM. The requirements specification is listed in detail in the PVM Requirements and Sizing section. After Cisco PVM is successfully installed, you can create and manage users who have access to Cisco PVM. You can also configure PVM with information regarding the NAMs and their associated devices that it should collect traffic data from as described in the PVM Setup section.

Cisco Internal Use Only

Page 8 of 66

Create the Datasource Groups (DSGs) in Cisco PVM

Since Cisco PVM collects information from multiple NAMs, and each NAM can be monitoring multiple datasources, you have to group these datasources together in Cisco PVM to view useful aggregated data. This is essential for aggregation, and also a requirement to perform traffic analysis and view reports in Cisco PVM. This is described in detail in the PVM Setup section.

Start monitoring your network using Cisco PVM

Once DSGs have been created in PVM, you are ready to start traffic analysis using Cisco PVM. You can view and schedule the wide range of reports that are available in Cisco PVM. You can also start using the base-lining and alerting features of Cisco PVM. If you want to solve application response time issues, you can create ART Groups and start seeing response time information from the NAMs. Let’s go through some of the real-world scenarios to better understand PVM usage.

Cisco Internal Use Only

Page 9 of 66

USAGE SCENARIOS

After following the workflow of installing Cisco PVM, the next step is to understand the usage of the statistics provided by Cisco PVM so you can utilize it to monitor your network. This section provides details on Cisco PVM and NAM setup from configuring NAM to setting up the data source groups using the Cisco PVM GUI. This section also provides you with scenarios to help you understand and use PVM.

NAM Setup

Once the Cisco NAM modules are deployed, configuration of the Cisco NAM modules can be accomplished through the NAM GUI or the available CLI interface. This section provides information regarding the configuration for NAMs that is necessary for Cisco PVM to communicate with them. For more details on the steps necessary to configure the Cisco NAM modules, see the Cisco NAM Deployment Guide.

Cisco PVM requires the following information from NAM:

• Communication information – This is information necessary for Cisco PVM to communicate with the NAM

• Statistics Collection information – This is traffic information that Cisco PVM collects from the NAM

The mode of communication between Cisco PVM and the deployed Cisco NAM modules is SNMP. To enable Cisco PVM to talk through SNMP to the NAM, you have to provide the IP address and the appropriate SNMP community strings. Both Read-Only (RO) and Read-Write (RW) community strings are required. Cisco PVM does not change configuration information on the NAMs in version 1.0. The exception to this rule is Response Time configuration, hence the necessity for the RW community string. More information on this is provided in the section describing the Application Response Time (ART) feature of Cisco PVM.

To configure the IP address and community strings for the NAM and to start the Cisco NAM GUI, you can perform the following steps:

1. Insert the Cisco NAM module into any available slot (except the slot reserved for supervisor modules) in your Switch or Router.

2. Decide on host names and IP addresses for each Cisco NAM. Perform basic configuration. a. Session to the Cisco NAM from the switch/router. Review the Installation and Configuration notes for switches that run Cisco Catalyst

OS or native Cisco IOS Software because this command varies.

An example follows:

Console> (enable) session mod_num --- Catalyst OS Console> (enable) session slot slot_num processor 1 --- Cisco IOS Software

b. Assign the Cisco NAM following from its CLI. An example follows:

Root@localhost# ip address ip-address subnet-mask ip broadcast broadcast-address ip host name ip gateway default-gateway ip domain domain-name ip nameserver ip-address [ip-address]

c. To enable the HTTP server and NAM Traffic Analyzer application, enable HTTP on the Cisco NAM. An example follows:

Root@localhost# ip http server {enable | disable}

For secure web access, you can enable the HTTP secure server.

d. Also, configure all necessary SNMP strings to match the switch’s read-write strings.

For example:

snmp community <community-string> {ro | rw}

3. Configure the NAM Traffic Analyzer to collect traffic statistics.

Cisco Internal Use Only

Page 10 of 66

e. Log into the Web application, configure the SPAN sessions, and enable data collection such as applications, hosts and conversations.

See the following user guide for Cisco NAM.:

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_user_guide_list.html

Tip:

Note that Cisco PVM can only collect traffic information that the NAMs are collecting. To see traffic data for a given NAM, ensure that the NAM is collecting the statistic that you require. The only exception is the Response Time statistics, for which Cisco PVM will configure the NAM automatically.

Cisco PVM Initial Setup

After the configuration of the NAMs that you have deployed on your network, some configuration activity is required to setup Cisco PVM. Configuration activities on Cisco PVM include the management of users, management of NAMs and the creation of Datasource Groups. This section describes the steps needed to configure and manage users in Cisco PVM and the setup of the NAMs and their associated devices.

User Setup

Access to Cisco PVM requires permission-based security assignments. Users are assigned to one of two groups, or account types: Administrator or General User. The administrator has permissions to perform all available functions in Cisco PVM, while the General User is limited to traffic analysis functions like viewing reports.

By default, Cisco PVM relies on its own authentication and authorization repository created during installation. After installation, the system can be configured to use an LDAP (Lightweight Directory Access Protocol) server for user authorizations instead of the Cisco PVM repository.

Note:

If you configure Cisco PVM for LDAP authorization, you will no longer be able to view the user list, add/edit/delete users or modify user passwords from the Cisco PVM GUI. If you attempt to do any of the operations mentioned, you will see a message informing you that all user management functions are maintained in an enterprise-specific tool outside of Cisco PVM.

User Management through the GUI

With Cisco PVM you can create, edit and delete users through its GUI. These users are maintained in its repository and any changes to user credentials through the GUI are only reflected in this repository and are not propagated to tools outside Cisco PVM. You will have created an Administrator type user during installation, which you can user to login to create additional users. You can create edit or delete users by clicking on the Admin Tab and Users menu Item and then clicking the appropriate button. To edit and delete users you have to select a user before performing the action.

Cisco Internal Use Only

Page 11 of 66

To add a user, click Add and fill in the appropriate information in the window shown. For more details on configuring users through the GUI, see the User Guide.

User management through LDAP

Cisco PVM provides the user the ability to manage authentication and authorization through a LDAP server. When configured, Cisco PVM will use the LDAP protocol to communicate with the LDAP server whenever user authentication or authorization is necessary in PVM.

The LDAP configuration file is located at /opt/CSCOpvm/jboss/bin/texasConfig.properties. When Cisco PVM is not operating in LDAP mode, the ldap.enabled property in the config file is set to false. To enable LDAP mode, set this value to true.

Cisco PVM can communicate with the LDAP server in two modes: Non-SSL and SSL.

The configuration for Non-SSL is as follows:

• ldap.enabled=true

• ldap.auth.scheme=simple

• ldap.account.name=admin

• ldap.server.name=ware.trendium.com

• ldap.server.port=389

The configuration for SSL is as follows:

• ldap.enabled=true

Cisco Internal Use Only

Page 12 of 66

• ldap.auth.scheme=ssl

• ldap.account.name=admin

• ldap.server.name=ware.trendium.com

• ldap.server.port=636

Note:

The parameters such as ldap.account.name, ldap.server.name and ldap.server.port are relative to the test environment. The PVM administrator needs to obtain these parameters from LDAP administrator.

For SSL communication with the LDAP server, you need to import the public key from the LDAP server. Assume that you have copied the public certificate (including the BEGIN and END lines) to a text file /opt/CSCOpvm/cert.txt on the PVM server. Then you need to perform the following steps to import the certificate into Cisco PVM.

1. Ensure that the cacerts file is writable:

$cd /opt/CSCOpvm/j2sdk142/jre/lib/security

$chmod +w cacerts

2. Import the public key into the keystore:

$/opt/CSCOpvm/j2sdk142/bin/keytool -import -file "/opt/CSCOpvm/cert.txt" -keystore cacerts

When asked for the keystore password type changeit. When asked if PVM should trust the certificate, type yes.

The output is as follows: Enter keystore password: changeit

Owner: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US Issuer: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US Serial number: 81523838 Valid from: Tue Jan 17 13:04:26 EST 2006 until: Tue Apr 17 14:04:26 EDT 2007 Certificate fingerprints: MD5: 91:58:60:10:C6:62:59:C2:41:C1:F9:E6:69:11:72:41 SHA1: C1:ED:01:F5:21:C9:C9:A1:AD:34:B0:99:70:D2:52:52:06:7B:7E:D5 Trust this certificate? [no]: yes Certificate was added to keystore

Ensure that the information you enter is appropriate for your organization.

Mapping LDAP users to PVM roles

Cisco PVM uses two user groups: Admin and General. To map the various LDAP groups to PVM user groups, you can change the following two properties in the config file:

ldap.admin.group.name=<ldap group name>, <another ldap group name> ldap.general.group.name=<ldap group name>, <another ldap group name>

You can put multiple ldap groups separated by commas.

Adding a NAM through the GUI

Configuring NAMs and their associated devices in Cisco PVM is an easy process, and can be done in one of two ways. You can either add an individual NAM and its associated device through the Cisco PVM GUI, or you can import multiple NAMs and their devices through the import feature. This section describes the steps involved in configuring NAMs in Cisco PVM.

Cisco Internal Use Only

Page 13 of 66

Cisco PVM allows the user to add an individual NAM and its associated device through the GUI. Click the Setup Tab and select the NAMs menu item to see the list of NAMs.

Click Add to add a NAM and its device.

Note:

1. You can add only the NAM and add the Switch/Router later. In this case, Cisco PVM collects information from the NAM and display

traffic statistics for the NAM datasources. No information is collected from the associated Switch/Router till you add the Switch/Router.

2. The two enabled checkboxes enables or disables collection from the NAM and its associated device in Cisco PVM and does not

enable/disable the device itself.

3. The NAM User ID and password fields accept the login credentials for the NAM web interface. If any information is provided, it is

used during the single sign-on process. If no information is provided, Cisco PVM tries the single sign-on using the login credentials of the user currently initiating the process, and if that fails, Cisco OVM opens the Login page for the NAM GUI.

4. Ensure that the SNMP credentials are correct. The RO and RW community strings are both needed. The default SNMP timeout value is

Cisco Internal Use Only

Page 14 of 66

set to be 50 ms. This might not be appropriate for your network topology. Ensure that this value is appropriate based on your knowledge of the network.

5. While Cisco PVM automatically determines the type of NAM being added, it relies on the user’s specification of the Switch/Router

device type. Ensure that you select the appropriate resource type. Select NM_ROUTER for ISR’s, NAM_ROUTER for the 7600 Series router and NAM_SWITCH for the 6500 Series switch.

6. Cisco PVM attempts to communicate with the NAM with the SNMP credentials supplied. If Cisco PVM was unable to communicate

with the NAM being added, it displays an error message: “Unable to configure device type: Unable to obtain the device type for

NAM”. If you see this error, ensure that you have supplied the appropriate SNMP credentials, IP address of the device and ensure that

the device is up and running.

Importing Multiple Devices

Cisco PVM provides the user with the ability to import many devices at once through its integration with the CiscoWorks Device Credential Repository. Cisco PVM can read DCR export files and import the devices it finds in the Comma Separated Value (.csv) file. You can also create your own. CSV file and use it to import devices. This section explains the import feature.

From the NAM list page, click Import to display the Import dialog box. Select the appropriate. CSV file and click Upload File. The message “File was successfully uploaded” will be displayed.

Note:

1. Files greater than 1M in size cannot be uploaded.

2. You have to click Cancel to close the Import dialog after uploading the file.

3. Cisco PVM runs an Import Manager process on the server that is responsible for processing the uploaded files. This process checks the

upload directory ($PVM_BASE/server/ftp/NamImport) every 1 minute and processes any files it finds there. Once processed, the file is moved to a “processed” directory in the NamImport directory.

4. Due to the process explained earlier you might not see the NAMs that you import immediately after a successful upload. Wait for a few

of minutes before trying to troubleshoot. Also, remember to refresh the NAM list to see the new devices.

Cisco Internal Use Only

Page 15 of 66

5. Any problems encountered during the import process are reported in the Alerts window.

6. Remember to refresh the Alerts window periodically as well to see the latest list of alerts.

Import File Formats

Cisco PVM supports the DCR v3 Export file format and a user-defined format that is based on the tokens found in the DCR v3 export file. The tokens that it supports are management_ip_address, host_name, domain_name, display_name, snmp_v2_ro_comm_string, snmp_v2_rw_comm_string, http_username, http_password, out of which the management_ip_address, snmp_v2_ro_comm_string and snmp_v2_rw_comm_string tokens are mandatory for the import to succeed.

DCR Export File

The DCR export utility can be used to export the list of devices whose credentials are managed in CiscoWorks DCR. An example of the export file is shown in the Figure

User created CSV file

You can create your own CSV file with devices you want to import. A sample file is shown in the Figure

Cisco Internal Use Only

Page 16 of 66

Note:

1. Remember to wait for at least one minute for the devices to be imported. Also, remember to refresh the NAM list page to view the latest

list of NAMs in Cisco PVM.

2. When using a user-defined csv file to do the import, it is critical to include the header line. Without the header, Cisco PVM cannot

make sense of the values in the file.

3. Through the GUI, Cisco PVM does not allow the user to add a Switch/Router without adding a NAM. Through the import facility, you

can add Switches that have a NAM associated while not adding the NAM through the same import file. So you can add switches and routers separately from the NAMs which they host, but they should have a NAM configured.

Datasource Group (DSG) Creation

Once NAMs have been imported or added in Cisco PVM, the datasources for these NAMs are automatically discovered by Cisco PVM. For Cisco PVM to aggregate and correlate the traffic statistics from these various datasources, you have to group these datasources into a logical grouping called Datasource Groups (DSGs). All traffic analysis functionality is dependant on these groupings. This section explains the process in more detail.

Click the Setup Tab and then on the DSG menu item. The NAM list is displayed.

Click Add to add a DSG.

Cisco Internal Use Only

Page 17 of 66

NAM Type DSG: This type of DSG allows the user to group NAM datasources

Switch/Router Type DSG: This type of DSG allows the user to group Switch/Router datasources

Depending on the type of DSG you select, the devices and datasources for the appropriate type are shown. You can select the device, click the right arrow to list the datasources for that device, and then select the datasources to add to the group. For more detailed instructions on this process and what the individual fields mean, see the Cisco PVM User Guide.

Note:

1. Cisco PVM collects interface statistics for all switch/router interfaces. It also collects mini-RMON information from switches/routers if

it is available.

2. Cisco ISRs do not support mini-RMON, so only interface table statistics are collected from ISRs. While with Cisco PVM you can group

datasources from ISRs and Switch/Routers that support mini-RMON (7600 Series Routers and 6500 Series Switches), the information available from these two groups are different. So if you group together datasources from ISRs and mini-RMON supporting devices, you see Interface reports for all datasources, but Ethernet statistics reports are available for only those datasources that support mini-RMON.

3. When grouping datasources, ensure that you select datasources that carry the traffic that you are interested in.

4. When you add switches or routers in Cisco PVM, it creates some default datasource groups for you. When you add a router, Cisco PVM

creates a default ALL_INTERFACES group which contains all discovered interfaces on the router. When you add a switch, in addition to the ALL_INTERFACES group, Cisco PVM creates an ALL_VLAN group with all discovered VLANs.

Cisco Internal Use Only

Page 18 of 66

Usage Scenarios: Gather Statistics and Test Monitoring and Troubleshooting

After completing the deployment planning and configuration for the Cisco NAMs and Cisco PVM, you can gather statistics and test their monitoring and troubleshooting capabilities. The statistics to gather depend on your goals. To optimize the monitoring capacity of Cisco PVM, enable statistics collections only for the areas of interest rather than enabling all collections at once on the Cisco NAM. Also, ensure to use the enable/disable feature on the configured NAMs in Cisco PVM to collect statistics only from those NAMs that you require.

The following scenarios will demonstrate these capabilities and highlight the primary areas of interest for network management.

Scenario 1: Traffic Profiling

Most enterprise networks have many protocols running on their network. Network engineers need to monitor these protocols to see which protocols are using the available bandwidth and fine tune them, also to monitor unwanted protocols from being used.

Step 1. Create a Datasource Group which contains the datasources on which you want to profile the application traffic.

a. Click Setup Æ DSG. b. Click Add.

Cisco Internal Use Only

Page 19 of 66

c d

Step 1 (Contd)

c. Type the Name d. Select the NAM Type in the Type dropdown

e. Select the device. f. Click the right arrow to see the datasources from the device. g. Select the appropriate datasource and click the down arrow to add the datasource to the group. h. After you have added all the datasources, click OK to create the datasource group.

Cisco Internal Use Only

Page 20 of 66

+ 46 hidden pages