Friday 7 July 2023

SDWAN - Application visibility and flow visibility on vEDGE

 SDWAN - Application visibility and flow visibility on vEDGE 


The DPI Engine -

SDWAN having DPI feature for Deep Packet Inspection (DPI) , this allows to look in to the packet for basic application related information 
The DPI engine can determine the content of packets and then classify the traffic flow as part of a specific app. This is a key part of the transition from packet-oriented to application-oriented networking. The level of network visibility that the DPI provides allows administrators to encode routing and firewall decisions based on applications.

Lets proceed for configuration of  DPI inspection on vEDGE directly 

Simple Confiuration 

For DPI 
vedge-01(config)# policy app-visibility

For Cflowd 
vedge-01(config)# policy flow-visibility
Commit 

Valdiate Configuration 

vedge-01# show running-config policy
policy
 app-visibility
 flow-visibility

Validate Working 


To Check the DPI  use below command to check the traffic 

vedge-01# show app dpi flows |  tab

                                       Source Dest
VPN  Source IP        Destination IP   Port   Port   PROTOCOL  APPLICATION              FAMILY                ACTIVE SINCE               PACKETS  OCTETS
----------------------------------------------------------------------------------------------------------------------------------------------------------
1    10.160.10.10     10.4.251.1       32958  22     tcp       ssh                      Encrypted             2023-07-08T06:20:23+00:00  11       489
1    10.160.10.10     10.4.251.1       52667  8080   tcp       tcp                      Network Service       2023-07-08T06:20:20+00:00  2        84

To check the flows 

vedge-01# show app cflowd flows | tab

                                                          TCP                                                                            TIME    EGRESS  INGRESS
                                 SRC   DEST        IP     CNTRL  ICMP                  TOTAL  TOTAL  MIN  MAX                            TO      INTF    INTF     APP
VPN  SRC IP        DEST IP       PORT  PORT  DSCP  PROTO  BITS   OPCODE  NHOP IP       PKTS   BYTES  LEN  LEN  START TIME                EXPIRE  NAME    NAME     ID
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
1    10.4.251.1    10.160.10.10  0     0     0     1      0      2048    10.160.10.10  20     1680   84   84   Sat Jul  8 06:32:52 2023  59      ge0/3   ge0/0    0
1    10.160.10.10  10.4.251.1    0     0     0     1      0      0       10.1.1.60     20     1960   98   98   Sat Jul  8 06:32:52 2023  59      ge0/0   ge0/3    0

The both the DPI and Flow are help for troubleshooting the Traffic flows 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)