Configure Application Metadata Intelligence for Virtual Environment

Application Metadata Intelligence (AMI) can be configured in the Monitoring Session Canvas. To add Application Metadata Intelligence application to the canvas, follow the steps given below:

  1. Drag and drop Application Metadata from APPLICATIONS to the graphical workspace.
  2. Click the Application Metadata application and select Details. The Application quick view appears.
  3. In the Application quick view, enter or select the following details in the General tab:

    Parameter

    Description

    Name

    Enter a name for the application.

    Description

    Enter the description.

    Application Metadata Settings

    Flow Direction

    Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

    Timeout

    Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

    Multi Collect

    Enable: Enables the multi-collect of attributes within a given Metadata Store cache which means that if a configured attributes is seen in multiple packets within the same flow, each of these information is collected. Multi Collect is enabled by default, when a new cache is created. Multi Collect is enabled, when upgraded from an older release.
    Disable: Disables the multi-collect of attributes within a given Metadata Store cache.

    Note:  Do not enable this option if you are going to export the Application Metadata using the AMX application. There can be only one attribute in a JSON object, therefore Multi-collect is not supported when configuring the AMX application.

    Data Link

    If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.

    Observation ID

    Enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.

    Enable DPI Packet limit

    This field is used to restrict the number of packets in a particular session to be sent to the DPI engine instead of sending all the packets in order to improve the AMI performance. The value must range between 20 - 50 as the first 20 to 50 packets contains the most significant attributes.

    Advanced Settings

    Number of Flows

    The number of flows supported by the application.
    Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

      Cloud Platform

    Instance Size

    Maximum Number of Flows

    VMware

    Large (8 vCPU and 16 GB RAM)

    200k

    AWS

    AMD - Large (c5n.2xlarge)

    300k

    AMD - Medium (t3a.xlarge)

    100k

    ARM - Large (c7gn.2xlarge)

    100k

    ARM - Medium (m7g.xlarge)200k

    Azure

    Large (Standard_D8s_V4)

    500k

    Medium (Standard_D4s_v4)

    100k

    Nutanix

    Large (8 vCPU and 16 GB RAM)

    200k

    Note:  Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.

    Fast Mode

    Enable the Fast Mode option for performance (less CPU cycles and less memory utilization) improvement. When the Fast Mode is enabled, some or all of the attributes of the applications will be disabled. If all the attributes of the application are disabled then the application itself is disabled. Refer to Fast Modesection for more information on the benefits and Limitations of the Fast Mode.

    Aggregate Round-trip Time

    Enable this option to export the minimum, maximum, and mean of RTT values for the following list of supported protocols and attributes and also the aggregate of TCP Lost byte values collected per export time interval.

    ProtocolArrtibute

    http

    rtt

    icmp

    rtt

    icmp6

    rtt

    ssh

    rtt

    tcp

    rtt

    tcp

    rtt_app

    telnet

    rtt

    wsp

    connect_rtt

    wsp

    query_rtt

  4. In the Application quick view, enter or select the following details in the Exporters tab:

    Parameter

    Description

    Exporter Name

    Enter a name for the Exporter.

    Actions

    Using this option, you can perform the following functions:

    Add Exporter - Use to add a new Exporter to this Application Metadata Intelligence Application. A maximum of 5 exporters can be added.
    Save as New Template - Use to save the current configuration as a new custom tool template.
    Delete this Exporter - Use to delete the Exporter.

    Template

    Use to select the tool template. Refer to Tool Templates for more information on tool templates and how to create custom tool templates.

    Export Params

    Select any one of the following options:

    Application Name - Exports Application Name Attribute in AMI records. Enable this option to export Application Name attribute with network attributes
    Application Family - Exports Application Family Attribute in AMI records. Enable this option to export Application Family attribute with network attributes
    Application Tags - Exports Application Tag Attribute in AMI records. Enable this option to export Application Tag attribute with network attributes

    Format

    Select NetFlow or CEF

    NetFlow: Select this option to use NetFlow

    Record / Template type

    Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool.
    Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool.

    Note:  It is recommended to select Cohesive from the drop-down menu, as NetFlow exports network and transport parameters only.

    Enable Maximum Packet Length

    Enable this option to edit the interface MTU value.

    Maximum Packet Length

    (This option appears only when Enable Maximum Packet Length option is enabled)

    Using this field, you can configure the maximum length of the packet that can be exported. Enter this value less than or equal to egress interface MTU value to avoid fragmentation. The value can range between 1280 and 9001.

    Active Timeout

    Enter the active flow timeout value in seconds.

    Inactive Timeout

    Enter the inactive flow timeout in seconds.

    Version

    Select the NetFlow version. The supported versions are V5, V9, IPFIX(V10).

    Template Refresh Interval

    Enter the time interval at which the template must be refreshed in seconds

    CEF: Select this option to use CEF

    Record / Template type

    Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool.
    Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool.

    Active Timeout

    Enter the active flow timeout value in seconds.

    Inactive Timeout

    Enter the inactive flow timeout in seconds.

    APPLICATION & ATTRIBUTES:

    Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each of the application. (Not applicable when using NetFlow V5, V9, NetFlow IPFIX(V10), or CEF when the flow direction is Uni-Directional in the above Template drop-down menu.)

    Add Application

    Click on the Add Application button. The Add Application dialog box opens.

    Select a Type. The available options are:

    • Application Family: Each application is mapped only mapped to one Application Family

    ■  Select an Application Family and the Applications that needs to be filtered from the traffic.
    ■  Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.
    • Application Tag: Each application can be mapped to one or more Application Tags.

    ■  Select an Application Tag and the Applications that needs to be filtered from the traffic.
    ■  Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.

    NETWORK & TRANSPORT PARAMETERS:

    Select the Network and the transport packet attributes with the respective parameters

    Data Link

    Select any one of the parameters such as Source MAC address, Destination MAC Address and VLAN.

    Interface

    Select any one of the parameter such as Input Physical, Output Physical and Input Name.

    IP

    Select the parameter as Version if required.

    IPv4

    Select the required attributes. By default, Source Address, Destination Address, and Protocol are enabled.

    IPv6

    Select the required attributes. By default, Source Address, Destination Address, and Next Header are enabled.

    Transport

    Select the required attributes. By default, Source Port, Destination Port are enabled.

    Counter

    Select the Bytes, and Packets.

    Timestamp

    Select the required timestamp such as System Uptime First, Flow Start, System Uptime Last, and Flow End.

    Flow

    Select the parameter as End Reason if required.

    GTP-U

    Select the required parameters such as QFI and TEID.

    Outer IPv4

    Select any one of the parameter such as Source or Destination.

    Outer IPv6

    Select any one of the parameter such as Source or Destination.

  5. Click Save to deploy the Application Metadata application.

After adding the Application Metadata application and deploying Monitoring Session, you cannot change the Aggregate Round Trip time option.

When using Application Metadata, if you create a tunnel to tunnel the output to the tools, then select the tunnel type as UDP.

When using Application Metadata application, you can either use a single tunnel to export all the metadata from the application or use a separate tunnel for each exporter configured.