Applies To:

Show Versions Show Versions

Manual Chapter: Setting Up Application Visibility
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Setting up application visibility

This implementation describes how to set up the Policy Enforcement Manager (PEM) to analyze application traffic on the network, and provide statistics for application visibility. For example, you can view statistics to see what applications are being used. By monitoring your traffic, you can later create enforcement policies that are tailored for your needs.

Task summary

What is application visibility?

Policy Enforcement Manager (PEM) gives the BIG-IP system the ability to classify both encrypted and unencrypted traffic into categories for application visibility. You can display statistics about the network traffic in graphical charts, and view classification information by application, category, protocol, virtual server, country, type of device, and so on. In-depth information and application awareness provides visibility into your network infrastructure so you can identify and monitor different types of traffic and resolve performance issues.

Application visibility is particularly useful for service providers. If your organization is using RADIUS protocol for authentication, authorization, and accounting, PEM can intercept accounting messages to retrieve additional information, for example, about mobile devices, subscribers, towers, service plans, and manufacturers.

Charts shown on the Statistics > Classification screens display the application visibility data. The classification overview is customizable so you can display the charts or tables that you want. The overview shows top statistics for the categories of which you are most interested.

Determining and adjusting traffic classifications

The BIG-IP system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click Policy Enforcement > Classification. The Classification screen opens showing a list of the supported classification categories.
  2. To view the applications in each category, click the + icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Tip: Here you can view the application or category ID number.
  4. Adjust the properties of the application or category, if necessary.
    • In the Description field, you can add text to describe the application or category.
    • Set State to Enabled to use this classification, or to Disabled not to use it.
    • For categories only, set iRule Eventto Enabled if you want the system to trigger an iRule event when it recognizes traffic in this category, or set to Disabled if you do not.
    • In the Category or Application List field, you can change which category an application is in, or which applications are in the category.
  5. Click Update to save any changes.

Creating a listener

If you want to steer specific traffic, or otherwise regulate certain types of traffic, you need to have developed enforcement policies. If using a Gx interface to a PCRF, you need to create a listener that connects to a PCRF.
You can create listeners that specify how to handle traffic for policy enforcement. Creating a listener does preliminary setup on the BIG-IP system for application visibility, intelligent steering, bandwidth management, and reporting.
  1. On the Main tab, click Policy Enforcement > Listeners. The Listeners screen opens.
  2. Click Create. The New Listener screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, select Host or Network, and type the IP address or network and netmask to use.
    Tip: You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is routed to the BIG-IP system.
    The system will create a virtual server using the address or network you specify.
  5. For the Service Port setting, type or select the service port for the virtual server.
  6. Subscriber provisioning using RADIUS is enabled by default. If your system is using RADIUS for snooping subscriber identity, you need to specify VLANs and tunnels. If you are not using RADIUS, you need to disable it.
    • For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from the Available list to the Selected list.
    • If you do not want to use RADIUS, from the Subscriber Identity Collection list, select Disabled.
  7. In the Policy Provisioning area, select enforcement policies to apply to the traffic.
    1. For Global Policy, move policies to apply to all subscribers to High Precedence or Low Precedence.
      Note: For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
    2. For Unknown Subscriber Policy, move policies to use if the subscriber is unknown to Selected.
    The system applies the global policy to all subscribers in parallel with the subscriber policies, and must be configured with unknown subscriber policy. High-precedence global policies override conflicting subscriber policies, and low-precedence policies are overridden by conflicting subscriber policies.
  8. Click Finished. The Policy Enforcement Manager creates a listener, and displays the listener list.
When you create a listener, the Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both and IP), and a virtual server for HTTP traffic. The system sets up classification and assigns the appropriate policy enforcement profile to the virtual servers. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the BIG-IP system, the system classifies the traffic, and if you have developed policies, the system performs the actions specified by the enforcement policy rules.

Examining application visibility statistics

Before you can look at the application visibility statistics, you must have Adobe Flash Player installed on the computer where you plan to view them.
You can review charts that provide application visibility for traffic on your network.
  1. On the Main tab, click Statistics > Classification. The Classification Overview screen opens where you can view a summary of the top classification statistics.
  2. Review the statistics provided. To quickly change the format of the information, click the icon to the left of the time period. You can display information in a table, line chart, pie chart, or bar chart.
  3. Click the time period (Last Hour, Last Day, Last Week, Last Month, or Last Year), to change the interval used for displaying content.
  4. To permanently change the format or content of any of the charts, click the cog on the chart, select Settings, and adjust the fields in the form.
  5. To display additional charts or tables, click the Add Widget link and complete the form. The chart you create becomes a permanent part of the Classification Overview screen.
  6. On the menu bar, click Statistics. The Classification Statistics screen opens and the charts display detailed classification statistics by application.
  7. Adjust the statistics content in any of the following ways:
    • Use the View By setting or Advanced Filters to change the type of classification data shown.
    • Use the Time Period setting to change the interval for which statistics are shown.
    • Use the Measurement to display setting to change the display of statistics to bits, bytes, or sessions.
    • Use the Display method setting to show statistics in different formats.
    • Use the Expand Advanced Filters setting to fine-tune even further which types of reports to display.
  8. Get detailed information in any of the following ways:
    • Point on the charts to display the details.
    • Review the Details table to see the statistics.
    • In the Details table, click the name of one of the items (application, category, protocol, and so on) to see classification details about that specific item.
    • Use the Display method setting to show statistics in different formats.
    The easiest way to learn what classification information is available is to look at the charts and view the content and details in different ways. As you drill down into the statistics, you can locate more details and view information for a specific item.
  9. To generate and export a PDF or CSV file of a report to save or email, click Export, select the settings, and fill in the appropriate fields.
    Note: You must have an SMTP email server configured to use the email option. On the Main tab, click System > Configuration > Device > SMTP.
You can use the classification statistics to determine, for example, the types of applications and the specific applications that clients are using. By drilling down into that information, you can find out specifically which applications are being used by a particular IP address.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)