Manual Chapter :
Setting Up Application Visibility
Applies To:
Show VersionsBIG-IP LTM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP PEM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Setting Up Application Visibility
Overview: Setting up application visibility
This implementation describes how to set up the Policy Enforcement Manager™ (PEM) to analyze application traffic on the network, and provide statistics for application visibility. For example, you can view statistics to see what applications are being used. By monitoring your traffic, you can later create enforcement policies that are tailored for your needs.
Task summary
What is application visibility?
Policy Enforcement Manager™ (PEM™) gives the BIG-IP system the ability to classify both encrypted and unencrypted
traffic into categories for application visibility. You can display statistics about the
network traffic in graphical charts, and view classification information by application,
category, protocol, virtual server, country, type of device, and so on. In-depth information
and application awareness provides visibility into your network infrastructure so you can
identify and monitor different types of traffic and resolve performance issues.
Application visibility is particularly useful for service providers. If your organization is
using RADIUS protocol for authentication, authorization, and accounting, PEM can intercept
accounting messages to retrieve additional information, for example, about mobile devices,
subscribers, towers, service plans, and manufacturers.
Charts shown on the
screens display the application visibility data. The classification overview is
customizable so you can display the charts or tables that you want. The overview shows top
statistics for the categories of which you are most interested.Determining and adjusting traffic classifications
The BIG-IP system classifies many categories of traffic and
specific applications within those categories. You can determine which categories and
applications of traffic the system can classify, and find out information about them
such as their application or category ID.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- To view the applications in each category, click the+icon next to the category.
- To view or edit the properties of the application or category, click the name to open its properties screen.Here you can view the application or category ID number.
- ClickUpdateto save any changes.
Creating a
category
On the BIG-IP system, you can create customized
categories for classifying traffic if the predefined categories are not sufficient for
your needs. For example, if you plan to create new application types unique to your
organization, you can create a category to group them together.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- ClickCreate.The New Application screen opens.
- From theTypelist, selectCategory.
- In theNamefield, type a name for the classification category.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- In theCategory IDfield, type an identifier for this category, a unique number.
- For theApplication Listsetting, move applications that you want to associate with this category from theUnknownlist to theSelectedlist.If the applications are not listed yet, you can associate the applications with the category when you create them.
- ClickFinished.
You have created custom applications to handle traffic.
Creating classification presets
On the BIG-IP system, you can create classification preset
settings for a classification policy that you have previously created.
- On the Main tab, click.The Presets screen displays a list of the supported classification categories.
- ClickCreate.The New Presets screen opens.
- In theNamefield, type a name for the application.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- For thePolicysetting, move the classification policies fromAvailablelist to theSelectedlist, to create a new preset.
- In theAllow Reclassificationlist,Enabledis the default selection.
- In theFlow Bundlinglist,Enabledis the default selection.
- In theCache Resultslist,Enabledis the default selection.
- ClickFinished.
Creating a data plane virtual group
If you want to steer specific traffic (or otherwise regulate certain types of
traffic) you must first develop appropriate enforcement policies. If using a Gx
interface to a PCRF, you need to create a new virtual group in listeners that connect to
a PCRF.
You can create listeners that specify how to handle traffic for policy enforcement.
Creating a listener performs preliminary setup on the BIG-IP
system for application visibility, intelligent steering, bandwidth management, and
reporting.
- On the Main tab, click.The Date Plane Listeners screen opens.
- ClickAdd Group.The New Virtual Group screen opens.
- In theNamefield, type a unique name for the listener.
- In theDestination Addressfield, type the IP address of the virtual server. For example,10.0.0.1or10.0.0.0/24.When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is delivered to the BIG-IP system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.The system will create a virtual server using the address or network you specify.
- For theService Portsetting, type or select the service port for the virtual server.
- From theVLAN and Tunnel Trafficlist, selectEnabled on. Then, for theVLANs and Tunnelssetting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from theAvailablelist to theSelectedlist.
- For theVLANs and Tunnelssetting, move the VLANs and tunnels that you want to monitor from theAvailablelist to theSelectedlist.
- In the Policy Provisioning area, select enforcement policies to apply to the traffic.
- ForGlobal Policy, move policies to apply to all subscribers toHigh PrecedenceorLow Precedence.For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
- ForUnknown Subscriber Policy, move policies to use if the subscriber is unknown toSelected.
The system applies the global policy to all subscribers in parallel with the subscriber policies, and must be configured with unknown subscriber policy. High-precedence global policies override conflicting subscriber policies, and low-precedence policies are overridden by conflicting subscriber policies. - ClickFinished.The Policy Enforcement Manager creates a listener.
When you create a listener, Policy Enforcement Manager also
creates virtual servers for each type of traffic (TCP, UDP, or both and IP), and a
virtual server for HTTP traffic. The system sets up classification and assigns the
appropriate policy enforcement profile to the virtual servers. If you are connecting to
a RADIUS authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the
BIG-IP system, the system classifies the traffic, and if you
have developed policies, the system performs the actions specified by the enforcement
policy rules.
Examining application visibility statistics
Before you can look at the application visibility statistics, you must have Adobe
Flash Player installed on the computer where you plan to view them.
You can review charts that provide application visibility for traffic on your
network.
- On the Main tab, click.The Overview screen opens where you can view a summary of the top classification statistics.
- Review the statistics provided. To quickly change the format of the information, click the icon to the left of the time period.You can display information in a table, line chart, pie chart, or bar chart.
- Click the time period (Last Hour,Last Day,Last Week,Last Month, orLast Year), to change the interval used for displaying content.
- To permanently change the format or content of any of the charts, click the cog on the chart, selectSettings, and adjust the fields in the form.
- To display additional charts or tables, click theAdd Widgetlink and complete the form.The chart you create becomes a permanent part of the Classification Overview screen.
- On the Main tab, clickPolicy EnforcementAnalyticsStatistics.The Statistics screen opens and the charts display detailed classification statistics by application.
- Adjust the statistics content in any of the following ways:
- Use theView Bysetting or Advanced Filters to change the type of classification data shown.
- Use theTime Periodsetting to change the interval for which statistics are shown.
- Use theExpand Advanced Filterssetting to fine-tune even further which types of reports to display.
- Get detailed information in any of the following ways:
- Point on the charts to display the details.
- Review the Details table to see the statistics.
- In the Details table, click the name of one of the items (application, category, protocol, and so on) to see classification details about that specific item.
- Use theDisplay methodsetting to show statistics in different formats.
The easiest way to learn what classification information is available is to look at the charts and view the content and details in different ways. As you drill down into the statistics, you can locate more details and view information for a specific item. - To generate and export a PDF or CSV file of a report to save or email, clickExport, select the settings, and fill in the appropriate fields.You must have an SMTP email server configured to use the email option. On the Main tab, click.
You can use the classification statistics to determine, for example, the types of applications
and the specific applications that clients are using. By drilling down into that information, you
can find out specifically which applications are being used by a particular IP address.