Manual Chapter : Setting Up Application Visibility

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Setting Up Application Visibility

Overview: Setting up application visibility

This implementation describes how to set up the Policy Enforcement Manager (PEM) to analyze application traffic on the network, and provide statistics for application visibility. For example, you can view statistics to see what applications are being used. By monitoring your traffic, you can later create enforcement policies that are tailored for your needs.

Task summary

What is application visibility?

Policy Enforcement Manager (PEM) gives the BIG-IP system the ability to classify both encrypted and unencrypted traffic into categories for application visibility. You can display statistics about the network traffic in graphical charts, and view classification information by application, category, protocol, virtual server, country, type of device, and so on. In-depth information and application awareness provides visibility into your network infrastructure so you can identify and monitor different types of traffic and resolve performance issues.
Application visibility is particularly useful for service providers. If your organization is using RADIUS protocol for authentication, authorization, and accounting, PEM can intercept accounting messages to retrieve additional information, for example, about mobile devices, subscribers, towers, service plans, and manufacturers.
Charts shown on the
Statistics
Classification
screens display the application visibility data. The classification overview is customizable so you can display the charts or tables that you want. The overview shows top statistics for the categories of which you are most interested.

Determining and adjusting traffic classifications

The BIG-IP system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. To view the applications in each category, click the
    +
    icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Here you can view the application or category ID number.
  4. Click
    Update
    to save any changes.

Creating a category

On the BIG-IP system, you can create customized categories for classifying traffic if the predefined categories are not sufficient for your needs. For example, if you plan to create new application types unique to your organization, you can create a category to group them together.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Application screen opens.
  3. From the
    Type
    list, select
    Category
    .
  4. In the
    Name
    field, type a name for the classification category.
  5. In the
    Description
    field, type optional descriptive text for the classification presets.
  6. In the
    Category ID
    field, type an identifier for this category, a unique number.
  7. For the
    Application List
    setting, move applications that you want to associate with this category from the
    Unknown
    list to the
    Selected
    list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  8. Click
    Finished
    .
You have created custom applications to handle traffic.

Creating classification presets

On the BIG-IP system, you can create classification preset settings for a classification policy that you have previously created.
  1. On the Main tab, click
    Traffic Intelligence
    Presets
    .
    The Presets screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Presets screen opens.
  3. In the
    Name
    field, type a name for the application.
  4. In the
    Description
    field, type optional descriptive text for the classification presets.
  5. For the
    Policy
    setting, move the classification policies from
    Available
    list to the
    Selected
    list, to create a new preset.
  6. In the
    Allow Reclassification
    list,
    Enabled
    is the default selection.
  7. In the
    Flow Bundling
    list,
    Enabled
    is the default selection.
  8. In the
    Cache Results
    list,
    Enabled
    is the default selection.
  9. Click
    Finished
    .

Creating a data plane virtual group

If you want to steer specific traffic (or otherwise regulate certain types of traffic) you must first develop appropriate enforcement policies. If using a Gx interface to a PCRF, you need to create a new virtual group in listeners that connect to a PCRF.
You can create listeners that specify how to handle traffic for policy enforcement. Creating a listener performs preliminary setup on the BIG-IP system for application visibility, intelligent steering, bandwidth management, and reporting.
  1. On the Main tab, click
    Policy Enforcement
    Data Plane Listeners
    .
    The Date Plane Listeners screen opens.
  2. Click
    Add Group
    .
    The New Virtual Group screen opens.
  3. In the
    Name
    field, type a unique name for the listener.
  4. In the
    Destination Address
    field, type the IP address of the virtual server. For example,
    10.0.0.1
    or
    10.0.0.0/24
    .
    When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
    prefix.
    You can use a catch-all virtual server (
    0.0.0.0
    ) to specify all traffic that is delivered to the BIG-IP system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.
    The system will create a virtual server using the address or network you specify.
  5. For the
    Service Port
    setting, type or select the service port for the virtual server.
  6. From the
    VLAN and Tunnel Traffic
    list, select
    Enabled on
    . Then, for the
    VLANs and Tunnels
    setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the
    Available
    list to the
    Selected
    list.
  7. For the
    VLANs and Tunnels
    setting, move the VLANs and tunnels that you want to monitor from the
    Available
    list to the
    Selected
    list.
  8. In the Policy Provisioning area, select enforcement policies to apply to the traffic.
    1. For
      Global Policy
      , move policies to apply to all subscribers to
      High Precedence
      or
      Low Precedence
      .
      For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
    2. For
      Unknown Subscriber Policy
      , move policies to use if the subscriber is unknown to
      Selected
      .
    The system applies the global policy to all subscribers in parallel with the subscriber policies, and must be configured with unknown subscriber policy. High-precedence global policies override conflicting subscriber policies, and low-precedence policies are overridden by conflicting subscriber policies.
  9. Click
    Finished
    .
    The Policy Enforcement Manager creates a listener.
When you create a listener, Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both and IP), and a virtual server for HTTP traffic. The system sets up classification and assigns the appropriate policy enforcement profile to the virtual servers. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the BIG-IP system, the system classifies the traffic, and if you have developed policies, the system performs the actions specified by the enforcement policy rules.

Examining application visibility statistics

Before you can look at the application visibility statistics, you must have Adobe Flash Player installed on the computer where you plan to view them.
You can review charts that provide application visibility for traffic on your network.
  1. On the Main tab, click
    Policy Enforcement
    Analytics
    Overview
    .
    The Overview screen opens where you can view a summary of the top classification statistics.
  2. Review the statistics provided. To quickly change the format of the information, click the icon to the left of the time period.
    You can display information in a table, line chart, pie chart, or bar chart.
  3. Click the time period (
    Last Hour
    ,
    Last Day
    ,
    Last Week
    ,
    Last Month
    , or
    Last Year
    ), to change the interval used for displaying content.
  4. To permanently change the format or content of any of the charts, click the cog on the chart, select
    Settings
    , and adjust the fields in the form.
  5. To display additional charts or tables, click the
    Add Widget
    link and complete the form.
    The chart you create becomes a permanent part of the Classification Overview screen.
  6. On the Main tab, click
    Policy Enforcement
    Analytics
    Statistics
    .
    The Statistics screen opens and the charts display detailed classification statistics by application.
  7. Adjust the statistics content in any of the following ways:
    • Use the
      View By
      setting or Advanced Filters to change the type of classification data shown.
    • Use the
      Time Period
      setting to change the interval for which statistics are shown.
    • Use the
      Expand Advanced Filters
      setting to fine-tune even further which types of reports to display.
  8. Get detailed information in any of the following ways:
    • Point on the charts to display the details.
    • Review the Details table to see the statistics.
    • In the Details table, click the name of one of the items (application, category, protocol, and so on) to see classification details about that specific item.
    • Use the
      Display method
      setting to show statistics in different formats.
    The easiest way to learn what classification information is available is to look at the charts and view the content and details in different ways. As you drill down into the statistics, you can locate more details and view information for a specific item.
  9. To generate and export a PDF or CSV file of a report to save or email, click
    Export
    , select the settings, and fill in the appropriate fields.
    You must have an SMTP email server configured to use the email option. On the Main tab, click
    System
    Configuration
    Device
    SMTP
    .
You can use the classification statistics to determine, for example, the types of applications and the specific applications that clients are using. By drilling down into that information, you can find out specifically which applications are being used by a particular IP address.