Cisco Systems 5 manual Troubleshooting, Using NAM for Problem Isolation

Chapter 6 NAM Traffic Analyzer 5.0 Usage Scenarios

Troubleshooting

Using NAM to Evaluate Application-Level Performance Monitoring for UDP Realtime Applications

The NAM Traffic Analyzer monitors RTP streams: When a phone call ends, the endpoints calculate the information and send it to the Call Manager. If a NAM is along that path, it will intercept it.

The NAM monitors and analyzes RTP streams and voice calls statistics from the endpoint. The voice calls statistics from the endpoint is used in conjunction with the RTP stream to correlate the phone number with the IP address of the endpoint. Alerting is based on analysis of the RTP streams for MOS, Jitter, and Packet Loss.

See Voice Signaling/RTP Stream Monitoring, page 2-2.

See Analyzing Traffic, RTP Streams, page 3-38.

See Table 2-37,Voice Monitor Setup Window.

Using NAM to Evaluate Potential Impact of WAN Optimization Prior to Deployment

If an application that is supposed to be optimized is displayed in pass through traffic, check the WAN acceleration device (WAE) configuration.

The NAM analyzes the traffic and identifies top talkers in Analyze > WAN Optimization > Top Talkers, displaying applications and network links (Sites) that will benefit from deploying WAN optimization. After the WAN optimization devices have been deployed, the WAAS can be directed to the NAM for analysis to display the breakdown of the optimization regarding application response time. The response times are broking down into client LAN and WAN segments, and server LAN and WAN segments.

Troubleshooting

Using NAM for Problem Isolation

The alarm details (found in the NAM Traffic Analyzer Release 5.0 under Monitor > Overview > Alarm Summary) provides information you can use to drill-down on the threshold that was violated. You may also receive this alarm in e-mail (Setup > Alarms > E-mail). An example of the alarm is:

2010 SEPT 28 9:17:0:Application:Exceeded rising value(1000);packets;60653;Site(San Jose), Application(http)

After receiving this alarm, you can access the NAM GUI to view the application in site San Jose to determine why there was a spike. Click on Analyze > Traffic > Application; in the Interactive Report window on the left, change Site to “San Jose,” Application to “HTTP,” and Time Range to the range when the alert was received. This will display all the hosts using this protocol. You can see the Top hosts and verify there are no unauthorized hosts accessing this application. You can also access Analyze > Traffic

>Host to view which conversations are chatty, and therefore causing the increase traffic for this application.

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0