Container-based Monitoring Point (CMP) - Cisco (cpe40)

The AppNeta Customer Premises Equipment 40 (cpe40) is a Container-based Monitoring Point (CMP) that runs in a Docker container. It supports Delivery/Experience monitoring up to 1Gbps. It is typically deployed on a Cisco Catalyst 9300/9400 switch in one of the following scenarios:

  • Monitoring network performance from a remote site - The cpe40 is deployed at a remote site to monitor the site’s connectivity and network performance to enterprise infrastructure and cloud network targets.
  • Monitoring application performance from a remote site - The cpe40 is deployed at a remote site to monitor application performance (using HTTP workflows) from that site.
  • Used as a monitoring target - Provides a target for network performance monitoring within the LAN environment (or beyond if firewalls allow).

Keep in mind:

  • The cpe40 does not have a Web UI. Instead, management of the cpe40 container is performed using Cisco IOx commands.
  • Capacity measurements can be influenced by factors on the Cisco Catalyst host such as: networking, kernel version, and the number of other containers sharing the host.
  • When targeting a cpe40, use dual-ended monitoring.

A full list of features can be found on the Monitoring Point Feature Comparison page.

Applicable Cisco IOS CLI commands and their Docker equivalents can be found in the Cisco Application Hosting documentation.

Specifications

Host Requirements

The Cisco Catalyst 9300/9400 host requirements for the cpe40 are as follows:

Host requirement Catalyst 9300/9400
OS IOS XE software version 17.03.03 or higher
Environment Docker (cpe40 requires its own container)
CPU credits 1850
RAM 500 MB
Storage min 1 GB on bootflash
Licensing Cisco DNA Advantage license or higher installed on the Catalyst 9300/9400
Configuration Front-panel data port configured to support application hosting

Limitations

cpe40 limitations include:

Setup

Monitoring Point setup

Use the following steps to install a Customer Premises Equipment 40 (cpe40) in your network. After installation is complete, the cpe40 software connects back to AppNeta Performance Manager (APM). Once this is done, you need to license the cpe40, set its location, and then set up monitoring.

Installing the cpe40 on the Cisco Catalyst 9300/9400 switch

Operational Note: If you change the DNS settings on a cpe40 host (either the DNS Nameservers or the DNS Search Domain), you will have to restart the cpe40 to propagate the DNS settings down to the container.

Prerequisites

See Host requirements and Limitations.

You’ll also need:

  • Experience with Cisco IOx CLI.
  • The APM server name (APM_SERVER_NAME) and the site-key (APM_SITE_KEY) where the cpe40 will connect as well as a hostname (APM_CPE40_HOSTNAME) for the cpe40 (determined during the Add Monitoring Points procedure on APM).
  • (Optional) If static addressing is required, the IP address, netmask, default gateway and name server(s) to be assigned to the cpe40’s guest interface.
  • (Optional) If you want the cpe40 to connect to a specific VLAN network, the VLAN ID.
Initiate the installation process
  1. Log in to APM.
  2. Select an organization if you belong to more than one.
  3. If you’re setting up your first Monitoring Point, you’ll automatically be taken to the first step of the Add Monitoring Point wizard.
  4. If your organization already has Monitoring Points, navigate to > Manage Monitoring Points > Add Monitoring Points.
  5. Select the organization you are adding the cpe40 to.
  6. For Platform Type, select Cisco.
  7. Specify a Hostname for the cpe40.
    • The information returned will be used below.
Enable the Application Hosting framework

Log in to the Cisco Catalyst 9300/9400 and enable the IOx services then verify that they are running (Configure mode):

iox
do show iox-service
  • The output looks as follows:

     IOx Infrastructure Summary:
     ---------------------------
     IOx service (CAF) 1.11.0.5     : Running
     IOx service (HA)               : Running
     IOx service (IOxman)           : Running
     IOx service (Sec storage)      : Not Running
     Libvirtd 1.3.4                 : Running
     Dockerd 18.03.0                : Running
     Application DB Sync Info       : Available
     Sync Status                    : Disabled
    
Download the cpe40 image and checksum file
  1. On your computer, download the cpe40 image and the sha512 checksum file:
  2. Copy the cpe40 image to the flash: file system on the Catalyst 9300/9400. Replace <USER> with a username on the Catalyst 9300/9400. Replace <CAT9K> with the IP address or hostname of the Catalyst 9300/9400:

    scp appneta-cpe40-current.tar <USER>@<CAT9K>:/appneta-cpe40-current.tar
    
  3. On the Catalyst 9300/9400, verify that the file was copied (Exec mode):

    dir flash: | include appneta-cpe40
    
    • The output looks as follows:

       278582  -rw-        290775552   Jun 4 2021 20:27:32 +00:00  appneta-cpe40-current.tar
      
  4. Generate the sha512 checksum (Exec mode):

    verify /sha512 flash:appneta-cpe40-current.tar
    
    • The output looks as follows:

       ...........................................................................
       <snip>
       ........................................Done!
       verify /sha512 (flash:appneta-cpe40-current.tar) = b2b635907bc08d9763c3abd9e4976f614ba7a9a0a96ffdca0eeadaa7a388917d55f9615fd9f3ce513561bde2e6b342a89ab23406f20a02dcc6b139492283da22
      
  5. On your computer, list the sha512 checksum file you downloaded and compare it to the checksum generated on the Catalyst 9300/9400. They must match:

    cat appneta-cpe40-current.tar.sha512sum
    
    • The output looks as follows:

       b2b635907bc08d9763c3abd9e4976f614ba7a9a0a96ffdca0eeadaa7a388917d55f9615fd9f3ce513561bde2e6b342a89ab23406f20a02dcc6b139492283da22
      
Install the cpe40
  1. On the Catalyst 9300/9400, install and name the cpe40 application using the downloaded cpe40 image (Exec mode). In this example, the cpe40 application is called appneta_cpe40:

    app-hosting install appid appneta_cpe40 package flash:appneta-cpe40-current.tar
    
    • The output looks as follows:

       Installing package \'flash:appneta-cpe40-current.tar\' for \'appneta_cpe40\'. Use \'show app-hosting list\' for progress.
      
  2. Verify the installation (Exec mode):

    show app-hosting list
    
    • The output looks as follows:

       App id                                   State
       ---------------------------------------------------------
       appneta_cpe40                            DEPLOYED
      
Configure application hosting
  1. Verify the configuration of the front panel data port (Exec mode). In this example, the data port GigabitEthernet1/0/1 is configured as a trunk port with a set of VLANs allowed on the trunk.

    show run | section GigabitEthernet1/0/1
    
    • The output looks as follows:

       interface GigabitEthernet1/0/1
        switchport trunk allowed vlan 120,122,124,128,150,152
        switchport mode trunk
      
  2. Verify the configuration of the internal data port (Exec mode). In this example, AppGigabitEthernet1/0/1 is configured to connect applications to the data port GigabitEthernet1/0/1:

    show run | section AppGigabitEthernet1/0/1
    
    • The output looks as follows:

       interface AppGigabitEthernet1/0/1
        switchport trunk native vlan 120
        switchport trunk allowed vlan 120,122,124,128,150,152
        switchport mode trunk
      
  3. Connect the cpe40 application (appneta_cpe40) to the front panel data port (Configure mode). Examples include:
    • Example 1: Application hosting trunk mode using DHCP

       app-hosting appid appneta_cpe40
       app-vnic AppGigabitEthernet trunk
       guest-interface 0
      
    • Example 2: Application hosting VLAN-specific mode using DHCP In this example, the cpe40 application (appneta_cpe40) is connected to VLAN 150.

       app-hosting appid appneta_cpe40
       app-vnic AppGigabitEthernet trunk
       vlan 150 guest-interface 0
      
    • Example 3: Application hosting VLAN-specific mode using a static IP address

       app-hosting appid appneta_cpe40
       app-vnic AppGigabitEthernet trunk
       vlan 150 guest-interface 0
       guest-ipaddress 10.10.20.101 netmask 255.255.255.0
       app-default-gateway 10.10.20.254 guest-interface 0
       name-server0 8.8.8.8
      
  4. Configure the Docker runtime environment. Replace <APM_SERVER_NAME>, <APM_SITE_KEY>, and <APM_CPE40_HOSTNAME> with the values displayed in the Add Monitoring Points procedure (Configure mode).

    app-hosting appid appneta_cpe40
    app-resource docker
    run-opts 1 --restart=unless-stopped
    run-opts 2 "-e 'APPNETA_SERVER_ADDRESS=<APM_SERVER_NAME>' -e 'APPNETA_SERVER_KEY=<APM_SITE_KEY>'"
    run-opts 3 "-p 3236:3236/udp -p 3237:3237/udp -p 3238:3238/udp -p 3239:3239/udp -p 3236:3236/tcp -p 3237:3237/tcp -p 3238:3238/tcp -p 3239:3239/tcp"
    run-opts 4 --hostname=<APM_CPE40_HOSTNAME>
    
  5. Configure resource settings.

    app-hosting appid appneta_cpe40
    app-resource profile custom
    cpu 1850
    memory 500
    
  6. (Optional) For networks that require internet traffic to be forwarded by a web proxy, the cpe40 must be configured to connect to your proxy server so that it can communicate with APM (Configure mode). Replace <PROXY_URL> with the URL of your proxy server (https://<USERNAME>:<PASSWORD>@<PROXY-SERVER-HOSTNAME>:<PORT>).

    app-hosting appid appneta_cpe40
    app-resource docker
    run-opts 5 "-e 'HTTPS_PROXY=<PROXY_URL>'"
    
Activate the application

To activate the application (Exec mode):

app-hosting activate appid appneta_cpe40
  • The output looks as follows:

     appneta_cpe40 activated successfully
     Current state is: ACTIVATED
    
Start the application

To start the application (Exec mode):

app-hosting start appid appneta_cpe40
  • The output looks as follows:

     appneta_cpe40 started successfully
     Current state is: RUNNING
    
Verify the Installation

To verify the installation (Exec mode):

show app-hosting list
  • The output looks as follows:

     App id                                   State
     ---------------------------------------------------------
     appneta_cpe40                            RUNNING
    
Save the Configuration

Save the running configuration to NVRAM (Exec mode). Note that the copy command will overwrite the existing startup configuration.

copy running-config startup-config
Assign a base license

Every cpe40 is sold with a base license that must be assigned to it in APM before it can be used.

  1. Within APM, navigate to > Manage Monitoring Points.
  2. Wait for the new cpe40 to show up in the list (you may need to refresh your screen).
    • The cpe40’s status should show “Connection Established” (Green circle with white check mark).
    • If it doesn’t appear after a few minutes, you’ll need to troubleshoot the problem.
  3. To assign it a base license, navigate to > Manage Licenses.
  4. In the Parent Organization drop-down (if visible), select the parent organization containing the cpe40.
  5. In the Organization drop-down, select the child organization containing the cpe40.
  6. Click the APM Monitoring Points tab in the bottom table.
  7. For the cpe40 you want to add the license to, select > Assign Licenses.
  8. In the Base License section, select a base license.
  9. Click Submit. The cpe40 is ready to use.
Optional - Assign add-on licenses

In addition to a base license, you can add Standard Enterprise Application licenses to the cpe40. Before they can be assigned, you need to purchase them. Once purchased, they will be added to your organization and available for assignment.

To assign an add-on license to the cpe40:

  1. Navigate to > Manage Licenses.
  2. In the Parent Organization drop-down, select the parent organization containing the cpe40.
  3. In the Organization drop-down, select the child organization containing the cpe40.
  4. Click the APM Monitoring Points tab in the bottom table.
  5. For the cpe40 you want to add the license to, select > Assign Licenses.
  6. In the Add-on Licenses section, specify the types and quantities of licenses you want to add.
  7. Click Submit.
    • The new capabilities are ready to use.
Set the location

When adding a new cpe40 to APM, you need to specify its location. This setting provides essential geographical context for the data that the cpe40 collects. Typically, you specify its location during the setup procedure.

If you are outside the setup procedure, you’ll need to edit its location:

  1. Navigate to > Manage Monitoring Points
  2. For the cpe40 you want to edit, select > Edit Location.
  3. Specify the location of the cpe40.
  4. Click OK.
    • The location is set.
Set up monitoring

At this point the Monitoring Point setup is complete. Continue the APM setup procedure at Set up performance monitoring. Note that the cpe40 only supports Delivery and Experience monitoring. It does not support Usage monitoring.

Troubleshooting connectivity to AppNeta

Your cpe40 is properly connected to AppNeta Performance Manager (APM) when the status icon in > Manage Monitoring Points shows Green circle with white check mark.

If this is not the case, use the troubleshooting procedure below to help determine why it is not connecting.

Requirements Things to check
The Monitoring Point must be running. Check that the containers are running.
If a proxy is being used, the cpe40 must be configured to connect through it. Check the configuration of the Catalyst 9300/9400 (show app-hosting detail appid appneta_cpe40).
Look for run-opts 5 "-e 'HTTPS_PROXY=<PROXY_URL>'" in the Docker section of the output.
  Verify that the proxy is reachable from the network the cpe40 is on.
  Verify that the APM servers have been allowed in any access controls which may exist on the proxy.
Your firewall must be configured to allow the cpe40 to connect to APM. Check the general firewall configuration.
Check the CMP-specific firewall configuration for Delivery monitoring in a Docker environment.

If you are still unable to resolve the issue, contact AppNeta Support.

Access

View Monitoring Point status

You can view the cpe40 status on APM and on your deployment host.

View Monitoring Point status on APM

To view a Monitoring Point’s status in APM:

  • Within APM, navigate to > Manage Monitoring Points.
    • The Monitoring Point status is indicated by the icon in the left column.
Icon Status Description
Green circle with white check mark OK The Monitoring Point is connected to APM.
Black circle with white minus sign Connection Lost The Monitoring Point is not connected to APM. Troubleshoot the issue.

Additional statuses can be found in the Additional Status columns. Hover over the icons for details and/or actions to take.

Icon Status Description
Shared The Monitoring Point is shared between organizations.
Unlicensed The Monitoring Point is unlicensed.
Monitoring Point Error There is a Monitoring Point error.
Upgrade Available There is a software upgrade available for the Monitoring Point.

View Monitoring Point status on your deployment host

If the cpe40 is not connecting to APM, you will want to confirm that it is RUNNING on the Catalyst 9300/9400 (Exec mode).

show app-hosting list
  • The output looks as follows:

     App id                                   State
     ---------------------------------------------------------
     appneta_cpe40                            RUNNING
    

Determine the Monitoring Point hostname or IP address

Once the cpe40 has connected to APM, you can view its hostname and IP address.

  1. Log in to APM.
  2. Make sure you are using the correct organization
  3. Navigate to > Manage Monitoring Points.
  4. Click the cpe40 you want to connect to. In the right pane:
    • the Host Name field contains the hostname.
    • the Public IP field contains the public IP address. Use this if you are connecting to the cpe40 across the internet.
    • the Host Networking Details section contains the active cpe40 interfaces and the local IP address of each. Use this if you are connecting to the cpe40 locally.

Configure

Methods

Management and configuration capabilities are accessed from within APM via > Manage Monitoring Points. For example, changing Monitoring Point location or renaming the Monitoring Point.

The cpe40 does not have a Web UI. Instead, management of the cpe40 container is performed using Cisco IOS commands.

Basic settings

There are a few settings that should be configured on the cpe40 including Time zone, Location, and Name.

Time zone

There are two time zones that must be configured - your local time zone and the Monitoring Point time zone.

The Monitoring Point time zone must be configured on the host the cpe40 is running on.

Having the correct time zone on the cpe40 is important for a number of reasons:

  • In conjunction with the cpe40’s system time, it is required in order for the cpe40 to connect to APM. If the time is not correct, then there could be an issue with certificate validity checks when connecting.
  • It is required for monitoring results to be timestamped correctly.
  • It is required in order to display the correct time in path performance charts when Source Monitoring Point Time Zone is set.
  • It is required for alert conditions to be applied at the right time according to alert time ranges you have set.

Location

The location specified for the cpe40 is necessary for a variety of reports and charts.

The cpe40’s location is specified during the setup procedure but it can be edited at any time.

  1. Navigate to > Manage Monitoring Points
  2. For the Monitoring Point you want to edit, select > Edit Location.
  3. Specify the location of your Monitoring Point.
  4. Click OK.
    • The Monitoring Point’s location is set.

APM name and hostname

All Enterprise Monitoring Points (EMP) have two names: a hostname and an APM name. The hostname is used to identify the Monitoring Point on the network. The APM name is used to identify the Monitoring Point within APM. These are specified when the container is created.

If you manually change the APM name, the hostname is not affected. If you change the hostname, the APM name is changed automatically unless the APM name was changed manually. In this case, changing the hostname does not affect the APM name.

Rename a Monitoring Point

To change the cpe40’s APM name:

  1. Navigate to > Manage Monitoring Points.
  2. For the cpe40 you want to rename, navigate to > Rename.
  3. Either select the default or specify a new name.
  4. Click Confirm.
    • The cpe40’s APM name is changed.
Change the hostname

When you change the cpe40’s hostname, the APM name is changed automatically unless the APM name was changed manually. In this case, changing the hostname does not affect the APM name.

To change the cpe40’s hostname:

  1. Stop and deactivate the cpe40 (Exec mode).

    app-hosting stop appid appneta_cpe40
    app-hosting deactivate appid appneta_cpe40
    
  2. Change the hostname (Configure mode), where <NEW-HOSTNAME> is the new hostname.

    app-hosting appid appneta_cpe40
    app-resource docker
    run-opts 4 --hostname=<NEW-HOSTNAME>
    
  3. Activate and start the cpe40 (Exec mode).

    app-hosting activate appid appneta_cpe40
    app-hosting start appid appneta_cpe40
    

Networking

The following networking-related features can be configured on the cpe40.

Hostname

See APM Name and Hostname

Web proxy

For networks that require internet traffic to be forwarded by a web proxy, the Customer Premises Equipment 40 (cpe40) must be configured to connect to your proxy server so that it can communicate with APM.

The proxy settings on the cpe40 only affect how it connects and reports data back to APM. These settings are not used for performance monitoring. If you are using Experience monitoring, you will also need to configure access to the proxy either when you create a web app group or after the web app group is created.

To support a connection to APM via a web proxy, run the following commands on your Catalyst 9300/9400, where appneta_cpe40 is the name of the CMP application and <PROXY-URL> is the URL of your web proxy:

  1. Stop and deactivate the cpe40 (Exec mode).

    app-hosting stop appid appneta_cpe40
    app-hosting deactivate appid appneta_cpe40
    
  2. Specify the web proxy URL (Configure mode).

    app-hosting appid appneta_cpe40
    app-resource docker
    run-opts 5 "-e 'HTTPS_PROXY=<PROXY-URL>'"
    
  3. Activate and start the cpe40 (Exec mode).

    app-hosting activate appid appneta_cpe40
    app-hosting start appid appneta_cpe40
    

Manage

Restart

Restarting the cpe40 will disrupt its connection to APM but it does not affect its software or its configuration.

To restart the cpe40, run the following commands on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the cpe40 application:

app-hosting stop appid appneta_cpe40
app-hosting start appid appneta_cpe40

Shutdown

To shut down the cpe40, run the following command on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the CMP application:

app-hosting stop appid appneta_cpe40

Delete

Deleting the cpe40 from an organization is typically done when you are moving it to another organization or freeing up its base license so it can be used by another Monitoring Point.

Deleting the cpe40 has the following effects:

  • All paths where the cpe40 is the source (and the monitoring history related to those paths) are deleted (though they can be moved to another Monitoring Point during the delete process).
  • Tests and assessments are not deleted.
  • The base license and any add-on licenses that were assigned to the cpe40 become available again.
  • The cpe40 can no longer be seen from APM and will be decommissioned if it is online during the delete process.

To delete the cpe40 from your organization:

  1. Navigate to > Manage Monitoring Points.
  2. For the cpe40 you want to delete, select > Delete.
    • You will be prompted to confirm this action, and optionally to move all affected paths to another Monitoring Point.
  3. You should also remove resources on the deployment host.

Manage software

The cpe40 application is managed like any other application within the application hosting environment on a Cisco Catalyst 9300/9400. You can, for example, upgrade its software, uninstall it, display information about the application, and display its resource utilization.

Upgrade software
  1. Download the new cpe40 image.
  2. Run the following command on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the cpe40 application:

    app-hosting upgrade appid appneta_cpe40 package flash:appneta-cpe40-current.tar
    
Uninstall software

Run the following commands on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the cpe40 application:

app-hosting stop appid appneta_cpe40
app-hosting deactivate appid appneta_cpe40
app-hosting uninstall appid appneta_cpe40

To remove the configuration, run the following command (Configure mode).

no app-hosting appid appneta_cpe40
Reconfigure software

To make any changes to the runtime configuration you need to stop, deactivate, make the change, activate, then start the CMP application. For example, to support a connection to APM via a web proxy, run the following commands on your Catalyst 9300/9400, where appneta_cpe40 is the name of the CMP application and <PROXY-URL> is the URL of your web proxy:

  1. Stop and deactivate the cpe40 (Exec mode).

    app-hosting stop appid appneta_cpe40
    app-hosting deactivate appid appneta_cpe40
    
  2. Update runtime options (Configure mode). In this case, specifying a web proxy URL.

    app-hosting appid appneta_cpe40
    app-resource docker
    run-opts 5 "-e 'HTTPS_PROXY=<PROXY-URL>'"
    
  3. Activate and start the cpe40 (Exec mode).

    app-hosting activate appid appneta_cpe40
    app-hosting start appid appneta_cpe40
    
Display application details

Run the following command on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the cpe40 application:

show app-hosting detail appid appneta_cpe40
  • The output looks as follows:

         App id                 : appneta_cpe40
         Owner                  : iox
         State                  : RUNNING
         Application
           Type                 : docker
           Name                 : appneta-cpe40
           Version              : 13.3.0.51728
           Description          :
           Path                 : flash:appneta-cpe40-current.tar
           URL Path             :
         Activated profile name : custom
    
         Resource reservation
           Memory               : 1024 MB
           Disk                 : 10 MB
           CPU                  : 3700 units
           VCPU                 : 1
    
         Attached devices
           Type              Name               Alias
           ---------------------------------------------
           serial/shell     iox_console_shell   serial0
           serial/aux       iox_console_aux     serial1
           serial/syslog    iox_syslog          serial2
           serial/trace     iox_trace           serial3
    
         Network interfaces
         ---------------------------------------
         eth0:
            MAC address         : 52:b5:dd:12:2:20
            Network name        : mgmt-bridge300
    
    
         Docker
         ------
         Run-time information
           Command              :
           Entry-point          : /sbin/entrypoint.sh
           Run options in use   : --restart=unless-stopped -e 'APPNETA_SERVER_ADDRESS=panicleap.pm-dev.appneta.com' -e 'APPNETA_SERVER_KEY=BD3FH-VVTB-6-3' --hostname=appneta_cpe40 -p 3236:3236/udp -p 3237:3237/udp -p 3238:3238/udp -p 3239:3239/udp -p 3236:3236/tcp -p 3237:3237/tcp -p 3238:3238/tcp -p 3239:3239/tcp
           Package run options  :
         Application health information
           Status               : 0
           Last probe error     :
           Last probe output    :
    
Display resource utilization

Run the following command on your Catalyst 9300/9400 (Exec mode), where appneta_cpe40 is the name of the cpe40 application:

show app-hosting utilization appid appneta_cpe40
  • The output looks as follows:

         Application: appneta_cpe40
         CPU Utilization:
           CPU Allocation: 3700 units
           CPU Used:       0.19 %
         Memory Utilization:
           Memory Allocation: 1024 MB
           Memory Used:       70976 KB
         Disk Utilization:
           Disk Allocation: 10 MB
           Disk Used:       0.00 MB
    

Share

See Sharing a Monitoring Point.

Move between orgs

cpe40s and the data they have collected cannot be moved to another organization. If you need to move a cpe40 to another organization you must first delete it then reinstall/re-deploy it in the new organization.

  1. Delete the cpe40.
  2. Reinstall the cpe40 in the new organization.