I've got this concept floating around in my head... I'd love to see this made possible. jpetkevich and I discussed it briefly at Cisco Live this year, I'm curious how others might use this feature.
So here's the idea... instead of running compliance/remediation against a full-blown running/startup config, what if NCM performed these checks against output from a list of commands you specify? So instead of downloading an entire config and storing it, NCM would only snag the output from a specific command, then run compliance/remediation based on that output. There wouldn't be any need to store the output as a config. The idea here is to allow NCM to periodically (perhaps even every 1min) check a device for specific output without needing to spam up the job log and config history. I've got a very specific use case for this:
If you're running NBAR2 on a Cisco ISR, and also using policy maps to police traffic per application, you could theoretically use NCM to adjust these shaping policies based on how much traffic is/isn't being passed. Using a 'sh policy-map' command gives you this output:
Router#sh policy-map interface gi0/0.1 input class streaming-media-class GigabitEthernet0/0.1 Service-policy input: traffic-control-policy Class-map: streaming-media-class (match-any) 638314011 packets, 875521534321 bytes 5 minute offered rate 10627000 bps, drop rate 2795000 bps Match: protocol netflix 332668582 packets, 453230647360 bytes 5 minute rate 4894000 bps Match: protocol amazon-instant-video 1566207 packets, 2192444791 bytes 5 minute rate 0 bps Match: protocol youtube 284406822 packets, 393951456073 bytes 5 minute rate 4504000 bps Match: protocol internet-video-streaming 19672397 packets, 26146986097 bytes 5 minute rate 1213000 bps police: cir 8000000 bps, bc 250000 bytes conformed 521374507 packets, 710529152859 bytes; actions: transmit exceeded 116939504 packets, 164992381462 bytes; actions: drop conformed 7837000 bps, exceeded 2795000 bps |
See that '5 minute offered rate' line? That's telling us how much traffic (in this case a streaming media class composed of signatures for Netflix, Amazon video, YouTube, and "general internet video streaming") is passing through the device. In this case we see about 10.6Mbps. We could use compliance policies and regular expressions to make a determination that 10Mbps is "too much traffic" and subsequently determine that this is a 'violation' that requires remediation. The remediation action would be a custom string of commands to adjust the policy to allow more/less traffic.
I'd love to hear how others might use this concept!
