Q. What is Cisco® Application Visibility and Control (AVC)?
A. Cisco AVC is a solution that uses multiple technologies found in the Cisco ASR 1000 Series Aggregation Services Routers, Cisco Integrated Service Routers Generation 2 (ISR G2), and network management tools, which together provide a powerful and pervasive integrated solution for discovering and controlling applications. Network administrators can gain visibility into applications running in their networks and their performance, and apply policy to improve application performance and control network resource usage.
Q. How does Cisco AVC work?
A. AVC works by enabling the software features within the Cisco ASR 1000 and Cisco ISR G2 in conjunction with network management tools to perform the following functions:
• Application recognition: Uses Deep Packet Inspection (DPI) to recognize and identify applications regardless of port number.
• Performance monitoring: Uses embedded monitoring capabilities within the routers to extract and collect application usage and performance metrics, and then aggregate and export this information to network management tools using an open export format such as NetFlow Version 9 and IP Flow Information Export (IPFIX).
• Network management: Enables Cisco and third-party network management tools to provide visualization of application bandwidth and performance to end users, as well as providing feedback and implementing policy on network devices to fine-tune performance.
• Control: Controls per-application bandwidth usage and intelligently selects the path to deliver applications based on real-time performance.
Q. What technologies does Cisco AVC use?
A. Cisco AVC consists of the following technologies:
• Next-generation DPI technology called Network-Based Application Recognition 2 (NBAR2), which identifies more than 1000 applications and supports application categorization with the ability to perform in-service update of application signatures.
• Flexible NetFlow (FNF) infrastructure and data export to select and export data of interest, allowing easy consumption of AVC information by Cisco and third-party applications.
• Performance collection engine that collects Application Response Time (ART) for TCP applications and Media Monitoring (MMON) engine that collects voice and video performance parameters such as jitter and loss; all the information is exported through FNF infrastructure.
• Reporting and management tools provided by the Cisco Prime™ Infrastructure with Assurance Module, which is Cisco's enterprise-grade infrastructure management and service monitoring tool for reporting on application and network performance, as well as numerous AVC Cisco Developer Network partners including (but not limited to) ActionPacked, CA, Compuware, InfoVista, LivingObjects, and Plixer.
• Quality of service (QoS) to facilitate optimization and control of application performance.
• Cisco Performance Routing (PfR) to provide per-application intelligent path selection based on real-time performance data.
Hardware, Software, and Licenses
Q. What routing platforms support Cisco AVC?
A. AVC is currently supported on the Cisco ASR 1000 and Cisco ISR G2 Routers.
Q. Which software releases support Cisco AVC?
A. AVC is supported on the Cisco ASR 1000 starting with Cisco IOS® XE Software Release 3.4S and Cisco ISR G2 Routers starting with Cisco IOS Software Release 15.2(4)M2.
Q. What license do I need to enable Cisco AVC?
A. AVC support is provided by Right-To-Use (RTU) licenses on both Cisco ASR 1000 and Cisco ISR G2 Routers (refer to Table 1).
Table 1. Licenses
Cisco ISR G2 (Cisco 880 and 890)
Advanced IP license
Cisco ISR G2
Cisco ASR 1000
Advanced IP Services (AIS) or Advanced Enterprise Services (AES) license, and in addition, AVC license (FLASR1-AVC-RTU)
Q. Is there a demo license for Cisco AVC?
A. Yes, the software license is available for demo and evaluation. Please contact your Cisco representative to obtain the applicable license for your platform.
Q. I already have a Flexible Packet Inspection (FPI) license for my Cisco ASR 1000; can I enable AVC?
A. No, starting with Cisco IOS XE Software Release 3.4S, the FPI license (FLASR1-FPI-RTU) is superseded by the AVC license (FLASR1-AVC-RTU). There is an upgrade license (FLASR1-AVC-UPG) to upgrade your FPI license to AVC.
Q. Do I need Cisco AVC if I just want to use NBAR2 and QoS?
A. Yes, both NBAR2 and QoS are components of AVC to provide per-application bandwidth control.
Features and Functions
Q. How many applications does AVC recognize?
A. AVC - through NBAR2 technology - currently recognizes more than 1000 applications, including but not limited to web and enterprise applications, cloud services, voice and video, email, file sharing, gaming, and peer-to-peer applications. Customers can also define custom applications using TCP or User Datagram Protocol (UDP) ports, payload, or the HTTP Uniform Resource Locator (URL).
Q. Do we need to load a new Cisco IOS Software version to recognize newer applications?
A. No. Cisco AVC uses NBAR2, which supports application signature updates through the NBAR2 Protocol Packs. New application signatures are loaded into the routers while the routers are in service. To apply NBAR2 Protocol Packs while in service, you must run Cisco IOS XE Software Release 3.7S or 15.2(4)M2 as the minimal level of code.
Q. How do I control application bandwidth with Cisco AVC?
A. NBAR2 and QoS on the Cisco ASR 1000 and ISR G2 Routers are the main mechanisms for application control. With AVC, QoS class-map has been enhanced to match application name and attributes such as a category or sub-category that NBAR2 recognizes. These added match criteria can work in conjunction with all other match criteria already supported by QoS class-map, such as access control list (ACL) or differentiated services code point (DSCP). QoS actions such as shape, police, or priority can then be applied to the application traffic.
Q. How easy is it for a customer to use Cisco AVC to control peer-to-peer traffic?
A. AVC identifies more than 1000 applications, several among them being peer-to-peer applications. In addition, AVC has a special category for these applications, which customers can use in their QoS policies to filter or rate-limit peer-to-peer traffic. The following example shows how to identify and limit peer-to-peer applications:
! Define QoS match criteria
class-map match-any p2p-app
! Match on DHT protocol and all applications in the P2P sub-catetory
! This includes applications such as bittorrent and encrypted-bittorrent
match protocol dht
match protocol attribute sub-category p2p-file-transfer
! Define a control policy
! For P2P, throttle the traffic is preferred over drop
police 8000 conform-action transmit exceed-action drop
Q. What control options do I have for my applications?
A. There are two types of control in Cisco AVC:
• Bandwidth control: Through NBAR2 and QoS, you can choose to drop, limit, guarantee bandwidth, or mark application traffic flows.
• Path control: Intelligent path selection is provided by Cisco PfR. You can define policies to dynamically select paths that can meet application performance requirements.
Q. Can I use Cisco AVC to monitor and control applications running over IPv6?
A. Yes, AVC supports identifying, monitoring, and controlling bandwidth for applications running over IPv6.
Q. Can Cisco AVC provide per Virtual Route Forwarding (VRF) monitoring?
A. Yes, on the Cisco ASR 1000, Cisco AVC can collect and export information per VRF.
Q. What is the Cisco IOS Performance Agent (PA)? How is it relevant to Cisco AVC?
A. Cisco IOS PA) is one of the software features used by Cisco AVC. It collects and exports the Application Response Time (ART) such as Network Delay, Response Time, and Transaction Time for TCP applications. Network administrators can use this information to better understand application performance and bottlenecks in the network.
Q. What network management tools support Cisco AVC?
A. AVC exports information using open export format such as Netflow Version 9 and IPFIX. Cisco Prime™ Infrastructure with Assurance module supports AVC. In addition, there are already 3rd third-party AVC Cisco Developer Network partners such as ActionPacked, CA, Compuware, InfoVista, LivingObjects, and Plixer that support AVC.
Q. Where can I find more information about Cisco Prime Infrastructure?