Q. What is Cisco Application Visibility and Control?
A. Cisco Application Visibility and Control (AVC) is a solution that uses multiple technologies and management tools that, when working together, provides a powerful and pervasive integrated solution for application visibility and control based on stateful deep packet inspection (DPI).
Q. How does AVC work?
A. With the Cisco AVC solution, Cisco wireless controllers can identify applications within the traffic flow using DPI technology and mark it with certain differentiated services code point (DSCP) value. It can collect various wireless performance metrics such as bandwidth use in terms of applications and clients. Then, using quality of service (QoS), routers/switches can reprioritize critical applications or deny an application's bandwidth use.
Q. What technology is used in the AVC solution?
A. Cisco AVC consists of the following technologies:
• Network-Based Application Recognition Version 2 (NBAR2), next-generation DPI technology that can identify more than 1000 applications and support application categorization, with the ability to update the protocol definition.
• NetFlow Version 9 export to select and export data of interest, allowing easy consumption of application performance statistics by Cisco and third-party applications.
• Reporting and management tools, such as Cisco Prime™ Infrastructure with Assurance module, an enterprise-grade infrastructure and service-monitoring tool for reporting of application and network performance that can provide up to 30 different reports for application visibility.
• QoS to facilitate the control of application performance.
Q. Why AVC is important in a wireless network?
A. A wireless network is a shared medium, which means that if a user downloads or uploads a huge amount of traffic over the wireless network, that user might consume a disproportionately large amount of the wireless network bandwidth, thereby adversely affecting the performance of other users. If that user happens to upload/download non-business-critical data while other users are trying to access business-critical applications, their productivity will be lost. In order to prioritize the enterprise's business-critical applications over the non-business-critical applications, AVC plays a primary role in recognizing, reporting, and controlling the applications that are accessed over the wireless network. It also helps with wireless network capacity planning and troubleshooting.
Q. Which wireless controllers support AVC?
A. AVC is currently supported on Cisco 2500, 5500, and 8500 Series Wireless Controllers; Cisco Flex 7500 Series Wireless Controllers; and Cisco Wireless Services Module 2 (WiSM2) when deployed in central mode (formerly local mode running AireOS Version 7.4 or greater).
Q. Do customers need a special license to use the AVC feature over a Cisco wireless network?
A. No.
Q. How many applications does AVC recognize?
A. AVC currently recognizes thousands of applications, including voice/video, email, file sharing, gaming, and peer-to-peer (P2P) applications.
Q. How easy is it for a customer to use AVC to prioritize real-time traffic such as voice and video?
A. AVC identifies more than 1000 applications, including several voice and video applications. In addition, AVC has a special category for "voice-video" applications, which customers can use in their QoS policies to mark with a higher DSCP value for prioritizing throughout the network.
Q. What applications/protocols are categorized under "voice-video"?
A. About 60 application protocols are currently classified under the "voice-video" category. To name a few, these include Cisco WebEx®, Cisco Jabber®, Microsoft Lync, Apple QuickTime, Apple FaceTime, Skype, YouTube, Netflix, RTSP, RTP, SIP, H.323, RTCP, and more. For a detailed list, refer to the 7.4 configuration guide.
Q. How easy is it for a customer use AVC to control P2P traffic?
A. AVC identifies more than 1000 applications, several among these being P2P applications. In addition, AVC has a special category for P2P applications, which customers can use in their QoS policies to filter on P2P.
Q. If I'm using AVC on my WLAN infrastructure, do I still need to use the medianet functionality on the wired infrastructure?
A. AVC complements medianet by providing visibility into and control over both application and media applications. AVC can coexist with the medianet passive monitoring capability called performance monitoring to monitor voice or video traffic. Network administrators can view performance metrics collected by medianet performance monitoring, such as jitter or loss, through the Cisco Prime Assurance voice/video dashboard.
Q. Can a customer slow down a particular scavenger-level application such as YouTube or BitTorrent at work?
A. Yes, AVC integration with QoS allows you to create a policy to mark traffic using a DSCP value based on application knowledge.
Q. Can a customer only use NetFlow v9 without using the associated NBAR2 for deep packet inspection?
A. No, a customer cannot deploy NetFlow v9 alone.
Q. Can the application be marked or dropped at WLAN, SSID, or BSSID level?
A. The QoS functionality uses Layer 3 and Layer 4 information so that applications can be marked or dropped at WLAN or SSID level. For example, no Netflix will be supported on enterprise SSID, but guests can run Netflix.
Q. Will there be any performance effects in terms of wireless controller throughput support by enabling AVC?
A. Most campus environments will not experience any discernable performance effect on the wireless controllers because of the additional deep packet inspection of NBAR2, QoS, and associated export with NetFlow v9. In a heavily loaded network with multiple SSIDs, full capacity of access points and clients, and a mix of applications with small packet sizes, some amount of performance effect can be expected.
Q. Is AVC IPv6 application aware?
A. No, AVC for IPv6 traffic is not supported.
Q. What management tools can we use with AVC?
A. AVC supports reporting using Cisco Prime Infrastructure with Assurance module.
Q. Is Cisco Prime infrastructure or Cisco Prime NAM mandatory for the AVC solution?
A. No, it is not a mandatory requirement for enabling and using the AVC solution. The Cisco wireless controller web GUI itself provides configuration menus and reporting charts for enabling AVC and monitoring the wireless network. However, Cisco Prime infrastructure is recommended because it can be used across wired devices such as Cisco ASR 1000, Cisco Integrated Services Routers (ISRs), and Cisco wireless networks.
Q. What additional benefits does Cisco Prime infrastructure provide when compared with the wireless controller web GUI?
A. First, Cisco Prime infrastructure has been supports AVC for Cisco wired devices (routers and switches) and Cisco wireless network. Second, Cisco Prime infrastructure enables customers to store historical information (daily/weekly/monthly) about wireless network devices and its clients' performance metrics such as throughput, QoS-related metrics, and location history of wireless clients that can be used for capacity planning and troubleshooting.
Q. Can AVC be used with third-party management tools?
A. The information exported by AVC is in the standard NetFlow Version 9 format and certainly lends itself to use with third-party tools. One example third-party tool that can create custom reports for Cisco AVC is Plixer Scrutinizer.
Q. What are the supported export formats?
A. AVC currently supports the NetFlow Version 9 export format. The following unique elements are included in the current version of the wireless AVC NetFlow record:
• applicationTag
• ipDiffServCodePoint
• octetDeltaCount
• packetDeltaCount
• postIpDiffServCodePoint
• staIPv4Address
• staMacAddress
• wlanSSID
• wtpMacAddress