Application Visibility
and Control (AVC) classifies applications using deep packet inspection
techniques with the Network-Based Application Recognition
(NBAR2) engine, and
provides application-level visibility and control (QoS) in wired and wireless
networks. After the applications are recognized, the AVC feature enables you to
either drop, mark, or police the data traffic.
Note |
Beginning in Cisco
IOS XE Denali 16.2.1, support for AVC has been enabled on wired ports for
standalone switches.
|
NBAR2 can be activated either
explicitly on the interface by enabling protocol-discovery or implicitly by
attaching a QoS policy that contains
match
application classifier.
AVC is configured by defining
a class map in a QoS client policy to match a protocol.
Using AVC, we can
detect more than 1000 applications. AVC enables you to perform real-time
analysis and create policies to reduce network congestion, costly network link
usage, and infrastructure upgrades.
Note |
You can view list
of 30 applications in Top Applications in Monitor Summary section of the UI.
|
Traffic flows are analyzed
and recognized using the NBAR2 engine at the access point. For more information
about the NBAR2 Protocol Library, see
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html. The specific flow is marked
with the recognized protocol or application, such as WebEx. This per-flow
information can be used for application visibility using Flexible NetFlow
(FNF).
AVC QoS actions are applied
with AVC filters in both upstream and downstream directions. The QoS actions
supported for upstream flow are drop, mark, and police, and for downstream flow
are mark and police. AVC QoS is applicable only when the application is
classified correctly and matched with the class map filter in the policy map.
For example, if the policy has a filter based on an application name, and the
traffic has also been classified to the same application name, then the action
specified for this match in the policy will be applied. For all QoS actions,
refer
Supported AVC Class Map and Policy Map Formats.
Application
Visibility and Control Protocol Packs
Protocol packs are a
means to distribute protocol updates outside the
switch software release trains, and can be loaded on
the
switch without replacing the
switch software.
The Application
Visibility and Control Protocol Pack (AVC Protocol Pack) is a single compressed
file that contains multiple Protocol Description Language (PDL) files and a
manifest file. A set of required protocols can be loaded, which helps AVC to
recognize additional protocols for classification on your network. The manifest
file gives information about the protocol pack, such as the protocol pack name,
version, and some information about the available PDLs in the protocol pack.
The AVC Protocol
Packs are released to specific AVC engine versions. You can load a protocol
pack if the engine version on the
switch platform is the same or higher than the version
required by the protocol pack.