Implementing Cisco Application Visibility and Control (AVC)

Introduction to Cisco’s Application Visibility and Control

Why Do We Need AVC?

  • Traditional networks focus on controlling traffic between layers 2-4

  • QoS also relied on layers 2-4

Application Visibility and Control

  • Framework of Cisco features

  • Provides additional layer 5-7 information

  • Uses NBAR (network based application recognition)

    • Able to used advanced features to determine the application

4 Stages of AVC

  • Application Recognition

  • Metrics Collection

  • Management and Reporting

  • Control

Controlling Application Traffic Using Policy Maps

QoS Concepts

  • Control traffic with class-maps and policy-maps

  • QoS allows the controlling of traffic for limited bandwidth

    • Delay

    • Jitter

    • Packet Loss

  • Classifying

  • Marking

  • Queuing

  • Policing

  • Shaping

Enable NBAR on Interfaces

(config)#interface gigabitethernet 3
(config-if)#ip nbar protocol-discover
(config)#interface gigabitethernet 3
(config-if)#service-policy input netbios-policy

Create a Class-Map

(config)#class-map netbios-class
(config-cmap)#match protocol netbios

Create a Policy-Map

(config)#policy-map netbios-policy
(config-pmap)#class netbios-class
(config-pmap-c)#set dscp 45

Configuring a Switch to Capture and Send Flows

  • Enable NBAR

  • Create flow record

  • Create flow exporter

  • Create flow monitor

  • Apply flow monitor to interface

Globo-Core-Router(config)#int gi 3
Globo-Core-Router(config-if)#ip nbar protocol-discovery
Globo-Core-Router(config-if)#flow record Globo_Flow_Record
Globo-Core-Router(config-flow-record)#description send NBAR Application Data to Stealthwatch
Globo-Core-Router(config-flow-record)#match ipv4 tos
Globo-Core-Router(config-flow-record)#match ipv4 protocol
Globo-Core-Router(config-flow-record)#match ipv4 source address
Globo-Core-Router(config-flow-record)#match ipv4 destination address
Globo-Core-Router(config-flow-record)#match transport source-port
Globo-Core-Router(config-flow-record)#match transport destination-port
Globo-Core-Router(config-flow-record)#match interface input
Globo-Core-Router(config-flow-record)#match flow direction
Globo-Core-Router(config-flow-record)#collect routing source as
Globo-Core-Router(Config-flow-record)#collect routina destination as
Globo-Core-Router(confia-flow-recordì#collect routina next-hop address ipv4
Globo-Core-Router(config-flow-record)#collect ipv4 dscp
Globo-Core-Router(confia-flow-record)#collect ipv4 id
Globo-Core-Router(config-flow-record)#collect ipv4 source prefix
Globo-Core-Router(config-flow-record)#collect ipv4 source mask
Globo-Core-Router(config-flow-record)#collect ipv4 dest mask
Globo-Core-Router(config-flow-record)#collect ipv4 ttl max
Globo-Core-Router(config-flow-record)#collect transport tcp flags
Globo-Core-Router(config-flow-record)#collect interface output
Globo-Core-Router(config-flow-record)#collect transport tcp flags
Globo-Core-Router(config-flow-record)#collect interface output
Globo-Core-Router(config-fLow-record)#collect counter bytes
Globo-Core-Router(Config-flow-record)#collect counter packets
Globo-Core-Router(config-flow-record)#collect timestamp sys-uptime first
Globo-Core-Router(config-flow-record)#collect timestamp sys-uptime last
Globo-Core-Router(config-flow-record)#collect application name
Globo-Core-Router(config-flow-record)#collect application http url
Globo-Core-Router(config-flow-record)#collect application http host
Globo-Core-Router(config-flow-record)#exit
Globo-Core-Router(config)#flow exporter Globo_NetFlow_Collector
Globo-Core-Router(Config-flow-exporter)#desc Stealthwatch NetFlow Collector
Globo-Core-Router(config-flow-exporter)#destination 172.20.1.53
Globo-Core-Router(config-flow-exporter)#source qi 2
Globo-Ccore-Router cont1g-1Low-exporter)#transport udp 2055
Globo-Core-Router(config-flow-exporter)#template data timeout 30
Globo-Core-Router(config-flow-exporter)#option interface-table
Globo-Core-Router(config-flow-exporter)#option application-table timeout 10
Globo-Core-Router(config-flow-exporter)#export-protocol ipfix
Globo-Core-Router(config-flow-exporter)#exit
Globo-Core-Router(config)#flow monitor GloboFlow
Globo-Core-Router(config-flow-monitor)#desc Globo Main Flow Monitor
Globo-Core-Router(config-flow-monitor)#record Globo_Flow_Record
Globo-Core-Router(config-flow-monitor)#exporter Globo_NetFlow Collector
Globo-Core-Router(config-flow-monitor)#cache timeout active 60
Globo-Core-Router(config-flow-monitor)#cache timeout inactive 15
G1obo-Core-Router(config-flow-monitor)#exit
Globo-Core-Router(config)#int gi3
Globo-Core-Router(config-if)#ip flow monitor GloboFlow input
Globo-Core-Router(config-if)#exit