Tags

, ,

AVC provides application-aware control on a wireless network and enhances manageability and productivity.

AVC has these components:

  • Network Based Application Recognition (NBAR2), which allows for identification and classification of applications. NBAR2 is based on NBAR and has extra requirements such as having a Common Flow Table for all IOS features that use NBAR. NBAR2 recognizes application and passes this information to other features such as Quality of Service (QoS), NetFlow and Access Control List (ACL), which can take action based on this classification.
  • QoS: Ability to remark applications using DiffServ to prioritize and de-prioritize the applications.
  • A template for Cisco NetFlow v9 to select and export data of interest Cisco Prime Assurance(Optional) or a third-party NetFlow collector of your choice to collect, analyze and save reports for troubleshooting, capacity planning and compliance purposes.

The key use cases for NBAR AVC are capacity planning, network usage base lining and better understanding of what applications are consuming bandwidth. Trending of application usage helps the network administrator plan for network infrastructure upgrade, improve quality of experience by protecting key applications from bandwidth-hungry applications when there is congestion on the network, capability to prioritize or de-prioritize, and drop certain application traffic.

AVC is supported on 2500, 5500, 7500, 8500 and WiSM2 controllers on Local and Flex Modes (for WLANs configured for central switching only in 7.4 release).

Here are few guidelines/restrictions of AVC in WLC 7.4 release.
1. You can monitor real-time applications on the Controller User Interface. In order to store and view long-term reports you need to export the flow entries to a NetFlow collector.
2. AVC on a controller can classify and take action on 1039 different applications.
3. Two actions, either DROP or MARK, are possible on any classified application.
4. A maximum of 16 AVC profiles can be created on a WLC.
5. Each AVC profile can be configured with a maximum of 32 rules.
6. Same AVC profile can be mapped to multiple WLANs. However, one WLAN can have only one AVC profile.
7. Only 1 NetFlow exporter and monitor can be configured on a WLC.
8. AVC stats are displayed only for the top 10 applications on GUI. CLI can be used to see all applications.
9. AVC is supported on WLANs configured for central switching only.
10. If the AVC profile mapped to WLAN has a rule for MARK action, that application takes precedence as per the QoS profile configured in AVC rule overriding the QoS profile configured on WLAN.
11. Any application, which is not supported or recognized by AVC engine on WLC, is captured under the bucket of UNCLASSIFIED traffic.
12. IPv6 traffic cannot be classified.
13. AAA override of AVC profiles is not supported.
14. AVC profile can be configured per WLAN and cannot be applied per user basis.
15. AVC is not supported in vWLC and SRE WLC.
16. Multicast traffic is not supported by AVC application.

Here is how you configure this feature on a WLC. First of all you  need to create an AVC Profile under “Wireless -> Application Visibility & Control -> AVC Profile” section. If you just want simply to get visibility you do not want to edit newly created profile.WLC-AVC-01

If you want to MARK or DROP certain traffic categories you can edit the AVC Profile. Below shown an example how you can do marking on certain type of traffic. Understand this will only take effect when traffic hits WLC (cannot influenced traffic coming from client to AP), but at least that traffic will re-classify at WLC as per your policy.

WLC-AVC-02

By clicking “Add New Rule” you can modify the rules in a given AVC profile.  There are around 1039 Applications grouped into several categories (as shown in the below). Action would be either MARK or DROP.

WLC-AVC-03

You can view the full application list under “Wireless -> Application Visibility & Contorl -> AVC Applications” section as shown below.

WLC-AVC-04

Once you create AVC profile you can apply it to WLAN as you want. This can be done under WLAN QoS configuration settings page as shown in below. First make sure you tick the Application Visibility option & then select the AVC profile you created under drop down box. As optionally if you already created a netflow collector you can select that to send these application specific information to that collector.

WLC-AVC-05

You can configure the above via CLI as well. Please see the below CLI commands to do this. It is just 3 lines to see the visibility of a given WLAN traffic. “Remote-LAN”  AVC profile shown with some marking rules, but that has not applied to any WLAN.

config avc profile LTU-AVC-POLICY create
config wlan avc 5 visibility enable 
config wlan avc 5 profile LTU-AVC-POLICY enable

config avc profile Remote-LAN create
config avc profile Remote-LAN rule add application h323 mark 46 
config avc profile Remote-LAN rule add application cisco-phone mark 46 
config avc profile Remote-LAN rule add application sip-tls mark 46 
config avc profile Remote-LAN rule add application sip mark 46 
config avc profile Remote-LAN rule add application rtp mark 46

Now you are ready to get visibility of your wireless traffic. There are many ways of doing this. If you go to “Monitor -> Applications ” page you can see application visibility of a given WLAN as shown below. You can monitor aggregate, upstream & Downstream (see below 3 screen captures). It will show last 90 seconds (real-time) & accumulated since WLC last reboot. If you want customized reports you have to use Prime Infrastructure.

WLC-AVC-06

WLC-AVC-07

WLC-AVC-08

You can monitor application statistics per client as well. If you go to “Monitor ->Clients ” & select a specific client you can see that individual client AVC statistics as shown below.

WLC-AVC-09

Most of the above gives top 10 view & if you want to see statistics about specific group or application you have to use CLI. Below shows few CLI commands that you can use.

(BUN-PW00-WC01) >show avc ?               
applications   Display AVC Applications.
profile        Display AVC Profiles.
statistics     Display AVC Statistics.

(BUN-PW00-WC01) >show avc statistics ?               
application    Application Protocol.
client         Display Client AVC Statistics.
guest-lan      Display GUEST-LAN AVC statistics.
remote-lan     Display REMOTE-LAN AVC statistics.
top-apps       Display Top Applications on the System.
wlan           Display WLAN AVC statistics.

(BUN-PW00-WC01) >show avc statistics wlan 2 top-app-groups 
 Application-Group-Name            Packets    Bytes    Avg Pkt   Packets     Bytes
      (Up/Down)                    (n secs)  (n secs)   Size     (Total)     (Total)
 =======================           ========  ========  =======   =======     =======
 browsing                        (U)    446   123734     277   777820143 146916626742
                                 (D)    665   592414     890   1055904635 1253272543523
 other                           (U)    383    90261     235   119872994  40531478261
                                 (D)    342   120175     351   122093147 109515544490
 internet-privacy                (U)    221    70894     320   508620419 404684351046
                                 (D)    213   119784     562   447127815 372798117519
 business-and-productivity-tools (U)     70    10958     156    48750696  51280814336
                                 (D)    118   155426    1317    40036778  26473317880
 net-admin                       (U)    260    54812     210   152075496  39117235894
                                 (D)    244    66019     270   203276468 162979492675
 file-sharing                    (U)    104    36335     349   741380601 528022766889
                                 (D)     87    20979     241   781296921 856198821862
 instant-messaging               (U)    148    14948     101     5408682   1522814835
                                 (D)    148    10360      70     5421594   1781488507
 voice-and-video                 (U)     65     7142     109   397238148  93220392323
                                 (D)     53     3893      73   594292198 757656063189
 email                           (U)     23     2135      92    39313259  19012961749
                                 (D)     28     3352     119    43385602  38562267418

(BUN-PW00-WC01) >show avc profile detailed Remote-LAN
  Application-Name          Application-Group-Name            Action  DSCP 
  ================          =======================           ======  ====
  h323                      voice-and-video                    Mark     46
  cisco-phone               voice-and-video                    Mark     46
  sip-tls                   voice-and-video                    Mark     46
  sip                       voice-and-video                    Mark     46
  rtp                       voice-and-video                    Mark     46

  Associated WLAN IDs       : 
  Associated Remote LAN IDs : 6
  Associated Guest LAN IDs  : 

(BUN-PW00-WC01) >show avc statistics wlan 2 application cisco-phone
  Description                     Upstream    Downstream
  ===========                     ========    ==========
  Number of Packtes(n secs)              0             0
  Number of Bytes(n secs)                0             0
  Average Packet size(n secs)            0             0
  Total Number of Packtes            96002        101095
  Total Number of Bytes           23620796      21822360

Here is a link to AVC deployment Guide from Cisco

Application Visibility and Control Deployment Guide

Related Posts

1. Day 0 with WLC 7.4 code
2. Who Really Support WLC Netflow ?
3. Configuring Netflow on WLC 7.4
4. Configuring mDNS in WLC 7.4
5.
6.