True Application Aware Wireless LAN

An increase in the number of mobile devices in workspace has led to an increase in the applications running on your enterprise network. Moreover, Bandwidth hungry applications, such as video streaming and peer to peer applications can cripple the performance of your mission critical applications. So how does an IT administrator make sure that business critical application don't have to compete for scavenger level application running on the network. Cisco Application Visibility and Control (AVC) helps answer this question.

 

Take a look a the following video to see how Cisco AVC does a better job than Aruba Network's AppRF solution.

Demo

 

Summary

Summary

 

Why is Cisco AVC a better solution?

 

AVC-Flow

 

NBAR2

Application Recognition using NBAR2 Deep Packet Inspection:

Application Visibility& Control is a market-leading Cisco innovation which features the Next-generation heuristics based Deep Packet Inspection (DPI) technology called NBAR2 which allows for identification and classification of applications. Robust, proven NBAR2 library supports a massive (1000+) number of applications. New patches are released periodically to support additional applications. This is similar to the IT administrator adding signatures to the anti-virus tool on a regular basis to keep updated with the latest threats

Cisco Prime Assurance and Netflow:

 

Consistent wired-wireless application visibility on Cisco Prime Infrastructure (Assurance) and 3rd party Netflow collectors allows customers that are already using Netflow collectors to now monitor wireless traffic in conjunction with wired.

Test Setup

Cisco

Cisco Setup consists of a 5508 controller and AP 3600i running 7.4 code

Licensing : NO additional licenses needed for AVC

Aruba

Aruba setup consists of Aruba 6000 controllers and AP 135 running the latest 6.2 code

Licensing: For Aruba, you NEED to purchase PEF (Policy Enforcement Firewall) license for application recognition.

 

Configs

Cisco Config:

Cisco Running Config

Aruba Config:

Aruba Config

 

FAQ

Can do I enable Cisco AVC on my existing Cisco WLAN infrastructure? Do I need to buy extra licenses?

  • Cisco AVC can be enabled on your existing Cisco WLAN infrastructure by simply upgrading to the latest 7.4 Code. AVC comes as a base feature on the Cisco 5500/2500 series controller, you do not need to buy any additional licenses

How many application does Cisco AVC recognize?

  • Cisco AVC uses heuristics based deep packet inspection (DPI) to recognize flows and detect upto 1000+ applications.

What control option do I have over my application discovered by AVC?

  • Through industry-leading Cisco IOS QoS, which can now operate based on the application information provided by NBAR2, users can choose to drop, police, shape, or mark application flow.

Can CIsco AVC recognize encrypted P2P applications like encrypted BitTorrent, Skype, Lync etc. ?

  • Yes, using the NBAR2 library, Cisco can accurately detect and classify most of the encrypted as well as unencrypted P2P applciations.

Can Cisco AVC detect application traffic, behind an HTTP proxy?

  • Yes, using DPI, CIsco does not just rely on a single entity like a port number, helping it recognize traffic behind a HTTP proxy as well.

FAQ

Do we need a controller reload for recognizing newer applications?

  • As of the current release of AVC,, all the supported applications are integrated within the controller image. Support for protocol pack updates without updating the controller image will be offered in the future

How Granular is the Cisco AVC on the Controller?

  • Cisco AVC provides with a very granular flow of the application on your network. Using the Cisco controller, you get a real time view of the following:
    • Top 10 Upstream/Downstream applications
    • Top 10 users
    • Applications used per client
    • Real time QoS marking for the applications per client

Does Cisco provide tools to design application policies and report application traffic usage on the network?

  • Yes, Cisco Prime Assurance Manager, an enterprise-grade infrastructure and service monitoring tool for reporting of application and network performance.
  • You can also export the Netflow data to third party Netflow collectors

What additional benefits does Cisco Prime infrastructure provide when compared with the wireless controller web GUI?

  • Firstly, Cisco Prime infrastructure has been supporting AVC for Cisco wired devices such as routers and switches. Now, the same Cisco Prime infrastructure can be used for AVC in a Cisco wireless network as well. Secondly, Cisco Prime infrastructure enables customers to store historical information (daily/weekly/monthly) about wireless network devices and its clients’ performance metrics such as throughput, QoS-related metrics, and location history of wireless clients that can be used for capacity planning and troubleshooting.

Can AVC be used with third-party management tools?

  • The information exported by AVC is in the standard NetFlow Version 9 format and certainly lends itself to use with third-party tools. One example third-party tool that can create custom reports for Cisco AVC is Plixer Scrutinizer.

 

 

 

Resources:

Cisco Wireless AVC:: http://www.cisco.com/en/US/prod/wireless/avc_wireless.html

AVC FAQ: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps12722/qa_c67-722538.pdf

Mobility Blog: http://blogs.cisco.com/wireless/application-visibility-and-control-cleanair-at-the-applications-level/

Cisco Wireless: http://www.cisco.com/en/US/products/hw/wireless/index.html

 

 

Application Visibility & Control: CleanAir at the Applications Level.

If you want to leave a comment, please use our Cisco mobility blog