Introducing Software Defined Application Visibility and Control

The Network Intuitive has ushered in a new era networking and as the landscape of this era reveals itself, it becomes apparent that there are several innovative ways of managing the network. One such service, that my team has been passionately working on, leverages analytics to provide application awareness in the network. Read on to learn about what it is, how it can be used, and more.

Enter SD-AVC

Application recognition is what makes network management more intuitive. Changing bits, bytes and packets into meaningful applications and translating them into actual business intent is what enterprises strive to achieve.

Software Defined Application Visibility and Control (SD-AVC) is a service that harnesses the capabilities of Cisco’s network devices to identify, aggregate and effectively communicate application data in order to make decisions like reprioritizing applications’ traffic using industry-leading QoS capabilities, group applications using attributes based on traffic class and business relevance or choose application paths based on real-time performance. The SD-AVC service gleans information from devices, processes the information, and then uses it to improve the application classification and the network’s operation.  First, it defines sensors within the network devices that can process traffic in real time and create rules that reflect the application services in real time. This information is then sent from the network devices to the central SD-AVC service which synthesizes this information gathered from disparate participating devices in the network to generate rules packages.  These composite rules packages are then downloaded back into the participating devices to assist in the steady improvement of application recognition across the network.  What all of this does is to continuously improve the efficacy of the application recognition process by leveraging information learned from across the network while also automating the management and distribution of this information to make the whole operation (dare we say it!) intuitive.  The distributed computing of the AVC information at the edge nodes also reduces processing in the network overall by sharing information between the different participating devices and enables automatic learning of applications, all in real time. This distributed learning also allows in many cases the recognition of application traffic on the very first packet again helping to reduce the aggregate network traffic processing requirement for application recognition and allow better responsivity of application based solutions

SD-AVC as a gateway to the Network

SD-AVC can be augmented by external sources of application information which can enrich the flow of information about applications into the network, serving to make the solution of identifying applications more efficient and robust.  This new capability enables us to provide more resilient application recognition by this leverage of knowledge from different sources, like the Microsoft Office365 RSS feed or security components like Cloudlock CASI.  With the Microsoft Office365 RSS feed, for instance, Microsoft provides updates to the URLs and IP addresses that its cloud services use which are often used in application recognition.  Such changes are a common occurrence as cloud vendors add new capacity in datacenters or regions.  The augmentation of SD-AVC with such feeds means that there is now a centralized automated update of the AVC agents on the devices possible via new rule packs as the feed publishes changes to the URL and IP information for these services.  This coupled with the automatic and seamless propagation of large volumes of new application signatures across the network serve to make this a self-managing cycle of continuous improvement in application recognition.

By simplifying and automating the operation of application visibility and control while dramatically increasing the efficiency and efficacy of its operation across the network, SD-AVC is paving the way for the intuitive intent-driven network.


Anand Oswal

No Longer with Cisco