Application Visibility and Control (AVC) Overview

  • Published on
    03-Dec-2014

  • View
    1.716

  • Download
    1

DESCRIPTION

As business and IT demands and requirements change, the network needs to evolve to support these transitions. Learn about the specific elements of the Application Visibility and Control solution and the associated technologies that you can use in your network today.

Transcript

  • 1. Application Visibility and ControlOverviewJean-Marc Barozet (jmb@cisco.com)Technical LeaderNetwork Operating Systems Technology GroupNovember 2012 2012 Cisco and/or its affiliates. All rights reserved. 1
  • 2. Drastic Change in Application Type, Delivery, and Consumption Public/Hybrid Cloud SaaS/IaaS Storage Users/ Machines THE Private Cloud Proliferation NETWORK of Devices VDI | IaaS Database 60% of IT professional cites performance as key challenge for cloud How applications are Delivered and Consumed 2012 Cisco and/or its affiliates. All rights reserved. Type of Applications 2
  • 3. Application complexity Cloud and Virtualization Multiple entities increases centralize application involved in delivering delivery applications Identify growing applications Understand application Problem isolation to minimize using more than just port performance from end users downtime and business number perspective impact 2012 Cisco and/or its affiliates. All rights reserved. 3
  • 4. App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction ASR1K Time ASR1K SAP 3M 150 ms High Sharepoint 10M 500 ms Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool ISR G2 & ASR Advanced reporting Use QoS or PfR to Identify applications collect application tool aggregates control application using L3 to L7 performance and reports network usage to information metrics, and export application improve application to management tool performance performance 2012 Cisco and/or its affiliates. All rights reserved. 4
  • 5. App Visibility & ISR G2 User Experience Report ISR G2 ASR1K ISR G2 App BW Transaction ASR1K Time ASR1K SAP 3M 150 ms High Sharepoint 10M 500 ms Med NFv9/IPFIX Low Reporting Tools Application Perf. Collection Reporting Tool & Management Exporting Control Recognition Tool FNF Cisco Prime NBAR2 NBAR2 ART Infrastructure QoS MMON Cisco Insight PfR 3rd Party Tools 2012 Cisco and/or its affiliates. All rights reserved. 5
  • 6. ISR G2 ASR1K AGENDA Application Classification Deep Packet Inspection engine (NBAR2) identifies applications using L7 signatures 2012 Cisco and/or its affiliates. All rights reserved. 6
  • 7. What about these? HTTP 80 FTP Are these 20/21 applications? POP3 110 IMAP 143 Or just ports? HTTPS 443 SMTP 25 2012 Cisco and/or its affiliates. All rights reserved. 7
  • 8. SCE Classification +1000 Signatures IOS NBAR Advanced Classification Innovations Supports ~1400 +150 Signatures Techniques Native IPv6 Classification protocols and sub- Open API 3rd Party Integration.. classification NBAR2 NBAR2 is a complete rebuild and the next generation in classification engine development New DPI component which provide Advanced Application Classification and Field Extraction Capabilities taken from SCE NBAR2 is adopted as a Cisco cross platform protocol classification mechanism Backward compatibility to preserve existing NBAR investments In-service field upgradable Protocol Definition no IOS upgrade required NBAR application library: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html 2012 Cisco and/or its affiliates. All rights reserved. 8
  • 9. Categorization of protocols into meaningful terms simplifies config and report aggregation P2P NBAR2 Category NBAR2 Sub-category NBAR2 Application Group Technology Encrypted Tunnel browsing authentication-services apple-talk-group skype-group n n n business-and-productivity-tools backup-systems banyan-group smtp-group y y y email client-server bittorrent-group snmp-group unassigned unassigned unassigned file-sharing commercial-media-distribution corba-group sqlsvr-group gaming control-and-signaling edonkey-emule-group stun-group industrial-protocols database fasttrack-group telepresence-group instant-messaging epayement flash-group tftp-group internet-privacy file-sharing fring-group vmware-group layer2-non-ip inter-process-rpc ftp-group vnc-group layer3-over-ip internet-privacy gnutella-group wap-group location-based-services license-manager gtalk-group webex-group net-admin naming-services icq-group windows-live-messanger-group newsgroup network-management imap-group xns-xerox-group obsolete network-protocol ipsec-group yahoo-messenger-group other other irc-group trojan p2p-file-transfer kerberos-group voice-and-video p2p-networking ldap-group remote-access-terminal netbios-group...

Recommended

View more >