The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
SD-AVC architecture consists of two basic components:
Centralized SD-AVC Network Service component operating on a host device
SD-AVC Agent component running on each SD-AVC-enabled device in the network
Cisco AVC can recognize 1400+ network applications, providing recognition of most enterprise network traffic. SD-AVC offers a controller-based approach that operates network-wide, aggregating application information collected across the network, and centralized deployment of Protocol Pack updates.
SD-AVC improves application recognition, and offers a solution to challenges posed by complex networks that use a variety of routing devices and routing methods. Such challenges include asymmetric routing, first packet classification, encryption, and so on.
Devices in the network running AVC analyze traffic and generate application data. If a device is connected to SD-AVC, the SD-AVC agent operating on the device receives this application data, and processes and caches the data. Periodically, the SD-AVC agent sends the latest application data to the centralized SD-AVC network service.
As new servers are detected or as server addresses change, the agent continually discovers and validates these servers and updates the SD-AVC network service with the new information. The process of discovery and validation can take several minutes.
Server addresses usually remain constant over time, but when they do change, the SD-AVC agent detects the changes and updates the network service.
The SD-AVC network service aggregates application data from multiple sources, producing an application rules pack from the composite data. This is made available to network devices using SD-AVC.
Periodically, the network devices using SD-AVC request the application rules pack. Relying on devices to pull (request) the application rules pack on their own schedule improves efficiency and simplifies administration.
The application rules pack contains the following type of information: ID, IP address, port, network protocol, VRF name, application name, and so on.
Example:
ID | IP Address | Port | Protocol | VRF-name | App-Name ================================================================= 0 | 192.0.2.1 | 5901 | TCP | Mgt | VNC