Cisco SD-AVC

Overview

Cisco Software-Defined AVC (SD-AVC) is a component of Cisco AVC. It operates as a centralized network service, with specific participating devices in a network.

Cisco SD-AVC complements solutions such as:

  • Cisco Intelligent WAN (IWAN)

  • Cisco EasyQoS

  • Application Assurance

Some of the current features and benefits provided by SD-AVC:

  • Network-level application recognition consistent across the network

  • Improved application recognition in symmetric and asymmetric routing environments

  • Improved first packet classification

  • Cloud service providing continually updated information about server addresses used by public internet sites and services, improving traffic classification

  • Protocol Pack update at the network level

  • Secure browser-based dashboard over HTTPS

  • Analysis of unclassified traffic

  • Network-wide user-defined applications

  • REST API

For details, see the Cisco SD-AVC 3.0.0 user guide.

New and Updated Features

New and changed features in SD-AVC Release 3.0.0:

  • Cloud Connector: A new component of SD-AVC that connects to a cloud service provided by Cisco, which provides data to improve traffic classification. The cloud services employs the latest information available about the server addresses used by public internet sites and services, to improve traffic classification.

  • Protocol Pack import: SD-AVC now indicates when Cisco releases a new Protocol Pack, and provides an option to import the Protocol Pack directly from Cisco to the local SD-AVC repository. Importing the Protocol Pack directly does not require using the Software Download tool. After import, the Protocol Pack can then be deployed to devices in the network.

  • System log server: SD-AVC keeps a system log as a local file. Beginning with this release, SD-AVC can also send system messages to an external system log server in real time.

  • Signed SSL certificate: By default, the browser-based SD-AVC Dashboard provides a self-signed SSL certificate that appears in a browser as untrusted. Optionally, you can register your specific domain and acquire a signed SSL certificate, and import the certificate into SD-AVC. Connecting to the SD-AVC Dashboard is then secure and trusted.

  • Changed TCP port range: SD-AVC uses TCP ports for communication between the central SD-AVC network service and the devices in the network running the SD-AVC agent. Port 8080 was added. The new range is: 21, 8080, and 59990-60000

For details, see the Cisco SD-AVC user guide, release 3.0.0.

Requirements and Installation

SD-AVC consists of two main components:

  • SD-AVC Network Service: Operates as a virtualized service within a Cisco device service container, hosted on a Cisco platform. A variety of Cisco ASR1000 Series, ISR4000 Series, and CSR1000V models can function as the host platform for this component, which is installed using a downloaded OVA file.

  • SD-AVC agent: SD-AVC can be activated on numerous devices in the network, which then communicate with the centralized SD-AVC Network Service. Activating SD-AVC on a device requires executing a few Cisco IOS commands on the device, and does not require any additional download. A variety of Cisco ASR1000 Series, ISR4000 Series, and CSR1000V models are supported. Activating SD-AVC starts an SD-AVC "agent" service on the device, which manages communication between the device and the SD-AVC Network Service.

See the user guide for:

  • System requirements for platforms hosting the SD-AVC Network Service, and instructions for installing the component, using an OVA.

  • System requirements for devices running SD-AVC, and instructions for activating SD-AVC.

Supported Platforms and OS

Host Platforms for SD-AVC Network Service

The following Cisco platforms can serve as host for the SD-AVC Network Service, which runs as a virtualized service. See the user guide for detailed system requirements for each platform type.

Table 1. Host Requirements

Host

Recommended OS (extended maintenance release trains only)

Cisco ASR1001-X Aggregation Services Router

Cisco IOS XE Everest 16.6.1 or later

Cisco ASR1002-X Aggregation Services Router

Cisco IOS XE Everest 16.6.1 or later

Cisco ASR1002-HX Aggregation Services Router

Cisco IOS XE Fuji 16.7.1 or later

Cisco ISR4431 Integrated Services Router

Cisco IOS XE Everest 16.6.1 or later

Cisco ISR4451 Integrated Services Router

Cisco IOS XE Everest 16.6.1 or later

Cisco CSR1000V Cloud Services Router

Cisco IOS XE Everest 16.6.1 or later

SD-AVC Agent Supported Platforms

The following Cisco platforms support operation with SD-AVC, using the SD-AVC agent. See the user guide for detailed system requirements for each platform type.

Table 2. Network Device Requirements

Platform

Recommended OS (extended maintenance release trains only)

Cisco Cisco ASR1001-X Aggregation Services Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco ASR1002-X Aggregation Services Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco ASR1001-HX Aggregation Services Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco ASR1002-HX Aggregation Services Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco 1100 Series Integrated Services Routers

Cisco IOS XE Fuji 16.9.1 or later

Cisco 4000 Series Integrated Services Routers: 4221, 4321, 4331, 4431, 4451

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco Integrated Services Virtual Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco CSR1000V Cloud Services Router

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco Route Processor RP2,

operating on Cisco ASR1004, ASR1006, or ASR1013

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Cisco Route Processor RP3,

operating on Cisco ASR1004, ASR1006, or ASR1013

Cisco IOS XE Fuji 16.9.1 or later

Cisco IOS XE Everest 16.6.4 or later

(See note 1.)

Note

  1. Cisco IOS XE 16.6.3 is supported, but with limited SD-AVC functionality. IOS XE 16.6.4 adds support for: Unclassified Traffic Discovery, source interface configuration, and improved scale. For questions about support for specific OS releases, please contact the SD-AVC team at:

    cs-nbar@cisco.com

Downloading SD-AVC

The SD-AVC Network Service is installed from an open virtual appliance (OVA) file and operates as a virtualized service on a host platform. The OVA file is available for download on the Cisco.com software download page (https://software.cisco.com/download/home). On the download page, specify a platform model to display software available for download. One software option will be SD-AVC.

Configuring the SD-AVC agent on network devices operating with the SD-AVC Network Service does not require downloading any additional software.

See the user guide for system requirements and installation instructions.

Example

To display SD-AVC OVA file(s) available for the Cisco ASR 1002-HX, enter "ASR 1002-HX" in the search field.

Notes

Microsoft Office 365

Recent changes that Microsoft has made to the Microsoft Office 365 web API have blocked the SD-AVC Microsoft Office 365 Connector, breaking its functionality in SD-AVC releases prior to 2.2.0. To resolve the issue, upgrade to SD-AVC 2.2.0 or later releases, which incorporate the new Microsoft Office 365 web API.