Configuring Network Devices

Configuring Network Devices to Use SD-AVC

After the SD-AVC Network Service has been set up, use the information in this section to check the prerequisites for Cisco devices in the network to operate with the SD-AVC Network Service. Then activate and configure SD-AVC on the devices. This activates an SD-AVC agent that operates on the devices to communicate with the SD-AVC Network Service.

After configuration is complete, verify the status of each device using the SD-AVC Dashboard:

Dashboard > Application Visibility page > SD-AVC Monitoring

For High Availability SD-AVC, which employs more than one SD-AVC Network Service, see SD-AVC High Availability.

System Requirements: Network Devices Using SD-AVC

The following table describes the supported platforms and requirements for network devices to operate with SD-AVC. When operating with SD-AVC, network devices run the SD-AVC agent, which manages communication between the devices and the SD-AVC Network Service.

Table 1. Network Device Requirements

Platform

Recommended OS (extended maintenance release trains only)

Cisco ASR1001-X Aggregation Services Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco ASR1002-X Aggregation Services Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco ASR1001-HX Aggregation Services Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco ASR1002-HX Aggregation Services Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco 1100 Series Integrated Services Routers

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco ISR4000 Series Integrated Services Routers: 4221, 4321, 4331, 4431, 4451

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco Integrated Services Virtual Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco CSR1000V Cloud Services Router

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

(See note 2 for information about Cisco CSR1000V license requirements.)

Cisco Route Processor RP2,

operating on Cisco ASR1004, ASR1006, or ASR1013

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Cisco Route Processor RP3,

operating on Cisco ASR1004, ASR1006, or ASR1013

Cisco IOS XE Amsterdam 17.3.1 or later

Cisco IOS XE Fuji 16.9.1 or later

(See note 1 for details of feature support.)

Note

  1. Cisco IOS XE 17.3.1 adds support for Microsoft Office 365 traffic categories, the Clear State function, and additional custom application functionality (IPv6 subnet, extended IPv4 subnets, port ranges).

  2. The Cisco CSR1000V Cloud Services Router requires the following license: AX, 2.5 Gbps or higher throughput. See the Cisco CSR1000V Data Sheet.

For questions about support for specific OS releases, please contact the SD-AVC team at:

cs-nbar@cisco.com

Connectivity

For connectivity requirements and procedures, see Configuring Connectivity.

Configuration Prerequisites: Network Devices Using SD-AVC

The following are prerequisites for network devices to operate with SD-AVC:

  • Application statistics:

    SD-AVC functionality depends on receiving application statistics from each participating network device. Application statistics are collected on each interface (on participating devices) on which one of the following is enabled: Cisco Performance Monitor, Easy Performance Monitor (ezPM), PfR policy, or Protocol Discovery. Each of these activates NBAR2 on the interface.

    Depending on the Cisco solution in place, application statistics must be collected as follows:

    • Application Assurance solution: (No additional user configuration required) Collection of application statistics is enabled by the use of Performance Monitor or Easy Performance Monitor (ezPM), and PfR policy.

    • EasyQoS: (Requires user configuration) Configure Protocol Discovery on WAN-side interfaces.

    • IWAN solution: (No additional user configuration required) Collection of application statistics is enabled by the use of Easy Performance Monitor (ezPM) and PfR policy.

  • Unique hostname:

    Each network device operating with SD-AVC requires a unique hostname. The following is an example of how to configure the hostname on a device: 

    Device(config)#hostname host123

Activating the SD-AVC Agent

Use the following procedure on a device in the network to activate the SD-AVC agent, enabling the device to communicate with the SD-AVC Network Service.


Note

See system requirements for network devices operating with SD-AVC .

Note

The term, SD-AVC Network Service, refers to the virtual service that operates on a host device and performs SD-AVC functions, such as aggregating application data. The avc sd-service command used in this procedure does not refer to the SD-AVC Network Service.

  1. Activate SD-AVC.

    avc sd-service

    Example: 

    (config)#avc sd-service

  2. Configure the segment (group of devices that share the same purpose, such as routers within the same hub).

    segment cisco

    Example: 

    (config-sd-service)#segment cisco

  3. Enter controller mode to configure the agent to use the SD-AVC Network Service (not related to the avc sd-service command used in an earlier step).

    controller

    Example: 

    (config-sd-service)#controller

  4. Enter the service-IP used when the SD-AVC Network Service (running on a host device) was set up.

    address service-ip

    Note

    For a high availability (HA) configuration, more than one SD-AVC Network Service is specified in this step. See: SD-AVC High Availability

    Example: 

    (config-sd-service-controller)#address 10.56.196.146

  5. Configure VRF.

    vrf vrf_mgmt

    Example: 

    (config-sd-service-controller)#vrf vrf_mgmt

    The device is now configured to operate with SD-AVC, and begins:

    • Sending collected application data to the SD-AVC Network Service

    • Receiving application rules packs periodically from the SD-AVC Network Service

  6. See Scenarios that Benefit from Source Interface Configuration to determine whether to specify a source interface for SD-AVC traffic.

  7. Using the SD-AVC Dashboard confirm that the router appears as a device in the network.

Configuration Example

The following is an example of the CLI steps used to configure the SD-AVC agent on a device.

(config)#avc sd-service
(config-sd-service)#segment cisco 
(config-sd-service)#controller 
(config-sd-service-controller)#address 10.56.196.146
(config-sd-service-controller)#vrf vrf_mgmt

Deactivating the SD-AVC Agent

Use the following procedure on a device in the network to deactivate the SD-AVC agent and clear any SD-AVC agent configuration details that have been entered. This stops SD-AVC functionality on the device, and the device stops communicating with the SD-AVC network service.

  1. Deactivate SD-AVC and remove SD-AVC agent configuration.

    no avc sd-service

    Example: 

    (config)#no avc sd-service