Cisco SD-AVC 4.4.0

New and Updated Features

New and updated features in SD-AVC Release 4.4.0:

  • Display domain information in the SD-AVC dashboard. You can view information about domains and the number of flows for each domain, aggregated from devices in the network.

  • Addressed a Spring4Shell issue to improve security.

Overview

Cisco Software-Defined AVC (SD-AVC) is a component of Cisco AVC. It operates as a centralized network service, with specific participating devices in a network.

Cisco SD-AVC complements solutions such as:

  • Cisco Intelligent WAN (IWAN)

  • Cisco EasyQoS

  • Application Assurance

Some of the current features and benefits provided by SD-AVC:

  • Network-level application recognition consistent across the network

  • Improved application recognition in symmetric and asymmetric routing environments

  • Improved first packet classification

  • Cloud service providing continually updated information about server addresses used by public internet sites and services, improving traffic classification

  • Protocol Pack update at the network level

  • Secure browser-based dashboard over HTTPS

  • Analysis of unclassified traffic

  • Network-wide user-defined applications

  • Configuring custom applications

  • Support for Office 365 Traffic Categories

  • REST API

  • Displaying domain information for flows handled by devices in the network

Requirements and Installation

SD-AVC consists of two main components:

  • SD-AVC network service: Operates as a virtualized service on a Cisco host platform. A variety of Cisco ASR1000 Series, ISR4000 Series, and other platforms can function as the host for this component, which is installed using a file downloaded from Cisco.

  • SD-AVC agent: SD-AVC can be activated on numerous devices in the network, which communicate with the centralized SD-AVC network service. Activating SD-AVC on a device does not require any additional software download. It requires only executing a few Cisco IOS commands on the device. A variety of Cisco ASR1000 Series, ISR4000 Series, and other platforms are supported. Activating SD-AVC starts an SD-AVC agent service on the device, which manages communication between the device and the SD-AVC network service.

See the user guide for the following:

  • System requirements for platforms hosting the SD-AVC network service, and instructions for installing the component.

  • System requirements for network devices using SD-AVC, and instructions for activating SD-AVC.

Caveats


Note

If you have an account on Cisco.com, you can view information on select caveats, using the Bug Search Tool (https://bst.cloudapps.cisco.com/bugsearch/).

Resolved Caveats in SD-AVC 4.4.0

The following caveat(s) were resolved in SD-AVC 4.4.0 (since 4.3.0):

Caveat

Description

CSCwb43727

Evaluation of Cisco SD-AVC for the Spring4Shell vulnerability (CVE-2022-22965)

Download SD-AVC

The user guide describes system requirements and installation instructions.

SD-AVC Network Service

The SD-AVC network service is installed from a tar file and operates as a virtualized service on a host platform. The file is available for download on the Cisco software download page (https://software.cisco.com/download/home). On the download page, specify a platform model to display software available for download. For example, to display SD-AVC files available for the Cisco ASR 1002-HX, enter ASR 1002-HX in the search field.

In the results, one software option is SD-AVC.

Network Devices

Configuring SD-AVC on network devices does not require downloading any additional software. SD-AVC is included in the system software.