Want to know which applications are running in your campus network? Let’s talk Cisco DNA Center Application Visibility Service.
Campus and Branch networks connect users to applications and it’s the role of the network administrator to make sure the users have an outstanding experience when accessing those applications. To make this happen, network administrators need to have the right quality of service (QoS) policies in place along with the right amount of visibility into their application health. But one thing often forgotten is the importance of properly identifying which applications are running in the network so that they can be optimized according to business policies.
Cisco DNA Center can tackle the three pillars required to deliver an outstanding application experience: deployment of QoS policies, and measuring of application health and visibility into applications running in the network. In this blog we will be focusing on the latter: how innovations in IOS-XE and Catalyst 9K switches coupled with a centralized controller can enhance the way to recognize applications in the network.
NBAR2, or Network-Based Application Recognition, is a classification engine that recognizes and classifies a wide variety of applications and protocols. It leverages deep packet inspection and can also recognize a wide variety of applications including those hidden in encrypted traffic.
Cisco network devices typically use NBAR2 ‘signatures’ to recognize what’s running in the network. The definitions of those signatures are packaged in what we call protocol packs (PP), the latest containing around 1500 application signatures. This means that devices can identify these applications by simply downloading the correct protocol pack which are known as standard applications.
Although NBAR2 works as a great starting point or application recognition, there are still a few limitations to consider:
Consistency: The network administrator needs to ensure the protocol pack is consistent across the infrastructure otherwise parts of the network might be able to recognize some applications that other parts will not. In the diagram below, we see devices with protocol pack version 48.0.0 while another device with protocol pack 47.0.0 which means that these devices will be recognizing a different set of applications.
Homegrown applications: Even though NBAR2 can recognize a fairly large amounts of applications, most environments have specific homegrown applications that need to be added manually. There are also cloud applications such as Office 365 with URL’s are very dynamic in nature, that change almost weekly.
Asymmetric paths: Traffic could also take asymmetric paths in the network, which means that a certain device in the network might see different characteristics of the network traffic compared to what another device sees.
Starting with Cisco DNA Center 2.1.2 we introduced Application Visibility Service, a controller-based architecture which allows NBAR2 enabled devices to interconnect through a centralized controller, share data and dynamically augment the protocol pack for homegrown and SaaS applications. Ultimately, we are still leveraging the NBAR2 engines and the protocol packs (PP) but DNA Center allows to dynamically improve the signature of applications. This technology is known as SD-AVC or CBAR (Controller Based Application Recognition).
So, how exactly does SD-AVC work? All NBAR2 enabled devices will still send classification rules to DNA Center. In this way, SD-AVC service in DNA Center will have a centralized view of applications recognized by those network devices. In addition, Application Visibility Service will receive information from authoritative external sources such as Infoblox DNS server for home grown applications, and Microsoft-365 connector for Office 365 URL’s and FQDNs. Lastly, DNA Center will use heuristics to resolve hosts or servers and import then as customized applications into the application registry.
Now that Cisco DNA Center has collected application information from all these different sources it will resolve conflicts and generate a new dedicated signature file (PPDK) that gets pulled by network devices. This PPDK file improves and augments the signatures already available with NBAR2. The diagram below depicts how DNA Center receives data from devices and external sources, creating a PPDK downloaded by the devices in order to augment the applications that can be identified. Moreover, protocol packs are now consistent among devices:
To summarize, Cisco has come a long way with innovations to enhance the recognition of applications in the network. Here are some of the key benefits Cisco DNA Center Application Visibility Service provides to better view and manage your built-in and custom applications:
- Utilizes NBAR2 for application recognition, proven and adopted as a Cisco cross platform protocol classification,
- Aids the update of NBAR2 protocol packs in the network devices which helps in maintaining consistency,
- Connects to external sources like Infoblox and MS Cloud connector to dynamically learn homegrown applications and Office 365 URL’s and IP address ranges. SD-AVC service then creates a PPDK to enhance the application rules in the device,
- Supports application visibility in asymmetric flows
Check out the video below to watch these concepts come to life in a short demo!
Like this kind of content or want to learn more about Cisco DNA Center? Follow me on my profile page to find more of my technical blogs!
Tags:1 Comments
Great stuff! I did not know about the challenge of maintaining different protocol packs in the infrastructure, glad to see DNAC helps alleviate that pain!