Cisco AVC Top Applications Monitor (10434 / 20434)
Description
This Module, based on processing Cisco Application Visibility and Control (AVC) flows (https://www.cisco.com/c/en/us/products/routers/avc-control.html), reports top Applications by bandwidth per exporter. It consolidates NetFlow records over a period of time (Data collection interval) which all have the same combination of the following fields:
- Exporter IP address
- Application Tag (Classification Engine ID and Selector ID)
Time trigger (Data collection interval) function – executed every 30 sec (default).
- Determine top N Applications by bandwidth consumption
- Report all consolidated conversations for top N applications This information is provided per NetFlow exporter
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Data Collection Interval, sec | Module logic execution interval | min = 5 sec, max = 600 sec, default = 30 sec |
| N – number of reported Applications | The number of top Applications reported per NetFlow exporter | min = 0, max = 100000, default = 50 (0 indicates all Applications are reported) |
Input
Cisco AVC NetFlow v9 (including Cisco WLC NetFlow v9) Data and Options.
Required NetFlow Fields
| Information Element (IE) | IE id | IE size, B | Description |
|---|---|---|---|
| applicationId | 95 | 4 or N | 8 bits of engine ID, followed by n bits of classification. |
| octetDeltaCount | 1 | 4 or 8 | The number of octets since the previous report (if any) in incoming packets for this Flow at the Observation Point. The number of octets includes IP header(s) and IP payload. |
| packetDeltaCount | 2 | 4 or 8 | The number of incoming packets since the previous report (if any) for this Flow at the Observation Point. |
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | “nfc_id=20434” |
| exp_ip | NetFlow exporter Ipv4 address | <IPv4 address> |
| protocol | Transport Protocol ( TCP = 6, UDP = 17) | <number> |
| app_tag | Application Tag | <string>, example “13:1” |
| app_name [^1] | Application Name | <string>, example “ftp” |
| engine_id | Classification Engine ID | <string>, example “IANA-L3” |
| bytes_in | Layer 3 bytes of ingress flows | <number> |
| packets_in | Layer 3 packets of ingress flows | <number> |
| bytes_out | Layer 3 bytes of egress flows | <number> |
| packets_out [^2] | Layer 3 packets of egress flows | <number> |
| bytes | Layer 3 bytes in both directions | <number> |
| packets | Packets in both directions | <number> |
| flow_count | Number of flows | <number> |
| t_int | Observation time interval, msec | <number> |
[^1]: Device must be configured to export Application list in NetFlow Options
[^2]: In/out bytes and packets are not calculated when “flowDirection” field is absent