Cisco AVC Top Applications Monitor (10434 / 20434)

Description

This Module, based on processing Cisco Application Visibility and Control (AVC) flows (https://www.cisco.com/c/en/us/products/routers/avc-control.html), reports top Applications by bandwidth per exporter. It consolidates NetFlow records over a period of time (Data collection interval) which all have the same combination of the following fields:
  • Exporter IP address
  • Application Tag (Classification Engine ID and Selector ID)
Time trigger (Data collection interval) function – executed every 30 sec (default).
  1. 1.
    Determine top N Applications by bandwidth consumption
  2. 2.
    Report all consolidated conversations for top N applications This information is provided per NetFlow exporter

Parameters

Parameter Name
Description
Comments
Data Collection Interval, sec
Module logic execution interval
min = 5 sec, max = 600 sec, default = 30 sec
N – number of reported Applications
The number of top Applications reported per NetFlow exporter
min = 0, max = 100000, default = 50 (0 indicates all Applications are reported)

Input

Cisco AVC NetFlow v9 (including Cisco WLC NetFlow v9) Data and Options.

Required NetFlow Fields

Information Element (IE)
IE id
IE size, B
Description
applicationId
95
4 or N
8 bits of engine ID, followed by n bits of classification.
octetDeltaCount
1
4 or 8
The number of octets since the previous report (if any) in incoming packets for this Flow at the Observation Point. The number of octets includes IP header(s) and IP payload.
packetDeltaCount
2
4 or 8
The number of incoming packets since the previous report (if any) for this Flow at the Observation Point.

Syslog/JSON Message Fields

Key
Field Description
Comments
nfc_id
Message type identifier
“nfc_id=20434”
exp_ip
NetFlow exporter Ipv4 address
<IPv4 address>
protocol
Transport Protocol ( TCP = 6, UDP = 17)
<number>
app_tag
Application Tag
<string>, example “13:1”
app_name [^1]
Application Name
<string>, example “ftp”
engine_id
Classification Engine ID
<string>, example “IANA-L3”
bytes_in
Layer 3 bytes of ingress flows
<number>
packets_in
Layer 3 packets of ingress flows
<number>
bytes_out
Layer 3 bytes of egress flows
<number>
packets_out [^2]
Layer 3 packets of egress flows
<number>
bytes
Layer 3 bytes in both directions
<number>
packets
Packets in both directions
<number>
flow_count
Number of flows
<number>
t_int
Observation time interval, msec
<number>
[^1]: Device must be configured to export Application list in NetFlow Options
[^2]: In/out bytes and packets are not calculated when “flowDirection” field is absent
Last modified 1yr ago