I recently prepared a presentation on Cisco AVC Flow Exports with Karthik Dakshinamoorthy, Product Manager at Cisco Systems.  In this post, I want to go over some of the key pieces that I covered in my presentation. Specifically, what details you can get from Cisco AVC Flow Exports. If you are interested in viewing the presentation, you can view it here.

So, what details are available with Cisco AVC? Well, among other things, AVC provides you with details that traditional flow exports just don’t have. As an example, VoIP has over 30 different reports, including Jitter, Packet Loss, and latency by interface. All of them, which I think we can all agree on, are critical when determining where VoIP issues are coming from. Below you can see an example of a Cisco AVC report.

cisco-avc-voip
Cisco AVC Report – Jitter and Packet Loss

It shows you the calls by destination, i.e. the IP device making the call, as well as the jitter and packet loss by device. What’s excellent about this report is that, if users are experiencing poor voice quality, you can put them all in a single report to see if they are witnessing the same problem at the same time (or different times). Additionally, you can run a report on different router hops to pinpoint exactly where the problem is introduced in the path. You can even, potentially, determine if the problem is mainly in the reception of the voice and not the transmit.

Along the same lines of the previous report is the report below. You can see details for CBQoS, RTP Payload (codec), Trans event packet loss, and jitter. This is excellent data that you cannot get from traditional NetFlow exports.

cisco-avc-voip2
Cisco AVC Report – VoIP

In a previous post “NBAR2 AVC“, we discussed what NBAR2 is, as well as its benefits. Cisco AVC includes application details found in NBAR2, which allows you to not only see which user was using the bandwidth, but also which application the user was using. Cisco AVC also groups various applications/URLs in a single group. For example, Facebook, LinkedIn, and Pinterest are all grouped under social-networking. What this allows you to do, is see the percentage of bandwidth that all of these sites are consuming on your network.

By combining a number of items exportable in Cisco AVC, you can create reports that have a combination of metrics. The Root Cause Delay report, for example, is very useful in determining the cause of the slowdown. Is it the network itself, the server supporting the application, or the application itself (perhaps something was misconfigured in the application).

cisco-avc-root-cause-delay
Cisco AVC Report – Root Cause Delay

Cisco AVC also provides you with wireless-specific exports. For example, The Hosts with Mac report allows you to truly have quantifiable information to properly execute expansion and resources during peak times. Additionally, you can view the multiple SSIDs from your access points and determine which ones are consuming the greatest amount of bandwidth.
This can help you determine which users are abusing the network. For example, are your guest network SSIDs consuming more bandwidth than your corporate users?

With Cisco AVC flow exports and the right flow collector, you are provided with all the AVC details on each link in the path, which provides end-to-end, hop-by-hop visibility.

If you are interested in setting up Cisco AVC flow exports in your environment, give our support team a call. They will be more than happy to give you a hand.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related