What is Application Visibility and Control (AVC)

Application Visibility and Control (AVC) is a technology that involves multiple components, including Network Based Application Recognition Version 2 (NBAR2), Flexible NetFlow (FNF), and management tools that provide powerful application visibility and control capabilities based on stateful deep packet inspection (DPI).

With the Cisco AVC solution available on wireless controllers from AireOS 7.4 onward, it is possible to identify applications inside the packet and to have a measure of control over them. Types of control include the following: Marking of DSCP Rate-limiting/policing traffic in the upstream or downstream direction Dropping certain traffic types Using the AVC engine on the controller, it is possible to identify over a thousand applications.

The number of applications that can be identified is constantly being updated as new signatures become available, and these can be added or updated to the controller independently of an operating system upgrade. Importantly, unlike the WLAN QoS configuration that was discussed previously, AVC has the ability to mark the original DSCP value. The above images illustrates the functionality of AVC in Cisco wireless controllers.

With DSCP remarking capabilities, better QoS handling in the downstream direction can be achieved. Since AVC operates on the controller in centralized mode, the effect on wireless QoS is only in the downstream direction. Note that in FlexConnect mode, AVC operates in the AP, whereas in centralized mode it operates only on the controller. This also means that for upstream traffic, the effect of AVC for controlling traffic is only toward the wired network from the controller (meaning from the AP to the controller over the CAPWAP tunnel, AVC will have no effect in the upstream direction until it reaches the controller).?