Information About Custom Applications
Cisco Network-Based Application Recognition (NBAR) is a Cisco technology that performs the SD-WAN Application Intelligence Engine (SAIE) flow on network traffic to identify network applications according to their traffic characteristics.
Note |
In Cisco vManage Release 20.7.1 and earlier releases, the SAIE flow is called the deep packet inspection (DPI) flow. |
The specific traffic characteristics of a network application are called an application signatures. Cisco packages the signature for an application, together with other information, as a protocol. Cisco packages a large set of protocols, covering numerous commonly occurring network applications, as a Protocol Pack. Cisco updates and distributes Protocol Packs regularly. They provide a database of network application signatures for NBAR to use to identify network application traffic.
The term network applications is defined broadly, and may include all of the following, and more:
-
Social media websites
-
Voice over IP (VoIP) applications
-
Streaming audio and video, such as Cisco Webex
-
Cloud applications, such as for cloud storage
-
SaaS applications
-
Custom network applications specific to an organization
Identifying applications is useful for monitoring network traffic, configuring application-aware traffic policy, and more.
To summarize network application signatures, protocols, and Protocol Packs, and how NBAR uses them:
-
The traffic of a network application has unique characteristics that can be used to identify the traffic as belonging to that specific application. These characteristics are called application signatures.
-
Cisco packages the signature for a specific network application as a protocol.
-
Cisco packages a large set of protocols, covering commonly occurring internet applications, as Protocol Packs.
-
Cisco NBAR performs the SAIE flow on traffic to gather the information required to identify the sources of the traffic, and uses protocols, such as those provided in Protocol Packs, to match that information to specific network applications. The result is that NBAR identifies the network applications producing traffic in the network.
Cisco Software-Defined Application Visibility and Control (SD-AVC) uses Cisco NBAR application identification to provide information about application usage within a network.
Custom Applications
In addition to the standard protocols provided in a Protocol Pack, you can define protocols, called custom applications, to identify internet traffic, often for uncommon network applications that are of specific interest to their organization. Custom applications augment the protocols provided in a Protocol Pack.
You can use custom applications in the same way as any other protocol when configuring:
-
Cisco Catalyst SD-WAN policies
-
Application Quality of Experience (AppQoE) policies, such as application-aware routing, TCP acceleration, and Quality of Service (QoS)
Note |
The following terms are used in the documentation of related technologies, and are equivalent: custom applications, custom protocols, user-defined applications |
Custom Applications in Cisco Catalyst SD-WAN
Cisco Software-Defined AVC (SD-AVC) is a component of Cisco Application Visibility and Control (AVC). It functions as a centralized network service, operating with specific participating devices in a network. One function of Cisco SD-AVC, which is included as a component of Cisco Catalyst SD-WAN, is to create and manage custom applications. Cisco Catalyst SD-WAN uses this Cisco SD-AVC functionality, through SD-AVC REST APIs, to enable you to define custom applications within Cisco Catalyst SD-WAN.
As a Cisco Catalyst SD-WAN user, you can use Cisco SD-WAN Manager to define custom applications. Cisco SD-AVC then pushes the custom applications to devices in the network. The devices in the network use the custom applications and other application protocols to analyze traffic traversing the devices.
The process of defining a custom protocol includes choosing criteria to identify network traffic as coming from a specific network application. The criteria can include characteristics of hosts originating the traffic, such as server names, IP addresses, and so on.
Priority of Protocols and Custom Applications
It is possible to define custom applications that match some of the same traffic as a protocol included in the Protocol Pack operating with Cisco NBAR. When matching traffic, custom applications have priority over Protocol Pack protocols. Deploying SD-AVC within an existing network does not require any changes to the network topology.
Restrictions for Custom Applications
-
Maximum number of custom applications: 1100
-
Maximum number of L3/L4 rules: 20000
-
Maximum number of server names: 50000
-
For server names, maximum instances of wildcard followed by a period (.): 50000
Example: *.cisco.com matches www.cisco.com, developer.cisco.com
-
For server names, maximum instances of prefix wildcard as part of server name: 256
Example: *ample.com matches www.example.com
-
Mapping the same domain to two different custom applications is not supported.
-
DNS traffic and application traffic need to be in the same VRF for SD-AVC to perform first packet classification.
-
Creating custom applications though CLI is not supported in Cisco Catalyst SD-WAN policy.
-
Activation of custom applications:
-
When using Cisco vManage Release 20.5.1 releases and earlier: For devices using releases earlier than Cisco IOS XE Catalyst SD-WAN Release 17.5.1a, the activation of custom applications is as follows:
-
A custom application created in Cisco SD-WAN Manager is not activated for visibility functionality (monitoring traffic) or control functionality (traffic policy) until a policy that makes use of the custom application is applied.
-
-
When using Cisco vManage Release 20.5.1 or later: For devices using Cisco IOS XE Catalyst SD-WAN Release 17.5.1a or later, the activation of custom applications is as follows:
-
A custom application created in Cisco SD-WAN Manager is activated immediately for application visibility functionality only (monitoring traffic), such as for protocol-discovery counters and Flexible NetFlow (FNF). When activated for visibility functionality only, custom applications do not affect traffic policy.
-
When the custom application is used by a policy, it becomes activated for control functionality (traffic policy) also.
-
-