Main Nav

From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Thanks for sharing Lee. 

As a cisco customer, I am very pleased Cisco takes this step, and I believe this is the right and very significant step for network accessing and control. Let me explain. 

Wireless and wired connections are the only network accessing points for end users. The question is what they can do beside providing connectivity, and how they can help in the big picture of IT security. 

Deep Packet Inspection (DPI) is the fundamental of network security. You can do nothing with understanding the details of traffic. We already see the power and benefits of DPI in the firewall and IDS/IPS platforms, which most enterprises implementing at the edge or border. But there is another sources where virus / attacks coming from -- the endpoint, either laptops, workstations, or mobile devices, by connecting to the network. Today's solution is to implement host-based anti-virus/spyware/malware and host-based firewall/IDS/IPS, which has been proved not enough and very budget and resources consuming. The whole anti-virus industry is struggling now (http://goo.gl/ZxO7r). 

So the question is if DPI is so powerful, could DPI help us to solve the endpoint issue? My answer is yes -- if we have DPI. In decades, the network accessing point -- the switches and wireless APs, does not have the processing power of DPI and others, but today if multiple cores can be easily assembled in a tiny thumb devices, giving switches and APs enough processing power should not be a issue at all. 

With DPI, the network will have the clear picture of what endpoints sending and receiving. Policies to control applications, priority traffic, block un-authorized accessing, detect malicious..anything you want. This is what I, as a network engineer, always believing and dreaming for "the Power of Network". 

regards, and thanks Cisco:)


David Wang 
Networking Services | www.uoguelph.ca/ccs | 519-824-4120 x52046

"Keep looking don't settle" --Steve Jobs



On 2013-01-04, at 9:14 AM, Lee H Badman <lhbadman@SYR.EDU> wrote:

From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Card carrying members of the adopters club checking in. We are running the 7.4 code, but haven't done too much with the DPI yet beyond Ooo and Ahh over the classification features. As long as there isn't too much of a CPU hit, I would like to start dropping certain matches at the first hop rather than filtering them at the egress point of the WLC. This could be a big benefit as we move to 802.11ac radios where the AP <-> controller links might play a bigger role.

I'll let the list know if by chance we have to roll back after classes start back up next week, but no issues so far.


-Luke

-- 
=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University


From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Thanks for sharing Lee. 

As a cisco customer, I am very pleased Cisco takes this step, and I believe this is the right and very significant step for network accessing and control. Let me explain. 

Wireless and wired connections are the only network accessing points for end users. The question is what they can do beside providing connectivity, and how they can help in the big picture of IT security. 

Deep Packet Inspection (DPI) is the fundamental of network security. You can do nothing with understanding the details of traffic. We already see the power and benefits of DPI in the firewall and IDS/IPS platforms, which most enterprises implementing at the edge or border. But there is another sources where virus / attacks coming from -- the endpoint, either laptops, workstations, or mobile devices, by connecting to the network. Today's solution is to implement host-based anti-virus/spyware/malware and host-based firewall/IDS/IPS, which has been proved not enough and very budget and resources consuming. The whole anti-virus industry is struggling now (http://goo.gl/ZxO7r). 

So the question is if DPI is so powerful, could DPI help us to solve the endpoint issue? My answer is yes -- if we have DPI. In decades, the network accessing point -- the switches and wireless APs, does not have the processing power of DPI and others, but today if multiple cores can be easily assembled in a tiny thumb devices, giving switches and APs enough processing power should not be a issue at all. 

With DPI, the network will have the clear picture of what endpoints sending and receiving. Policies to control applications, priority traffic, block un-authorized accessing, detect malicious..anything you want. This is what I, as a network engineer, always believing and dreaming for "the Power of Network". 

regards, and thanks Cisco:)


David Wang 
Networking Services | www.uoguelph.ca/ccs | 519-824-4120 x52046

"Keep looking don't settle" --Steve Jobs



On 2013-01-04, at 9:14 AM, Lee H Badman <lhbadman@SYR.EDU> wrote:

From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Card carrying members of the adopters club checking in. We are running the 7.4 code, but haven't done too much with the DPI yet beyond Ooo and Ahh over the classification features. As long as there isn't too much of a CPU hit, I would like to start dropping certain matches at the first hop rather than filtering them at the egress point of the WLC. This could be a big benefit as we move to 802.11ac radios where the AP <-> controller links might play a bigger role.

I'll let the list know if by chance we have to roll back after classes start back up next week, but no issues so far.


-Luke

-- 
=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University


From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Thanks for sharing Lee. 

As a cisco customer, I am very pleased Cisco takes this step, and I believe this is the right and very significant step for network accessing and control. Let me explain. 

Wireless and wired connections are the only network accessing points for end users. The question is what they can do beside providing connectivity, and how they can help in the big picture of IT security. 

Deep Packet Inspection (DPI) is the fundamental of network security. You can do nothing with understanding the details of traffic. We already see the power and benefits of DPI in the firewall and IDS/IPS platforms, which most enterprises implementing at the edge or border. But there is another sources where virus / attacks coming from -- the endpoint, either laptops, workstations, or mobile devices, by connecting to the network. Today's solution is to implement host-based anti-virus/spyware/malware and host-based firewall/IDS/IPS, which has been proved not enough and very budget and resources consuming. The whole anti-virus industry is struggling now (http://goo.gl/ZxO7r). 

So the question is if DPI is so powerful, could DPI help us to solve the endpoint issue? My answer is yes -- if we have DPI. In decades, the network accessing point -- the switches and wireless APs, does not have the processing power of DPI and others, but today if multiple cores can be easily assembled in a tiny thumb devices, giving switches and APs enough processing power should not be a issue at all. 

With DPI, the network will have the clear picture of what endpoints sending and receiving. Policies to control applications, priority traffic, block un-authorized accessing, detect malicious..anything you want. This is what I, as a network engineer, always believing and dreaming for "the Power of Network". 

regards, and thanks Cisco:)


David Wang 
Networking Services | www.uoguelph.ca/ccs | 519-824-4120 x52046

"Keep looking don't settle" --Steve Jobs



On 2013-01-04, at 9:14 AM, Lee H Badman <lhbadman@SYR.EDU> wrote:

From Cisco’s 7.4 Controller Code release notes:
 
•Support for Application Visibility and Control (AVC) is introduced. AVC classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.
Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.
•Support for NetFlow protocol is introduced. The NetFlow protocol provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic.
The NetFlow architecture consists of the following components:
–Collector—Entity that collects all the IP traffic information from various network elements.
–Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.
 
I know that other wireless vendors are also now doing/claiming to do Deep Packet Inspection in the controllers/Aps/magic modules, etc. I’m wondering if:
 
- anyone is yet gaining real value by having DPI on the wireless side (as opposed to, or in addition to in the core or on the wired edge)
- where you are somewhat specialized (wireless engineers, wired engineers, security staff, no significant overlap), are you finding the move to wireless DPI having any effect on the “who does what” factor?
- has anyone actually taken the plunge on 7.4, and doing anything yet with DPI? (I know it’s brand new- wondering if anyone was a beta site, perhaps).
 
 
Thanks, and Happy New Year to both lists,
 
 
 
Lee Badman
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Card carrying members of the adopters club checking in. We are running the 7.4 code, but haven't done too much with the DPI yet beyond Ooo and Ahh over the classification features. As long as there isn't too much of a CPU hit, I would like to start dropping certain matches at the first hop rather than filtering them at the egress point of the WLC. This could be a big benefit as we move to 802.11ac radios where the AP <-> controller links might play a bigger role.

I'll let the list know if by chance we have to roll back after classes start back up next week, but no issues so far.


-Luke

-- 
=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University


Card carrying members of the adopters club checking in. We are running the 7.4 code, but haven't done too much with the DPI yet beyond Ooo and Ahh over the classification features. As long as there isn't too much of a CPU hit, I would like to start dropping certain matches at the first hop rather than filtering them at the egress point of the WLC. This could be a big benefit as we move to 802.11ac radios where the AP <-> controller links might play a bigger role.

I'll let the list know if by chance we have to roll back after classes start back up next week, but no issues so far.


-Luke

-- 
=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University


Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.