Which of the following best describes interpacket variation data that is collected by Cisco Tetration Analytics?

A. It includes variation in buffer utilization and is derived outside the packet header.

B. It contains information about endpoints, when a flow started, and the length of a flow.

C. It provides application visibility and generates microsegmentation policy.

D. It includes variation in TTL, IP and TCP flags, and payload length.

Explanation: Of the available choices, interpacket variation data includes variation in Time-To-Live (TTL), IP and Transmission Control Protocol (TCP) flags, and payload length. Cisco Tetration Analytics telemetry information is typically collected by a Cisco Nexus switch and is exported at 100-millisecond intervals to the switch’s application-specific integrated circuit (ASIC). Interpacket variation is one of three types of Cisco Tetration Analytics data that is exported. The other two are flow information and context details.

Cisco Tetration Analytics flow information data that is exported by the Cisco Nexus switch contains information about endpoints, when a flow started, and the length of a flow. In addition, this data can contain information about the protocols and ports that are used to start and maintain the flow as well as information about the amount of time the flow is active.

Variation in buffer utilization is included in the Cisco Tetration Analytics context details data that is exported by the Cisco Nexus switch. Context details information is derived outside the packet header. In addition to variation in buffer utilization, context details information can include information about the number of packet drops within a flow, associations with tunnel endpoints, and more.

Cisco Tetration as a whole, not its interpacket variation data, provides application visibility and generates microsegmentation policy. Cisco Tetration uses hardware agents and software agents to analyze network traffic flow telemetry on both the local network and in the cloud. Unlike Cisco Stealthwatch, which also analyzes network traffic flow, Cisco Tetration uses agents and Application Dependency Mapping (ADM) to provide visibility into the applications running on the network and the workloads that result and to create policies based on that information. Tetration agents are capable of setting firewall rules on their hosts in addition to collecting flow information. Cisco Tetration also offers the Forensics feature that can, in real-time, detect forensic events and apply matching user-defined rules.

Reference: https://www.cisco.com/c/dam/global/en_uk/products/switches/cisco_nexus_9300_ex_platform_switches_white_paper_uki.pdf (PDF)