Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of Hybrid Cloud Observability Advanced and is also available in a standalone module, NetFlow Traffic Analyzer (NTA). Hybrid Cloud Observability Advanced and NTA are built on the self-hosted SolarWinds Platform.

Prepare a CBQoS implementation in NTA

Since CBQoS pertains to the use of bandwidth on the interfaces of your Cisco devices, the best way to define your objectives for CBQoS class and policy creation is to establish the trend of bandwidth use on your network at the interface level.

Assuming you have Cisco devices set up to export flow data and NTA is showing the devices under NetFlow Sources on the NetFlow Traffic Analyzer Summary view, begin by examining each node for traffic statistics and useful traffic information. For more information about setting Cisco devices, see Add flow-enabled devices and interfaces to the SolarWinds Platform database.

The following steps cover the basic process for using NTA to analyze flow data in preparation to defining a CBQoS strategy. These steps are meant to give general guidance on how to use NTA in analyzing your current traffic as it pertains to determining CBQoS needs.

  1. Click My Dashboards > NetFlow > NTA Summary.
  2. Under NetFlow Sources, expand a node, and then click an interface for which you want to analyze the traffic. This brings up an Interface Details view for the interface.
  3. Click next to Time Period and set the time frame for which you want to examine traffic statistics.

    For example, with the intention of understanding what happens with traffic in a representative month, you might set an Absolute Time Period that includes the first and last day of the most recently concluded month.

  4. Click Submit.
  5. Click next to Flow Direction and set the flow direction for which you want to review the traffic.
  6. Click Submit.
  7. Use a combination of Top XX widgets on the Interface Details to analyze how traffic data is flowing through the interface. For example:

    Use Top XX Applications to view the applications that were used to send the most traffic through the interface.

    The goal is to determine the amount of critical data applications typically transfer in the representative time period. You also want to discover the applications that are consuming bandwidth unrelated to the purposes of your organization, such as YouTube streaming.

    You probably need to follow up on what you see in Top XX Applications by viewing Top XX Conversations or by using another tool, like a packet sniffer (WireShark) or Cisco Network Based Application Recognition (NBAR), to discover the exact identity of the bandwidth-consuming applications. For example, based on available layer 3 and 4 information that it has, Top XX Applications may only list the application as HTTP. By cross-referencing with Top XX Conversations, or by digging deeper with other tools, you can often discover other data (ports, IP addresses) that lead you to the actual applications involved in generating the real bandwidth-intensive data.

    Use Top XX Conversations to view the endpoints involved in the highest bandwidth-consuming conversations, and to determine if there is a pattern to when the conversations took place and which endpoints were involved.

    The goal is to discover predictable recurrent uses of bandwidth related the purpose of your business or organization. You also want to discover the uses of bandwidth that are not related to the primary purposes of your organization, so that you can lower the priority of this traffic when you put it in a CBQoS class.

    In this case, since the conversation gives you endpoints, you can use DNS, with a tool like nslookup, to discover where each endpoint is operating. Knowing the domain often helps identify the type of data involved. For example, finding out that one of the endpoints is operating within www.youtube.com tells you that audio or video data is being transferred.

    Use Top XX Traffic Sources or Destinations by Countries to view the countries whose traffic is most serviced through the interface.

    If you are using Persistent DNS instead of On Demand DNS, you can view the domains responsible for the highest levels of data transfer through the interface and correlate those levels with statistics in the other Top XX widgets. For information on using persistent instead of On Demand DNS, see DNS and NetBIOS resolution in NTA.

    When viewing traffic history in this way, you probably will observe obvious top priorities for shaping the use of bandwidth on the interface.

  8. Repeat steps 3 through 9 for each flow-enabled Cisco device for which you might need to create CBQoS policies.
  9. Based on what your traffic analysis reveals, for each interface, rank and group the types of data you discovered according to their importance to your organization, or to the experience of those who use the critical applications for which the type of data is passed over the network.
  10. Translate the groups of data types into CBQoS class maps and work to define policy maps that would result in an allocation of interface bandwidth that match your rankings.

The goal is to have traffic flowing through the interface so that in cases of peak usage, if traffic exceeds bandwidth, shaping occurs based on the desired priority.