Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of Hybrid Cloud Observability Advanced and is also available in a standalone module, NetFlow Traffic Analyzer (NTA). Hybrid Cloud Observability Advanced and NTA are built on the self-hosted SolarWinds Platform.

NTA chart issues

Below are the most common issues encountered on NTA charts.

Duplicate flows

If your devices are configured to export NetFlow on both ingress and egress interfaces, you might see duplicate traffic in your widgets.

Duplicate flows can occur in the following cases:

  • You have both ip flow ingress and ip flow egress applied for all interfaces on a device.
  • You have set ip flow ingress on some interfaces and ip flow egress on other interfaces.
  • On your serial interfaces with subinterfaces, you have NetFlow export enabled on both the physical and logical interfaces.

Resolving Duplicate Flows

  • If your device configuration contains both ip flow ingress and ip flow egress commands, make sure NetFlow is enabled only for ingress interfaces.
  • If you have NetFlow enabled for both physical and logical subinterfaces, remove the NetFlow export commands from the physical serial interfaces and only have the subinterfaces enabled for the export.

Double rate in Top XX Endpoints and Top XX IPv4 Domains

The Top XX Endpoints and Top XX IPv4 Domains widgets display double data by design. Each flow has two distinct endpoints. To display statistics for top endpoints, NTA disregards that one endpoint is the source and the other endpoint is the target of flows, and treats both as endpoints only. This effectively doubles the total amount of data displayed by the Top XX Endpoints widget.

Example

Let us take two flows and look at what you see in most widgets and in the Top XX Endpoints widget.

Most widgets

Flow Source IP Destination IP Protocol Bytes Transferred
Flow 1 IP1 IP2 TCP 50
Flow 2 IP2 IP3 TCP 40
Total bytes transferred: 50+40=90

Top XX Endpoints widget

Endpoint Bytes Transferred
IP1 50
IP2 50+40=90
IP3 40
Total: 50+90+40=180

No data

If your widgets show the "no data" message, it can be caused by one of the following:

No data to be displayed

There are no data to be displayed for the current time and flow direction settings.

To resolve the issue, check the time settings for both the widget and the view.

Too long time period selected for the view

If NTA needs more than one hour to process data that you want to see in the widgets, the query times out and the widgets show the "no data" message.

To resolve the issue, define a shorter time period for both the view and the widget.

Unexpected spikes in CBQoS post-policy charts

If you remove a shaping policy from a class, post-policy charts with the chart type set to % of Class Utilization may display unexpected spikes.

This is normal behavior, because devices affected by the policy change temporarily report huge amounts of data, which is reflected by the post-policy spike.