Incorrect traffic information in Netflow analyzer
NetFlow Analyzer shows the information based on the flow Packets
(NetFlow, sflow, Jflow, netstream etc..) exported by the device to the
NetFlow Analyzer installed server.
We have seen many customers
come with the issue that the Utilization information based on the
interface is showing wrong in NetFlow Analyzer. It can be due to the
1. Active Timeout:
Analyzer shows the traffic information with 1 min granularity for
real-time traffic details from the interface. If the device does not
send traffic information every 1 min, you will get wrong utilization
reports for the interface in NetFlow Analyzer.
To make sure that
the device sends traffic information every 1 min, it is important to set
the active timeout to 1 min or 60 sec (by default it is 5 mins or 1800
sec) in the device configuration.
2. Link Speed not set correctly:
Analyzer auto-discover the device and its interfaces based on the flow
packets exported by the device. Here we discover the device in NetFlow
Analyzer with the source interface IP address configured in the device
and interfaces as Ifindex with default speed set as 1 Mbps.
Analyzer calculates the utilization based on the link speed. For
example, if the link has the capability to handle 1 Mbps and the actual
traffic passing through an interface is about 512 Kbps, the utilization
graph in NetFlow Analyzer displays the traffic percentage as 50 %. Here
is the formula which explains the utilization calculation on NetFlow
Utilization = Actual Speed/Link Speed * 100
if the link speed or the interface speed is not configured properly, you
will get wrong utilization information. We use read-only SNMP community
configured in the device to update the Device Name, Interface name and
interface speed (Please click on the link
for the steps) or you can Manually update the interface Speed to get
the Correct traffic information. ( Inventory -> Flow Analysis ->
Interfaces -> Drill down -> Interface Details ).
3. Configuration Command issue:
are multiple commands to enable NetFlow Export from the interface like
"IP flow ingress" and "IP flow egress" and "IP flow monitor":
your requirement is to monitor only single interface of the device,
please enable both "IP flow ingress" and "IP flow egress" command in
that particular interface alone.
If you are going to monitor
multiple interfaces for the interface enable the command "ip flow
ingress" alone in all the interfaces of the device.
4. Non-dedicated burstable bandwidth:
ISPs allows you to use the allocated bandwidth depending on the other
customers sharing that link. So, even though the max bandwidth is 2Mbps,
the ISP may allow you to use even more based on availability. This also
affects the accurate reporting on NetFlow Analyzer causing incorrect
bandwidth utilization values and even more than 100%.
5. ESP and GRE traffic:
is another reason for traffic to get double counted in NetFlow
Analyzer. With NetFlow data, the tunnel traffic will be accounted as the
normal traffic before encryption and again as the encrypted traffic.
NetFlow Analyzer has an option to filter this kind of encrypted tunnel
traffic from the reports. This option is available under Settings –>
NetFlow -> Flow Filter Settings -> ESP or GRE Filter.
6. Interface Bandwidth of IN interface and OUT interface:
analyzer tools calculate the OUT traffic of an interface based on the
IN traffic of the interface that sends traffic to it. When traffic is
passing from higher speed interface to lower speed interface, the
calculation of OUT traffic from a higher speed IN traffic causes
incorrect traffic utilization to be shown on the OUT traffic.
above reason for more than 100 % utilization on OUT traffic can be
resolved by enabling only “ip flow egress” on all the interfaces.
Consolidated fix for NetFlow Analyzer Build 10250 for Stand Alone
Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. The consolidated fix is available over 10250 which ...
UDP port block Message In NetFlow Analyzer
In NetFlow Analyzer we do two types of check in windows firewall, while flows are being received in server 1) Check if there is any allow rules created to allow UDP port say "9996" -Once our product find out this rule then flows collection will get ...
Database Migration from Mysql to Postgres in NetFlow Analyzer version 10250
Steps to Migrate NetFlow Standalone Mysql DB to pgsql Datase Note: Migration is applicable only in build 10250 Both the MYSQL and PGSQL installation should be in the same server to perform the Migration. Make sure that you have enough disk space ...
NetFlow Analyzer Tool Disk Space Requirement
This this the Approximate Disk Space Calculation for Storing RAW Data , Aggregated Data and 1 min Flat files in NetFlow Analyzer: Aggregated Data: 1. Historic Data (Forever) Connversation Data = (507000 byte * number of top record * number of ...
SFLOW IPv6 Patch for NetFlow Analyzer Build 11001
This Patch is applicable only over the NetFlow Analyzer build 11001 Please download the patched files from the below link: Sflow_Patch The Patch consist for below folder with the patch files: NetFlowCollector.jar NetFlowClient.jar ...