NTA analyzes traffic and detects exceptions based on flow data sent by the routers and switches. To provide a better understanding of how to send flow data for NTA analysis, we will illustrate flow configuration through an example. Additionally, we’ll guide you on key considerations during the configuration process.
In the given network environment, a switch (IP address: 10.66.249.61) manages the flow traffic from ports GigabitEthernet1/0/2 and GigabitEthernet1/0/3, directing it to the management interface of the NTA with the IP address 10.66.249.47.
1. Configuration on the switch side:
1) This configuration command ensures that the flow from Collector ID 1 is directed to the NTA management interface IP on port 6343, with a description of ‘portal-test,’ and a maximum sFlow data section length of 1400 bytes.
- Configure Collector with ID 1.
- Set the destination IP to the NTA management interface IP (10.66.249.47).
- Set the destination port to port 6343.
- Assign the description ‘portal-test’ to this configuration.
- Set the maximum length of the sFlow data section to 1400 bytes.
2)Configure GigabitEthernet1/0/2. As depicted in the diagram, the switch is using sFlow v5.
Command explanation:
- Use the “sflow counter interval” command to set the Counter sampling interval on GigabitEthernet1/0/2 to 30 seconds.
- Use the “sflow counter collector” command to specify the destination sFlow Collector ID for Counter-sampled packets on GigabitEthernet1/0/2, setting it to 1.
- Use the “sflow flow collector” command to designate the destination sFlow Collector ID for Flow-sampled packets on GigabitEthernet1/0/2, configuring it to 1.
- Set the sFlow Sampler sampling mode to random by using the “sflow sampling-mode” command on GigabitEthernet1/0/2.
- Set the sampling rate for packets to 1000 using the “sflow sampling-rate” command, indicating that one packet is sampled for every 1000 packets on GigabitEthernet1/0/2.
3)Configure GigabitEthernet1/0/3.
2. Configuration on the NTA side:
1) In the switch configuration, flow traffic is directed to the NTA on port 6343. To align with this, navigate to NTA Configuration > Flow Settings > Sflow Collecting Port and configure port 6343. For routers employing Netflow/Netstream/IPFIX, configure the corresponding port in NTA Configuration > Flow Settings > Netflow/Netstream/IPFIX Collecting Port. Ensure that the same flow export port is set on the router.
On the switch side, the sampling interval is configured as 30 seconds. So, in NTA Configuration -> Flow Settings > Flow Statistics Collect Interval, also configure it as 30 seconds.
Noted: The “Flow Statistics Collect Interval” should be chosen with consideration for the router’s “timeout active” value or ‘interval’ value on the switch, as it directly impacts the accuracy of the flow display.
- If the router’s flow timeout is 30 seconds or less, use 30 seconds in the NTA.
- If the router’s flow timeout is greater than 30 seconds but less than or equal to 60 seconds, opt for the “All” statistic mode with a 60-second interval in the NTA.
- If the router’s flow timeout exceeds 60 seconds, select the “Partial” statistic mode with a 60-second interval in the NTA.
- In NTA Configuration > Objects > Routers, configure router information.
| Parameter | Description |
| Flow Collection IP | IP address used by the router to send flow data to NTA. |
| Flow Version | Specifies the flow protocol type and version. Needs to be consistent with the protocol type and version used on the router/switch side. If Flow Version is set to Flexible NetFlow, the flow protocol type can be NetFlow V5, NetFlow V9, or IPFIX. |
| Sampling Rate Adaption | Controls whether to enable sampling rate adaption for sFlow (sFlow_v4 and sFlow_v5). |
| Flow Sampling Ratio | Indicates the rate of packets to be sampled to all the packets passing through the router, which must be the same as that configured on the router. The maximum value is 65535. When sFlow_v4 or sFlow_v5 is selected for Flow Version and sampling rate adaption is enabled, this field is unavailable. |
| Flow Forwarding Configuration | Specifies whether to forward collected flow data to other IP addresses. It has the following values: – Use Default Configuration: uses global default settings. For details, see user guide section 5.6 Flow Data Collection and Forwarding. – Not Forward: does not forward received flow data. – Custom: specifies IPv4 or IPv6 addresses and port numbers to which flow data will be forwarded. You can type up to eight destination addresses, with each in a separate line. |
3)Open router interface statistics on NTA (Before R90F02SP06, all interfaces are open for statistics by default, and from R90F02SP06 onwards, all interfaces are disabled by default and can be manually enabled as required.). In Configuration > Objects > Routers page, click the number in the Interface Number column to go to the Interface List page. Click Collect flow stats of selected interfaces from the drop-down box to enable collecting selected flow statistics, or click Collect flow stats of all interfaces to enable collecting flow statistics of all interfaces.
Upon completing the configuration, you can access the current flow information by navigating to NTA Monitor > Routers.
