Hide this message
Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at firstname.lastname@example.org
In NetFlow, there are three terms you will frequently see: endpoints, transmitters, and receivers. Any NetFlow conversation is made of 3 parts: Source IP, Destination IP, and port.
For example, let's say there is a user on a Windows PC downloading a file from an FTP on Amazon, and FTP uses port 21. Obviously, the data conversation starts from the FTP server (Source IP) heads to the PC (Destination IP) and travels on FTP port 21.
An endpoint could be the Amazon FTP server or the Windows box. It is just a point where the data conversation beings/stops, making it an endpoint. If the IP address is downloading a file from the net, it is a receiver. If the IP address is sending out a file, it is a transmitter. So an endpoint is not where traffic ends but one of the IPs in the data conversation (Source or Destination).
Ingress and egress describe interfaces on your switches or routers:
Note: The size of ingress/egress packets is usually the same. However, it can differ for example if you have CBQoS policies defined for individual interfaces and the policies define that certain packets are dropped and not delivered to the appropriate endpoint.
Let's take a look at a scheme and how it's reflected in the resource.
The following figure shows two flows:
Flow 1: PC1 (source) > the traffic of 86.7 Mbytes is coming to the switch through interface if1 (ingress) and leaving the switch via interface if2(egress) > PC 2 (destination)
Flow 2: PC3 (source) > the traffic of 33.1 Mbytes is coming to the switch through interface if3 (ingress) and leaving the switch via interface if2 (egress ) > PC 2 (destination)
And now, let's take a look at this situation reflected in the NTA Top XX Endpoints resource:
On the figure above, NTA detected three endpoints, 10.140.126.2 (PC2), 10.140.126.1 (PC1), and 10.140.126.3 (PC3).
If you drill down the endpoints, you'll see the switch and its interfaces with individual traffic data.
In case of PC2 (10.140.126.2), which is the destination endpoint for both flows, we can see that three switch interfaces are used:
To see only ingress information, select the Ingress option. Only the Ingress columns and interfaces relevant for ingress will be shown in the chart.
To see only egress information, select the Egress option. Only the Egress columns and interfaces relevant for egress will be shown in the chart.
For more information about the resource, see webhelp for Top XX Endpoints.