Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Ingress/Egress/Both options influence the NTA Top XX endpoints resource

Ingress/Egress/Both options influence the NTA Top XX endpoints resource

Table of contents
No headers

In NetFlow, there are three terms you will frequently see: endpoints, transmitters, and receivers. Any NetFlow conversation is made of 3 parts: Source IP, Destination IP, and port.

For example, there is a user on a Windows PC downloading a file from an FTP on Amazon, and FTP uses port 21. The data conversation starts from the FTP server (Source IP), heads to the PC (Destination IP), and travels on FTP port 21.

An endpoint could be the Amazon FTP server or the Windows box. It is just a point where the data conversation begins/stops, making it an endpoint. If the IP address downloads a file from the net, it is a receiver. If the IP address sends out a file, it is a transmitter. So an endpoint is not where traffic ends but one of the IPs in the data conversation (Source or Destination).

Ingress and egress describe interfaces on your switches or routers:

  • Ingress: interfaces used for incoming traffic.
  • Egress: interfaces used for outgoing traffic.

Note: The size of ingress/egress packets is usually the same. However, it can differ for example if you have CBQoS policies defined for individual interfaces and the policies define that certain packets are dropped and not delivered to the appropriate endpoint.

 

Let's take a look at a scheme and how it's reflected in the resource. 

The following figure shows two flows:

Flow 1: PC1 (source) > the traffic of 86.7 Mbytes is coming to the switch through interface if1 (ingress) and leaving the switch through interface if2(egress) > PC 2 (destination)

Flow 2PC3 (source) > the traffic of 33.1 Mbytes is coming to the switch through interface if3 (ingress) and leaving the switch through interface if2 (egress ) > PC 2 (destination)

ingr_egr_endp.png

 

And now, let's take a look at this situation reflected in the NTA Top XX Endpoints resource:

kb_topendpoints_both_new.png

 

 

On the figure above, NTA detected three endpoints, 10.140.126.2 (PC2), 10.140.126.1 (PC1), and 10.140.126.3 (PC3). 

 

If you drill down the endpoints, you'll see the switch and its interfaces with individual traffic data.

In case of PC2 (10.140.126.2), which is the destination endpoint for both flows, we can see that three switch interfaces are used:

  • if2 - the interface both flows (F1 and F2) use for leaving the switch (egress: 86.7+33.1=119.8 Mbytes)
  • if1 - the interface used by flow F1 for entering the switch (ingress: 86.7 Mbytes)
  • if3 - the interface used by flow F2 for entering the the switch (ingress: 33.1 Mbytes)

 

To see only ingress information, select the Ingress option. Only the Ingress columns and interfaces relevant for ingress will be shown in the chart.

To see only egress information, select the Egress option. Only the Egress columns and interfaces relevant for egress will be shown in the chart.

For more information about the resource, see Top XX Endpoints.

 
Last modified
07:23, 27 Sep 2017

Tags

Classifications

Public