Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > NTA charts display seemingly random data (spikes/protocols/bitrate)

NTA charts display seemingly random data (spikes/protocols/bitrate)

Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 19, 2017

Views: 209 Votes: 0 Revisions: 21

Updated October 19, 2017


You will find that the charts for certain devices or interfaces display some random data, such as spikes, invalid protocols, bitrates, and other.

The logs and the NTA Last 25 Traffic Events resource will be full of messages is receiving flow data from unmanaged interface '#1701981539'.... (where the interface number is random and varied). This is illustrated in the screenshot below:


The charts will display similar to the following:


Please note, this issue has a shared symptom (interfaces with random # in Last 25 Traffic Events) with the following issue, but is due to a different cause:


  • All NTA versions before NTA 4.2.3
  • Known affected flow protocols:  Netflow V9 and IPFIX
  • Known affected devices:  Cisco ASR v16.4
  • It is likely that other devices, makes/model/IOS versions are affected.


The issue is with the device template export containing the observation domain ID.  There are two templates with ID6 and ID256 which are distinguishable only by the observation domain ID string.  NTA then uses the wrong template for this flow data.


This will appear in the Wireshark capture as such:


Obs-Domain-ID= 6



Please see the screenshot from from the IPFIX example below:


This is a bug in processing the flow data which will be fixed in NTA 4.2.3.  There is currently no known workaround, but this is stated to be fixed in NTA 4.2.3.


Suggested Tags:  Obs-Domain-ID= 6, Obs-Domain-ID=256, ID6, ID256, Cisco ASR v16.4, Last 25 Traffic Events


A reason for rework or Feedback from Technical Content Review:



Last modified