Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > NTA charts display seemingly random data (spikes/protocols/bitrate)

NTA charts display seemingly random data (spikes/protocols/bitrate)

Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 19, 2017

Views: 169 Votes: 0 Revisions: 21

Updated October 19, 2017

Overview

You will find that the charts for certain devices or interfaces display some random data, such as spikes, invalid protocols, bitrates, and other.


The logs and the NTA Last 25 Traffic Events resource will be full of messages is receiving flow data from unmanaged interface '#1701981539'.... (where the interface number is random and varied). This is illustrated in the screenshot below:

 

The charts will display similar to the following:

 

Please note, this issue has a shared symptom (interfaces with random # in Last 25 Traffic Events) with the following issue, but is due to a different cause:

 

https://support.solarwinds.com/Success_Center/Netflow_Traffic_Analyzer_(NTA)/NTA_Virtual_Interface_reporting_traffic_instead_of_desired_interface

Environment

  • All NTA versions before NTA 4.2.3
  • Known affected flow protocols:  Netflow V9 and IPFIX
  • Known affected devices:  Cisco ASR v16.4
  • It is likely that other devices, makes/model/IOS versions are affected.

Cause 

The issue is with the device template export containing the observation domain ID.  There are two templates with ID6 and ID256 which are distinguishable only by the observation domain ID string.  NTA then uses the wrong template for this flow data.

 

This will appear in the Wireshark capture as such:

 

Obs-Domain-ID= 6

Obs-Domain-ID=256

 

Please see the screenshot from from the IPFIX example below:

Resolution

This is a bug in processing the flow data which will be fixed in NTA 4.2.3.  There is currently no known workaround, but this is stated to be fixed in NTA 4.2.3.

 

Suggested Tags:  Obs-Domain-ID= 6, Obs-Domain-ID=256, ID6, ID256, Cisco ASR v16.4, Last 25 Traffic Events

 

A reason for rework or Feedback from Technical Content Review:

 

 

Last modified

Tags

Classifications

Public