SolarWinds NTA collects and stores information regarding autonomous systems that network devices send in the NetFlow packets they export. You set up a network device for exporting autonomous system information as part of setting up the device to export NetFlow.
Since in sFlow BGP/AS information is provided in a special and extended header, SolarWinds NTA does not collect and process BGP/AS data for sFlow.
SolarWinds NTA collects NetFlow data, by default on port 2055, only if a network device is specifically configured to send to it. As a NetFlow collector, SolarWinds NTA can receive exported NetFlow version 5 data and NetFlow version 9 data that includes all fields of the NetFlow version 5 template. Once it collects NetFlow traffic data, SolarWinds NTA analyzes device bandwidth usage in terms of the source and destination endpoints of conversations reflected in the traffic.
All of these things need to be done for SolarWinds NTA to correctly monitor autonomous system networks through BGP:
origin-ascommand includes the origin AS for the source and destination.
peer-ascommand includes the peer AS for the source and destination.
You cannot include both origin and peer statistics.
Traffic from a device that is not monitored in SolarWinds NPM appears only in aggregate as part of the traffic from all unmonitored devices. If the device is setup to export data to SolarWinds NTA, but is unmonitored in SolarWinds NPM, the collector may receive the data without being able to analyze it meaningfully.
The specific interface through which a device exports NetFlow data must be monitored in SolarWinds NPM, and the interface index number for this interface in the SolarWinds Orion database (interface table) must match the index number in the collected flow data.
Add the device exporting NetFlow to SolarWinds NPM for monitoring.
If you are adding a large number of NetFlow enabled nodes, use Orion Network Sonar. For more information, see Discovering and Adding Network Devices in the SolarWinds Network Performance Monitor Administrator Guide.
Verify that the device is exporting NetFlow data as expected and that the device is monitored in SolarWinds NPM.
To verify that data are exported correctly, use a packet capture tool, such as WireShark, to search for packets sent from the network device to the Orion server.
If you successfully add a NetFlow enabled device with IP address
10.199.14.2 to SolarWinds NPM, and the device is actively exporting NetFlow data to the Orion server, you will see in WireShark a packet like the one (
49) highlighted below in gray:
As expected, we see in the packet details that
10.199.14.2 is its source IP address and
10.110.6.113 is the destination, which is the Orion server. This correlates with the node details on the device in Orion, as highlighted in yellow.
To verify that the IP address of the exporting interface on the network device is the one being monitored in Orion:
show runto see the running configuration of the device.
ip flow-export source Ethernet0/0.
To discover the IP address for this interface, type
show run int Ethernet0/0. We see that the IP address of the interface,
10.199.14.2, is being monitored by the Orion server.
Click My Dashboards > NetFlow > NTA Summary.
Under NetFlow Source, verify the NetFlow-enabled nodes listed with a recent time posted for collected flow.