Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.3 Administrator Guide > Common tasks and user scenarios > Find the cause of high bandwidth utilization

Find the cause of high bandwidth utilization

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 148 Votes: 1 Revisions: 4

If a node managed in SolarWinds NPM is also a NetFlow source, it exports NetFlow data that you are currently monitoring in SolarWinds NTA. You can use SolarWinds NTA to analyze interface bandwidth utilization on the node whenever your workflow requires.

This procedure assumes that you have created an Orion alert on bandwidth utilization for a specific interface, and that the alert has been triggered based on your threshold setting. For example, you may have set the trigger threshold at 80% of interface bandwidth and you now see an alert-related event.

  1. Click My Dashboards > NetFlow > NTA Summary.
  2. Under NetFlow Sources, locate and expand the relevant node.
  3. Click the interface for which you received the bandwidth utilization alert.
  4. View the Top XX Endpoints for the interface.

    Each endpoint in the list has a utilization percentage associated with it. You should quickly see here the endpoint(s) responsible for the utilization alert. And you should see the domain associated with the endpoint. Even in On Demand DNS mode, SolarWinds NTA resolves hostnames in loading the Top XX Endpoints resource.

  5. View the Top XX Conversations to correlate the relevant items from the Top XX Endpoints list.

    The endpoints in these conversations should allow you to infer if the traffic involved in these bandwidth-consuming conversations qualifies as critical to your organization. If not, you can take steps to block the offending domain or investigate for a virus attack.

    If the bandwidth consumption reflected in these conversations does meet the criteria for organizational propriety or importance, then you probably need to consider this as a capacity planning or traffic management problem. If you cannot easily increase provision more bandwidth then you might consider managing the traffic on the interface with CBQoS priorities.

 
Last modified

Tags

Classifications

Public