Submit a ticketCall us

AnnouncementsTHWACKcamp 2018 is here

2018 is the seventh year for THWACKcamp™, and once again we’ll be live October 17 – 18 with packed session tracks covering everything from network monitoring and management, to change control, application management, storage, cloud and DevOps, security, automation, virtualization, mapping, logging, and more.

Register for online sessions.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA Documentation > NTA 4.4 Administrator Guide > Common tasks and user scenarios > Find the cause of high bandwidth utilization

Find the cause of high bandwidth utilization

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 802 Votes: 1 Revisions: 4

If a node managed in SolarWinds NPM is also a NetFlow source, it exports NetFlow data that you are currently monitoring in SolarWinds NTA. You can use SolarWinds NTA to analyze interface bandwidth utilization on the node whenever your workflow requires.

This procedure assumes that you have created an Orion alert on bandwidth utilization for a specific interface, and that the alert has been triggered based on your threshold setting. For example, you may have set the trigger threshold at 80% of interface bandwidth and you now see an alert-related event.

  1. Click My Dashboards > NetFlow > NTA Summary.
  2. Under NetFlow Sources, locate and expand the relevant node.
  3. Click the interface for which you received the bandwidth utilization alert.
  4. View the Top XX Endpoints for the interface.

    Each endpoint in the list has a utilization percentage associated with it. You should quickly see here the endpoint(s) responsible for the utilization alert. And you should see the domain associated with the endpoint. Even in On Demand DNS mode, SolarWinds NTA resolves hostnames in loading the Top XX Endpoints resource.

  5. View the Top XX Conversations to correlate the relevant items from the Top XX Endpoints list.

    The endpoints in these conversations should allow you to infer if the traffic involved in these bandwidth-consuming conversations qualifies as critical to your organization. If not, you can take steps to block the offending domain or investigate for a virus attack.

    If the bandwidth consumption reflected in these conversations does meet the criteria for organizational propriety or importance, then you probably need to consider this as a capacity planning or traffic management problem. If you cannot easily increase provision more bandwidth then you might consider managing the traffic on the interface with CBQoS priorities.


Last modified