Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA Documentation > NTA 4.5 Administrator Guide > Common tasks and user scenarios > Find the cause of high bandwidth utilization

Find the cause of high bandwidth utilization

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 867 Votes: 1 Revisions: 4

If a node managed in SolarWinds NPM is also a NetFlow source, it exports NetFlow data that you are currently monitoring in SolarWinds NTA. You can use SolarWinds NTA to analyze interface bandwidth utilization on the node whenever your workflow requires.

This procedure assumes that you have created an Orion alert on bandwidth utilization for a specific interface, and that the alert has been triggered based on your threshold setting. For example, you may have set the trigger threshold at 80% of interface bandwidth and you now see an alert-related event.

  1. Click My Dashboards > NetFlow > NTA Summary.
  2. Under NetFlow Sources, locate and expand the relevant node.
  3. Click the interface for which you received the bandwidth utilization alert.
  4. View the Top XX Endpoints for the interface.

    Each endpoint in the list has a utilization percentage associated with it. You should quickly see here the endpoint(s) responsible for the utilization alert. And you should see the domain associated with the endpoint. Even in On Demand DNS mode, SolarWinds NTA resolves hostnames in loading the Top XX Endpoints resource.

  5. View the Top XX Conversations to correlate the relevant items from the Top XX Endpoints list.

    The endpoints in these conversations should allow you to infer if the traffic involved in these bandwidth-consuming conversations qualifies as critical to your organization. If not, you can take steps to block the offending domain or investigate for a virus attack.

    If the bandwidth consumption reflected in these conversations does meet the criteria for organizational propriety or importance, then you probably need to consider this as a capacity planning or traffic management problem. If you cannot easily increase provision more bandwidth then you might consider managing the traffic on the interface with CBQoS priorities.


Last modified