Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA charts display seemingly random data (spikes/protocols/bitrate)

NTA charts display seemingly random data (spikes/protocols/bitrate)

Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 19, 2017

Views: 51 Votes: 0 Revisions: 21

Updated October 19, 2017

Overview

You will find that the charts for certain devices or interfaces display some random data, such as spikes, invalid protocols, bitrates, and other.


The logs and the NTA Last 25 Traffic Events resource will be full of messages is receiving flow data from unmanaged interface '#1701981539'.... (where the interface number is random and varied). This is illustrated in the screenshot below:

 

The charts will display similar to the following:

 

Please note, this issue has a shared symptom (interfaces with random # in Last 25 Traffic Events) with the following issue, but is due to a different cause:

 

https://support.solarwinds.com/Success_Center/Netflow_Traffic_Analyzer_(NTA)/NTA_Virtual_Interface_reporting_traffic_instead_of_desired_interface

Environment

  • All NTA versions before NTA 4.2.3
  • Known affected flow protocols:  Netflow V9 and IPFIX
  • Known affected devices:  Cisco ASR v16.4
  • It is likely that other devices, makes/model/IOS versions are affected.

Cause 

The issue is with the device template export containing the observation domain ID.  There are two templates with ID6 and ID256 which are distinguishable only by the observation domain ID string.  NTA then uses the wrong template for this flow data.

 

This will appear in the Wireshark capture as such:

 

Obs-Domain-ID= 6

Obs-Domain-ID=256

 

Please see the screenshot from from the IPFIX example below:

Resolution

This is a bug in processing the flow data which will be fixed in NTA 4.2.3.  There is currently no known workaround, but this is stated to be fixed in NTA 4.2.3.

 

Suggested Tags:  Obs-Domain-ID= 6, Obs-Domain-ID=256, ID6, ID256, Cisco ASR v16.4, Last 25 Traffic Events

 

A reason for rework or Feedback from Technical Content Review:

 

 

Last modified

Tags

Classifications

Public