Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA charts display seemingly random data (spikes/protocols/bitrate)

NTA charts display seemingly random data (spikes/protocols/bitrate)

Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 19, 2017

Views: 114 Votes: 0 Revisions: 21

Updated October 19, 2017


You will find that the charts for certain devices or interfaces display some random data, such as spikes, invalid protocols, bitrates, and other.

The logs and the NTA Last 25 Traffic Events resource will be full of messages is receiving flow data from unmanaged interface '#1701981539'.... (where the interface number is random and varied). This is illustrated in the screenshot below:


The charts will display similar to the following:


Please note, this issue has a shared symptom (interfaces with random # in Last 25 Traffic Events) with the following issue, but is due to a different cause:


  • All NTA versions before NTA 4.2.3
  • Known affected flow protocols:  Netflow V9 and IPFIX
  • Known affected devices:  Cisco ASR v16.4
  • It is likely that other devices, makes/model/IOS versions are affected.


The issue is with the device template export containing the observation domain ID.  There are two templates with ID6 and ID256 which are distinguishable only by the observation domain ID string.  NTA then uses the wrong template for this flow data.


This will appear in the Wireshark capture as such:


Obs-Domain-ID= 6



Please see the screenshot from from the IPFIX example below:


This is a bug in processing the flow data which will be fixed in NTA 4.2.3.  There is currently no known workaround, but this is stated to be fixed in NTA 4.2.3.


Suggested Tags:  Obs-Domain-ID= 6, Obs-Domain-ID=256, ID6, ID256, Cisco ASR v16.4, Last 25 Traffic Events


A reason for rework or Feedback from Technical Content Review:



Last modified