Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NetFlow Traffic Analyzer Getting Started Guide > Set up your flow environment > Flow environment best practices

Flow environment best practices

NTA Getting Started Home

Updated: March 14, 2017

This section provides recommendations for setting your flow environment.

Determine where to enable flow

SolarWinds NTA can capture and store vast amounts of flow data. To make the best use of SolarWinds NTA, use the following guidelines to make decisions about where to capture enabled flow data.

  • Understand your network and identify the types of problems you want to solve by capturing flow data.
  • If you are unsure of where to begin, enable flow data at the core layer, let SolarWinds NTA run for a period of time (for example, a week), and review the SolarWinds NTA resources in the SolarWinds Orion Web Console to determine if the data collected is sufficient.
  • If you need more flow data, move to the distribution layer. Due to the proliferation of duplicate data, SolarWinds recommends that you do not enable flows at the access layer.
  • If you want to monitor internal traffic and internet traffic, enable ingress and egress interfaces.
  • To capture the entire network conversation, enable ingress and egress on the external interfaces of a single node, or enable ingress only on all interfaces on the node.


Be mindful of directionality and duplication

If your devices are configured to export NetFlow on both ingress and egress interfaces, you might see duplicate traffic in the Summary resources.

Duplicate flows can occur in the following cases:

  • You have both ip flow ingress and ip flow egress applied for all interfaces on a device.
  • You have set ip flow ingress on some interfaces and ip flow egress on other interfaces.
  • On your serial interfaces with subinterfaces, you have NetFlow export enabled on both the physical and logical interfaces.

Calculate the size of your Flow Storage Database

Maintaining the SolarWinds NTA Flow Storage Database requires setting a retention period that corresponds with the amount of data you need to keep and the free disk space available on your SolarWinds NTA Flow Storage Database disk.

  1. Collect sample flow data for a week.
  2. Click Settings > All Settings.
  3. Under Product Specific Settings, click NTA Settings.
  4. Scroll down to the Database Settings section.
  5. Under NTA Flow Storage Database Settings, click Calculate.
  6. Review the Average Received Flows per Second, Current Size, and Projected Size.


Set the retention period

Retention period specifies the time for which flow data are stored in the database until they expire and are permanently deleted. The default retention period is set to 30 days.

To optimize the retention period for your SolarWinds NTA Flow Storage Database, collect data for a few days, and calculate the size of your SolarWinds NTA Flow Storage Database. You should then have an idea of the volume of data your network produces with NetFlow enabled. Consider also the space taken up by the database, and then adjust the retention period accordingly.

The database Location is noted on the same page, under NTA Flow Storage Database Settings.

  1. Click Settings > All Settings.
  2. Under Product Specific Settings, click NTA Settings.
  3. Scroll down to the Database Settings section.
  4. Note the database Location: host name and whether the database is installed locally or remotely.
  5. Click Calculate to review the size of your database.
  6. In the Retention Period field, enter the number of days after which flow data is deleted.
  7. In the Delete Expired Data list, select a frequency.
  8. Click Save.


Last modified