Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn more about our patch management solution.

 

Home > Success Center > Netflow Traffic Analyzer (NTA) > Netflow data spikes instead of flowing evenly as expected transfer rate

Netflow data spikes instead of flowing evenly as expected transfer rate

Created by Daniel Polaske, last modified by MindTouch on Jun 23, 2016

Views: 79 Votes: 0 Revisions: 9

Overview

This article provides an example and brief information on Netflow data spike.

After the completion of a 30-minute 5GB download, you may inspect the NTA graphs and find that the download registered as a single 5GB download over the course of a minute which occurred at the end of the transfer, instead of a sustained 5GB download over 30 minutes at roughly 2.8MBps.  Visually, it appears as a spike instead of a block of traffic.

Environment

All Orion Core products with NTA installed

 

Cause 

This is typically due to the ip flow-cache timeout active setting on the exporting Cisco network device being set to a default of 30 or higher.

 

More details can be found by at the link from Cisco below for ip flow-cache timeout:

http://www.cisco.com/en/US/docs/ios/...html#wp1185203

Resolution

Change the global configuration to ip-flow-cache timeout active 1 instead of a higher value. 

This will force the device to export all flows on a minute-by-minute basis instead of exporting a flow only at the end of the conversation.  If assistance is needed with this change, we would kindly suggest for you to reach out to Cisco TAC as differences between make/model/IOS version.

 

 

Last modified
20:35, 22 Jun 2016

Tags

Classifications

Public