Hi all,
We've been using NTA for a while, but finding it's value fairly limited. The main reason is that it doesnt appear to reflect actual usage of the interfaces we're monitoring. For example, we monitor outside interfaces on routers, or layer 2 passthrough interfaces on core switches, but ALL of our NTA data then shows up with a very spiky graph, which seems to show bursted usage and not actual usage.
I'm not sure if this is how NetFlow data is supposed to look, but it doesn't look right to me.
Screenshot:
Here is our netflow config on the core of this specific device:
flow record NetFlow-In
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect counter bytes long
collect counter packets long
!
flow record NetFlow-Out
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect counter bytes long
collect counter packets long
!
flow exporter Solarwinds
description NetFlow to Solarwinds Poller
destination x.x.x.x
source Vlan10
transport udp 2055
export-protocol netflow-v9
!
flow monitor FLOW-IN
exporter Solarwinds
record NetFlow-In
!
flow monitor FLOW-OUT
exporter Solarwinds
record NetFlow-Out
!
interface GigabitEthernet1/0/23
ip flow monitor FLOW-IN input
ip flow monitor FLOW-OUT output
!
interface GigabitEthernet1/0/24
ip flow monitor FLOW-IN input
ip flow monitor FLOW-OUT output
!
interface GigabitEthernet2/0/23
ip flow monitor FLOW-IN input
ip flow monitor FLOW-OUT output
!
interface GigabitEthernet2/0/24
ip flow monitor FLOW-IN input
ip flow monitor FLOW-OUT output
Anyone have any ideas if this is right or not?