Choosing NTA Sources

Consider the following when adding NTA sources:

Identify Critical Paths and Potential Source Devices

Understanding the purpose of the monitoring helps you to identify the target source device.

Device

Purpose

Gateway to ISP

  • Measure WAN traffic movement.
  • Application level traffic analysis.
  • SLA and uptime auditing.
  • Track traffic by application, geographic region, and domain.
  • Anomaly tracking, forensics, and diagnostics.

WAN and LAN routers and significant interfaces and ports.

  • Capacity planning.
  • Validate traffic rules implemented at switch.
  • Anomaly tracking, forensics, and diagnostics.

Ingress and egress interfaces for proxy host, critical services, and head nodes.

  • Validate IP rules/traffic.
  • Capacity planning.
  • Validate load balancer function.
  • Anomaly tracking, forensics, and diagnostics.

Browse for Devices Already Configured to Export Flow Packets

You can browse for devices which are already configured or support remote configuration MIBs from the Potential Netflow Sources dialog.

Firewall Considerations

Once a potential Network Traffic Analysis source has been identified, you should consider the location of the device with respect to other networking devices, particularly those devices that perform network address translation (NAT). Depending on where the source is located relative to the device performing NAT, traffic to and from an internal (private) IP addresses are reported differently in the exported NetFlow data.

NAT and Virtual Machine Considerations

Other conditions that may also change the nature of the data reported by Network Traffic Analysis include:

See Also

Network Traffic Analysis

NTA System Overview

NTA System Requirements

NTA Quick Start

Configuring and Enabling Collection on Sources

Aggregating Sources

Grouping Traffic

Classifying Traffic by Port Number

Adding Custom Labels for Type of Service (ToS) IDs

Listener Port, Collection, and Retention Settings

Collector Database Maintenance

Reduce and Analyze Traffic with Advanced Filtering