Traffic Analysis

Most customers begin their troubleshooting process using SNMP data to identify spikes in performance and to trigger performance alerts.  After reviewing the alert and confirming the event, customers need additional visibility to determine what caused the spike?  Why did the links saturate and what type of traffic caused this problem?

SevOne provides this visibility with Traffic Analysis from flow-based data including NetFlow, Flexible NetFlow, NBAR, J-Flow, S-Flow and IPFIX.  Flow-based data allows users to see what type of traffic comprised the spike and who were the consumers of this traffic. This top talker information and application visibility helps Operations teams see if the spike came from supported applications and helps them determine if they have users not conforming to their supported protocols. 

Customer Use Case:  Why is my network slow?

A SevOne customer had a business unit report that they could not complete their order entry process on the network and wanted to know what caused the problem.  IT Operations used SevOne SNMP Instant Graphs to identify a spike in utilization on the network and then with a single click, ran a NetFlow report to identify what type of traffic caused the spike.  They identified increased internet usage and multiple concurrent YouTube sessions that saturated their network and caused the latency.  IT Operations changed a firewall rule and resolved the issue, restoring the level of service required by the order entry process.

Flow Collection Methods

SevOne provides collectors for all types of flow data and we support up to 80,000 flows per second on each collector.

  • Aggregated vs Non-Aggregated
    NetFlow data requires lots of storage so most vendors aggregate the reporting of NetFlow to reduce the storage requirements.  SevOne supports aggregated NetFlow for standard reporting but also supports Non-Aggregated for complete flow records and the ability to report on flows at one second intervals.  By storing the Raw NetFlow, SevOne gives customers the ultimate flexibility in building reports and drilling down into the flow data.
     
  • Detect Micro Spikes
    SevOne supports Non-Aggregated NetFlow to provide individual flow reporting which includes one second visibility. This granular view allows users to see small bursts of traffic which most tools miss when they average their data and provide aggregated reports.
     
  • Customize your report templates
    SevOne’s Flow Reporting engine allows users to select which fields to collect and allows you to build custom report templates. 
     
  • Support for NBAR
    Network Based Application Recognition (NBAR) provides summary data on what type of traffic passed through a router and what percent of the total traffic did that type comprise.  NBAR helps to quickly see what percentage of traffics is HTTP.
     
  • Data Retention
    SevOne allows customers to adjust data retention policies and to store more or less raw flow data based on requirements.
     
  • Identify Applications
    With port based identification, SevOne provides a list of recognized applications. Customers can customize this list to track and report on applications specific to their environment.
     
  • Identify Top Talkers
    SevOne provides a Top Talkers report to quickly show what type of traffic contributed to the spike.  From this top talker view, SevOne enables users to resolve DNS as well as check the “Next Hop.”
     
  • Identify Rogue applications
    Customers have built Type of Service Filters to identify what traffic runs on their network and what is the impact to their QoS policies.  For one customer, this type of report showed them that a user was conducting an unsupported Video Call on their network and utilizing most of their allocated VoIP bandwidth.