jreves ✭✭✭✭✭

In NTA 4.5, you can alert on Port 0 traffic. Just sayin' ;-) joer

We resolved a number of performance issues in the service release for 2020.2; my recommendation is to upgrade. I believe you'll see this issues resolved. Contact me directly if these performance issue persist, and we'll get a support ticket open to take a look at them. @"jreves" 

Sent you an email with a proposed meeting time! jreves​

Jan, i sent you PM. Let's see if we can figure this out, and then we can summarize the results back here. joer

sayalirevalkar​, the current versions of NTA do require an SQL database for flow storage. The features we need are available in SQL beginning with SQL 2016 SP1, or later. You can build this database in the same instance as your Orion database; we're recommending that customers house both Orion and the Flow Storage database…

Tony, you can expect to be contacted by one of our Senior Application Engineers on UDT shortly. Let me know directly if that doesn't happen, or if progress on this issue stalls. jreves​

vispetto​, I'm reaching out to support now to get the dev team involved. I'll close with you directly. I'm the Product Manager for UDT, and you can reach out to me directly if you have any issues in the future. jreves​

Richard, I just picked up UDT. For what it's worth, I think it's a gem and I'll be working on getting the WWWO posting updated, and updating the product roadmap. I can't promise any timelines, but I'm taking an active look at the product and how people are using it. joer

holnave​, probably best to open a support ticket so we can take a closer look. In addition to diagnostics, I would recommend you capture a PCAP at the collector, to see what's entering the processing path. jreves​

Bill, Just to follow up on my email - If you have some time this week, let's talk about some specific use cases and we can summarize those here. joer

Yes, that's correct. This functionality to create a custom application is present in NTA, and requires that you are collecting flow data from devices that have visibility into this traffic. @"jreves" 

There's a Feature Request under consideration for this idea here: I would encourage you to upvote this feature request, and add any elaboration to that thread. We do review and prioritize the feature request threads to help shape the product roadmap - your voice is important! jreves​

A feature request to track this would be helpful; it would serve to help other customers vote explicitly on this functionality. Right now, I'm taking this as a byproduct of flow de-duplication requests in that it would put us on a more endpoint-centric footing. Our current product is very node/interface context sensitive,…

Jan, did that resolve your issue?

m_roberts​, there are ongoing discussions about finer RBAC in the product, but that would likely be implemented in Core across the board. We'll discuss what might be possible for the NTA pages with the Flow Navigator, as well. joer

Jay, I'll look for some time next week and suggest a few timeslots we can meet to discuss. thanks! jreves

Can you tell me a little more about the environment? What version of NTA are you running? @"jreves" 

Let's set up some time, and we'll take a look at your environment! I would love to see this working for you. I'll drop you an email with my contact information, and we'll set up a time to review it! @"jreves" 

Have a look at:https://thwack.solarwinds.com/t5/NTA-Documents/Introducing-the-NTA-2020-2-Release-Candidate-IPAM-IP-Group/ta-p/590017 In this release, we're picking up either endpoints, or IP Groups with the NetFlow alerts. Does that do the job? #jreves

@"kpmarcin", we're working on it, but I can't commit any delivery date at this time. Are there other aspects of Juniper support as well that are critical for your customers? @"jreves" 

Adding serena​ to this thread to comment on the installer feedback!

It creates a separate DB for flow. The good news is: we can support (and recommend) placing both the Orion DB and the Flow Storage DB in the same SQL instance. If you have Log Manager, you can run that database in the same instance, as well. We've just completed performance testing, and we're updating our documentation to…

It's not available yet - it's a feature we're working on now. For what kinds of conditions would you like to be able to trigger alerts?

Additional resources you may find helpful: Overview of Network Traffic Flow Technologies - YouTube Visibility in the Data Center jreves​

Very nice job, thanks! joer

ashleyhames​, thanks - this is excellent feedback and we'll consider this feature. Historically, the discovery and polling mechanisms for NPM and UDT were developed independently; while the functionality overlaps significantly, the data collected is used very differently. The behavior and the configuration of the discovery…

raimondasm​ - Effectively, you'll want to "insert" the replicator between your existing sources of flow, and your NTA collector. To do that, you'll first stop your NTA collector, and then relocate the collector port to a different port. You can do that in the NTA Settings section, under collector services: You can relocate…

Tony, for this scenario I think you're going to have one listener - where flow arrives from your infrastructure - and then multiple destinations. One destination would be your NTA flow collector, and one destination would be your Splunk server. You can set up sampling on a per-destination basis. Here's an overview; you can…

Tony, the NetFlow Replicator is an unsupported free tool. If you can send me the details directly, I'll see if I can help you on a best-effort basis. What kinds of issues are you seeing? jreves​

That's great feedback, Jay! Thanks -