This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

netflow utilization and graphical utilization differences?

When looking at the top interface based on netflow utilization I get a bunch of top 5 charts.  Even under the top 5 applications you get TCP and UDP mostly.  The chart colors show utilization at 100%.  However on the status below the chart adding up TCP and UDP traffic the total falls well below 100%. 

The same is true for top 5 conversations.  The chart shows the pipe (T1) is at about max utilization, but when you add up the top 5 talkers you are way below 100%.  The top talker by chart color appears to be 80% util or so and in the numbers below it appears to be less than 30%.

Is there a reason that comparing the chart graphical data to the % utilization data below that they do not tell the same story? 

  • The top five is the top 5.... there are probably many more than 5 conversations that make up your 100%.  You can change the resource to list more than top 5 and you'll see more... you can even list them all.  When listing all the conversations they should add up to 100%.

  • Understood that top 5 may not equal 100% of traffic if it is top talkers.  However if it is top 5 protocols and it only lists 2 or 3 I would expect the total to add up to nearly 100% not under 10%.  My chart shows TCP averaging between 40 and 95% of the traffic with UDP averaging 5 - 60%.  The chart shows color up to 100% the whole time.  When you add UDP and TCP you get about 7% of the pipe.  ICMP is just sneaking into the chart so I would expect a small % utilization.  My issue is how 3 protocols listed (TCP, UDP, and ICMP) equal less than 10% when looking at the color coded chart above the statistics it shows TCP should probably be using 60% plus, UDP probably 38, and ICMP maybe 2.  The real numbers are TCP 5.39, UDP 2% and ICMP at .01.  I wonder what is taking up the remaining 92% of the traffic.

  • Check the direction that is being displayed.  That threw me for a loop too as after the upgrade to 3.6 it defaults to only Ingress view as before it defaulted to show Both directions.

    Hope that helps, Jay

  • It is on both with the same issue.

  • Has anyone identified why the discrepancies identified by nathanvetter occur ? 

     

    I am also seeing the same discrepancies in NTA v3.7.