SolarWinds NetFlow Traffic Analyzer (NTA) is a multi-purpose tool useful for a wide range of bandwidth monitoring and management purposes. It integrates with SolarWinds Network Performance Monitor (NPM) to provide a comprehensive network monitoring tool.
NTA collects two kinds of data: interface-level flow data and Class Based Quality of Service data. It then looks at the performance data NPM collects from SNMP and WMI sources and combines the two data streams to produce one set of data you can analyze and examine. This data can be processed into graphs and reports, so you can have complete visibility into your network, in both a historical sense and in terms of its current status.
Now let’s look at the key features of NTA. Network Traffic Analyzer has several utilities to help with network traffic monitoring, each of which has a special function and key focus regarding network flows.
Monitor bandwidth use by application, protocol, and IP address group. View both IPv4 and IPv6 flow records. Monitor Cisco NetFlow, Juniper J-Flow, sFlow, Huawei NetStream, and IPFIX flow data identifying the applications and protocols consuming the most bandwidth.
Get alerted if application traffic suddenly increases, decreases, or disappears completely. Be able to quickly act if there’s an unusual change in application traffic. You can also set alerts to be notified if a device stops sending flow data, so you can efficiently remediate the problem.
Analyze network traffic patterns over months, days, or minutes by drilling down into any network element. NetFlow Traffic Analyzer collects traffic data, correlates it into a useable format, and presents it to the user in a web-based interface for monitoring network traffic.
PerfStack™ cross-stack network data correlation. Accelerate identification of root cause by dragging-and-dropping network performance metrics on a common timeline for immediate visual correlation across all your network data and NetFlow analytics.
Identify which applications and categories consume the most bandwidth for better network traffic visibility with NBAR2 support. Cisco NBAR2 support gives you visibility into HTTP (port 80) and HTTPS (port 443) traffic without the need for additional probes, spanning ports, etc.
Create, schedule, and deliver in-depth network traffic analysis and bandwidth reports with just a few clicks. Don’t spend money on additional bandwidth if it’s not needed. NetFlow software can help you review historical data to identify peak bandwidth usage and adjust policies for better management.
Monitor Wireless LAN Controller traffic to keep tabs on applications and clients utilizing bandwidth on your wireless network. In today’s mobile world, it’s important to keep your wireless network running smoothly. With WLC network traffic analysis, you can easily see what’s using your wireless bandwidth.
View traffic data on Cisco Meraki interfaces. Visualize the traffic flows on your Cisco Meraki MX and Z series interfaces for better monitoring of the bandwidth use in your Cisco Meraki wireless environment.
Measure the effectiveness of pre- and post-policy traffic levels per class map to determine if QoS policies are working as planned. If your business relies on VoIP, e-commerce, or other cloud-based applications, the NetFlow analyzer software will help confirm that prioritized traffic passes smoothly through the network.
Increase security with visibility into malicious or malformed traffic with port 0 monitoring. TCP/UDP monitoring of port 0 traffic highlights any flows directed to port 0 so you can quickly identify intrusive traffic.
Release date: November 5, 2019
These release notes describe the new features, improvements, and fixed issues in NetFlow Traffic Analyzer 2019.4. They also provide information about upgrades and describe workarounds for known issues.
NTA 2019.4 offers the following new features and improvements compared to previous releases of NTA.
As of NTA 2019.4, you can view flow data from Cisco Meraki MX devices. The data are associated with SNMP-managed interfaces from NPM. Certain devices use different Interface IDs when polled by SNMP and different Interface IDs in NetFlow. Due to this discrepancy, traffic cannot be correctly bound to the interface. This issue is solved by mapping between Flow Interface ID and SNMP Interface ID.
To start monitoring data from Cisco Meraki MX devices, you must add the device to SolarWinds NPM and configure it to export flows to the Main or Additional Polling Engine. The mapping is generated automatically when NTA receives the first flow traffic from the relevant Meraki device. Mapping is kept in the Orion database in separate tables for each polling engine. Mapping is valid until you manage the node, enable flow processing, and the NetFlow Service receives flow data.
You can enable the Meraki mapping feature through NTA Settings in the Orion Web Console. If you are monitoring devices running Meraki firmware version MX 15.14 or later, you can disable the mapping feature completely.
This section provides procedures for adding and deleting flow sources and selecting CBQoS-enabled devices for monitoring.
If NPM is monitoring network devices that are configured to export flow data, and if automatic addition of flow sources is enabled in NTA Settings, NTA automatically detects and adds the flow sources under NetFlow Sources.
Orion Platform 2019.4 offers new features and improvements compared to previous releases of Orion Platform.
Generate Service Desk incidents from Orion Alerts.
You can integrate Orion Platform products with the following IT Service Management solutions:
Integrating an alerting solution with the Orion Platform means that triggering an alert in the Orion Platform creates a new incident in the integrated alerting instance and vice versa.
To make the integration of the Orion Platform and your alerting system work, complete the following steps.
Step 1: Set up the system to integrate with the Orion Platform.
Step 2: Create an instance for the system in the Orion Platform.
Step 3: Configure Orion Platform alerts to create an incident (ServiceNow or SolarWinds Service Desk) as the alert action.
The new instance displays on the Manage Alert Integration Instances page. You can now use Create ServiceNow Incident or Create SolarWinds Service Desk incident as an alert action.Operational states
Once you configure the integration, you can go to Settings > Manage Alert Integrations and view a list of all integrated instances.
Operational states describe how the integration of your alerting system and the Orion Platform works:
Entity Library enhancements
Bulk Administration
Custom Images
Manual Topology Connections
Customizable map refresh rate
Orion Maps are a troubleshooting feature that displays a map of physical and logical relationships between entities monitored by the Orion Platform products you have installed. Orion Maps help you quickly isolate and identify critical health and performance issues.
Auto-generated Orion Maps
Orion Maps automatically generate contextual maps that display critical relationships for monitored entities in the Orion Platform. Go to an entity details page and click the Map subview to display a map of relationships relevant for the entity.
Custom Orion Maps
Starting with Orion Platform 2019.2, you can create custom Orion Maps. Select entities to map and the Orion Maps feature displays physical and logical relationships between them. You can add the custom map on any Orion Web Console view using the Orion Map widget.
The auto-generated Orion Maps open in the Orion Web Console as a subview and display both physical and logical relationships between entities.
Auto-generated Orion Maps are created without any user intervention: entities are added or removed as changes occur in the environment.
To access auto-generated Orion Maps, go to an entity Details view and click the Map subview in the menu on the left.
| 1 | Map icon: Click the icon to view the Orion Map. |
| 2 | Canvas: Displays the map of relationships of the entity. |
| 3 | Seed object: The entity whose relationships the map displays. This is the entity from which you accessed the map.
The color or the ring around the entity signifies the entity health, based on thresholds set for the entity. For more details about an entity on the map, click the entity. The map adjusts accordingly and details about the entity are displayed in the Inspector Panel (7). |
| 4 | Healthy topology connection: For topology connections, the line width represents the interface bandwidth. T
|
| 5 | Metric pill: By default, it displays the outbound traffic and percent utilization. If polled values for the metric exceed the threshold, the pill displays errors and discards.Hover over the metric pill to show which metric it displays. |
| 6 | Connection with issues: The color signifies that a threshold has been exceeded. Yellow means warning and red signifies a critical threshold.
Click the connection to see details in the Inspector Panel (8). |
| 7 | Tools to adjust the map: Zoom in, zoom out, pan, or change layout. |
| 8 | Inspector Panel: Displays details about the entity or connection selected on the map, according to the active navigation bar.
When you open the Map from an entity details page, the Inspector Panel only displays the entity name, IP, vendor, and machine type.
|
| 9 | Related: Click this button to display entities related to the selected entity in the Inspector Panel: descendants, ancestors, and dependencies.
To add a related entity to the map, select the check box in front of the entity, and click Apply. |
| 10 | Connected: Click this button to display entities connected to the selected entity by a protocol-based relationship or actual data flow, such as topology (NPM) or Application Dependency Connections (SAM), in the Inspector Panel.
To add a connected entity to the map, select the check box in front of the entity, and click Apply. |
| 11 | Alerts: Click this button to display a list of active alerts associated with the entity in the Inspector Panel. |
| 12 | Recommendations (only with VMAN): If you have VMAN installed, this section presents recommendations for the entity. |
Starting with Orion Platform 2019.2, you can create Orion Maps either based on the auto-generated maps, or from scratch.
To access Orion Maps created by users, click My Dashboards > Orion Maps in the Home section.
| 1 | List of maps: Review available Orion Maps. By default, the list shows maps created by you. If you have Administrator rights, you can display Orion Maps created by other users (4).
Click a map name to view the map (View mode). |
| 2 | Button bar: Create a new map, or select a map in the list (1) and edit or delete it. |
| 3 | Sort, filter, and search controls: Use the filter and search options to find Orion Maps. Sort maps by name, time since last update, or creation date. |
| 4 | All Users: Toggle to display all maps or only maps created by you. This toggle is available only to administrators. |
Edit mode is where you create or edit maps. To enter Edit mode:
| 1 | Entity Library: Drag entities from the library to the canvas. | ||||||||||||||||||||||||||||||
| 2 | Canvas: Place entities in the correct position. If there are relationships between entities on the map, the connections are automatically added to the map as well. | ||||||||||||||||||||||||||||||
| 3 | Button bar: Save the map or use commands in the More menu, such as create a new map, save the map under another name, delete the map, or switch to View mode. | ||||||||||||||||||||||||||||||
| 4 | Map controls: Zoom in, zoom out, and center and adjust the map to the view.
|
View mode displays a full screen view of user-created maps for easy troubleshooting and investigation.
| 1 | Entity: Click an entity to display details in the Inspector Panel. | ||||||
| 2 | Inspector Panel: Displays details about the entity or connection selected on the map.
In the View mode, you cannot add related entities to the map. Entities in the Inspector Panel do not have check boxes. This is only available from the auto-generated map subviews. |
||||||
| 3 | Popup: Hover over an entity to see additional details.
You can also execute commands from the command menu, such as go to details view, edit the entity, mute alerts for the entity, or unmanage the entity. |
||||||
| 4 | Button bar: Click Share to copy the map address to the clipboard, click More > Edit to switch to Edit mode. | ||||||
| 5 | Map controls:
|
When you create a custom Orion Map, you can add it to a view in the Orion Map widget.
Click an entity on the map to go to the entity details view.
Hover over an entity to display a popover, or to run commands for the entity from the Commands drop-down.
The following requirements ensure the scalability benefits of SolarWinds NTA:
| Type | Requirements |
|---|---|
| Operating system | Microsoft Windows Server 2016
Microsoft Windows Server 2019 |
| SolarWinds NPM | Version 2019.4
SolarWinds NTA requires an appropriate SolarWinds NPM version hosted on the same server. |
| Databases | NTA and Orion Platform use two databases – the Orion database and the NTA SQL Flow Storage database. The Orion database stores SolarWinds Orion configuration data and all collected performance and syslog data. The NTA Flow Storage database is where SolarWinds NTA stores your flow data.
The NTA SQL Flow Storage database requires an instance of Microsoft SQL Server 2016 SP1 or later. Both databases can be collocated on one SQL server. In case you decide to use separate SQL servers for the Orion database and the NTA SQL Flow Storage database, the Orion database requires Microsoft SQL Server 2014 and later. A connection to Orion SQL database is required because CBQoS data and some additional low level details are still stored in Orion SQL database. |
SolarWinds NTA 4.4 and later utilizes two SQL databases:
SolarWinds supports both the Orion database and the NTA SQL Flow Storage database in the same SQL server instance, as long as that instance is SQL Server 2016 SP1 or later. See sections below for Orion database requirements and the NTA SQL Flow Storage database requirements.
You cannot install Orion Platform products on the same server as SolarWinds Access Rights Manager (ARM).
The table below lists software and hardware requirements for your SolarWinds Orion database server using SolarWinds NPM license levels.
| Requirements | SL100, SL250, SL500 | SL2000 | SLX |
|---|---|---|---|
| SQL server | SolarWinds supports Express, Standard, or Enterprise versions of the following:
SolarWinds strongly recommends using the 64-bit version of SQL Server.
|
||
| SQL Server collation |
We support CI database on an CS SQL Server. We do not support case-sensitive databases. |
||
| CPU speed | Quad core processor or better | Dual quad core processor or better | Dual quad core processor or better |
| Hard drive space | 20 GB minimum
40 GB recommended |
50 GB minimum
100 GB recommended |
100 GB minimum
400 GB recommended SolarWinds recommends the following configuration:
|
Per Windows standards, some common files may need to be installed on the same drive as your server operating system. You may want to move or expand the Windows or SQL temporary directories. |
|||
| Memory | SL100
8 GB minimum 16 GB recommended |
16 GB minimum
64 GB recommended |
64 GB minimum
128 GB recommended |
| SL250 &SL500
8 GB minimum 16 GB recommended |
|||
| Authentication | Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server. | ||
| Other software | If you are managing your SolarWinds Orion database, SolarWinds recommends you install the SQL Server Management Studio component.
The Installation wizard installs the following required x86 components if they are not found on your Orion database server:
|
||
| Instance Details | Medium (SL2000) | Large (SLX) |
|---|---|---|
| Instance type | D12_v2 | D15_v2 |
| CPU | 4 CPU | 16 CPU |
| RAM | 30.5 GB RAM | 122 GB RAM |
| Disk | System SSD 80 GB (included in D12_v2) + Data Azure Storage Disk Volume 500 GB (8 GB for every received sustained 1000 Flows/s with 30-days retention period) | System SSD 320 GB (included in D12_v2) + Data Azure Storage Disk Volume 2.5 TB (2.5 TB is Flow Storage, 300k FPS with 30-days retention, Azure Storage Disk with Provisioned IOPS recommended) |
SolarWinds NTA may be installed on VMware Virtual Machines and Microsoft Virtual Servers if the following conditions are met in your virtual environment:
SolarWinds NPM uses SNMP to monitor your network. SNMP traffic is generally assigned low priority, and thus you can experience gaps in monitoring data.
The following table lists ports that SolarWinds NetFlow Traffic Analyzer uses to communicate with other devices and servers.
| Port | Protocol | Service/Process | Direction | Description |
|---|---|---|---|---|
| 80 | TCP | World Wide Web Publishing Service | Bidirectional | Port used for web console and any other web servers. |
| 137 | UDP | NetBIOS | Outbound | Port for outbound traffic if NetBIOS name resolution is turned on.
When NTA is trying to resolve the NetBIOS names of servers in their conversations, you may find a large amount of outbound UDP 137 traffic from the NTA collector to a number of external addresses. You can confirm the traffic by using the Flow Navigator to match the outbound connections to existing conversations. This is normal behavior when NetBIOS is enabled. An easy way to demonstrate the behavior is to disable NetBIOS in NTA and watch all outbound connections terminate. |
| 161 | UDP
TCP |
SolarWinds Job Engine v2 | Outbound | Port used for sending and receiving SNMP information, including polling CBQoS-enabled devices. |
| 1433 | TCP | SolarWinds NetFlow Service
SolarWinds NetFlow Storage Service |
Outbound | Port used for communication between the NetFlow Service and the existing SQL server. |
| 1434 | UDP | SolarWinds NetFlow Service
SolarWinds NetFlow Storage Service SQL Browse Service |
Outbound | The port used for communication between the NetFlow Service and the Orion database. This port is required only if your SQL Server is configured to use dynamic ports. |
| 2055 | UDP | SolarWinds NetFlow Service | Inbound | Port for receiving flows on any SolarWinds NTA collector. |
| 5671 | TCP | RabbitMQ | Bidirectional | Rabbit MQ messaging. |
| 17777 | TCP | SolarWinds Information Service | Bidirectional | Port for sending and receiving traffic between SolarWinds NPM and other Orion Modules.
Port used for communication between remote Flow Storage Database and NTA Main Poller. |
| 17778 | HTTPS and TCP | SolarWinds Information Service | Bidirectional | Open to access the SolarWinds Information Service API and agent communication. |
| 17791 | TCP | SolarWinds Agent | Bidirectional | Open for agent communication on any SolarWinds Orion server running Windows Server 2016. |
| Device-specific | Any port required by a specific device. |
