Viptela Devices are showing less data in NFA than SNMP data
Article ID: 132034
Updated On:
Products
CA Network Flow Analysis (NetQos / NFA)
Issue/Introduction
Viptela devices are showing less data in NFA compared to other SNMP polling tools.
Environment
Release: RAIB1H99000-9.3-Network Flow Analysis-Interface Bundle-Hardware
Component:
Component:
Resolution
Viptela support has confirmed that cflowd data exported from Viptela devices may be less then SNMP data as cflowd data doesn't include encrypted bytes added to traffic entering and leaving interfaces, where as SNMP polling does included those encrypted bytes which will cause you to see less Flow data.
Their documentation states the following:
https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_16.3/07Policy_Applications/03Traffic_Flow_Monitoring_with_Cflowd
"The vEdge router exports template records and data records to a collector. The template record is used by the collector to parse the data record information that is exported to it. Option templates are not supported. The source IP address for the packet containing the IPFIX records is randomly selected from any of the interfaces in the VPN. The flow records are exported via TCP or UDP connections. Anonymization of records and TLS encryption are not performed, because it is assumed that the collector and the IPFIX analyzer are both located within the data center, traffic traveling within the data center is assumed to be safe."
For further information please contact Cisco/Viptela support.
Their documentation states the following:
https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_16.3/07Policy_Applications/03Traffic_Flow_Monitoring_with_Cflowd
"The vEdge router exports template records and data records to a collector. The template record is used by the collector to parse the data record information that is exported to it. Option templates are not supported. The source IP address for the packet containing the IPFIX records is randomly selected from any of the interfaces in the VPN. The flow records are exported via TCP or UDP connections. Anonymization of records and TLS encryption are not performed, because it is assumed that the collector and the IPFIX analyzer are both located within the data center, traffic traveling within the data center is assumed to be safe."
For further information please contact Cisco/Viptela support.
Additional Information
Note if you are on NFA 9.3.8 or an un-patched version of NFA 9.5 and are seeing that Viptela data is too high, this is addressed in NFA 10.0 and we would recommend upgrading to NFA 10.0.
We do have patches available for for 9.3.8 and 9.5 if upgrading is not an option.
If you would like those patches please open a support case and request the appropriate patches for your version of NFA:
9.3.8 request the patches below:
9.5 request the patches below:
We do have patches available for for 9.3.8 and 9.5 if upgrading is not an option.
If you would like those patches please open a support case and request the appropriate patches for your version of NFA:
9.3.8 request the patches below:
NFA_9.3.8_CP_001 NFA_9.3.8_PTF_012.a
NFA_9.3.8_PTF_012.b
9.5 request the patches below:
NFA_9.5.0_CP_001 NFA_9.5.0_PTF_003
Feedback
Yes
No
Powered by
