Viptela Devices are showing less data in NFA than SNMP data

book

Article ID: 132034

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Viptela devices are showing less data in NFA compared to other SNMP polling tools.

Environment

Release: RAIB1H99000-9.3-Network Flow Analysis-Interface Bundle-Hardware
Component:

Resolution

Viptela support has confirmed that cflowd data exported from Viptela devices may be less then SNMP data as cflowd data doesn't include encrypted bytes added to traffic entering and leaving interfaces, where as SNMP polling does included those encrypted bytes which will cause you to see less Flow data. 

Their documentation states the following:

https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_16.3/07Policy_Applications/03Traffic_Flow_Monitoring_with_Cflowd
"The vEdge router exports template records and data records to a collector. The template record is used by the collector to parse the data record information that is exported to it. Option templates are not supported. The source IP address for the packet containing the IPFIX records is randomly selected from any of the interfaces in the VPN. The flow records are exported via TCP or UDP connections. Anonymization of records and TLS encryption are not performed, because it is assumed that the collector and the IPFIX analyzer are both located within the data center, traffic traveling within the data center is assumed to be safe."

For further information please contact Cisco/Viptela support.
 

Additional Information

Note if you are on NFA 9.3.8 or an un-patched version of NFA 9.5 and are seeing that Viptela data is too high, this is addressed in NFA 10.0 and we would recommend upgrading to NFA 10.0.

We do have patches available for for 9.3.8 and 9.5 if upgrading is not an option.

If you would like those patches please open a support case and request the appropriate patches for your version of NFA:

9.3.8 request the patches below:
NFA_9.3.8_CP_001
NFA_9.3.8_PTF_012.a
NFA_9.3.8_PTF_012.b



9.5 request the patches below:
NFA_9.5.0_CP_001
NFA_9.5.0_PTF_003