What do the IN/OUT and TO/FROM AS Number Summary reports represent?
Article ID: 96807
Updated On:
Products
CA Network Flow Analysis (NetQos / NFA)
Issue/Introduction
What do the IN/OUT and TO/FROM AS Number Summary reports represent?
Environment
Release: RAIB1H99000-9.3-Network Flow Analysis-Interface Bundle-Hardware
Component:
Component:
Resolution
There is a defect DE339798 which affected the accuracy of the IN/OUT views.
Patch NFA_9.3.3_PTF_012 was released to address this, but can only be applied to NFA 9.3.3 consoles that have no other patches at this time.
This fix will also be in NFA 9.5. If you are on another version and need this patch please contact CA Support.
With the patch applied the AS Summary reports have IN and OUT views as well as TO and FROM views.
In total we have four charts in the AS number view – IN/OUT/FROM/TO.
To help you understand this better, please look at the below example:
The above table is created based on the actual data from one of the pcap from customer.
This table represent two Flow records with 2 interfaces and total of 3 AS numbers.
The below are the values each chart would represent if the above flow is received for interface 10.
Patch NFA_9.3.3_PTF_012 was released to address this, but can only be applied to NFA 9.3.3 consoles that have no other patches at this time.
This fix will also be in NFA 9.5. If you are on another version and need this patch please contact CA Support.
With the patch applied the AS Summary reports have IN and OUT views as well as TO and FROM views.
In total we have four charts in the AS number view – IN/OUT/FROM/TO.
- IN Chart: This chart shows the Top Source AS number on that interface with interface in INGRESS mode.
- OUT chart: This chart shows the Top Destination AS number on that interface with interface in EGRESS mode.
- FROM chart: This chart doesn’t consider the INGRESS/EGRESS mode of interfaces, it just shows Top Source AS numbers on this interface.
- TO chart: This chart doesn’t consider the INGRESS/EGRESS mode of interfaces, it just shows Top Destination AS numbers on this interface.
To help you understand this better, please look at the below example:
| Flow | Input interface | Output Interface | Src AS | Dst AS | Bytes/octets |
| 1 | 10 | 24 | 4812 | 0 | 100 |
| 2 | 24 | 10 | 0 | 71 | 200 |
The above table is created based on the actual data from one of the pcap from customer.
This table represent two Flow records with 2 interfaces and total of 3 AS numbers.
The below are the values each chart would represent if the above flow is received for interface 10.
| Type | Top AS | Explanation |
| IN | 4812 | The Top Src AS for interface 10 in INGRESS mode. Since we have only one flow in INGRESS, 4812 is the Top Src AS. |
| OUT | 71 | The Top Dst AS for interface 10 in EGRESS mode. Since we have only one flow in EGRESS, 71 is the Top Dst AS. |
| FROM | 0 4812 | We have two Src AS numbers 4812 and 0, since for flow with 0 as Src AS has 200 bytes data, 0 becomes Top 1 and 4812 becomes 2nd from Top. |
| TO | 71 0 | We have two Dst AS numbers 0 and 71, since for flow with 71 as Dst AS has 200 bytes data, 71 becomes Top 1 and 0 becomes 2nd from Top. |
Additional Information
https://docops.ca.com/ca-network-flow-analysis/9-3-8/en/using/interface-reports/work-with-interface-reports-and-data-views/analyze-interface-report-data/as-number-trend-views
Feedback
Yes
No
Powered by
