1 introduction to network traffic analyzer, Nta data source overview – H3C Technologies H3C Intelligent Management Center User Manual

1

1 Introduction to Network Traffic Analyzer

The NTA service module integrates network Layer 4 through 7 monitoring into the IMC network

management platform. NTA uses the instrumentation in network devices such as routers and switches to

provide realtime and historical reporting on network application usage. Administrators tailor NTA data
collection and reporting capabilities to meet specific reporting needs. Administrators and operators view

NTA reports directly from the IMC integrated platform.
NTA combines the features of a network flow collector with a data analysis and processing engine and

database, and a reporting facility for presenting network flow data in IMC. Like most network monitoring

systems, NTA enables administrators to define the data received by NTA, the data that is analyzed and
how, and the data that is presented.
NTA enables you to view the network flow data provided by the devices in your network. Out-of-the-box

configuration of NTA provides network flow data collection, analysis, and reporting. NTA users must

have an understanding of network flow records and the devices in the environment that generate network
flow records. Users must also know how to configure NTA to process the data and present reports.

NTA data source overview

NTA uses network flow data to generate network resource statistics. An IP flow, commonly called a flow,

is defined as a set of IP packets passing an observation point in the network during a specified time
interval. All packets that belong to a flow have a set of common properties derived from the data

contained in the packet and from the packet treatment at the observation point (see RFC 5101, RFC 3917,

and RFC 3954).
An IP network flow contains a stream of IP packets that share, at a minimum, the following parameters
during a specified time period:

•

Source and destination IP address

•

Source and destination port

•

Layer 4 protocol (TCP, UDP, or ICMP)

This general definition does not include technologies, such as TCP, that identify flows for bidirectional

protocols. Vendors can add parameters to further identify network flows in the implementations of

network flow technologies.
Network device vendors implement network flow technologies in devices such as routers and switches
that forward packets from source to destination. Devices that generate network flow records are called

flow generators. Flow generators summarize the packets they observe as part of a flow into a flow

record.
The structure and contents of a network flow record may vary, depending on the standard to which the
implementation adheres. Also, proprietary implementations may have their own definitions for the

structure and content of a network flow record. As a general rule, a network flow record shares several

of the following parameters:

•

Version number

•

Sequence number

•

Input and output interfaces indices (ifIndex)