No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Monitoring the Traffic

Monitoring the Traffic

eSight NTA can display top N rankings of monitored objects, such as network-wide interfaces, applications, and hosts and supports refined analysis on a single monitored object, allowing users to quickly obtain detailed information about original flows and view network-wide traffic information.

Process

Step

Description

1. Monitoring Traffic from Multiple Dimensions

The traffic dashboard dynamically displays top N traffic on the entire network by application, session, interface, device, host, DSCP, and application group, as well as top N interface usage.

Top N traffic rankings by a single dimension are also displayed. All the information allows users to obtain packet statistics and traffic distribution on the entire network.

2. Creating a Traffic Forensics Task

When abnormal traffic exists on a network, you can create a traffic forensics task to view original traffic data to facilitate fault location.

For example, the IP address of an application server can be configured as the monitored object. You can create a threshold for this object. If traffic of this host exceeds this threshold repeatedly, you can view centralized, detailed session data of the host. If the data records indicate the same traffic volume and packet statistics, attacks may occur. You can create a traffic forensics task to view original flow information and determine whether a typical virus or TCP flood attack exists based on the port and TCP Flag.

Monitoring Traffic from Multiple Dimensions

  1. Choose Resource > Network > Network Traffic Analysis > Traffic Monitor from the main menu.

  2. Perform corresponding operations based on the site requirements.

    Task

    Operation

    Monitor network-wide traffic.

    1. Choose Dashboard and click at the upper right corner of a top N ranking portlet, and set TopN, Refresh interval, and Time range.
      NOTE:

      eSight provides four top N ranking portlets by default: application traffic, host traffic, session traffic, and DSCP traffic. If the default portlets do not meet the requirements, click Customize at the upper right corner of the page to add new portlets.

    2. Click a data record in a top N ranking portlet to view the detailed traffic trend within the latest 15 minutes.
    3. Click Customize at the upper right corner of the page. You can add multiple instances of a top N ranking portlet, and click at the upper right corner of a top N ranking portlet to configure traffic filtering by interface group.
      NOTE:

      Only the four default top N ranking portlets support this function: application traffic, host traffic, session traffic, and DSCP traffic.

    Monitor the interface traffic.

    Choose Interface and click an interface name in the interface list to view traffic on the interface.

    Monitor the wired network traffic.

    Wired network traffic can be monitored by device, application, application group, session, DSCP group, host, IP address group, interface group, and DSCP. The monitoring operations are similar.

    The following example describes how to monitor the host traffic:

    Choose Wired Network > Host, click to select a host or click a host name in the top N ranking portlet, and click the application, session, DSCP, or interface name to view traffic details.

    Monitor the wireless network traffic.

    Choose Wireless Network and click next to Region>> All or SSID>> All to select a region or an SSID to view application traffic information.

    NOTE:

    This function is available only when both eSight NTA and WLAN Manager are installed.

    Click an AC or AP name in the top N ranking portlet to view application traffic information of a single AC or AP.

    Monitor the VXLAN network traffic.

    Choose VXLAN Network and click next to Device or VNI to view traffic information with a specific VXLAN Network Identifier (VNI).

Creating a Traffic Forensics Task

  1. Enable Flow Forensic.

    1. Choose Resource > Network > Network Traffic Analysis > Traffic Config from the main menu.

    2. Choose Basic Config > Collector from the navigation tree on the left to view the value of Traffic Forensics.
      • If the value is Yes, Flow Forensic is enabled.
      • If the value is No, click in the Operation column to enable Flow Forensic.

  2. Choose Resource > Network > Network Traffic Analysis > Traffic Monitor from the main menu.

  3. Choose Wired Network > Flow Forensic, click Create, and set related task parameters.

    A created traffic forensics task will not be executed immediately. You need to click in the traffic forensics task list to execute the task.

    To ensure the task execution speed, a maximum of five traffic forensics tasks can be executed simultaneously.

  4. On the Flow Forensic page, click in the Operation column to view detailed traffic data.

    NOTE:
    • If more than 60,000 data records are found, the latest 60,000 data records are displayed.
    • If too many data records are found, click Modify to modify the filtering conditions in a task and click Execute again to obtain more accurate information.
    • If the inbound or outbound interface is unknown, the packets may be broadcast packets or the interface is not monitored by the NTA.

Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 72178

Downloads: 378

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next