Users Guide
Traffic Flow Analysis Life Cycle | Traffic Flow Analyzer
OMNM 6.5.3 User Guide 549
2
Random sampler
—OpenManage Network Manager applies random sampling to incoming
packets. This currently applies only to NetFlow or IPFIX packets and not sFlow packets. The
NetFlowListenerMBean
attribute
SamplingRate
(1 by default) determines this
behavior.
This value represents the average number of packets received before one is processed (the
others are discarded). If
SamplingRate
is 10, then OpenManage Network Manager
processes one of every 10 packets on average and discards the other nine. The default
processes every received packet and does not discard any (at this step).
3
Parse header
—OpenManage Network Manager parses the NetFlow or IPFIX packet header.
The header contains information like its version and the number of flows it contains.
4
NetFlow version?
—Determines the packet version (NetFlow V5 or V9 or IPFIX).
5
Parse fields
—Fields for a NetFlow V5 packet are determined by a standard template and
parsed here.
6
Parse templates
—For NetFlow V9 or IPFIX packets OpenManage Network Manager must
find the template that the packet header references. OpenManage Network Manager receives
templates as NetFlow or IPFIX packets from the same exporter sending flow packets. If
OpenManage Network Manager has not yet received the referenced packet yet then it sets the
current flow packet aside until the template comes in. When that template comes in, it is
parsed (there is a standard format for template packets) and then TFA will know how to parse
the flow packets that reference it.
7
Parse fields
—OpenManage Network Manager parses the fields of this flow packet using the
header-referenced template.
8
sFlow packet received
—OpenManage Network Manager received an sFlow packet from a
registered exporter. OpenManage Network Manager ignores sFlow packets received from
devices not registered.
9
Parse header
—OpenManage Network Manager parses the header of the sFlow packet. The
header contains information like the version and the number of flows contained within the
packet.
10
Parse fields
—OpenManage Network Manager parses the fields of this packet according to
the standard sFlow template.
11
Convert data to protocol independent flow record
—TFA supports multiple traffic flow
protocols (NetFlow, sFlow) but once OpenManage Network Manager parses the data within
these packets, it does not depend on any specific protocol. Here, OpenManage Network
Manager normalizes data into protocol-independent flow records.
12
“Top N to Keep” filtering
—OpenManage Network Manager applies the “Top N to Keep”
filtering here. This feature lets you set a maximum number of conversational flows per
minute to keep, which in turn means that if OpenManage Network Manager receives more
than this number in any given one minute period, then it aggregates the rest into the “Other”
category. OpenManage Network Manager ranks the received flows according to the number of
estimated total bytes they report on and preserves all data only for the flows designated most
significant by this measurement. It still preserves the total byte and packet data for the less
significant flows, but the sender and receiver will be set to "Other".
13
One minute rollup
—OpenManage Network Manager collects and “rolls up” (aggregates)
flows by conversation and at the end of every minute submits the resulting one minute rollup
flows for further processing.