Export PDF
What Is Intelligent Traffic Analysis?
Intelligent traffic analysis is a network traffic monitoring and analysis technology. It allows the device to perform in-depth analysis on a specified service flow to obtain data about high-precision performance indicators such as the packet loss rate and delay (nanosecond-level) of the service flow. The analysis result can be exported to iMaster NCE-FabricInsight for display or further analysis. It helps O&M personnel monitor the network running status or quickly locate network faults, and provides support for network-wide traffic visualization.
Why Is Intelligent Traffic Analysis Required?
As the digital transformation of industries accelerates, a growing number of important services and applications are being deployed on user networks, resulting in larger networks and more complex application types and data flows. Some problems that may occur during service flow forwarding, such as TCP connection establishment failures and abnormal delay of service flows, bring great challenges to network O&M and pose new requirements. It is important to quickly detect and accurately locate faults, quickly restore services, and effectively improve O&M efficiency. In addition, network traffic visualization has become a trend to implement refined service management in complex network environments.
- This technology is implemented using the built-in chip of the device, does not affect the forwarding performance of the device, and reduces the processing load of the remote analyzer.
- Intelligent analysis is performed based on different characteristics of service flows, implementing in-depth analysis based on each service flow. In addition to measuring the packet loss rate and delay, it also allows the device to calculate the round-trip time (RTT) in nanoseconds.
- The network running status is monitored in real time, and faulty nodes can be quickly and accurately located, improving network stability and reducing network maintenance costs.
- The analysis result can be exported to iMaster NCE-FabricInsight, providing strong support for implementing network-wide visualized traffic management.
Intelligent traffic analysis supports the following functions:
- Port-level intelligent traffic analysis: Intelligent traffic analysis can be performed for TCP and UDP flows. You can use ACL rules to define the characteristics of service flows to be detected. Flow tables can be created on device ports according to the 5-tuple information of service flows to be detected. You can then obtain high-precision information such as packet loss and delay by checking statistics about some key fields in the flow tables. A device supports a maximum of 16 KB flow tables. Port-level intelligent traffic analysis is applicable to port-level monitoring of a few flows.
- Device-level intelligent traffic analysis: This is also known as Intelligent Packet Analysis System (IPAS). You can define characteristics of measurement flows and create flow tables based on ACL rules or reserved VXLAN fields. In a statistical interval, the difference between the numbers of packets entering and leaving a device is recorded to obtain the packet loss rate of a measurement flow on the device. A device supports a maximum of 100 measurement flows. Device-level intelligent traffic analysis is applicable to device-level monitoring of a small number of flows.
What Are the Components of the Intelligent Traffic Analysis System?
A typical intelligent traffic analysis system consists of the traffic-analysis data exporter (TDE), traffic-analysis processor (TAP), and traffic-analysis data analyzer (TDA).
- The TDE is a device configured with the intelligent traffic analysis function. It determines which service flows are to be detected and sends them to the TAP.
- The TAP is a built-in chip on the CPU of a device. It processes and analyzes the service flows received from the TDE, and exports analysis results to the TDA.
- The TDA is iMaster NCE-FabricInsight, which is a network traffic analysis tool. It provides a graphical user interface (GUI) for users to easily obtain, view, and analyze collected data.
In actual applications, the TDE and TAP are deployed on the same device. On the network shown in the following figure, the intelligent traffic analysis function is configured on DeviceA.
Components of the intelligent traffic analysis system
How Does the Port-Level Intelligent Traffic Analysis System Work?
The working process of the port-level intelligent traffic analysis system includes flow matching, flow analysis, and flow table export, as shown in the following figure.
Working process of the port-level intelligent traffic analysis system
Flow Matching
A service flow to be detected is specified on the TDE and an ACL rule is delivered to match the service flow. A matched service flow is mirrored and sent to the TAP through the forwarding chip. If the TAP cannot process the packets sent by the TDE, for example, the TAP does not support the packet type or the number of received packets exceeds its processing capability, the TAP discards the packets.
Flow Analysis
- Based on 5-tuple information (source IP address, source port number, destination IP address, destination port number, and transport layer protocol of a service flow) and key values in the packets, the TAP generates flow tables.
- The TAP collects statistics on some key fields in the flow tables. Based on the statistics, the TAP can analyze the characteristics of flows, including the number of discarded packets, delay, number of packets, and flow creation time.
Flow Table Export
Port-level intelligent traffic analysis allows users to view service flow characteristics analyzed by the TAP. However, flow tables need to be sent to the TDA for visualized and user-friendly display of analysis results. Currently, only iMaster NCE-FabricInsight can be used as the TDA. iMaster NCE-FabricInsight consists of the FabricInsight collector and FabricInsight analyzer.
As shown in the following figure, intelligent traffic analysis flow tables that contain flow analysis results are first stored in the cache of the device. When the intelligent traffic analysis flow tables in the cache meet the aging conditions, the TAP in the device adds the statistical fields of the flow tables to the NetStream V9 extended template for encapsulation. The forwarding chip searches for routes for the encapsulated packets and forwards them to the FabricInsight collector. After receiving the exported packets from the intelligent traffic analysis system, the FabricInsight collector summarizes the characteristics of service flows based on packet information such as source addresses, and sends the characteristics to the FabricInsight analyzer for final processing and display.
Exporting intelligent traffic analysis flow tables
How Does the Device-Level Intelligent Traffic Analysis System Work?
The working process of the device-level intelligent traffic analysis system includes flow matching, flow statistics collection, and flow table export, as shown in the following figure.
Working process of the device-level intelligent traffic analysis system
Flow Matching
You can configure characteristics of a specified measurement flow on the TDE and enable devices to match the measurement flow using ACL rules or reserved VXLAN fields.
Flow Statistics Collection
The TDE creates flow tables using ACL rules or reserved VXLAN fields. In a statistical interval, the TDE calculates the difference between the numbers of packets entering and leaving a device to obtain the packet loss rate of a measurement flow on the device. The packet loss rate is calculated using the following formula: Packet loss rate = (Number of sent packets – Number of received packets)/Number of received packets x 100%.
Flow table information includes the following parts:
- The key of the flow table includes the task ID and period ID.
- Task ID: You need to define a task ID when specifying characteristics of a measurement flow.
- Period ID: Period ID = Current timestamp (s)/Statistical interval (s)
- Basic information about the flow table: includes the protocol type of a measurement flow and specified ACL rule or reserved VXLAN field value.
- Flow table statistics: include information such as the packet loss rate of a measurement flow, alarm information, and time when statistics data is reported.
Flow Table Export
The TDE collects traffic statistics at a specified interval and sends the statistics to the TAP. You can view the traffic statistics on the device. However, flow tables need to be sent to the TDA to display analysis results in a visualized and user-friendly manner. IPAS uses the telemetry technology to send flow table statistics to the TDA in real time for analysis.
Application of Intelligent Traffic Analysis
Intelligent traffic analysis can be applied to complex network environments, helping O&M personnel implement visualized network management. As shown in the following figure, different services are deployed in the data center of an enterprise, and an application is deployed on VM1 and VM3. Packets in a service flow carrying this application are sent and received along the same path between VM1 and VM3. In this case, every switch on the path can capture bidirectional traffic of this service flow. To monitor the application traffic, O&M personnel can deploy the intelligent traffic analysis function on one or more switches that the application traffic passes through to monitor and analyze service flows. Once an exception such as packet loss or long delay is detected, O&M personnel can quickly and accurately locate the fault. In addition, the analysis result can be sent to iMaster NCE-FabricInsight for further analysis and display.
Application of intelligent traffic analysis
- Author: Li Huike, Yang Xiaoli
- Updated on: 2025-07-07
- Views: 12650
- Average rating:
