Monitoring > Bandwidth > Flows > Active & Recent Flows
The Flows tab enables you to view, filter, and manage flows for all your appliances. This tab also generates the Active & Recent Flows report, with or without filtering. This report retrieves the maximum number of most recent flows that are evenly distributed among the selected appliances.
|Application||Includes built-in applications, custom applications, and user-created application groups. Select the text field and a list displays. Choose the application you want to apply to your flow or enter the exact application you want to apply.|
|App Group||Includes the application group created by the user. Select the text field and a list displays. Choose the application group you want to apply to your flow or enter the exact application group you want to apply.|
|Domain||Includes the domain you can specify to filter your flow. Use the format .domain. or *.domain.[com, info, edu, org, net, and so forth.] Select the text field and a list displays. Choose the domain you want to apply.|
|Protocol||You can specify the protocol you want to apply to your filter. Select the text field and a list displays. You can select all or specify an individual protocol to apply.|
|IP/Subnet||This shows the flows that match both SRC IP and DEST IP as the two endpoints if SRC:DEST is enabled. If not enabled, all sources will appear when the filter is applied. You can apply this filter by clicking Enter without selecting the Apply button if you want to do so.|
|Port||This displays ports with SRC and DEST as the two endpoints if SRC: DEST is enabled. If not enabled, all ports will appear when the filter is applied.|
|Segment||Displays flows originating in the specified segment. Click the double arrow icon to enable both fields and filter by destination segments as well.|
|Zone||You can filter flows to the desired firewall zone. Select the text field and a list displays. If the From:To check box is not enabled, flows are filtered from and to the specified zone. If the check box is enabled, the flows are filtered from both the filtered From:To zones.|
|VLAN||Identifies the Virtual Local Area Network of a packet. Enter the VLAN ID you want to apply to your flow in the text field.|
|DSCP||Select the desired DSCP from the list. You can choose any or a specified DSCP from the list.|
|Overlay||The overlay the flow are applied. Overlays are defined on the Business Intent Overlay tab.|
|Transport||Select any of the three transport types: SD-WAN, Breakout, and Underlay.|
You can also apply a third-party service in this column if you have one configured.
|Flow Characteristics||You can apply any of the following flow characteristics to your flow: Boosted, Directly Attached, Pass-Through, Stale, Route Dropped, Firewall Dropped, Asymmetric, and Slow Devices.|
NOTE: You can select only one flow characteristic at a time.
|Include EdgeHA||If not selected, Edge HA flows are excluded (default). If selected, the flows between Edge HA will be included.|
|Include Built-In||Includes the built-in policy flows. If not selected, they are excluded (default). If selected, they will be included.|
|Active/Ended||You can select if you want to apply an active or ended flow to as a filter. If selected, you can designate the started or ended time of the flow in the drop down. If Custom is selected from the date widgets will be enabled to specify an exact time frame.|
|Duration||Shows flows that have lasted through a specific time frame. You can select < (less than) or > (greater than), and enter a specific duration (in minutes).|
|Bytes||You can specify whether you want to filter flows that have transferred their total bytes or within the last five minutes.|
|Filter||This list has all the saved filters. When selected, the filter configurations are loaded. See more information below about the Filter option.|
You can configure specific filters in this field. Select the drop-down menu to see a list of default filters you can apply to your flows. When configured, you can add, edit, or delete filters if you select the edit icon.
Complete the following steps to add a filter:
Select the Edit icon next to the Filter drop down.
Create a filter or select one from the list.
You can also select the history tab with the two arrows next to the Filter field if you want to go back to a previously applied filter. A maximum of 20 previously applied filters can be saved.
You can Reclassify or Reset [Selected / All Returned / All] flows:
Resetting the flow kills it and restarts it. It is service-affecting.
Reclassifying the flow is not service-affecting. If a policy change makes a flow stale or inconsistent, then reclassifying makes a best effort attempt to conform the flow to the change. If the flow cannot be successfully “diverted” to this new policy, then an Alert asks if you want to reset.
Selected flows are individually selected; All Returned results from filtering (up to the max number of returnable flows); and All refers to all flows, visible or not.
To export the table as a .csv file, select Export.
Reduction (%) refers to reduced WAN traffic, relative to a specific appliance:
Reduction (%) for Outbound traffic = 100(Received from LAN – Transmitted to WAN)/Received from LAN
Reduction (%) for Inbound traffic = 100(Transmitted to LAN – Received from WAN)/Transmitted to LAN
Flow Details are primarily to assist Silver Peak in troubleshooting and debugging.
To set the column visibility, right-click any header in the Flows table. This will enable you to hide or unhide any selected fields.
You can also select, drag, and drop any of the columns in the table to the order you want.
Note the following version specific and general information about flows:
All flows in drop state are reset at flow reclassify time, overriding intervals described below.
For any non-TCP connection (such as icmp, UDP), a flow is deleted only from inactivity.
The inactivity timeout is three minutes for this type of flow. For example, after a ping connection is stopped, the flow still appears in the “Current Flows” for three minutes. This setting can be modified by using the system template.
For a TCP connection, a flow is deleted under different timeouts. A half-open (single SYN) connection stays for two minutes if the connection does not establish correctly. A half-close (single FIN) or unclean-close (RST) deletes the connection after two minutes. A normal close (FIN-FIN) deletes the connection almost immediately.
A TCP connection also has an inactivity timeout. If no activity is detected on an established TCP connection for 30 minutes (by default), the flow is deleted. This setting can be modified by using the system template.
Timeout is determined by the configured Keep Alive Timers.
A heartbeat ACK is sent to idle endpoints after ten minutes.
If the endpoints have closed, an RST is returned and the connection is deleted after two more minutes due to the unclean-close.
The timers can be modified per sequence number by using the Optimization Template.
Idle Timeout: The period of time that a TCP connection has to be idle before a keep-alive is sent. (Default 600 seconds)
Probe Interval: The time in seconds between each keep-alive probe. (Default 30 seconds)
Probe Count: The number of times TCP probes the connection to determine whether it is alive after the keep-alive option has been activated. The connection is assumed to be lost after sending this number of keep-alive probes. (Default 8)
Auto Reset Flows - Enables or disables the auto-reset of TCP flows. If a connection is seen by an appliance but after the handshake already completed, the connection would normally remain but without TCP Acceleration. If this feature is enabled, and a connection is reclassified in the Flows report, around 30 seconds later, it will be reset. When the endpoints re-establish the flow, it now will be subject to the optimization and route policies it matches. This feature is disabled by default. It can be enabled per sequence number by using the Optimization Template.