Link Search Menu Expand Document

Flow Monitoring

Flow monitoring is critical to diagnosing network problems. From the Orchestrator, you can simultaneously view flows for one or more appliances using real-time data.

Flow Details

The Flow Details page for a given flow provides information about the rules matched on a given session or connection. Clicking the Flow Chart icon for a flow immediately produces a flow bandwidth chart for that flow, providing a view of how it is operating from moment to moment.

Flow details are extremely useful for diagnosing problems, as they include flow statistics and specific information associated with the flow. To access this information in Orchestrator, click Monitoring, and then click Active & Recent Flows.

NOTE The Orchestrator provides the best view of this information, but the information can also be accessed from the appliance’s user interface.

Select the affected appliances from the tree view and use the filters at the top to find an affected flow. When the table shows that flow, click the Information icon in the Detail column. If the Detail column is not displayed in the table, right-click anywhere on the table header row to display a complete list of column options. Make sure the Detail column is selected.

Analyze Flow Details

To troubleshoot a flow, pay close attention to three specific areas of a flow detail, explained below.

Flow Details

Overlay Information

This section shows which overlay the flow matched into (in this example, BUSINESS) and the exact ACL entry in the overlay match (1950). If this information does not represent the desired configuration, click Configuration, click Business Intent Overlays, and then make the appropriate changes.

Application Information

This section shows a high-level overview of the identified application. If this classification is not unexpected, click the AVC/DNS tab to gather more information and take corrective action.

Routing

This section includes the following information:

  • Subnet. This indicates the route prefix the flow matched (0.0.0.0/0), the metric of that route (50), and where it was learned (non-local). If any of these metrics are unexpected, see Routing for troubleshooting steps.
  • Internet Flow. Generally, if the destination IP address is non-RFC 1918 address space, the flow is marked as an internet flow and follows the Breakout Traffic to Internet & Cloud Services policy on the Business Intent Overlays page. Confirm that the flow exhibits the expected behavior.