- Created by Vladimir Stanković, last modified on 24 08, 2016
The main goals of this article are to (1) provide you with examples of Traffic Patterns and their usage and (2) to give you an idea on how to create your own Traffic Patterns. In this article only basic Traffic Patterns, that can be created with only IP address ranges and de-duplication filters, will be explained. For advanced examples, see Advanced Traffic Patterns.
General workflow for creating new Traffic Pattern:
- Determine the traffic of interest;
- Determine which Traffic Pattern type to use (it will help you with populating Internal and External Network address ranges);
- Determine IP address ranges for Internal and External Networks;
- Determine which filter (if any) you should use to filter traffic further, if needed.
Below are two most common examples of Traffic Patterns.
All Traffic Pattern
All Traffic Pattern gives the answer to "How my network is communicating to the rest of the world?". Here your company's IP address range is treated as Internal network, whereas all other (both belonging to your company and not) as External network.
By default, NetVizura provides All Traffic Pattern with predefined IPv4 address ranges (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16). However, if your company uses different IP address range than predefined you need to change All Traffic Pattern. Since this is practically the traffic between your network and everything else you should select Custom type and update Internal IP addresses leaving External empty. In the end, you should use Exporter or Next Hop filtering to remove eventual duplicate flows, if needed.
- Edit All Traffic
- Select Custom as Traffic Pattern type
- IP Address ranges:
- Internal: if necessary, change your company network's IP range(s) and click Include
- External: leave empty
- Filters:
- Exporter or Next Hop: read more about Manual Deduplication
Internet Traffic Pattern
If you are interested in monitoring Internet traffic, first you need to prepare a specific Traffic Pattern for this purpose. Since this is practically the traffic between your network and external world where External network is negation of Internal Network) you should select Normal type which will automatically populate part of the IP address ranges. Here your company's IP address range is treated as Internal, whereas all other networks as External. In the end, you should use Exporter or Next Hop filtering to remove eventual duplicate flows, if needed.
- Create Internet Traffic
- Select Normal (default) as Traffic Pattern type
- IP Address ranges:
- Internal: Add your company network's IP range(s) and click Include
- External: your company network's range is excluded automatically (Normal Traffic Pattern)
- Filters:
- Exporter or Next Hop: read more about Manual Deduplication
Data Center Traffic Pattern
Another example of most commonly used Traffic Pattern is Data Center Traffic.This traffic occurs between all your company and your data center, you should include you company's IP address range and exclude your data center's IP range in Internal Network, and include you data center's IP range in External network (here your data center is treated as "Outside" network). Since Internal Network (company network without Data center) and External Network (Data Center) IP ranges overlap you should use Custom type (turns off automatic IP address range population). Do not forget Exporter or Next Hop filtering to remove duplicate flows, if needed.
- Create Data Center Traffic
- Select Custom as Traffic Pattern type
- IP Address ranges:
- Internal: add your company network's range and click Include
- Internal: add your data center's range and click Exclude
- External: add your data center's range and click Include
- Filters:
- Exporter or Next Hop: read more about Manual Deduplication
Tip