First think about the traffic you are interested in. Ask yourself:

  • Who is talking to whom? In which networks or subnets are the end points?
  • Are both sides of the conversation in your network (Self-Traffic), is one outside of your network (Normal), can one side of the conversation be both in your network and outside of it (Custom)? (This will help you to choose the Traffic Pattern type.)
  • Where are these networks located – inside or outside of your company network? (This will help you define the Internal and External Network.)
  • Is there something very specific about the traffic in question, such as the destination AS, used service port or protocol or some specific QoS marker? (This will help you choose the necessary filter.)

After this you should have a clear understanding of how to build your Traffic Pattern: Internal and External IP address ranges, and additional filtering by exporter, interface, service port, QoS, protocol etc.

 

  • No labels