Connections

Selecting Overview → Analytics → Insight Analytics Flow → Connections displays the Flow Connections dashboard.


The Connections tab is displayed by default.



Usage Note: Before any analytics are collected, add a Fabric and install and activate a valid license.



Insight Analytics Flow Connections Dashboard


The Connections tab displays the following information:


  • Top L4 Services by Connections – displays connections types such as https, http, and more.
  • Top Clients by Connections – displays the top client connections by host name.
  • Top Domains by Connections – displays the top domains such as pluribusnetworks.com and more.
  • Top Servers by Connections – displays the server with the highest number of connections in descending order.
  • Connections by State – displays the types of connection states as FIN, RST, SYN, or EST.
  • Top Switches by Total # of Connections – displays the total number of connections per switch.


Each individual tile contains a pie chart with a color legend that labels each slice of information with a specific color.


When you place your cursor over a name in the legend, the corresponding slice is highlighted in the pie chart.


Clicking on a pie slice, applies a global filter to the entire Dashboard.


As an example, filtering based on an application by clicking on the application slice, automatically pivots the entire dashboard around that application and the Top Clients, Top Server, etc., are now related to the filtered application.


Enlarge dashboard widgets for better viewing using the sizing arrows.


Insight Analytics Flow Connections Dashboard


The outside ring of the pie chart identifies the state of each connection. Match the color to the Connections by State pie chart.


Insight Analytics Flow Connection Dashboard - Top L4 Services and Top Clients


For example, in the Top Server Domains by Bytes widget, if you click on a top domain (e.g. pluribusnetworks.com), the Insight Details table is filtered with only the connections associated to the specific domain (e.g. pluribusnetworks.com) which is highlighted in the yellow box.


Insight Analytics Flow Destination Domains



The Insight Details table is customizable using the following features:






Insight Analytics Flow Insight Details Table Customization


To see additional details about an entry, click the arrowhead icon. Table data is displayed along with JSON script.


Also displayed:


  • L4 Services Count – Unique L4 services count.
  • Connection Count – Total number of connections.
  • Top Servers by Total Unique Clients –Total count of each source IP address.
  • Top Apps by Total Unique Clients – Total number of unique source IP addresses by application.
  • Connections Timeline by State– count of connections in the following states: RST, FIN, SYN, and EST.
  • Top Servers by Average Connection Latency in µsecs – displays the servers with average latency in microseconds.
  • Insight Details – data drill-down of connection and switch information.



Insight Analytics Flow - L4 Services Count


The data displayed for each of the above are determined by the selected time from 15 minutes to the previous year.


You select the timespan to display connection data from several Quick, Relative and Absolute time ranges including a selection of time range of Top Talkers from the last 1 hour up to the last 30 days using the drop-down list.


Insight Analytics Flow Data Collection Timespan


Drilling Down into the Dashboard


Once you understand the information displayed in the Dashboard, you drill down into the information and analyze your network.


To filter the entire Dashboard based on one of the Top Apps such as HTTPS (in the example below), click HTTPS in the Top Apps by Connections tile.


The Dashboard displays a filter at the top and the pie chart changes to reflect only L4 services (apps) using HTTPS.




Insight Analytics Flow Dashboard Drill Down - Top L4 Services


The App Count changes as well as the Connection Count, Connection Latency, and Connections Timeline by State:


Insight Analytics Flow Dashboard Drill Down - Connection Latency


Insight Analytics Flow Dashboard Drill Down - Top Servers by Average Connection Latency


To display information about the top server with the highest latency in Top Servers by Average Connection Latency, you position your cursor over the IP address and the dashboard changes to reflect the server with the highest latency.


Also as you drill down, the Details at the bottom of the Dashboard change to reflect this information.


Insight Analytics Flow Reset Dashboard


To reset the Dashboard, remove the HTTPS filter by clicking on the filter bar and selecting the Trash Bin  icon. By doing so all traffic is displayed again.


The bottom panel lists each connection and the details:


  • Time – the time that the connection originated
  • switchName – switch name where the connection originates
  • srcSwitchPort – source switch port
  • dstSwitchPort – destination switch port
  • srcip – source IP address
  • srcHostname – source host name
  • srcPort – source host port
  • dstPort – destination port
  • dstip – destination IP address
  • dstHostname – destination host name
  • dstDomain – destination domain name
  • app – application name on the host
  • dscp – Differentiated Services Code Point (DSCP) value for Quality of Service (QoS)
  • curState –  current state of the connection
  • dur – duration of the event in milliseconds
  • throughput – amount of data throughput in bits per second
  • totalBytes – amount of traffic measured in Bytes


Insight Analytics Flow Connection Details


You display more detailed information by clicking the  arrowhead icon.


Table data is displayed along with JSON script.


The details are displayed in two tabs:

The Insight Details table is customizable using the following features:






Move each column to the right or left using the << x >> symbols displayed next to the column name. Click the x to remove the column from the display.



Table – Connection Details


t_id                        eta_6_12.10.33.139_44213_10.20.10.1_23396_1455736455000

t_index                        .connection–v1.00-2016.02.17

#_score                

t_type                        connection

#age                        0

tapp                        nvOS_inet_port

tcurState                EST

tdayOfWeek                4-Wed

#dscp                        0

tdstDeviceVendor        Pluribus Networks

tdstDomain                pluribusnetworks.com

tdstHostname                eta

tdstIp                        12.22.12.2

dstLocation                34.052234,-118.243685

tdstLocation.geohash        9q5ctr18dkw0

#dstLocation.lat                34.052234

#dstLocation.lon                -118.243685

tdstMac                        64:0e:94:28:03:90

#dstPort                23,396

#dstSwitchPort                45

#dur                        0

endedTime                December 31st 1969, 16:00:00.000

tendedTimeStr                0

#etherType                2,048

tfabricName                prod

tflowLocator                eta_6_10.9.32.138_44213_10.20.10.1_23396_1455736455000

#hourOfDay                11

#ibytes                        0

tid                        eta_6_10.9.32.138_44213_10.20.10.1_23396_1455736455000

#latency                50.101

#obytes                        0

#proto                        6

tsrcDeviceVendor        Unknown

tsrcDomain                

tsrcHostname                10.9.32.138

tsrcIp                        10.9.32.138

srcLocation                37.338208,-121.886329

tsrcLocation.geohash        9q9k6mjnfdmy

#srcLocation.lat                37.338208

#srcLocation.lon                -121.886329

tsrcMac                        66:0e:94:8e:00:00

#srcPort                44,213

#srcSwitchPort                36

startedTime                February 17th 2016, 11:14:15.000

tswitchName                eta

#throughput                0

#totalBytes                0

ttrafficType                fabric-switch

#vlan                        24

tvnet                        prod

#vxlan                        0



Insight Analytics Flow Table of Connection Details


You use the plus (+) and minus (-) icons to filter the information output. The column icon is used to toggle the data field in the output. 


JSON – API used to generate the table information


  1. {
  2.   "_index": ".connection-v1.00-2016.02.17",
  3.   "_type": "connection",
  4.   "_id": "eta_6_10.20.18.221_54496_10.20.41.1_389_1455737775000",
  5.   "_score": null,
  6.   "_source": {
  7.     "id": "eta_6_10.20.18.221_54496_10.20.41.1_389_1455737775000",
  8.     "age": 0,
  9.     "app": "LDAP",
  10.     "curState": "RST",
  11.     "dscp": 0,
  12.     "dstDeviceVendor": "Vmware",
  13.     "dstDomain": "pluribusnetworks.com",
  14.     "dstHostname": "soyu",
  15.     "dstIp": "10.20.41.1",
  16.     "dstLocation": {
  17.       "lat": 34.052234,
  18.       "lon": -118.243685
  19.     },
  20.     "dstMac": "00:0c:29:15:62:bb",
  21.     "dstPort": 389,
  22.     "dstSwitchPort": 21,
  23.     "dur": 0.012787,
  24.     "endedTimeStr": 1455737775000,
  25.     "etherType": 2048,
  26.     "fabricName": "prod",
  27.     "flowLocator": "eta_6_10.20.18.221_54496_10.20.41.1_389_1455737775000",
  28.     "ibytes": 4597,
  29.     "latency": 316.578,
  30.     "obytes": 282,
  31.     "proto": 6,
  32.     "srcDeviceVendor": "Dell",
  33.     "srcDomain": "pluribusnetworks.com",
  34.     "srcHostname": "expedit",
  35.     "srcIp": "10.20.18.221",
  36.     "srcLocation": {
  37.       "lat": 34.052234,
  38.       "lon": -118.243685
  39.     },
  40.     "srcMac": "00:26:b9:5b:f5:5e",
  41.     "srcPort": 54496,
  42.     "srcSwitchPort": 44,
  43.     "switchName": "eta",
  44.     "throughput": 3.0524766023977175,
  45.     "totalBytes": 4879,
  46.     "trafficType": "fabric-data",
  47.     "vlan": 24,
  48.     "vnet": "prod",
  49.     "vxlan": 0,
  50.     "startedTime": 1455737775000,
  51.     "endedTime": 1455737775000,
  52.     "hourOfDay": 11,
  53.     "dayOfWeek": "4-Wed"


Insight Analytics Flow - JSON - API Commands


Additional lines display the fields used to display the connection information.