Traffic Insights
Welcome to ThousandEyes Traffic Insights. This article introduces the Traffic Insights feature, an overview of its components and configuration steps, and how to get started.
What Is Traffic Insights?
Traffic Insights collects network traffic flow data from your network devices and integrates it with synthetic test data, allowing you to effectively isolate and troubleshoot network and application performance issues faster. The viewable results, built on a foundation of ThousandEyes Cloud Agent and Enterprise Agent test data, are enriched with flows passing through the test path that are representative of real users, enabling you to verify actual performance impacts.
Traffic Insights exploits data from multiple protocols and intelligence mechanisms, including NetFlow (Cisco’s network IP traffic protocol), IPFIX (IP Flow Information Export - sometimes called NetFlow v10), SNMP (Simple Network Management Protocol), and Cisco NBAR (Network Based Application Recognition) to bring you a fuller picture of your network health.
In addition, ThousandEyes expands other existing functionality for dashboards and alerts to include data from Traffic Insights, further enhancing your view of the network and increasing your speed of issue resolution.
Traffic Insights leverages ThousandEyes Enterprise Agents, whose functionality now includes collection of network telemetry data via NetFlow v9 and IPFIX, supporting traffic flow analysis from both Cisco and non-Cisco networking platforms using IPFIX records and their NetFlow equivalents. Traffic Insights also helps you monitor your application usage (see Application Recognition).
Traffic Insights Use Cases
Traffic Insights provides value for any organization, particularly for network engineering and network operations (NetOps) teams utilizing Enterprise Agents as part of their ThousandEyes deployment. The visibility it provides into network traffic as well as its ability to correlate network traffic data with synthetic test results makes Traffic Insights valuable in addressing a number of use cases, including:
Identifying application traffic as the cause of degraded experiences – Through the use of filtering and the ability to identify applications within flow records through network-based application recognition (NBAR), Traffic Insights can be used to attribute packet loss or latency on a network node to specific applications. In a troubleshooting workflow, for example, network teams can filter and sort flow records to quickly identify applications that are consuming excessive bandwidth and perhaps causing more business-critical applications to underperform.
Identifying network nodes and interfaces as the cause of degraded experiences – Similarly, teams can start with a network path visualization in a troubleshooting workflow, then correlate poor performance with detailed network traffic analysis to drill down and remediate issues at the node or interface level.
Visualizing trends and changes in traffic before, during, and after issues occur – Traffic Insights provides a 30-day window into network traffic and features an easy-to-navigate interface combining graphical (stacked charts, trend lines, etc.) and tabular views that reduce the amount of time and effort needed to identify issues and move towards resolution.
Prioritizing issues based on user impact – Filtering the flow records within Traffic Insights makes it possible to determine the number of end-users affected by network performance degradation at specific locations or in specific regions. Enterprise Agents activated for flow forwarding within specific network segments allow you to localize a synthetic test event to a specific network device (or segment).
Traffic Insights Key Components
The following network elements are involved in sending network flow data to ThousandEyes. This list includes components you either need to configure on your own network devices, install inside your network, or configure on the ThousandEyes platform.
Each element serves a crucial role in Traffic Insights visibility:
Traffic monitor: The traffic monitor is configured on a router or switch inside your network. The monitor can watch traffic on one or more interfaces. This component generates network flow data based on what is passing through the network device on which it resides, and then exports this data to the ThousandEyes Enterprise Agent via a dedicated IP and interface. A traffic monitor includes both flow monitor and flow exporter functionality.
Forwarder: The flow forwarder, or forwarding agent, resides on a specially enabled ThousandEyes Enterprise Agent. Traffic is received on UDP port 18089 by default (though this port can be updated to match your environment). The forwarder resides within your enterprise network but communicates directly with the ThousandEyes platform via secure encryption. Essentially, the forwarding agent is the point where the network flow data is compressed, encrypted, and transmitted from the local Enterprise Agent to the ThousandEyes platform for your global region. Additionally, the forwarder can be configured to forward the flows to an external collector if needed.
ThousandEyes platform: The ThousandEyes platform is where you view the network flow. You also use the ThousandEyes UI to configure various pieces of Traffic Insights, and also to enable SNMP device discovery and configuration.
See Component Relationships for more information about how components relate to each other.
Traffic Insights Configuration Overview
All you’ll need to get started in Traffic Insights is a valid ThousandEyes license, an Organization Admin or Account Admin role (see Role-Based Access Control, Explained), and the ability to make the necessary configuration changes within your own enterprise network. See Traffic Insights System Requirements and Traffic Insights Configuration Guide for details.
Configuring Traffic Insights involves the following essential steps:
Configure the Enterprise Agent to enable it for flow forwarding. You might need to install a dedicated Enterprise Agent. See Step 1: Enable an Enterprise Agent.
Configure SNMP devices in ThousandEyes, if not already done so, to enable ThousandEyes to correlate the device information shown through your path visualization (synthetic test data) with the data coming from your traffic monitors. See Step 2: Configure SNMP Device Discovery.
Configure network devices to serve as flow exporters via command line, Cisco Catalyst SD-WAN Manager, Meraki Dashboard, or other tools. Once allow-listed in ThousandEyes, these “traffic monitors” can send flow data to the platform. See Step 3: Configure Network Flow Data.
Note that steps 2 and 3 can also be done in reverse order, but we recommend doing them in the above order as best practice.
Optional configuration steps include subnet tagging in ThousandEyes so you can filter by subnets using human-readable labels such as “engineering” or “HR”. You can also configure optional external flow collectors that may represent existing systems, so that they can receive network traffic flow information outside of any ThousandEyes data needs. See Optional Configurations.
Traffic Insights Quick Start Guide
For a screen-by-screen guide to configuring all the above elements within ThousandEyes, see this handy walk-through. For ease of viewing, the guide assumes you already have a supported Enterprise Agent available for configuration. See Supported Enterprise Agent Device Types for information about supported agents.
Trial Traffic Insights
You can request a free trial of Traffic Insights directly within the ThousandEyes portal by navigating to Traffic Insights from the left-hand menu. Click Request Trial to activate your free trial. You will receive a confirmation email when you start the 60-day trial period. Before your trial period expires, we will reach out to you. While a free trial can only be requested once, you can talk to your account team to discuss additional options.
Last updated
