92 <strong>IBM</strong> <strong>Tivoli</strong> Netcool Performance Flow Analyzer: <strong>Installation</strong> <strong>and</strong> <strong>User</strong> <strong>Guide</strong>
Glossary The installation, configuration, <strong>and</strong> operation of the <strong>Tivoli</strong> Netcool Performance Flow Analyzer system are described in this document with consistent terminology. The important terms are defined here. Traffic Flow A traffic flow is a sequence of packets with common end-to-end properties (for example, protocol, source <strong>and</strong> destination addresses <strong>and</strong> source <strong>and</strong> destination ports). Traffic Aspect Flow-based traffic information is presented in <strong>Tivoli</strong> Netcool Performance Flow Analyzer with respect to various traffic aspects. Aspects are defined from aspect components such as domain, traffic type, protocol, service type, port, application, host, interface, autonomous system, <strong>and</strong> so on. Aspects provide the means to look at collected traffic information from different viewpoints <strong>and</strong> help to underst<strong>and</strong> the composition of traffic in the network. Aspects are composed of multiple aspect components. The configuration of aspects is defined in section 4.2. Host The host aspect component shows the composition of traffic with respect to the sending <strong>and</strong> receiving end machines. A host is identified by its IP address. <strong>Tivoli</strong> Netcool Performance Flow Analyzer uses DNS reverse lookup to determine the host name from the IP address. Reverse lookup can be disabled. IP version 4 <strong>and</strong> 6 addressing is supported. Domain A domain is defined as a grouping of IP addresses <strong>and</strong> represents a set of hosts. The grouping can be defined with a list of subnets, a list of autonomous systems, or a filter expression. The default domain is called Other. If a host is not applicable to any explicitly defined domain, then it falls into Other. Other can be used as a synonym for the rest of the network. Traffic Type The traffic type aspect component provides a breakdown of traffic with respect to IPv4, IPv6, unicast, broadcast, <strong>and</strong> multicast traffic. Protocol The protocol aspect component provides a breakdown of traffic with respect to the transport layer protocols (for example, ICMP, TCP, UDP, ESP). ICMP (Internet Control Message Protocol) is additionally provided as an individual aspect to provide a breakdown of ICMP messages. See the /etc/tnpfa/protocols file <strong>and</strong> the /etc/tnpfa/icmp file for configuration. Service Type The service type aspect component provides a breakdown of traffic with respect to the type of service settings in the IP header. <strong>Tivoli</strong> Netcool Performance Flow Analyzer is preconfigured for the IETF Differentiated Services code points (DSCPs). See the /etc/tnpfa/tos file for configuration. Port A large part of IP traffic is transmitted over session-oriented transport layer protocols, such as TCP <strong>and</strong> UDP. Transport layer protocols use source <strong>and</strong> destination ports that indicate the higher-layer application protocols (or services) offered on the end hosts. Thus the port aspect component provides a breakdown of traffic with respect to the application protocols (for example, http, pop3, ssh). The heuristic for determining the service from the source <strong>and</strong> destination port numbers is as follows: Copyright <strong>IBM</strong> Corp. 2004, 2010 93