Monitoring Traffic Flows

This section describes the FlowIQ feature of Aviatrix CoPilot.

FlowIQ provides you with critical visibility capability to the traffic that traverses your network, displaying metadata about traffic that flows across each link. FlowIQ provides visualization of traffic flows, enabling you to inspect any network traffic that is moving across any gateway managed by the Aviatrix Controller in your Aviatrix transit network (multicloud or single cloud network). FlowIQ enables you to identify where data in your network is going to and where it is coming from and you can filter for detailed information about the traffic down to the packet level.

You access FlowIQ in CoPilot by going to CoPilot > Monitor > FlowIQ or typing FlowIQ in the navigation search.

You can use CoPilot’s FlowIQ feature to determine if a gateway is actually compromised, or if a compromised system is attempting a connection. Sometimes when you use an Aviatrix DNS resolution feature (Egress FQDN, Single IP SNAT, User SSL VPN) you might see a message that an Aviatrix gateway is compromised, when it is the endpoint itself that is compromised.

Use the information on this page to view the source of the traffic that generated the alert. You can enable FlowIQ following these directions.

Interacting with the Flows

FlowIQ provides various views for visualizing traffic records. The views respond to filters that are selected. The filters that you set are carried across all of the views.

FlowIQ Overview Page

In the FlowIQ overview page, CoPilot provides an overview of all the traffic that has traversed across your Aviatrix transit network over the last hour, day, week, month, or over a custom timeframe.

The traffic information is broken down into various categories displayed in pie charts.

By default, the pie charts show details for all traffic. You can filter the information to show only the traffic you are interested in analyzing. When you click on any pie-chart slice, CoPilot automatically creates a filter that narrows down the information displayed across all pie charts. Each time you select another slice, CoPilot adds another rule to your filter group.

After you analyze traffic data based on one or more filters (you can create up to ten filters), clear the filter(s) so that CoPilot returns to showing data for all traffic.

In the FlowIQ trends page, CoPilot shows an overview of traffic as it moves over time for traffic based on:

  • A specified destination port.

  • A specified source address.

  • A specified destination address.

  • Total bandwidth based on direction of traffic, ingress or egress.

By default, the graphs show details for the top ten results. You can filter the information for the graphs to show only the traffic you are interested in analyzing. When you click on any pie-chart slice (or listed value), CoPilot automatically creates a filter that narrows down the information displayed across all graphs. Each time you select another slice, CoPilot adds another rule to your filter group.

After you analyze traffic data based on one or more filters, clear the filter(s) so that CoPilot returns to showing data for the top ten results.

FlowIQ Geolocation Page

In the Flow IQ geolocation page, CoPilot provides an overview of where traffic is coming from and going to within your cloud fabric over the last hour, day, week, month, or over a custom timeframe. The map shows the approximate location of your Aviatrix managed network constructs across the globe.

When you set the time period to Last Day, you can more easily see where most of the traffic is coming from and going to.

Security teams can use the geolocation view to easily identify which countries the traffic coming into their network is coming from to help determine if unexpected traffic poses a security vulnerability.

The geolocation traffic information is broken down into various categories displayed in pie charts.

By default, the pie charts show details for all traffic. You can filter the information for the pie charts to show only the traffic you are interested in analyzing. When you click on any pie-chart slice, CoPilot automatically creates a filter that narrows down the information displayed across all pie charts. Each time you select another slice, CoPilot adds another rule to your filter group.

After you analyze traffic data based on one or more filters, clear the filter(s) so that CoPilot returns to showing data for all traffic.

FlowIQ Records Page

In the FlowIQ records page, CoPilot shows detailed information about all the traffic flows seen by your multicloud transit no matter which cloud the traffic is on.

The Flow Records table shows you the detailed records of the traffic down to the packet level.

You can filter the flow records in the Flow Records table by hovering over any value in the table and selecting the filter icon.

You can export the flow records data table to CSV if you want to save them for later viewing or import them into your own analytics platform.

FlowIQ Flows Page

In the Flow IQ flows page, CoPilot shows all the traffic that is currently seen by your multicloud transit no matter which cloud the traffic is on.

You can view how much traffic was sent in the last hour, day, week, month, or a custom timeframe.

The pie charts show which source addresses and destination addresses receive the most and least bytes of data for the top 10 addresses.

Using the Sankey graph, you can easily identify which source and destination hosts have the most traffic being exchanged between them (top talkers) in your network by the thickest colored bars. Hover over each colored bar to see what destination host the source host is sending traffic to based on how much traffic is being sent between them.