All Products
Search
Document Center

Network Intelligence Service:Work with the Internet traffic analysis capability

Last Updated:Feb 11, 2025

You can view the volume of Internet traffic on the Traffic Statistics and Traffic Map tabs in the Network Intelligence Service console. The Traffic Statistics tab displays the ranking of inbound or outbound traffic by region or instance in the form of 1-tuple (cloud IP addresses), 2-tuples (cloud IP addresses and peer IP addresses), and 5-tuples (cloud IP addresses, cloud ports, protocols, peer IP addresses, and peer ports). This enhances user experience. This topic describes how to use the Internet traffic analysis capability.

Enable the Internet traffic analysis capability

If you want to use the Internet traffic analysis capability, you must enable this capability for specific regions or for specific IP addresses. After you enable the Internet traffic analysis capability, NIS starts to collect and analyze the Internet traffic data related to the specified regions or IP addresses.

  1. Log on to the NIS console.

  2. In the left-side navigation pane, choose Configure > Traffic Activation Management.

  3. On the Traffic Activation Management page, find the regions for which you want to enable the Internet traffic analysis capability, select Activate by Region or Activate by IP in the Switch column, and then click Update Status of Network Monitoring. Then, view the Internet traffic data that is related to the regions or IP addresses for which this capability is enabled.

    If you select Activate by IP, you need to select multiple public IP addresses that are associated with Elastic IP Address (EIP), Classic Load Balancer (CLB), and Elastic Compute Service (ECS) based on your business requirements.

    If you do not need to query the Internet traffic in a specific region, you can click Deactivate in the Switch column to disable the Internet traffic analysis capability for the region.

Query Internet traffic

  1. In the left-side navigation pane, choose Traffic Analytics > Internet Traffic.

  2. On the Traffic Statistics tab of the Internet Traffic page, click the Inbound or Outbound tab and select a region from the region drop-down list.

  3. Click the 1-tuple, 2-tuples, or 5-tuples tab to view the data of inbound or outbound Internet traffic.

    You can specify a time range and other search criteria to view the traffic of IP addresses, ports, and protocols within the specified time range.

    Item

    Description

    Time range

    Select the time range of the Internet traffic to query.

    • Time range: If you click the 1-tuple tab or the 2-tuples tab, you can retrieve data within the last 7 days. If you click the 5-tuples tab, you can retrieve data only of the current day.

    • Timespan: If you click the 1-tuple tab or the 2-tuples tab, the maximum timespan of the time range is 24 hours. If you click the 5-tuples tab, the maximum timespan of the time range is 5 minutes due to the large amount of data in the format of 5-tuples.

    Note

    You can only view the data that was collected within the period of time after the Internet traffic analysis capability is enabled.

    Search criteria

    Select search criteria to view the Internet traffic data. The following list describes the criteria by which you can search to view the traffic data in the form of 1-tuple, 2-tuples, and 5-tuples.

    • 1-tuple: supports search criteria including the instance ID and the bandwidth plan ID.

    • 2-tuples: supports search criteria including the instance ID, bandwidth plan ID, cloud IP address, peer IP address, peer Internet service provider (ISP), peer country or region, and peer city.

    • 5-tuples: supports search criteria including the instance ID, bandwidth plan ID, cloud IP address, peer IP address, peer ISP, peer country or region, peer city, cloud port, peer port, and protocol.

    Tuple

    Displayed content

    1-tuple

    • Statistics/Trend Charts: displays the inbound or outbound bandwidth, round trip time (RTT) of TCP packets, retransmission rate, and Internet bandwidth of different services in a region within the specified time range.

    • Traffic List: displays the instance IDs, IP addresses, inbound or outbound traffic, number of packets, and retransmission rate in a region within the specified time range.

    2-tuples

    • Statistics/Trend Charts: displays the Internet traffic data in a region within the specified time range, including the inbound or outbound traffic of top-N cities in countries or regions, inbound or outbound traffic of top-N ISPs, and top inbound and outbound traffic between cloud IP addresses and peer IP addresses.

    • Traffic List: displays the instance IDs, cloud IP addresses, peer IP addresses, inbound or outbound traffic, number of packets, retransmission rate, RTT of TCP packets, and cloud cities in a region within the specified time range.

      Note

      You can turn on Show Traffic Trend on the 2-tuples tab to view all trend charts.

    5-tuples

    • Statistics/Trend Charts: displays the Internet traffic of top-N protocols, and Internet traffic of top-N cloud ports in a region within the specified time range.

    • Traffic List: displays the instance IDs, cloud IP addresses, cloud ports, protocols, peer IP addresses, traffic, number of packets, retransmission rate, cloud cities, and peer cities in a region with the specified time range.

    Note

    If you do not specify the local IP address and the remote IP address at the same time, you can query the traffic data within a maximum of 5 minutes.

    More operations

    Operation

    Description

    Drill down 2-tuples

    In the Traffic List section of the 1-tuple tab, find the instance that you want to view and click 2-tuples in the Details column to view the Internet traffic of the specified instance and the specified cloud IP address.

    Drill down 5-tuples

    • In the Traffic List section of the 1-tuple tab, find the instance that you want to view and click 5-tuples in the Details column to view the Internet traffic of the specified instance and the specified cloud IP address.

    • In the Traffic List section of the 2-tuples tab, find the instance that you want to view and click 5-tuples in the Details column to view the Internet traffic of the specified instance, specified cloud IP address, and specified peer IP address.

    View trend

    In the Traffic List section, find the instance that you want to view and click View Trend in the Actions column. Then, you can view the basic information about the instance, and the trends of average bandwidth per minute and the number of packets within the specified time range.

    Monitor instances

    In the Traffic List section, find the instance that you want to view and click Monitoring in the Actions column. On the Traffic Statistics tab of the instance details page, you can view the inbound or outbound traffic of the instance. For more information, see Use features on the Overview page.

    Note

    Only EIPs support the instance monitoring feature.

    Select Top-N

    In the Traffic List section, select TOP 20, TOP 50, or TOP 100 to view the Internet traffic data of the top 20, top 50, or top 100 instances.

View traffic charts

The Traffic Map tab displays the chart for Internet performance distribution by region, RTT of top-N countries or regions, traffic of top-N countries or regions, RTT of top-N ISPs, and traffic of top-N ISPs.

  1. In the left-side navigation pane, choose Traffic Analytics > Internet Traffic.

  2. On the Internet Traffic page, click the Traffic Map tab.

  3. Click China or Global and specify the following parameters to view the chart for Internet performance distribution by region.

    Item

    Description

    Region

    From the drop-down list select a region to view the traffic chart of the region.

    Province

    From the drop-down list select a province to view the traffic chart of the province.

    • If you select China, you need to select a province from the Province drop-down list.

    • If you select Global, you need to select a country or region from the Country drop-down list.

    Examples:

    • If you select China, select China (Hangzhou), and do not select an option from the Province drop-down list, you can view the quality of networks between the China (Hangzhou) region and other cities in the Chinese mainland. If you select China, China (Hangzhou), and Sichuan from the Province drop-down list, you can view the quality of networks between the China (Hangzhou) region and the Sichuan province.

    • If you select Global, select China (Hangzhou), and do not select an option from the Country drop-down list, you can view the quality of networks between the China (Hangzhou) region and other countries or regions in the world. If you select Global, China (Hangzhou), and Spain from the Country drop-down list, you can view the quality of networks between the China (Hangzhou) region and Spain.

    ISP

    Select an ISP.

    Time range

    Select the time range of the data to query.

    • By default, the system selects the last hour as the time range.

    • You must select a consecutive time range for analysis. The maximum timespan of each time range is 24 hours. You can retrieve data within the last 7 days.

    For example, the current time is 10:21 on September 29, 2022.

    • In this case, the default time range is from 09:21 on September 29, 2022 to 10:21 on September 29, 2022.

    • The maximum timespan of each time range is 24 hours. For example, you can retrieve data from 10:21 on September 28, 2022 to 10:21 on September 29, 2022. You cannot retrieve data earlier than 10:21 on September 21, 2022.

  4. View the rankings of RTT and traffic of countries or regions and ISPs.

View Internet NAT gateway traffic

  1. Log on to the NIS console.

  2. In the left-side navigation pane, click Overview.

  3. In the Resources section, select NAT Gateway and a region from the drop-down lists. Find the instance ID of the NAT gateway to view the Internet traffic of the instance. Click Learn More in the Monitoring column that corresponds to the instance.

  4. On the Instance Performance tab, select or specify a time range to view the traffic data of the Internet NAT gateway.

    • By default, the system selects the last hour as the time range. For example, if the current time is 17:30 on January 13, 2022, the default time range is from 16:30 on January 13, 2022, to 17:30 on January 13, 2022.

    • You must select a consecutive time range for analysis. The maximum timespan of each time range is 24 hours. You can retrieve data within the last 7 days. For example, if the current time is 17:30 on January 13, 2022, you can retrieve data from 17:30 on January 12, 2022 to 17:30 on January 13, 2022. You cannot retrieve data earlier than 17:30 on January 7, 2022.

    The following table describes the metrics.

    Category

    Metric

    Session

    • New Connection Rate: the average of new TCP and UDP connections that are established to the NAT gateway per second. Unit: countS.

    • Concurrent Connections: the number of concurrent TCP and UDP connections per minute that are supported by the NAT gateway. Unit: counts.

    Bandwidth

    • Rate of Traffic from VPC: the amount of traffic per second from the VPC to the NAT gateway. Unit: bit/s.

    • Rate of Traffic from the Internet: the amount of traffic per second from the Internet to the NAT gateway. Unit: bit/s.

    • Rate of Traffic to VPC: the amount of traffic per second from the NAT gateway to the VPC. Unit: bit/s.

    • Rate of Traffic to the Internet: the amount of traffic per second from the NAT gateway to the Internet. Unit: bit/s.

    Resource Plan

    • Packets from VPC: the number of packets from the VPC to the NAT gateway. Unit: counts.

    • Packets from the Internet: the number of packets from the Internet to the NAT gateway. Unit: counts.

    • Packets to VPC: the number of packets from the NAT gateway to the VPC. Unit: counts.

    • Packets to the Internet: the number of packets from the NAT gateway to the Internet. Unit: counts.

  5. In the SNAT Data Transfer Ranking section, view the monitoring data about traffic forwarding based on Source Network Address Translation (SNAT).

    If a large number of ECS instances use SNAT to access the Internet, excessively high data transfer on one or more ECS instances may affect the data transfer from other ECS instances to the Internet. You can view the monitoring data about traffic forwarding based on SNAT to locate the ECS instance with the highest data transfer volume and throttle data transfer on the ECS instance. Then, you can troubleshoot the issue to ensure the stability of your business.

    The following table describes the monitoring metrics for SNAT-based traffic forwarding.

    Metric

    Unit

    Description

    Inbound Bandwidth

    bps

    Note

    The unit in the console shall prevail.

    The bandwidth that is used to access ECS instances over the Internet.

    Outbound Bandwidth

    bps

    Note

    The unit in the console shall prevail.

    The bandwidth that is used to access the Internet from ECS instances.

    Inbound Packets Per Second

    Packets/second

    The number of packets from the Internet to ECS instances per second.

    Outbound Packets Per Second

    Packets/second

    The number of packets from an ECS instance to the Internet per second.

    Concurrent Connections

    Connections

    The number of concurrent connections established by an ECS instance that accesses the Internet through the NAT gateway.

    New Connections per Second

    Packets/second

    The number of new connections established per second by an ECS instance that accesses the Internet through the NAT gateway.

FAQ

Which public IP addresses are supported by the Internet traffic analysis capability?

You can enable the Internet traffic analysis capability for the following public IP addresses:

  • Elastic IP Address (EIP) that are associated with ECS instances, CLB instances, NAT Gateway, high-availability virtual IP addresses (HAVIPs), Internet-facing Application Load Balancer (ALB) instances, and Network Load Balancer (NLB) instances.EIPEIP

  • Public IP addresses that are assigned to CLB instances

  • Public IP addresses that are assigned to ECS instancesECS

Why am I unable to view the data after I enable the traffic analysis feature?

After you enable the traffic analysis feature, it takes about 10 minutes for the system to prepare data.

Why am I unable to find some ECS instances in a region on the Internet Traffic page after I enable the Internet traffic analysis capability for the region?

If ECS instances are assigned public IP addresses, the IDs of the ECS instances are displayed on the Internet Traffic page. If ECS instances are associated with Elastic IP Address (EIP), the EIP are displayed on the Internet Traffic page.

Can NIS obtain the real IP addresses of clients when Web Application Firewall (WAF) is enabled for SLB instances?

NIS cannot obtain the real IP addresses of clients when WAF is enabled for SLB instances.

Can the Internet traffic analysis capability collect the information about traffic that is denied by security groups?

  • The Internet traffic analysis capability can collect only the information about inbound traffic that is denied by security groups.

  • This capability cannot collect information about outbound traffic that is denied by security groups.

Why am I unable to view RTT on the Internet Traffic page?

NIS collects only the RTT of TCP connections when the connections are established. Check whether your transport layer protocol is TCP. The data about RTT is stored in the NIS console for one day. If a TCP connection is persistent, the connection may be established one day earlier. In this case, the data of RTT for the connection when the connection was established may no longer be displayed on the Internet Traffic page.

Why is the traffic monitoring data of a service in the NIS console different from the monitoring data in the service console?

The data is slightly different because the traffic data is collected at different points.

References

  • GetInternetTuple: queries the rankings of Internet traffic data.

  • GetNatTopN: queries the real-time SNAT performance ranking of a NAT gateway.