All Products
Search
Document Center

Network Intelligence Service:Work with the Internet traffic analysis capability

Last Updated:Mar 18, 2024

You can view the volume of Internet traffic on the Traffic Statistics and Traffic Map tabs in the Network Intelligence Service console. The Traffic Statistics tab displays the ranking of inbound or outbound traffic by region or instance in the form of 1-tuple (cloud IP addresses), 2-tuples (cloud IP addresses and peer IP addresses), and 5-tuples (cloud IP addresses, cloud ports, protocols, peer IP addresses, and peer ports). This enhances user experience. This topic describes how to use the Internet traffic analysis capability.

Enable the Internet traffic analysis capability

If you want to use the Internet traffic analysis capability, you must enable this capability for specific regions or for specific IP addresses. After you enable the Internet traffic analysis capability, Network Intelligence Service (NIS) starts to collect and analyze the Internet traffic data related to the specified regions or IP addresses.

  1. Log on to the NIS console.

  2. In the left-side navigation pane, choose Configure > Traffic Activation Management.

  3. On the Traffic Activation Management page, find the region where you want to enable the Internet traffic analysis capability, select Activate by Region or Activate by IP in the Switch column, and then click Update Status of Network Monitoring. Then, view the Internet traffic data that is related to the regions or IP addresses for which this capability is enabled.

    If you select Activate by IP, you need to select elastic IP addresses (EIPs), the public IP addresses that are associated with Classic Load Balancer (CLB) instances, and the public IP addresses that are associated with Elastic Compute Service (ECS) instances based on your business requirements.

    If you do not need to query the Internet traffic in a specific region, you can click Deactivate in the Switch column to disable the Internet traffic analysis capability for the region.

Query Internet traffic

  1. In the left-side navigation pane, choose Traffic Analytics > Internet Traffic.

  2. On the Traffic Statistics tab of the Internet Traffic page, click the Inbound or Outbound tab and select a region from the drop-down list.

  3. Click the 1-tuple, 2-tuples, or 5-tuples tab to view the data of inbound or outbound Internet traffic.

    You can specify a time range and search criteria to view the traffic of the specified period of time, IP addresses, ports, and protocols.

    Parameter

    Description

    Time range

    Select the time range of the Internet traffic to query.

    • Time range: If you click the 1-tuple tab or the 2-tuples tab, you can retrieve data within the last seven days. If you click the 5-tuples tab, you can retrieve data only on the current day.

    • Timespan: If you click the 1-tuple tab or the 2-tuples tab, the maximum timespan of the time range is 24 hours. If you click the 5-tuples tab, the maximum timespan of the time range is 5 minutes due to the large amount of data in the format of 5-tuples.

    Note

    You can view the data collected within the period of time only after the Internet traffic analysis capability is enabled.

    Search criteria

    Select search criteria to view the Internet traffic data. The following section describes the criteria by which you can search to view the traffic data in the form of 1-tuple, 2-tuples, and 5-tuples.

    • 1-tuple: supports search criteria including the instance ID and the bandwidth plan ID.

    • 2-tuples: supports search criteria including the instance ID, bandwidth plan ID, cloud IP address, peer IP address, peer Internet service provider (ISP), peer country or region, and peer city.

    • 5-tuples: supports search criteria including the instance ID, bandwidth plan ID, cloud IP address, peer IP address, peer ISP, peer country or region, peer city, cloud port, peer port, and protocol.

    Tuple

    Displayed content

    1-tuple

    • Statistics/Trend Charts: displays the inbound or outbound bandwidth, round trip time (RTT) of TCP packets, number of retransmissions, and Internet bandwidth of different services in a region within the specified time range.

    • Traffic List: displays the instance IDs, IP addresses, inbound or outbound traffic, number of packets, number of retransmissions, and number of disordered packets in a region within the specified time range.

    2-tuples

    • Statistics/Trend Charts: displays the Internet traffic data in a region within the specified time range, including the inbound or outbound traffic of top-N cities in countries or regions, inbound or outbound traffic of top-N ISPs, and top inbound and outbound traffic between cloud IP addresses and peer IP addresses.

    • Traffic List: displays the instance IDs, cloud IP addresses, peer IP addresses, inbound or outbound traffic, number of packets, number of retransmissions, number of disordered packets in a region, RTT of TCP packets, and cloud cities in a region within the specified time range.

      Note

      You can turn on Show Traffic Trend to view the trend charts of all traffic.

    5-tuples

    • Statistics/Trend Charts: displays the Internet traffic of top-N protocols, and Internet traffic of top-N cloud ports in a region within the specified time range.

    • Traffic List: displays the instance IDs, cloud IP addresses, cloud ports, protocols, peer IP addresses, traffic, number of packets, number of retransmissions, number of disordered packets, cloud cities, and peer cities in a region with the specified time range.

    Note

    If you do not specify the local IP address and the remote IP address at the same time, you can query the traffic data within up to 5 minutes.

    Related operations

    Operation

    Description

    2-tuples

    In the Traffic List section of the 1-tuple tab, find the instance that you want to view and click 2-tuples in the Details column to view the Internet traffic of the specified instance and the specified cloud IP address.

    5-tuples

    • In the Traffic List section of the 1-tuple tab, find the instance that you want to view and click 5-tuples in the Details column to view the Internet traffic of the specified instance and the specified cloud IP address.

    • In the Traffic List section of the 2-tuples tab, find the instance that you want to view and click 5-tuples in the Details column to view the Internet traffic of the specified instance, specified cloud IP address, and specified peer IP address.

    View Trend

    In the Traffic List section, find the instance that you want to view and click View Trend in the Actions column. Then, you can view the basic information about the instance, and the trends of average bandwidth per minute and the number of packets within the specified time range.

    Instance Monitoring

    In the Traffic List section, find the instance that you want to view and click Instance Monitoring in the Actions column. On the Traffic Statistics tab of the instance details page, you can view the inbound or outbound traffic of the instance. For more information, see Use features on the Overview page.

    Note

    Only EIPs support the instance monitoring feature.

    Select Top-N

    In the Traffic List section, select TOP 20, TOP 50, or TOP 100 to view the Internet traffic data of the top 20, top 50, or top 100 instances.

View traffic charts

The Traffic Map tab displays the chart for Internet performance distribution by region, RTT of top-N countries or regions, traffic of top-N countries or regions, RTT of top-N ISPs, and traffic of top-N ISPs.

  1. In the left-side navigation pane, choose Traffic Analytics > Internet Traffic.

  2. Internet Traffic

  3. Click China or Global and specify the following parameters to view the chart for Internet performance distribution by region.

    Note

    In a traffic chart, the RTT of different regions is rated according to unified standards. Different colors indicate different ratings.

    • Excellent: RTT ≤ 50 ms, green

    • Good: 50 ms < RTT ≤ 200 ms, medium green

    • Average: 200 ms < RTT ≤ 500 ms, light green

    • Fair: 500 ms < RTT ≤ 1,000 ms, yellow

    • Poor: RTT > 1,000 ms, orange or red

    Parameter

    Description

    Region

    Select the region where you want to view the traffic chart from the drop-down list.

    Province

    Select the province for which you want to view the traffic chart from the drop-down list.

    • If you select China, you need to select a province for which you want to view the traffic chart from the Province drop-down list.

    • If you select Global, you need to select a country or region for which you want to view the traffic chart from the Country/Region drop-down list.

    Examples:

    • If you select China, select China (Hangzhou), and do not select an option from the Province drop-down list, you can view the quality of networks between the China (Hangzhou) region and other cities in the Chinese mainland. If you select China, China (Hangzhou), and Sichuan from the Province drop-down list, you can view the quality of networks between the China (Hangzhou) region and the Sichuan province.

    • If you select Global, select China (Hangzhou), and do not select an option from the Country/Region drop-down list, you can view the quality of networks between the China (Hangzhou) region and other countries or regions in the world. If you select Global, China (Hangzhou), and Spain from the Country/Region drop-down list, you can view the quality of networks between the China (Hangzhou) region and Spain.

    ISP

    Select an ISP.

    Time range

    Select the time range of the data to query.

    • By default, the system selects the last hour as the time range.

    • You need to select data within a continuous period of time for analysis. The maximum timespan of each time range is 24 hours. You can retrieve data within the last seven days.

    For example, the current time is 10:21 on September 29, 2022.

    • In this case, the default time range is from 09:21 on September 29, 2022 to 10:21 on September 29, 2022.

    • The maximum timespan of each time range is 24 hours. For example, you can retrieve data from 10:21 on September 28, 2022 to 10:21 on September 29, 2022. You cannot retrieve data from earlier than 10:21 on September 21, 2022.

  4. View the rankings of RTT and traffic of countries or regions and ISPs.

View Internet NAT gateway traffic

  1. Log on to the NIS console.

  2. In the left-side navigation pane, click Overview.

  3. In the Resources section, select NAT Gateway and a region from the drop-down lists. Then, enter an instance ID. Click Learn More in the Instance Monitoring column.

  4. On the Instance Performance tab, view the traffic data of the Internet NAT gateway.

    1. Select All, Session, Data Transfer, or Resource Plan from the drop-down list. Then, you can specify a time range to query the monitoring data.

      • By default, the monitoring data within the previous hour is displayed. For example, if the current time was 17:30 on January 13, 2022, the default time range was from 16:30 on January 13, 2022, to 17:30 on January 13, 2022.

      • You need to select a consecutive time range for analysis. The maximum timespan of each time range is 24 hours. You can retrieve data within the last seven days. For example, if the current time was 17:30 on January 13, 2022, you could retrieve data from 17:30 on January 12, 2022, to 17:30 on January 13, 2022. You cannot retrieve data from the time earlier than 17:30 on January 7, 2022.

    2. Enter the private IP addresses of ECS instances that connect to the Internet NAT gateway to filter metrics.

      The following table describes the metrics.

      Category

      Metric

      Session

      • New Connections: the number of new TCP and UDP connections that the Internet NAT gateway establishes per second within the specified time range. Unit: connections/second.

      • Concurrent Connections: the number of concurrent TCP and UDP connections to the Internet NAT gateway within the specified time range. Unit: connections.

      Data Transfer

      • Inbound Traffic: the average inbound traffic consumed within the specified time range. Unit: bit/s.

      • Outbound Traffic: the average outbound traffic consumed within the specified time range. Unit: bit/s.

      Resource Plan

      • Inbound Packet Rate: the number of inbound packets that are received per second within the specified time range. Unit: packets/second.

      • Outbound Packet Rate: the number of outbound packets that are sent per second within the specified time range. Unit: packets/second.

  5. In the SNAT Data Transfer Ranking section, view the monitoring data about traffic forwarding based on Source Network Address Translation (SNAT).

    If all of the ECS instances use SNAT to access the Internet, excessively high data transfer on one or more ECS instances may affect the data transfer from other ECS instances to the Internet. You can view the monitoring data about traffic forwarding based on SNAT to locate the ECS instance with the highest data transfer volume and throttle data transfer on the ECS instance. Then, you can troubleshoot and resolve the issue to ensure the stability of your business.

    The following table describes the monitoring metrics for SNAT-based traffic forwarding.

    Metric

    Unit

    Description

    Inbound Traffic

    bps

    Note

    The unit in the console prevails.

    The amount of traffic from the Internet to an ECS instance per second.

    Outbound Traffic

    bps

    Note

    The unit in the console prevails.

    The amount of traffic from an ECS instance to the Internet per second.

    Inbound Packets Per Second

    Packets/second

    The number of packets from the Internet to ECS instances per second.

    Outbound Packets Per Second

    Connections/second

    The number of packets from an ECS instance to the Internet per second.

    Concurrent Connections

    Connections

    The number of concurrent connections established by an ECS instance that accesses the Internet through the NAT gateway.

    New Connections per Second

    Connections/second

    The number of new connections established per second by an ECS instance that accesses the Internet through the NAT gateway.

FAQ

Which public IP addresses are supported by the Internet traffic analysis capability?

You can enable the Internet traffic analysis capability for the following public IP addresses:

  • EIPs that are associated with ECS instances, CLB instances, NAT gateways, high-availability virtual IP addresses (HAVIPs), Internet-facing Application Load Balancer (ALB) instances, and Network Load Balancer (NLB) instances

  • Public IP addresses assigned to CLB instances

  • Public IP addresses assigned to ECS instances

Why am I unable to view the data after I enable the traffic analysis feature?

After you enable the traffic analysis feature, it takes about 10 minutes for the system to prepare data.

Why am I unable to find some ECS instances in a region on the Internet Traffic page after I enable the Internet traffic analysis capability for the region?

If ECS instances are assigned public IP addresses, the IDs of the ECS instances are displayed on the Internet Traffic page. If ECS instances are associated with EIPs, the EIPs are displayed on the Internet Traffic page.

Can NIS obtain the real IP addresses of clients when WAF is enabled for SLB instances?

NIS cannot obtain the real IP addresses of clients when Web Application Firewall (WAF) is enabled for SLB instances.

Can the Internet traffic analysis capability collect the information about traffic that is denied by security groups?

The Internet traffic analysis capability can collect only the information about inbound traffic that is denied by security groups.

Why am I unable to view RTT on the Internet Traffic page?

NIS collects only the round-trip time (RTT) of TCP connections when the connections are established. Check whether your transport layer protocol is TCP. The data about RTT is stored in the NIS console for one day. If a TCP connection is persistent, the connection may be established one day earlier. In this case, the data of RTT for the connection when the connection was established may no longer be displayed on the Internet Traffic page.

Why is the traffic monitoring data of a service in the NIS console different from that in the service console?

The data is slightly different because the traffic data is collected at different points.

References

  • GetInternetTuple: queries the rankings of Internet traffic data.

  • GetNatTopN: queries the real-time SNAT performance ranking of a NAT gateway.