Traffic Top N

Prerequisites

Top N is enabled. For details, see Top N Study.

Function

The ATIC management center collects statistics on Incoming Traffic or Attack Traffic in the specified interval and ranks the top N traffic. From the top N statistics, you can view the top N Zones, services, or IP addresses with the largest volumes of inbound or attack traffic.

IP Traffic Top N

Ranks traffic by destination IP address. If traffic anomalies occur, you can view IP Traffic Top N to learn about the IP addresses with the largest volumes of inbound or attack traffic.
Zone Traffic Top N

Ranks traffic by Zone. If traffic anomalies occur, you can view Zone Traffic Top N to learn about the Zones with the largest volumes of inbound or attack traffic.
Service Traffic Top N

Ranks traffic by service. If traffic anomalies occur, you can view Service Traffic Top N to learn about the services with the largest volumes of inbound or attack traffic.

Parameter

Table 1 shows parameters when Report Type is set to Zone Traffic Top N. Table 2 shows parameters when Report Type is set to Service Traffic Top N. Table 3 shows parameters when Report Type is set to IP Traffic Top N.

**Table 1** Query parameters of Zone Traffic Top N
Parameter	Description
Device	Select a device from the drop-down list. Total Cleaning and Total Detecting are described as follows: Total (Cleaning): Indicates that traffic on all cleaning devices is queried. Total (Detecting): If two or more detecting devices in a defense group work in Load Redundancy mode, the maximum traffic volume in the defense group is queried and the sum of traffic volumes among defense groups is queried. If two or more detecting devices in each defense group work in Load Balancing mode, the sum of traffic volumes within each defense group and among defense groups is queried.
Protocol	Select the protocol type to be queried.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year. If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily. If the query interval is shorter than seven days, statistics are collected hourly.
Type	Select a traffic type. The traffic types are Incoming Traffic and Attack Traffic. Incoming Traffic or Attack Traffic can be selected for anti-DDoS cleaning devices, and only Incoming Traffic can be selected for anti-DDoS detecting devices.
Statistics	Select a mode for collecting statistics. Average Value: indicates the average value of inbound traffic or attack traffic within the specified time segment. Peak Value: indicates the maximum value of inbound traffic or attack traffic within the specified time segment. The peak value can be selected only when a device is selected.
Unit	Select a traffic measurement unit. The unit can be pps or kbps. The default unit is pps.
Top N	Enter the value of N.

**Table 2** Query parameters of Service Traffic Top N
Parameter	Description
Device	Select a device from the drop-down list. Total Cleaning and Total Detecting are described as follows: Total (Cleaning): Indicates that traffic on all cleaning devices is queried. Total (Detecting): If two or more detecting devices in a defense group work in Load Redundancy mode, the maximum traffic volume in the defense group is queried and the sum of traffic volumes among defense groups is queried. If two or more detecting devices in each defense group work in Load Balancing mode, the sum of traffic volumes within each defense group and among defense groups is queried.
Zone	Click , select a Zone on the Zone page that is displayed, and then click OK.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year. If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily. If the query interval is shorter than seven days, statistics are collected hourly.
Type	Select a traffic type. The traffic types are Incoming Traffic and Attack Traffic. Incoming Traffic or Attack Traffic can be selected for anti-DDoS cleaning devices, and only Incoming Traffic can be selected for anti-DDoS detecting devices.
Statistics	Select a mode for collecting statistics. Average Value: indicates the average value of inbound traffic or attack traffic within the specified time segment. Peak Value: indicates the maximum value of inbound traffic or attack traffic within the specified time segment. The peak value can be selected only when a device is selected.
Unit	Select a traffic measurement unit. The unit can be pps or kbps. The default unit is pps.
Top N	Enter the value of N.

**Table 3** Query parameters of IP Traffic Top N
Parameter	Description
Device	Select a device from the drop-down list. Total Cleaning and Total Detecting are described as follows: Total (Cleaning): Indicates that traffic on all cleaning devices is queried. Total (Detecting): If two or more detecting devices in a defense group work in Load Redundancy mode, the maximum traffic volume in the defense group is queried and the sum of traffic volumes among defense groups is queried. If two or more detecting devices in each defense group work in Load Balancing mode, the sum of traffic volumes within each defense group and among defense groups is queried.
Zone	Click , select a Zone on the Zone page that is displayed, and then click OK.
Service	Select a service or service group from the drop-down list. The value of Protocol is subject to Service. If a service is selected for Service, the value of Protocol must correspond to the service.For details on how to configure the service, see Configuring a Service Learning Task.
Protocol	Select the protocol type to be queried.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year. If the query interval is longer than or equal to seven days and shorter than one year, statistics are collected daily. If the query interval is shorter than seven days, statistics are collected hourly.
Type	Select a traffic type. The traffic types are Incoming Traffic and Attack Traffic.
Statistics	Select a mode for collecting statistics. Average Value: indicates the average value of inbound traffic or attack traffic within the specified time segment. Peak Value: indicates the maximum value of inbound traffic or attack traffic within the specified time segment. The peak value can be selected only when a device is selected.
Unit	Select a traffic measurement unit. The unit can be pps or kbps. The default unit is pps.
Top N	Enter the value of N.

Example

If the device is set to Total (Cleaning), traffic type to Attack Traffic, statistical method to Average Value, and protocol type to Total, IP Traffic Top N within a period of time are displayed in Figure 1.

Figure 1 IP Traffic Top N

Procedure

Choose Report > Report > Traffic Analysis.
Click the Traffic Top N tab.
Set query parameters.
Click Search.
The status of the top N Zone traffic of corresponding query conditions is displayed.

NOTE:
If a Zone has been deleted, the Zone name is displayed as Unknown Zone.
Optional: Open or save the query results as files, or send queried reports to the specified email address.
- Click to open or save the query results as PDF files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as EXCEL files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as CSV files. All data except figures can be displayed.
- Click to enter a recipient mail address and select an attachment format. Then click OK.