Traffic-based discovery in Service Mapping

Service Mapping uses traffic-based connections to collect network statistics and perform traffic-based discovery. Not only can Service Mapping discover CIs using patterns, it can also discover them by following traffic connections between CIs. This method is referred to as traffic-based discovery.

Using traffic-based discovery is like casting a finer net, allowing Service Mapping to find even those CIs that it failed to discover using patterns. The advantage is discovering more CIs, at the same time this method may clutter a business service with irrelevant CIs. Typically, you use traffic-based discovery at the initial stages of discovering a business service and disable it once you completed discovery and fine-tuned the business service.

While using traffic-based discovery creates a more inclusive map, it may also result in mapping many redundant CIs that do not influence the business service operation. You can choose to hide CIs discovered using this method from a business service map. In that case, these CIs are still part of the business service, but they are not on its map.

The system uses commands and network flow logs to collect traffic-related data and saves them in the CMDB tables. Service Mapping retrieves this data from the tables to detect CI inbound and outbound connections.
Table 1. Tables containing data collected using traffic-based methods
Table Source Used by Service Mapping to
Flow Connector [sa_flow_connection] Netflow and VPC logs
  • Discover dependencies, add connections during top-down discovery.
  • Detect possible entry points for business services and create business service candidates for mapping based on these entry points.
Flow Services IP/Port and Statistics [sa_flow_service] Netflow and VPC logs Discover all services listening on ports. In base system, Service Mapping does not use data from this table.
Flow Server Communication [sa_flow_server_comm] Netflow and VPC logs Discover services communicating to other services. In base system, Service Mapping does not use data from this table.
TCP Connection [cmdb_tcp] netstat and lsof commands Discover connections during top-down discovery.

In base systems, traffic-based discovery uses only TCP-related data collected with the help of the netstat and lsof commands. Discovery based on Netflow and VPC logs requires additional configuration. You can enrich your traffic-based discovery by configuring Service Mapping to perform data collection using Netflow and VPC logs. In addition, Service Mapping has access to TCP connection data collected by enhanced traffic-based horizontal discovery performed by Discovery.

By default, traffic-based discovery using commands is available in Service Mapping allowing it to use this method at all levels. You can enable traffic-based discovery at different levels listed here from the most global to the most specific:

Product level
In the base system, traffic-based discovery in Service Mapping is enabled. If necessary, you can fine-tune or disable traffic-based discovery at the product as described in Properties installed with Service Mapping under Installed with Service Mapping.
Business service level
You can enable traffic-based discovery for a specific business service. In this case, Service Mapping uses this method for all CIs making up this business service, unless traffic-based discovery is disabled for some CI types or specific CIs.
CI type level
You can create a discovery rule to include or exclude a CI type from traffic-based discovery. This rule prevails over the setting you choose for a business service.
Specific CI level
You can create a discovery rule to include or exclude a specific CI from traffic-based discovery. This rule prevails over the setting you choose for a business service.

Rules for specific CIs take precedence over rules for CI types. For example, if you do not want to use traffic-based discovery on any Tomcat servers, you can define a CI type rule disabling the traffic-based discovery on the Tomcat table. At the same time, you can create a discovery rule enabling the traffic-based discovery for a specific Tomcat server. In that case, Service Mapping uses the traffic-based discovery only for this specific Tomcat server out of all Tomcat servers.


CIs displayed on the map.

As traffic-based discovery method may clutter a business service with irrelevant CIs, Service Mapping uses an algorithm to reduce the number of erroneously mapped CI. You can further adjust traffic-based discovery to remove unwanted CIs as described in Remove CIs not belonging to business services.