8 NetStream Configuration
NetStream is a technology that collects and exports flow statistics. NetStream allows fine-grained management, for example, department charging, traffic monitoring and analysis.
NOTE: - 8.1 Introduction to NetStream
- 8.2 Principles
- 8.3 Applications
This section describes the usage scenarios of NetStream. - 8.4 Default Configuration
This section provides the default NetStream configuration. - 8.5 Configuring the NetStream
- 8.6 Maintaining NetStream
This chapter describes how to clear NetStream statistics. - 8.7 Configuration Examples
This chapter provides examples for configuring original, aggregation, and flexible NetStream. You can comprehend the configuration procedures using the configuration flowchart. The configuration examples explain networking requirements, configuration notes, and configuration roadmap. - 8.8 References
8.1 Introduction to NetStream
Definition
NetStream is a traffic statistics and analysis technology. It can collect and analyze service traffic on networks.
Purpose
The Internet provides users with high bandwidth and supports more services and applications. Enterprises require fine-grained management and accounting, which poses higher requirements on traffic statistics and analysis. Traditional traffic statistics technologies such as SNMP and port mirroring cannot meet these requirements because of their limitations (see Table 8-1). A new technology is required to better support network traffic statistics.
NetStream has been developed to address this problem. NetStream collects classified statistics about service traffic and resource usage, and sends the statistics to a dedicated server or a network management system (NMS) that has NetStream software installed for further analysis.
Traffic Statistics Method |
Implementation |
Limitation |
|---|---|---|
Statistics based on IP packets |
Saves counter indexes in the routing table on a device to count the number of bytes and packets that pass through the device. |
This method applies to collection of statistics about simple information instead of various information. |
Statistics based on access control lists (ACLs) |
Precisely matches flows based on ACLs and then collects statistics. |
This method requires large capacity of ACLs and cannot collect statistics about flows that match no ACL rule. |
Statistics using SNMP |
Uses SNMP to implement simple statistics functions, such as interface statistics, IP packet statistics, and the ACL matching statistics. |
The statistics function is not strong enough and collects statistics from the NMS using continuous polling, wasting CPU and network resources. |
Statistics based on port mirroring |
Duplicates traffic passing through a port and sends the duplicated traffic to a dedicated server for statistics and analysis. |
This method requires high costs because a dedicated server is required to collect statistics. In addition, this method occupies an interface. Statistics cannot be collected on an interface that does not support port mirroring. |
Statistics based on the traffic duplication at the physical layer |
Duplicates traffic using an optical splitter or other devices at the physical layer and then sends the duplicated traffic to a dedicated server for statistics. |
This method requires high costs because a dedicated server and dedicated hardware devices must be purchased. |
Benefits
Accounting
NetStream provides detailed data for accounting based on resource usage (such as usage of links, bandwidths, and time segments). The data includes the number of packets, number of bytes, IP addresses, time, types of service (ToSs), and application types. An enterprise can calculate expenses of each department and distribute operation costs based on the data to effectively use resources.
Network monitoring
NetStream monitors network traffic almost in real time. NetStream can be deployed on an interface connected to the Internet to monitor outgoing traffic almost in real time and analyze bandwidth usage of services. The traffic monitoring information helps network administrators determine the network running status and discover inappropriate network structures or performance bottlenecks on networks. Enterprises can easily plan and allocate network resources.
User monitoring and analysis
NetStream allows network administrators to obtain network resource usage of users so that they can efficiently plan and allocate network resources and ensure network running security.
8.2 Principles
8.2.1 Basic Principles of NetStream
Components of a NetStream System
As shown in Figure 8-1, three roles are involved in a NetStream system: NetStream data exporter (NDE), NetStream collector (NSC), and NetStream data analyzer (NDA).
NDE
An NDE analyzes and processes network flows, extracts flows that meet conditions for statistics, and exports the statistics to the NSC. The NDE can perform operations (such as aggregation) over the statistics before exporting them to the NSC. A device configured with NetStream functions as the NDE in a NetStream system.
NSC
An NSC is a program running on the Unix or Windows operating system. The NSC parses packets from the NDE and saves statistics to the database. The NSC can collect data exported from multiple NDEs, and filter and aggregate the data.
NDA
An NDA is a traffic analysis tool. It extracts statistics from the NSC, processes the statistics, and generates a report. This report provides a basis for services such as traffic accounting, network planning, and attack monitoring. The NDA provides a graphical user interface (GUI) for users to easily obtain, check, and analyze the collected data.
NOTE: In practice, the NSC and NDA are integrated on a NetStream server.
NetStream Working Mechanism
A NetStream system works as follows:
- An NDE periodically exports detailed data about flows to an NSC.
- The NSC processes the statistics and sends it to an NDA.
- The NDA analyzes the data for applications such as accounting and network planning.
In most cases, datacom products function as NDEs in a NetStream system. This document mainly describes NDE implementation.
As shown in Figure 8-2, an NDE is properly forwarding service traffic. The NetStream module on the NDE samples packets (see NetStream Packet Sampling), creates a flow based on the collected data (see NetStream Flows), ages out the flow (see NetStream Flow Aging), and exports the flow statistics (see NetStream Flow Statistics Exporting). In this manner, the NDE periodically exports detailed data about flows to the NSC.
8.2.2 NetStream Packet Sampling
Incoming traffic and outgoing traffic are sampled for statistics. You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces NetStream impact on device performance.
Packet-based random sampling
The NDE randomly samples a packet from a specified number of packets transmitted. For example, if the number of packets is set to 100, the NDE randomly samples a packet from every 100 packets. This mode applies to sampling regular traffic.
Packet-based regular sampling
The NDE samples a packet every time when a specified number of packets are transmitted. For example, if the number of packets is set to 100, the NDE samples a packet after every 100 packets are transmitted. If the NDE samples the fifth packet at the first time, the NDE samples the one hundred and fifth packet, the two hundred and fifth packet, and so on. This mode applies to network traffic accounting.
Time-based random sampling
The NDE randomly samples a packet in a specified interval. For example, if the interval is set to 100, the NDE randomly samples a packet in every 100 ms. This mode applies to sampling regular traffic.
Time-based regular sampling
The NDE samples a packet at a specified interval. For example, the interval is set to 100. If the NetStream module samples a packet at the fifth second at the first time, the NDE samples a packet at the one hundred and fifth second, the two hundred and fifth second, and so on. This mode applies to networks with a large volume of traffic.
8.2.3 NetStream Flows
NetStream provides packet statistics based on flows. NetStream supports statistics about IP packets (including UDP, TCP, and ICMP packets).
- For IPv4 packets, IPv4 NetStream defines a flow based on the destination IP address, source IP address, destination port number, source port number, protocol number, ToS, and inbound or outbound interface. Packets with the same 7-tuple information are marked as one flow.
8.2.4 NetStream Flow Aging
NetStream flow aging is the prerequisite for exporting flow statistics to the NSC. After NetStream is enabled on a device, flow statistics are stored in the NetStream cache on the device. When a NetStream flow is aged out, the NDE exports the flow statistics in the cache to the NSC using NetStream packets of a specified version.
NetStream flows are aged out in the following modes:
Regular aging
Active aging
Packets are added to a flow continuously in a specified period since the first packet is added to the flow. After the active aging timer expires, the flow statistics are exported. Active aging enables the NDE to periodically export the statistics about the flows that last for a long period.
Inactive aging
If no packet is added to a flow in a specified period after the last packet is added to the flow, the NDE exports flow statistics to the NetStream server. Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistical entries. Inactive aging enables the NDE to export the statistics about flows that last for a short period. Once adding packets to a flow stops, the NDE exports the flow statistics to save memory space.
FIN- or RST-based aging
The FIN or RST flag in a TCP packet indicates that a TCP connection is terminated. When receiving a packet with the FIN or RST flag, the NDE immediately ages the corresponding NetStream flow.
Byte-based aging
The number of bytes is recorded for each flow in the NetStream cache. When the number of bytes of a flow exceeds the specified upper limit, the flow overflows. Therefore, when finding that the number of bytes of a flow exceeds the specified upper limit, the NDE immediately ages the flow to prevent a byte counting error. The hardware byte counter is a 32–bit counter, and the upper limit for bytes is 4294967295 bytes (about 3.9 GB).
Forced aging
You can run commands to forcibly age all flows in the NetStream cache.
Forced aging is used when existing flows do not meet aging conditions but the latest statistics are required or when some flows fail to be aged out due to abnormal NetStream services.
8.2.5 NetStream Flow Statistics Exporting
After aging flows in the NetStream cache, the NDE exports the flow statistics to a specified NSC for further analysis.
Flow Statistics Exporting Modes
Original flow statistics exporting
In original flow statistics exporting mode, the NDE collects statistics about all flows. After the aging timer expires, the NDE exports statistics about each flow to the NetStream server.
This mode enables the NetStream server to obtain detailed statistics about each flow. However, this mode increases the network bandwidth and CPU usage. In addition, these statistics occupy much memory space of the NDE, which increases the cost.
Aggregation flow statistics exporting
The NDE aggregates flow statistics with the same aggregation entry values and exports the aggregation flow statistics to a specified NetStream server. This mode greatly saves network bandwidth. The NDE supports the aggregation modes described in Table 8-2.
For example, there are four original TCP flows. They have the same source port number, destination port number, and destination IP address, but different source IP addresses. The protocol-port mode is used. Aggregation entries in this mode include protocol number, source port number, and destination port number. The four TCP flows have the same protocol number, source port number, and destination port number, so only one aggregation flow statistical record is recorded in the aggregation flow statistics table.
Aggregation Mode |
Aggregation Entries |
|---|---|
as |
Source AS number, destination AS number, index of the inbound interface, and index of the outbound interface |
as-tos |
Source AS number, destination AS number, inbound interface index, outbound interface index, and ToS |
protocol-port |
Protocol number, source port number, and destination port number |
protocol-port-tos |
Protocol number, source port number, destination port number, ToS, inbound interface index, and outbound interface index |
source-prefix |
Source AS number, source mask length, source prefix, and inbound interface index |
source-prefix-tos |
Source AS number, source mask length, source prefix, ToS, and inbound interface index |
destination-prefix |
Destination AS number, destination mask length, destination prefix, and outbound interface index |
destination-prefix-tos |
Destination AS number, destination mask length, destination prefix, ToS, and outbound interface index |
prefix |
Source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index |
prefix-tos |
Source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index |
Flexible flow statistics exporting
Flexible flows are created based on customized configuration. Users can collect flow statistics based on the protocol type, DSCP field, source IP address, destination IP address, source port number, destination port number, or flow label as required. The NDE exports the flow statistics to the NetStream server. Compared to original flow statistics exporting, flexible flow statistics exporting occupies less traffic and provides users with a flexible way to collect NetStream statistics.
Versions of Exported Packets
- V5: The packet format is fixed. NetStream packets in this format contain the original flow statistics collected based on 7-tuple information.
- V8: The packet format is fixed. NetStream packets in this version support the aggregation exporting format.
- V9: The NetStream packet format is defined in profiles. Statistical items can be combined, and therefore statistics are exported more flexibly. V9 supports the exporting of BGP next hop information and MPLS statistics.
- V10: The NetStream packet format is defined in profiles. Statistics are exported according to traffic characteristics. Statistics are highly scalable: the statistics formats vary according to requirements.
8.3 Applications
This section describes the usage scenarios of NetStream.
On a network shown in Figure 8-3, RouterA connects to the Internet. A large number of communication packets are stored on RouterA. Network administrators want to know the bandwidths occupied by services. The NetStream function needs to be configured on RouterA to monitor real-time traffic on the interface connecting to the Internet. The traffic monitoring information helps network administrators determine the network running status and discover inappropriate network structures or performance bottlenecks on networks.
8.4 Default Configuration
This section provides the default NetStream configuration.
Parameter |
Default Setting |
|---|---|
NetStream packet sampling |
Packet-based regular sampling. The sampling ratio is 100. |
Active aging time |
30 minutes |
Inactive aging time |
30 seconds |
FIN- and RST-based aging |
Disabled |
Byte-based aging |
Enabled |
Version of exported packets carrying IPv4 unicast original flow statistics |
V5 |
Version of exported packets carrying IPv4 multicast original flow statistics |
V5 |
Version of exported packets carrying IPv4 aggregation flow statistics |
V8 |
Version of exported packets carrying IPv4 flexible flow statistics |
V9 |
Version of exported packets carrying statistics about flows that fail the RPF check |
V5 |
8.5 Configuring the NetStream
8.5.1 Configuring IPv4 Unicast Original Flow Statistics Exporting
After the IPv4 unicast original flow statistics exporting is configured, the NDE collects statistics about IPv4 unicast flows and exports the statistics about each flow to the NetStream server for further analysis.
8.5.1.1 Configuring NetStream Sampling
Context
You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces impact of NetStream on device performance.
Procedure
- Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval | random-time time-interval } { inbound | outbound } command to configure IPv4 packet sampling on the interface.
By default, the packet-based regular sampling is used. The default packet sampling ratio is 100.
8.5.1.2 Configuring NetStream Flow Aging
Context
When a NetStream flow is aged out, the device exports the flow statistics in the cache to the NSC.
NetStream flow aging modes include regular aging, FIN- and RST-based aging, byte-based aging, and forced aging. By default, the byte-based aging is enabled.
Regular aging
Active aging
Active aging requires the device to periodically export statistics about the flows that persist for a long period. This aging mode is enabled on the device by default, and you only need to set the aging time.
Inactive aging
Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging requires the device to export statistics about the flows that persist for a short period. Once adding packets to a flow stops, the device exports flow statistics to conserve memory space. This aging mode is enabled on the device by default, and you only need to set the aging time.
FIN- and RST-based aging
An FIN or RST flag in a TCP packet indicates the termination of a TCP connection. When receiving a packet with the FIN or RST flag, the device immediately ages out the corresponding NetStream flow. It is recommended that you enable this mode.
Forced aging
Forced aging is used when you require the latest statistics, but you do not satisfy with the existing aging conditions or some flows fail to age out due to an anomaly. You can forcibly age out all the flows in the cache and export the flow statistics.
8.5.1.3 Configuring NetStream Original Flow Statistics Exporting
Context
Original flow statistics can be exported only when you have specified a destination IP address and destination UDP port number for the exported packets.
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream export source ip-address command to configure the source address of the exported packets carrying original flow statistics.
- Run the ip netstream export host ip-address port-number command to configure the destination IP address and destination
UDP port number of the exported packets carrying original flow statistics.
You can configure two destination IP addresses to implement NSC backup. To configure a third destination IP address, run the undo ip netstream export host command to delete an existing one first; otherwise, the system displays a message indicating that the maximum number of IP addresses is exceeded and the configuration fails.
8.5.1.4 Configuring Versions for the Exported Packets
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream export version version [ origin-as | peer-as ] [ bgp-nexthop ] command to set the version and AS option of the exported packets carrying original flow statistics.
By default, V5 supports the exported packets carrying flow statistics without the AS option. Packets of V5 do not carry BGP next hop information.
Currently, only V9 supports the exported packets carrying BGP next hop information.
8.5.1.5 Configuring NetStream Statistics Collection
Context
IPv4 original flow statistics can be exported only when you have enabled flow statistics collection on an interface.
Procedure
- Run the system-view command to enter the system view.
- Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream { inbound | outbound } command to enable the NetStream function on the interface to collect statistics about IPv4 flows.
By default, the NetStream function for IPv4 flows is disabled on the interface.
8.5.2 Configuring IPv4 Multicast Original Flow Statistics Exporting
After the IPv4 multicast original flow statistics exporting is configured, the NDE collects statistics about IPv4 multicast flows and exports the statistics about each flow to the NetStream server for further analysis.
8.5.2.1 Configuring NetStream Sampling
Context
You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces impact of NetStream on device performance.
Procedure
- Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval | random-time time-interval } { inbound | outbound } command to configure IPv4 packet sampling on the interface.
By default, the packet-based regular sampling is used. The default packet sampling ratio is 100.
8.5.2.2 Configuring NetStream Flow Aging
Context
When configuring the original flow statistics exporting, you need to configure NetStream flow aging. When a NetStream flow is aged out, the device exports the flow statistics in the cache to the NSC using NetStream packets of a specified version.
NetStream flow aging modes include regular aging, byte-based aging, and forced aging. Byte-based aging is enabled by default, which requires no configuration.
Regular aging
Active aging
Active aging enables the device to periodically export the statistics about the flows that last for a long period. This aging mode is enabled on the device by default. You can configure the aging time as required.
Inactive aging
Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging enables the device to export the statistics about the flows that last for a short period. Once adding packets to a flow stops, the device exports flow statistics to conserve memory space. This aging mode is enabled on the device by default. You can configure the aging time as required.
Forced aging
Forced aging is used when existing flows do not meet aging conditions but the latest statistics are required or when some flows fail to be aged out due to abnormal NetStream services. You can run commands to forcibly age all the original flows in the cache and export the flow statistics.
8.5.2.3 Configuring NetStream Original Flow Statistics Exporting
Context
Original flow statistics can be exported only when you have specified a destination IP address and destination UDP port number for the exported packets.
Procedure
- Run:
system-viewThe system view is displayed.
- (Optional) Run:
ip netstream export source ip-address
The source address of the exported packets carrying IPv4 multicast flow statistics is configured.
- Run:
ip netstream export host ip-address port-number
The destination IP address and destination UDP port number of the exported packets carrying IPv4 multicast flow statistics are configured.
You can configure two destination IP addresses to implement NSC backup. To configure a third destination IP address, run the undo ip netstream export host command to delete an existing one first; otherwise, the system displays a message indicating that the maximum number of addresses is exceeded and the configuration fails.
8.5.2.4 Configuring Versions for the Exported Packets
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
ip netstream export version version [ origin-as | peer-as ] [ bgp-nexthop ]
The version and AS option of the exported packets carrying original flow statistics are configured.
By default, V5 supports the exported packets carrying flow statistics without the AS option. Packets of V5 do not carry BGP next hop information.
Currently, only V9 supports the exported packets carrying BGP next hop information.
8.5.2.5 Configuring NetStream Statistics Collection
Context
IPv4 multicast original flow statistics can be exported only when you have enabled the flow statistics collection function on an interface.
Procedure
Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream multicast { inbound | outbound } command to enable the NetStream function on the interface to collect statistics about IPv4 multicast flows.
By default, NetStream is disabled for multicast flows.
The NetStream function supports independent statistics about incoming and outgoing packets at the same time.
8.5.2.6 Checking the Configuration
Context
You can run commands to verify the configuration of IPv4 multicast original flow statistics exporting.
Procedure
- Run the display ip netstream cache command to check information about flows in NetStream cache.
- Run the display ip netstream statistic command to check the NetStream statistics.
- Run the display ip netstream { all | global } command to check the NetStream configuration for IPv4 multicast original flows.
8.5.3 Configuring IPv4 Aggregation Flow Statistics Exporting
After the IPv4 aggregation flow statistics exporting is configured, the NDE aggregates statistics about IPv4 flows with the same aggregation entries and exports flow statistics to the NetStream server for further analysis.
8.5.3.1 Configuring NetStream Sampling
Context
You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces impact of NetStream on device performance.
Procedure
- Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval | random-time time-interval } { inbound | outbound } command to configure IPv4 packet sampling on the interface.
By default, the packet-based regular sampling is used. The default packet sampling ratio is 100.
8.5.3.2 Configuring NetStream Flow Aging
Context
When a NetStream flow is aged out, the device exports the flow statistics in the cache to the NSC using NetStream packets of a specified version.
NetStream flow aging modes include regular aging, byte-based aging, and forced aging. By default, the byte-based aging is enabled.
Regular aging
Active aging
Active aging requires the device to periodically export statistics about the flows that persist for a long period. This aging mode is enabled on the device by default, and you only need to set the aging time.
Inactive aging
Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging requires the device to export statistics about the flows that persist for a short period. Once adding packets to a flow stops, the device exports flow statistics to conserve memory space. This aging mode is enabled on the device by default, and you only need to set the aging time.
Forced aging
Forced aging is used when you require the latest statistics, but you do not satisfy with the existing aging conditions or some flows fail to age out due to an anomaly. You can forcibly age out all the original flows in the cache and export the flow statistics.
8.5.3.3 Configuring NetStream Aggregation Flow Statistics Exporting
Context
You can configure an aggregation method for NetStream flows. Aggregation flow statistics can be exported only when you have specified a destination IP address and a destination UDP port number.
The device with NetStream aggregation flow statistics enabled can classify and aggregate original flows according to certain rules, and export the aged flows to the NDA. Aggregation of original flows will decrease network bandwidth, CPU usage, and memory space occupation.
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream aggregation { as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos } command to configure a NetStream aggregation method and enter the NetStream aggregation view.
- (Optional) Run the mask { destination | source } minimum mask-length command to configure an aggregation mask.
The configured aggregation mask is valid for six aggregation modes: prefix, prefix-tos, destination-prefix, destination-prefix-tos, source-prefix, and source-prefix-tos, in which:
- The parameter source is used in prefix, prefix-tos, source-prefix, and source-prefix-tos aggregation method.
- The parameter destination is used in prefix, prefix-tos, destination-prefix, and destination-prefix-tos aggregation method.
- Run the ip netstream export source ip-address command to configure the source address of the exported packets carrying flow statistics.
- Run the ip netstream export host ip-address port-number command to configure the destination IP address and destination
UDP port number for exporting flow statistics.
The destination NSC address of the statistics can be configured in either the system view or the NetStream aggregation view.
The destination NSC address configured in the aggregation view takes precedence over that configured in the system view. After the destination NSC address is configured:
- Original flow statistics are exported only to the destination NSC address configured in the system view.
Aggregation flows are exported to the destination NSC address configured in the corresponding aggregation view.
If no destination NSC address is configured in the aggregation view, aggregation flows are exported to the destination NSC address configured in the system view.
- Run the enable command to enable the NetStream aggregation function.
By default, the aggregation function is disabled.
8.5.3.4 Configuring Versions for the Exported Packets
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream aggregation { as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos } command to enter the NetStream aggregation view.
- Run the export version version command to set the version of the exported
packets.
By default, the version of the exported packets carrying aggregation flow statistics is V8.
8.5.3.5 Configuring NetStream Statistics Collection
Context
Aggregation flow statistics can be exported only when you have enabled flow statistics collection on an interface.
Procedure
- Run the system-view command to enter the system view.
- Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream { inbound | outbound } command to enable the NetStream function on the interface to collect statistics about aggregation flows.
By default, NetStream is disabled for aggregation flows.
8.5.4 Configuring IPv4 Flexible Flow Statistics Exporting
After the flexible flow statistics exporting is configured, the NDE classifies and collects statistics about packets based on the protocol type, DSCP priority, source IP address, destination IP address, source port number, and destination port number.
8.5.4.1 Configuring a Flexible Flow Statistics Template
Context
You need to configure a flexible flow statistics template before applying it to an interface. To obtain richer flow statistics, you can configure whether flexible flow statistics contain the number of packets and bytes, and the indexes of the inbound and outbound interfaces.
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream record record-name command to create flexible flow statistics template and enter the flexible flow statistics template view.
- Run the match ipv4 { protocol | tos | source-address | destination-address | source-port | destination-port } command to configure the aggregation keywords for the IPv4 flexible flow statistics template.
- Run the collect
counter { bytes | packets } command to configure the flexible flow statistics
exported to the NSC to contain the number of packets and bytes.
By default, the flexible flow statistics that are exported to the NSC do not contain the number of packets or bytes.
- (Optional) Run the collect interface { input | output } command to configure the flexible
flow statistics exported to the NSC to contain indexes of the inbound
and outbound interfaces.
By default, the flexible flow statistics exported to the NSC do not contain the index of the inbound or outbound interface.
8.5.4.2 Configuring NetStream Sampling
Context
You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces impact of NetStream on device performance.
Procedure
- Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval | random-time time-interval } { inbound | outbound } command to configure IPv4 packet sampling on the interface.
By default, the packet-based regular sampling is used. The default packet sampling ratio is 100.
8.5.4.3 Configuring NetStream Flow Aging
Context
When a NetStream flow is aged out, the device exports the flow statistics in the cache to the NSC using NetStream packets of a specified version.
NetStream flow aging modes include regular aging, byte-based aging, and forced aging. By default, the byte-based aging is enabled.
Regular aging
Active aging
Active aging requires the device to periodically export statistics about the flows that persist for a long period. This aging mode is enabled on the device by default, and you only need to set the aging time.
Inactive aging
Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging requires the device to export statistics about the flows that persist for a short period. Once adding packets to a flow stops, the device exports flow statistics to conserve memory space. This aging mode is enabled on the device by default, and you only need to set the aging time.
Forced aging
Forced aging is used when you require the latest statistics, but you do not satisfy with the existing aging conditions or some flows fail to age out due to an anomaly. You can forcibly age out all the original flows in the cache and export the flow statistics.
8.5.4.4 Configuring NetStream Flexible Flow Statistics Exporting
Context
Flexible flow statistics can be exported only when you have specified a destination NSC address for the exported packets.
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream export source ip-address command to configure the source address of the exported packets carrying flow statistics.
- Run the ip netstream export host ip-address port-number command to configure the NSC's destination IP address and destination
UDP port number of the exported packets carrying flow statistics.
You can configure two destination IP addresses to implement NSC backup.
8.5.4.5 Configuring Versions for the Exported Packets
Procedure
- Run the system-view command to enter the system view.
- Run the ip netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ] command to set the version and AS option of the exported packets carrying IPv4 flexible flow statistics.
By default, V9 supports the exported packets carrying IPv4 flexible flow statistics without the AS option and cannot be changed. Packets of V9 do not carry BGP next hop information.
8.5.4.6 Configuring NetStream Statistics Collection
Context
When configuring flexible NetStream, you need to enable flow statistics collection on an interface and apply a flexible flow statistics template on the interface to ensure successful statistics exporting.
Procedure
- Run the system-view command to enter the system view.
- Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the port ip netstream record record-name command to apply the flexible flow statistics template to the interface.
Each interface can be configured with only one flexible flow statistics template. Before modifying the flexible flow statistics template in the same interface view, run the undo port ip netstream record command to delete the existing configuration.
If the flexible flow statistics template has been applied to the interface, the template configuration cannot be modified or deleted.
Run the ip netstream { inbound | outbound } command to enable the NetStream function on the interface to collect flow statistics.
By default, flow statistics collection function is disabled on an interface.
8.5.4.7 Checking the Configuration
Procedure
- Run the display ip netstream cache command to check information about flows in NetStream cache.
- Run the display ip netstream record { all | name record-name } command to display the configuration of a flexible flow statistics template.
- Run the display ip netstream statistic command to check the NetStream statistics.
- Run the display ip netstream { all | global } command to check the NetStream configuration for IPv4 flexible flows.
8.5.5 Configuring Exporting of Statistics about Flows That Fail the RPF Check
After the exporting is configured for statistics about flows that fail the RPF check, the NDE collects statistics about flows that fail the RPF check and exports the statistics about each flow to the NetStream server for further analysis.
8.5.5.1 Configuring NetStream Sampling
Context
You can set an interval for sampling packets so that only statistics about sampled packets are collected. The statistics show the flow status on the entire network. The sampling function reduces impact of NetStream on device performance.
Procedure
- Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream sampler { fix-packets packet-interval | fix-time time-interval | random-packets packet-interval | random-time time-interval } { inbound | outbound } command to configure IPv4 packet sampling on the interface.
By default, the packet-based regular sampling is used. The default packet sampling ratio is 100.
8.5.5.2 Configuring NetStream Flow Aging
Context
When configuring RPF NetStream, you need to configure NetStream flow aging. When a NetStream flow is aged out, the device exports the flow statistics in the cache to the NSC using NetStream packets of a specified version.
NetStream flow aging modes include regular aging, byte-based aging, and forced aging. Byte-based aging is enabled by default, which requires no configuration.
Regular aging
Active aging
Active aging enables the device to periodically export the statistics about the flows that last for a long period. This aging mode is enabled on the device by default. You can configure the aging time as required.
Inactive aging
Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging enables the device to export the statistics about the flows that last for a short period. Once adding packets to a flow stops, the device exports flow statistics to conserve memory space. This aging mode is enabled on the device by default. You can configure the aging time as required.
Forced aging
Forced aging is used when existing flows do not meet aging conditions but the latest statistics are required or when some flows fail to be aged out due to abnormal NetStream services. You can run commands to forcibly age all the original flows in the cache and export the flow statistics.
8.5.5.3 Configuring NetStream RPF Check Failure Flow Statistics Exporting
Context
Statistics about flows that fail the RPF check can be exported only when you have specified a destination IP address and a destination UDP port number.
Procedure
- Run:
system-viewThe system view is displayed.
- (Optional) Run:
ip netstream export source ip-address
The source address of the exported packets carrying flow statistics is configured.
- Run:
ip netstream export host ip-address port-number
The destination IP address and destination UDP port number are configured for the flow statistics packets exported to the NSC.
You can configure two destination IP addresses to implement NSC backup.
8.5.5.4 Configuring Versions for the Exported Packets
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
ip netstream export version version [ origin-as | peer-as ] [ bgp-nexthop ]
The version of the exported packets is set.
By default, V5 supports the exported packets carrying flow statistics without the AS option. Packets of V5 do not carry BGP next hop information.
Currently, only V9 supports the exported packets carrying BGP next hop information.
8.5.5.5 Configuring NetStream Statistics Collection
Context
Statistics about flows that fail the RPF check can be exported only when you have enabled the flow statistics collection function on an interface.
Procedure
Run the system-view command to enter the system view.
Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view.
Run the ip netstream rpf-failure inbound command to enable RPF NetStream.
By default, NetStream is disabled from collecting statistics about flows that fail the RPF check. Only statistics about incoming packets are collected.
NOTICE: 8.7 Configuration Examples
This chapter provides examples for configuring original, aggregation, and flexible NetStream. You can comprehend the configuration procedures using the configuration flowchart. The configuration examples explain networking requirements, configuration notes, and configuration roadmap.
8.7.1 Example for Configuring IPv4 Original Flow Statistics Exporting
Networking Requirements
As shown in Figure 8-4, Department 1 and Department 2 connects to the Internet through the router. User wants to monitor communication between departments and the Internet, and perform accounting based on the department.
Configuration Roadmap
You can configure IPv4 original flow statistics exporting on GE1/0/0 of the router, collect statistics about incoming traffic on the interface, and send the statistics to the NetStream server for further analysis. In this way, you can monitor communication between departments and the Internet, and perform accounting based on the department.
The configuration roadmap is as follows:
- Configure IP addresses for interfaces on the router.
- Configure NetStream sampling.
- Configure NetStream flow aging.
- Configure NetStream original flow statistics exporting.
- Configure the version for the exported packets.
- Enable flow statistics collection on the interface.
Procedure
- Configure IP addresses for interfaces on the router according to Figure 8-4.
# Configure IP addresses for interfaces on the router.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 1.1.1.1 24 [Router-GigabitEthernet1/0/0] quit [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] ip address 1.1.2.1 24 [Router-GigabitEthernet2/0/0] quit [Router] interface gigabitethernet 3/0/0 [Router-GigabitEthernet3/0/0] ip address 1.1.3.1 24 [Router-GigabitEthernet3/0/0] quit [Router] interface gigabitethernet 4/0/0 [Router-GigabitEthernet4/0/0] ip address 1.1.4.1 24 [Router-GigabitEthernet4/0/0] quit
- Configure NetStream sampling.
# Configure NetStream sampling on GE1/0/0, and set the sampling mode to packet-based regular sampling and the sampling interval to 1200.
[Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip netstream sampler fix-packets 1200 inbound [Router-GigabitEthernet1/0/0] ip netstream sampler fix-packets 1200 outbound [Router-GigabitEthernet1/0/0] quit
- Configure NetStream flow aging.
# Set the active aging time to 20 minutes and the inactive aging time to 100 seconds, and enable FIN- and RST-based aging.
[Router] ip netstream timeout active 20 [Router] ip netstream timeout inactive 100 [Router] ip netstream tcp-flag enable
- Configure NetStream original flow statistics exporting.
# Set the source IP address of the exported packets carrying original flow statistics to 1.1.2.1, destination IP address to 1.1.2.2, and destination port number to 6000.
[Router] ip netstream export source 1.1.2.1 [Router] ip netstream export host 1.1.2.2 6000
- Configure the version for the exported packets.
# Set the version of the exported packets to V9.
[Router] ip netstream export version 9 - Enable flow statistics collection on the interface.
# Enable flow statistics collection on GE1/0/0.
[Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip netstream inbound [Router-GigabitEthernet1/0/0] ip netstream outbound [Router-GigabitEthernet1/0/0] quit
- Verify the configuration.
# Run the display ip netstream statistic command to check the configurations.
[Router] display ip netstream statistic Origin ingress entries : 2 Origin ingress packets : 12 Origin ingress octets : 928 Origin egress entries : 2 Origin egress packets : 17 Origin egress octets : 1037 Origin total entries : 4 Agility ingress entries : 0 Agility ingress packets : 0 Agility ingress octets : 0 Agility egress entries : 0 Agility egress packets : 0 Agility egress octets : 0 Agility total entries : 0 Handle origin entries : 0 Handle agility entries : 0 Handle As aggre entries : 0 Handle ProtPort aggre entries : 0 Handle SrcPrefix aggre entries : 0 Handle DstPrefix aggre entries : 0 Handle Prefix aggre entries : 0 Handle AsTos aggre entries : 0 Handle ProtPortTos aggre entries : 0 Handle SrcPreTos aggre entries : 0 Handle DstPreTos aggre entries : 0 Handle PreTos aggre entries : 0
Configuration Files
Configuration file of the router
#
sysname Router
#
ip netstream timeout active 20
ip netstream timeout inactive 100
ip netstream tcp-flag enable
ip netstream export source 1.1.2.1
ip netstream export host 1.1.2.2 6000
ip netstream export version 9
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
ip netstream sampler fix-packets 1200 inbound
ip netstream sampler fix-packets 1200 outbound
ip netstream inbound
ip netstream outbound
#
interface GigabitEthernet2/0/0
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet3/0/0
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 1.1.4.1 255.255.255.0
#
return
8.7.2 Example for Configuring IPv4 Aggregation Flow Statistics Exporting
Networking Requirements
As shown in Figure 8-5, Department 1 and Department 2 connect to the Internet through the router. The network administrator needs to obtain key information from the communication packets between the two departments and the Internet to know communication status and traffic information.
Configuration Roadmap
You can configure aggregation flow statistics exporting on GE1/0/0 of the router so that the router collects statistics about incoming traffic on GE1/0/0 and exports the flow statistics to the NetStream server for further analysis. Then you can know communication status and traffic information.
The configuration roadmap is as follows:
- Configure IP addresses for the interfaces on the router.
- Configure NetStream aggregation flow statistics exporting.
- Configure the version for exported packets.
- Enable flow statistics collection on the interface.
Procedure
- Configure IP addresses for the interfaces on the router according to Figure 8-5.
# Configure IP addresses for the interfaces on Router.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 1.1.1.1 24 [Router-GigabitEthernet1/0/0] quit [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] ip address 1.1.2.1 24 [Router-GigabitEthernet2/0/0] quit [Router] interface gigabitethernet 3/0/0 [Router-GigabitEthernet3/0/0] ip address 1.1.3.1 24 [Router-GigabitEthernet3/0/0] quit [Router] interface gigabitethernet 4/0/0 [Router-GigabitEthernet4/0/0] ip address 1.1.4.1 24 [Router-GigabitEthernet4/0/0] quit
- Configure NetStream aggregation flow statistics exporting.
# Configure the protocol-port aggregation, and set the source IP address of the exported packets to 1.1.2.1, destination IP address to 1.1.2.2, and destination port number to 6000.
<Router> system-view [Router] ip netstream aggregation protocol-port [Router-aggregation-protport]ip netstream export source 1.1.2.1 [Router-aggregation-protport]ip netstream export host 1.1.2.2 6000 [Router-aggregation-protport]enable
- Configure the version for exported packets.
# Set the version of the exported packets carrying aggregation flow statistics to V9.
[Router-aggregation-protport] export version 9 [Router-aggregation-protport] quit
- Enable flow statistics collection on the interface.
# Enable flow statistics collection on GE1/0/0.
[Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip netstream inbound [Router-GigabitEthernet1/0/0] ip netstream outbound [Router-GigabitEthernet1/0/0] quit
- Verify the configuration.
# Run the display ip netstream statistic command to check the configurations.
[Router] display ip netstream statistic Origin ingress entries : 4 Origin ingress packets : 4 Origin ingress octets : 184 Origin egress entries : 4 Origin egress packets : 4 Origin egress octets : 304 Origin total entries : 8 Agility ingress entries : 0 Agility ingress packets : 0 Agility ingress octets : 0 Agility egress entries : 0 Agility egress packets : 0 Agility egress octets : 0 Agility total entries : 0 Handle origin entries : 8 Handle agility entries : 0 Handle As aggre entries : 0 Handle ProtPort aggre entries : 8 Handle SrcPrefix aggre entries : 0 Handle DstPrefix aggre entries : 0 Handle Prefix aggre entries : 0 Handle AsTos aggre entries : 0 Handle ProtPortTos aggre entries : 0 Handle SrcPreTos aggre entries : 0 Handle DstPreTos aggre entries : 0 Handle PreTos aggre entries : 0
Configuration Files
Configuration file of the router
#
sysname Router
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
ip netstream inbound
ip netstream outbound
#
interface GigabitEthernet2/0/0
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet3/0/0
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 1.1.4.1 255.255.255.0
#
ip netstream aggregation protocol-port
enable
export version 9
ip netstream export source 1.1.2.1
ip netstream export host 1.1.2.2 6000
#
return
8.7.3 Example for Configuring IPv4 Flexible Flow Statistics Exporting
Networking Requirements
As shown in Figure 8-6, Department 1 and Department 2 connect to the Internet through the router. The network administrator needs to monitor communication between the two departments and the Internet and know the top websites visited by the two departments.
Configuration Roadmap
You can configure flexible IPv4 flow statistics on GE1/0/0 of Router so that the Router collects statistics about incoming traffic on the interface, and sends the statistics to the NetStream server for further analysis. Then you can know the top websites visited by the two departments.
The configuration roadmap is as follows:
- Configure IP addresses for the interfaces on the router.
- Configure a flexible flow statistics template.
- Configure NetStream flexible flow statistics exporting.
- Enable flexible flow statistics collection on the interface.
Procedure
- Configure IP addresses for the interfaces on the router according to Figure 8-6.
# Configure IP addresses for the interfaces on the router.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 1.1.1.1 24 [Router-GigabitEthernet1/0/0] quit [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] ip address 1.1.2.1 24 [Router-GigabitEthernet2/0/0] quit [Router] interface gigabitethernet 3/0/0 [Router-GigabitEthernet3/0/0] ip address 1.1.3.1 24 [Router-GigabitEthernet3/0/0] quit [Router] interface gigabitethernet 4/0/0 [Router-GigabitEthernet4/0/0] ip address 1.1.4.1 24 [Router-GigabitEthernet4/0/0] quit
- Configure a flexible flow statistics template.
# Create a flexible flow statistics template test, configure aggregation based on the destination IP address and destination port number, configure the number of bytes and packets in the exported packets, and configure the indexes of the inbound and outbound interfaces.
[Router] ip netstream record test [Router-record-test]match ipv4 destination-address [Router-record-test]match ipv4 destination-port [Router-record-test]collect interface input [Router-record-test]collect interface output [Router-record-test]collect counter bytes [Router-record-test]collect counter packets [Router-record-test]quit
- Configure NetStream flexible flow statistics exporting.
# Set the source IP address of the exported packets carrying flexible flow statistics to 1.1.2.1, destination IP address to 1.1.2.2, and destination port number to 6000.
[Router] ip netstream export source 1.1.2.1 [Router] ip netstream export host 1.1.2.2 6000
- Enable flexible flow statistics collection on the interface.
# Enable flexible flow statistics exporting on GE1/0/0, and apply the flexible flow statistics template test to GE1/0/0.
[Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] port ip netstream record test Info: Interface got a record config succeed. [Router-GigabitEthernet1/0/0] ip netstream inbound [Router-GigabitEthernet1/0/0] ip netstream outbound [Router-GigabitEthernet1/0/0] quit
- Verify the configuration.
# Run the display ip netstream statistic command to check the configurations.
[Router] display ip netstream statistic Origin ingress entries : 0 Origin ingress packets : 0 Origin ingress octets : 0 Origin egress entries : 0 Origin egress packets : 0 Origin egress octets : 0 Origin total entries : 0 Agility ingress entries : 2 Agility ingress packets : 2 Agility ingress octets : 430 Agility egress entries : 2 Agility egress packets : 2 Agility egress octets : 161 Agility total entries : 4 Handle origin entries : 0 Handle agility entries : 2 Handle As aggre entries : 0 Handle ProtPort aggre entries : 0 Handle SrcPrefix aggre entries : 0 Handle DstPrefix aggre entries : 0 Handle Prefix aggre entries : 0 Handle AsTos aggre entries : 0 Handle ProtPortTos aggre entries : 0 Handle SrcPreTos aggre entries : 0 Handle DstPreTos aggre entries : 0 Handle PreTos aggre entries : 0
Configuration Files
Configuration file of the router
#
sysname Router
#
ip netstream export source 1.1.2.1
ip netstream export host 1.1.2.2 6000
ip netstream export version 9
ip netstream record test
#
ip netstream record test
match ipv4 destination-address
match ipv4 destination-port
collect counter packets
collect counter bytes
collect interface input
collect interface output
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
port ip netstream record test
ip netstream inbound
ip netstream outbound
#
interface GigabitEthernet2/0/0
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet3/0/0
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 1.1.4.1 255.255.255.0
#
return