No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Principles

Principles

NetStream System Components

As shown in Figure 14-50, three roles are involved in a NetStream system: NetStream data exporter (NDE), NetStream collector (NSC), and NetStream data analyzer (NDA).

Figure 14-50 Networking diagram of a NetStream system
  • NDE

    An NDE analyzes and processes network flows, extracts flows that meet conditions for statistics, and exports the statistics to the NSC. The NDE can perform operations (such as aggregation) over the statistics before exporting them to the NSC. A device configured with NetStream functions as the NDE in a NetStream system.

  • NSC

    An NSC is a program running on the Unix or Windows operating system. The NSC parses packets from the NDE and saves statistics to the database. The NSC can collect data exported from multiple NDEs, and filter and aggregate the data.

  • NDA

    An NDA is a traffic analysis tool. It extracts statistics from the NSC, processes the statistics, and generates a report. This report provides a basis for services such as traffic accounting, network planning, and attack monitoring. The NDA provides a graphical user interface (GUI) for users to easily obtain, check, and analyze the collected data.

NOTE:

In real networking, the NSC and NDA are integrated on one NetStream server.

NetStream working process

As shown in Figure 14-50, the NetStream system works as follows:

  1. The device with NetStream configured (that is, NDE) periodically sends collected traffic statistics to the NSC.
  2. The NSC processes the the traffic statistics, and sends them to NDA.
  3. The NDA analyzes the traffic statistics and stores them as the basis of accounting and network planning.
The device functioning as an NDE implements the following functions:
  1. The NDE samples service traffic in certain sampling mode and creates NetStream flows. For details, see NetStream Flow Creation.
  2. The NetStream flows age out when meeting certain conditions. For details about flow aging, see NetStream Flow Aging.
  3. When NetStream flows age out, the device outputs the aging flows. For details about flow exporting, see NetStream Flow Exporting.

NetStream Flow Creation

The NetStream module on a device samples service traffic in certain modes, and then creates NetStream flows for the sampled traffic.

NetStream Sampling

By cooperating with the sampler, NetStream samples service traffic based on a certain sampling ratio.

NOTE:

NetStream only analyzes flow information of sampled packets. This reduces number of sampled packets and impact on device performance. In addition, the statistics can accurately reflect traffic conditions on the network.

The device supports packet-based random sampling. That is, packets are randomly sampled within the specified packet interval. For example, if the interval is 100 packets, one packet is sampled from every 100 packets.

NetStream Flows

NetStream is a technology that collects packet statistics based on flows. After sampling packets, the NetStream module analyzes the sampled packets and creates flows based on key information in packets. The key information is as follows:

  • For Layer 2 information, the packets with five identical attributes are considered as a flow. The five attributes refer to destination MAC address, source MAC address, VLAN ID, Ethernet type, inbound interface, and outbound interface.
  • For IPv4 packets, the packets with seven identical attributes are considered as a flow. The seven attributes refer to destination IP address, source IP address, destination port number, source port number, protocol, ToS, and the index of the inbound or outbound interface of IPv4 packets.
  • For IPv6 packets, the packets with eight identical attributes are considered as a flow. The eight attributes refer to destination IPv6 address, source IPv6 address, destination port number, source port number, protocol, ToS, flow label, and the index of the inbound or outbound interface of IPv4 packets.
  • For MPLS packets, NetStream collects the MPLS label information or IP information in MPLS packets. When collecting IP statistics, NetStream determines a flow according to MPLS label stack and IP attributes.

NetStream Flow Aging

The device outputs flows to NSC only after the flows age out. After the NetStream function is enabled, NetStream flows are stored in the buffer. When the flows in buffer meet the aging condition, the device outputs the aging flows in the buffer to the NSC.

NetStream flows are aged out in the following modes:

  • Aging based on customized conditions

    • Active aging

      After the first packet of a flow is sampled, a flow can always be sampled within specified period. When the aging time of a flow exceeds the specified period, statistics about this flow are output. Active aging enables the device to periodically output the statistics about the flows that last for a long period.

    • Inactive aging

      If the device does not sample a flow until the last packet is sent, that is, the number of packets does not increase within the specified period, the device outputs statistics about this flow to the NetStream server. Inactive aging clears unnecessary entries in the NetStream cache so that the system can fully leverage statistics entries. Inactive aging requires the device to output statistics about the flows that persist for a short period. Once adding packets to a flow stops, the device outputs flow statistics to conserve memory space.

    • FIN or RST-based aging: A flow is aged when the FIN or RST bit is detected in the packets of the flow.

      The FIN or RST flag in a TCP packet indicates that the TCP connection is terminated.

  • Oversized aging

    • NetStream flow table oversized aging

      The device limits the size of the NetStream flow table. When the number of entries in the NetStream flow table exceeds the limit, the system automatically ages the excess flows to ensure accurate statistics.

    • Byte oversized aging

      The NetStream flows in the buffer record the number of passing bytes. When the number of bytes exceeds a limit (4294967295 bytes, about 3.9 GB), recording new statistics will cause buffer overflow and statistics will be inaccurate. Therefore, when detecting that the number of bytes in a flow exceeds the limit, the system immediately ages the flow.

  • Forcible aging

    You can run the related commands to age out all flows in the NetStream buffer. The forcible aging is used when the aging conditions are not met but new flows need to be added to the buffer or when the NetStream service becomes abnormal, causing flows in the buffer not to be aged.

NetStream Flow Exporting

After aging flows in the NetStream cache, the NDE exports the flow statistics to a specified NSC for further analysis.

Flow Statistics Exporting Modes

Original flow statistics exporting

When the flow aging time expires, statistics about every flow are output to the NSC. In flexible flow statistics exporting, the NSC can obtain details about each flow.

Aggregation flow statistics exporting

In aggregation flow statistics exporting, the device summarizes the original flows with the same aggregation keywords, and obtains statistics on the aggregation flow. The aggregation flow statistics obviously reduce bandwidth occupation. The supported aggregation modes are described in Table 14-23.

For example, there are four original TCP flows. They have the same source port number, destination port number, and destination IP address, but different source IP addresses. The protocol-port mode is used. Aggregation entries in this mode include protocol number, source port number, and destination port number. The four TCP flows have the same protocol number, source port number, and destination port number, so only one aggregation flow statistical record is recorded in the aggregation flow statistics table.

Table 14-23 Aggregation modes

Aggregation Mode

Aggregation Entries

as

Source AS number, destination AS number, index of the inbound interface, and index of the outbound interface

as-tos

Source AS number, destination AS number, inbound interface index, outbound interface index, and ToS

protocol-port

Protocol number, source port number, and destination port number

protocol-port-tos

Protocol number, source port number, destination port number, ToS, inbound interface index, and outbound interface index

source-prefix

Source AS number, source mask length, source prefix, and inbound interface index

source-prefix-tos

Source AS number, source mask length, source prefix, ToS, and inbound interface index

destination-prefix

Destination AS number, destination mask length, destination prefix, and outbound interface index

destination-prefix-tos

Destination AS number, destination mask length, destination prefix, ToS, and outbound interface index

prefix

Source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index

prefix-tos

Source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index

bgp-nexthop-tos

BGP next hop, source AS number, destination AS number, inbound interface index, and outbound interface index

index-tos

Inbound interface index, outbound interface index, and ToS

source-index-tos

Inbound interface index, ToS, and BGP next hop

vlan-id

VLAN ID, inbound interface index

Flexible flow statistics exporting

Flexible flows are created based on customized configuration. Users can collect flow statistics based on the protocol type, ToS field, source IP address, destination IP address, source port number, destination port number, or flow label as required. The NDE exports the flow statistics to the NSC. Compared to original flow statistics exporting, flexible flow statistics exporting occupies less traffic and provides users with a flexible way to collect NetStream statistics.

Layer 2 NetStream flow statistics exporting

The device only collects statistics on Layer 2 attributes in packets, and sends statistics to the NSC for analysis.

Versions of Exported Packets
At present, the versions of NetStream exported packets are V5, V8, and V9. NetStream exported packets of all the versions are transmitted using UDP.
  • V5: The packet format is fixed. NetStream packets in this format contain the original flow statistics collected based on 7-tuple information.
  • V8: The packet format is fixed. NetStream packets in this format support the aggregation exporting format.
  • V9: The NetStream packet format is defined in profiles. Statistical items can be combined, and therefore statistics are exported more flexibly.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59088

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next