No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - Network Management and Monitoring

This document provides the configurations of network management and monitoring features supported by the product, including SNMP, RMON and RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, Traffic Distribution, NetStream, sFlow, and TWAMP Light.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Traffic Distribution Based on Eth-Trunk

Example for Configuring Traffic Distribution Based on Eth-Trunk

Networking Requirements

In the example shown in Figure 10-5, SwitchA, which is a traffic distribution device, is connected to a third-party network probe through XGE2/0/1, and the network probe forwards a copy of traffic to SwitchA through XGE2/0/1.

In this example, the customer requires that packets from the traffic distribution device be distributed to four packet analysis servers for processing, only UDP packets with destination port 10000 be analyzed, and a bidirectional flow pair between two communicating parties be distributed to the same server. Only a single fiber is deployed between SwitchA and each packet analysis server, and the packet analysis servers receive data but do not send data, ensuring data confidentiality on the servers.

Figure 10-5  Traffic distribution based on the Eth-Trunk

Configuration Roadmap

The configuration roadmap is as follows:
  1. Create an Eth-Trunk and configure Eth-Trunk-based flow pair distribution to the same server, so that packets to be analyzed are distributed to four servers for processing.

  2. Configure a traffic policy and apply the traffic policy to the inbound interface connected to the upstream traffic distribution device, so that packets to be analyzed are classified and redirected to the Eth-Trunk.

  3. Configure unidirectional single-fiber communication to ensure data security on the packet analysis servers.

Procedure

  1. Create an Eth-Trunk, add member interfaces to the Eth-Trunk, and configure Eth-Trunk-based flow pair distribution to the same server.

    # Create Eth-Trunk1, and add GE 1/0/1, GE 1/0/2, GE 1/0/3, as well as GE 1/0/4 to Eth-Trunk1.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] interface eth-trunk 1
    [SwitchA-Eth-Trunk1] trunkport gigabitethernet 1/0/1 to 1/0/4
    

    # Configure Eth-Trunk-based flow pair distribution to the same server.

    [SwitchA-Eth-Trunk1] load-balance diffluence
    [SwitchA-Eth-Trunk1] quit

  2. Configure a traffic policy to redirect the UDP packets with the destination port 10000 to Eth-Trunk1.

    # Create ACL 3000 to match the UDP packets with the destination port 10000.

    [SwitchA] acl 3000
    [SwitchA-acl-adv-3000] rule 5 permit udp destination-port eq 10000
    [SwitchA-acl-adv-3000] quit

    # Define the traffic classifier test and configure ACL 3000.

    [SwitchA] traffic classifier test
    [SwitchA-classifier-test] if-match acl 3000
    [SwitchA-classifier-test] quit

    # Define the traffic behavior test and set the traffic action to redirection.

    [SwitchA] traffic behavior test
    [SwitchA-behavior-test] redirect interface eth-trunk 1
    [SwitchA-behavior-test] quit

    # Define the traffic policy test and bind the traffic policy to the traffic classifier and the traffic behavior.

    [SwitchA] traffic policy test
    [SwitchA-trafficpolicy-test] classifier test behavior test
    [SwitchA-trafficpolicy-test] quit

    # Apply the traffic policy to the inbound interface.

    [SwitchA] interface xgigabitethernet 2/0/1
    [SwitchA-XGigabitEthernet2/0/1] traffic-policy test inbound
    [SwitchA-XGigabitEthernet2/0/1] quit

  3. Configure unidirectional single-fiber communication.

    # Configure unidirectional single-fiber communication on GE interfaces connected to packet analysis servers.

    [SwitchA] interface gigabitethernet 1/0/1
    [SwitchA-GigabitEthernet1/0/1] undo negotiation auto
    [SwitchA-GigabitEthernet1/0/1] single-fiber enable
    [SwitchA-GigabitEthernet1/0/1] quit
    [SwitchA] interface gigabitethernet 1/0/2
    [SwitchA-GigabitEthernet1/0/2] undo negotiation auto
    [SwitchA-GigabitEthernet1/0/2] single-fiber enable
    [SwitchA-GigabitEthernet1/0/2] quit
    [SwitchA] interface gigabitethernet 1/0/3
    [SwitchA-GigabitEthernet1/0/3] undo negotiation auto
    [SwitchA-GigabitEthernet1/0/3] single-fiber enable
    [SwitchA-GigabitEthernet1/0/3] quit
    [SwitchA] interface gigabitethernet 1/0/4
    [SwitchA-GigabitEthernet1/0/4] undo negotiation auto
    [SwitchA-GigabitEthernet1/0/4] single-fiber enable
    [SwitchA-GigabitEthernet1/0/4] quit
    

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
acl number 3000
 rule 5 permit udp destination-port eq 10000
#
traffic classifier test operator or precedence 5
 if-match acl 3000
#
traffic behavior test
 permit
 redirect interface Eth-Trunk1
#
traffic policy test match-order config
 classifier test behavior test
#
interface Eth-Trunk1 
 mac-address learning disable
 load-balance diffluence
# 
interface GigabitEthernet1/0/1 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/2 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/3 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/4 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface XGigabitEthernet2/0/1 
 mac-address learning disable
 traffic-policy test inbound 
#
return 
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178113

Views: 138151

Downloads: 53

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next