No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Configuration Guide - System Monitor 01

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Collecting Statistics About IPv4 Aggregated Flows

Collecting Statistics About IPv4 Aggregated Flows

Before collecting statistics about IPv4 aggregated flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.

Usage Scenario

On the network shown in Figure 3-4, a carrier enables NetStream on the router functioning as an NDE to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Statistics about NetStream aggregated flows contain information about original flows with the same attributes, whereas statistics about NetStream original flows contain information about sampled packets. The volume of aggregated flow statistics is greater than that of original flow statistics.

Figure 3-4  Networking diagram for collecting IPv4 flow statistics

Pre-configuration Tasks

Before collecting statistics about IPv4 aggregated flows, complete the following tasks:

  • Configure static routes or enable an IGP to implement network connectivity.

  • Enable statistics collection for NetStream original flows.

Configuration Procedures

Figure 3-5  Collecting statistics about IPv4 aggregated flows

Specifying a NetStream Service Processing Mode

After t sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NE40E has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability.

Context

NetStream services can be processed in the following modes:

  • Distributed mode

    An interface board samples packets, aggregates flows, and outputs flows.

  • Integrated mode

    An interface board only samples packets and sends sampled packets to the NetStream service processing board. The NetStream service processing board aggregates and outputs flows. If the data volume collected by the router is out of the processing capability of a single NetStream service processing board, additional NetStream service processing boards can be installed to balance traffic.

The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.

  • The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.
  • If the interface board specified by one of the two commands serves as the master board working in integrated mode, the interface board manually specified serving as the backup board also works in integrated mode. For example, if the interface board in slot 1 is specified as the master board using the ip netstream sampler to slot command, the interface board in slot 2 is specified as the slave board using ipv6 netstream sampler to slot command. Interface boards in both slot 1 and slot 2 process IPv4 and IPv6 packets.

Procedure

  • Configure the distributed NetStream service processing mode.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      slot slot-id

      The view of the slot in which the interface board for NetStream sampling resides is displayed.

    3. Run:

      ip netstream sampler to slot self

      The distributed NetStream service processing mode is specified.

    4. Run:

      commit

      The configuration is committed.

  • Configure the integrated NetStream service processing mode.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      slot slot-id

      The view of the slot in which the interface board for NetStream sampling resides is displayed.

    3. Run:

      ip netstream sampler to slot slot-id1

      The integrated NetStream service processing mode is specified, and the NetStream service processing board is specified.

    4. (Optional) Run:

      ip netstream sampler to slot slot-id2 backup

      The integrated NetStream service processing mode is specified, and the backup NetStream service processing board is specified.

      If there are several NetStream service processing boards, you can specify a master service processing board and backup service processing boards. When load balancing is performed, interface boards dual homed to different NetStream service processing boards can back up each other.

    5. Run:

      commit

      The configuration is committed.

Configuring an Aggregation Mode for IPv4 Flows

Original flows with the same attributes can be combined into a single aggregated flow based on a specified aggregation mode and output to the NetStream Collector (NSC).

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vlan-id | bgp-community 
     | vni-sip-dip }

    The NetStream aggregation view is created.

    NOTE:
    If the NetStream flow aggregation function is enabled on a device, the device classifies and aggregates original flows based on specified rules and sends the aggregated flows to the NetStream Data Analyzer (NDA) for analysis. Aggregating original flows minimizes the consumption of network bandwidths, CPU resources, and memory resources. Flow attributes based on which flows are aggregated vary according to flow aggregation modes. Table 3-1 describes the mapping between aggregation modes and flow attributes.
    Table 3-1  Mapping between aggregation modes and flow attributes

    Aggregation mode

    Description

    as

    NetStream combines flows with the same source AS number, destination AS number, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.

    as-tos

    NetStream combines flows with the same source AS number, destination AS number, inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.

    bgp-nexthop-tos

    NetStream combines flows with the same destination AS number, source AS number, BGP next hop, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.

    destination-prefix

    NetStream combines flows with the same destination AS number, destination mask length, destination prefix, and outbound interface index into an aggregated flow and generates one aggregation record.

    destination-prefix-tos

    NetStream combines flows with the same destination AS number, destination mask length, destination prefix, ToS, and outbound interface index into an aggregated flow and generates one aggregation record.

    index-tos

    NetStream combines flows with the same inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.

    mpls-label

    Indicates the MPLS label aggregation, which aggregates flows with the same first layer label, second layer label, third layer label, TopLabelIpAddress, stack bottom symbol of the first layer label, and the EXP value of the first layer label.

    prefix

    NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.

    prefix-tos

    NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.

    protocol-port

    NetStream combines flows with the same protocol number, source port, and destination port into an aggregated flow and generates one aggregation record.

    protocol-port-tos

    NetStream combines flows with the same protocol number, source port, destination port, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.

    source-prefix

    NetStream combines flows with the same source AS number, source mask length, source prefix, and inbound interface index into an aggregated flow and generates one aggregation record.

    source-prefix-tos

    NetStream combines flows with the same source AS number, source mask length, source prefix, ToS, and inbound interface index into an aggregated flow and generates one aggregation record.

    source-index-tos

    NetStream combines flows with the same source interface index, ToS and BGP next hop into an aggregated flow and generates one aggregation record.

    bgp-community

    Indicates the BGP community aggregation, which aggregates flows with the same inbound and outbound interface indexes and BGP community.

    vlan-id

    NetStream combines flows with the same VLAN ID and inbound interface index into an aggregated flow and generates one aggregation record.

    vni-sip-dip NetStream combines flows with the same VNI ID and the same source and destination IP addresses of tenants into an aggregated flow and generates one aggregation record.

  3. Run:

    enable

    Statistics collection of flows aggregated in a specified aggregation mode is enabled.

  4. (Optional) Run:

    mask { source | destination } minimum mask-length

    The length of the aggregate mask is set. The effective mask is the greater one between the mask in the FIB table and the configured mask. If no aggregate mask is set, the system uses the mask in the FIB table for flow aggregation.

    NOTE:
    The aggregate mask takes effect only on flows aggregated in the following modes: destination-prefix, destination-prefix-tos, prefix, prefix-tos, source-prefix, and source-prefix-tos.

  5. Run:

    commit

    The configuration is committed.

Outputting Aggregated Flows

To ensure that aggregated flows are correctly output to the NMS, specify the aging time, output format, and source and destination addresses for aggregated flows.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip
    netstream export host  { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ]

    The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.

    If the destination IP addresses are specified in both the system and the aggregation views, the configuration in the aggregation view takes effect.

  3. Run:

    ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos  | vlan-id | bgp-community
     | vni-sip-dip }

    The IPv4 NetStream aggregation view is displayed.

  4. (Optional) Run:

    export version { 8 | 9 | ipfix  }

    The output format is specified for the aggregated flows.

    Flows aggregated in as, as-tos, destination-prefix, destination-prefix-tos, prefix, prefix-tos, protocol-port, protocol-port-tos, source-prefix, or source-prefix-tos mode are output in V8 format by default. You can specify the output format for aggregated flows as needed.

    NOTE:

    For the vlan-id, bgp-nhp-tos, vni-sip-dip, and index-tos aggregation modes, aggregated packets can be encapsulated only in the default V9 format. You can change the format to IPFIX using the export version command.

  5. (Optional) Run:

    template timeout-rate timeout-interval

    The interval at which the template for outputting aggregated flows in the V9 or IPFIX format is refreshed is set.

  6. Run:

    ip netstream export source { ip-address | ipv6 ipv6-address }

  7. Run:

    ip
    netstream export host  { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ]

    The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.

    NOTE:

    The destination IP address specified in the system view takes precedence over that specified in the NetStream aggregation view.

  8. (Optional) Set parameters for aging aggregated flows.

    • Run:

      ip
      netstream aggregation timeout { active active-interval | active interval-second active-interval-second }

      The active aging time is set for NetStream aggregated flows.

    • Run:

      ip
      netstream aggregation timeout inactive inactive-interval

      The inactive aging time is set for NetStream aggregated flows.

  9. (Optional) Exit the IPv4 aggregated configuration mode view. In the system view, run:

    ip netstream export template sequence-number fixed

    The sequence numbers of template packets and option template packets in IPFIX format are configured to remain unchanged, but data packets and option data packets in IPFIX format are still consecutively numbered.

  10. Run:

    commit

    The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC.

Context

Before you enable the NSC to properly receive and parse NetStream packets output by the NDE, specify the same AS field mode and interface index type on the NDE and NSC.
  • AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

    NOTICE:

    If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.

  • Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    ip netstream as-mode { 16 | 32 }

    The AS field mode is specified on the router.

  3. Run:

    ip
    netstream export index-switch { 16 | 32 }

    The type of the interface index carried in the NetStream packet output by the router is configured.

    An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:
    • Original flows are output in V9 or IPFIX format.
    • The NetStream packet format for all aggregated flows is V9 or IPFIX format.

Sampling IPv4 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Context

NOTE:

If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Configure sampling mode and sampling ratio, perform at least one of the following steps:

    • Configure a sampling mode and sampling ratio globally.
      1. Run:
        ip netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }

        The sampling mode and sampling ratio are configured globally.

      2. Run:
        interface interface-type interface-number

        The interface view is displayed.

    • Configure sampling mode and sampling ratio for the interface.
      1. Run:
        interface interface-type interface-number

        The interface view is displayed.

      2. Run:
        ip netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }

        The sampling mode and sampling ratio are configured for the interface.

        NOTE:
        The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view takes precedence over those configured in the system view.

  3. Run:

    ip
    netstream { inbound | outbound }

    NetStream is enabled on the interface.

    Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information.

  4. Run:

    commit

    The configuration is committed.

Checking the Configurations

In routine maintenance or after pertaining configurations of NetStream are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.

Procedure

  • Run the display ip netstream cache { as | as-tos | bgp-nexthop-tos | bgp-community | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vni-sip-dip | vlan-id | flexflowtpl record-name } slot slot-id command to check flows aggregated in different modes in the buffer.
  • Run the display ip netstream statistics slot slot-id command to view statistics about NetStream flows.
  • Run the display ip netstream statistics interface interface-type interface-number command to view the statistics about the sampled packets on an interface.
  • Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.

Example

Run the display ip netstream cache as slot slot-id command. If the destination IP address and prefix-aggregation mode are configured, you can view statistics about destination addresses, AS numbers, masks, and prefixes of IP or MPLS packets in the NetStream flow buffer.
<HUAWEI> display ip netstream cache as slot 2
 DstIf   
 SrcIf  
 DstAs      Streams    Packets    Direction     SrcAs   
 --------------------------------------------------------------------------
 GI2/0/0        
 Unknown         
 0          985988     985988     out           0
Run the display ip netstream statistics slot slot-id command to view statistics about NetStream flows.
<HUAWEI> display ip netstream statistics slot 1 
 Netstream statistic information on slot 1:

--------------------------------------------------------------------------------
 length of packets  Number                   Protocol   Number
--------------------------------------------------------------------------------
 1      ~    64   : 0                        IPV4     : 2779            
 65     ~    128  : 985                      IPV6     : 0            
 129    ~    256  : 1                        MPLS     : 0                   
 257    ~    512  : 360                      L2       : 0                   
 513    ~    1024 : 360                      Total    : 2779           
 1025   ~    1500 : 357                 
 longer than 1500 : 716                


--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
 Aggregation   Current Streams       Aged Streams
               Created Streams       Exported Packets      Exported Streams
--------------------------------------------------------------------------------
 origin        2                     92                
               94                    65                    92                
 as            0                     0                    
               0                     0                     0                   
 as-tos        0                     0                   
               0                     0                     0                   
 protport      0                     0                   
               0                     0                     0                   
 protporttos   0                     0                   
               0                     0                     0                   
 srcprefix     0                     0               
               0                     0                     0               
 srcpretos     0                     0               
               0                     0                     0               
 dstprefix     0                     0                   
               0                     0                     0                   
 dstpretos     0                     0                   
               0                     0                     0                   
 prefix        0                     0               
               0                     0                     0               
 prefix-tos    0                     0               
               0                     0                     0                
 mpls-label    0                     0                    
               0                     0                     0                    
 vlan-id       0                     0                    
               0                     0                     0                    
 bgp-nhp-tos   0                     0                   
               0                     0                     0                   
 index-tos     0                     0                   
               0                     0                     0                   
 src-index-tos 0                     0                   
               0                     0                     0                   
 bgp-community                       0                     0                                                                        
               0                     0                     0                                                                        
 vni-sip-dip                         0                     0                                                                        
               0                     0                     0                                                                        
 system: bbbb                        0                     0                                                                
               0                     0                     0                                                                
 aaaa                                0                     0                                                                        
               0                     0                     0                                                                        
 bbbb                                0                     0                                                                                                                                           
 all-aggre     2                     92                    0                                                                
               94                    65                    92                                                                
--------------------------------------------------------------------------------                     
 srcprefix = source-prefix,   srcpretos = source-prefix-tos,
 dstprefix = destination-prefix,   dstpretos = destination-prefix-tos,
 protport = protocol-port,   protporttos = protocol-port-tos,
 src-index-tos = source-index-tos,   all-aggre = all aggregation streams
 "---" means that the current board is not supported.
Run the display ip netstream statistics interface interface-type interface-number command to view the statistics about the sampled packets on an interface.
<HUAWEI> display ip netstream statistics interface GigabitEthernet1/0/0
Netstream statistic information of <GigabitEthernet1/0/0>:

 Inbound :

 IPV4 :1000 Bytes, 10 Packets

 IPV6 :1000 Bytes, 10 Packets

 MPLS :0  Bytes, 0  Packets

 Total :2000 Bytes, 20 Packets

 Outbound :

 IPV4 :1000 Bytes, 10 Packets

 IPV6 :1000 Bytes, 10 Packets

 MPLS :0  Bytes, 0  Packets

 Total :2000 Bytes, 20
 Packets

Run the display netstream { all | global | interface interface-type interface-number } command to view NetStream configurations in different views.

<HUAWEI> display netstream all
system
ip netstream export version 9 origin-as
ip netstream timeout active 50
ip netstream timeout inactive 10
ip netstream export source 10.1.1.1
ip netstream export host 4.4.4.4 10000
ip netstream aggregation as
 enable
 export version 9
 ip netstream export source 1.1.1.2
 ip netstream export host 3.3.3.3 555
 ip netstream export host 1.1.1.2 55
slot 1
interface GigabitEthernet1/0/3
 ip netstream sampler fix-packets 1000 inbound
Slot
 Slot 1:ip netstream sampler to slot 2
Download
Updated: 2018-07-12

Document ID: EDOC1100028538

Views: 28255

Downloads: 213

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next