Collecting Statistics About IPv4 Aggregated Flows
Before collecting statistics about IPv4 aggregated flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.
Usage Scenario
On the network shown in Figure 3-4, a carrier enables NetStream on the router functioning as an NDE to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.
Statistics about NetStream aggregated flows contain information about original flows with the same attributes, whereas statistics about NetStream original flows contain information about sampled packets. The volume of aggregated flow statistics is greater than that of original flow statistics.
Pre-configuration Tasks
Before collecting statistics about IPv4 aggregated flows, complete the following tasks:
Configure static routes or enable an IGP to implement network connectivity.
Enable statistics collection for NetStream original flows.
Configuration Procedures
- Specifying a NetStream Service Processing Mode
After t sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NE20E has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability. - Configuring an Aggregation Mode for IPv4 Flows
Original flows with the same attributes can be combined into a single aggregated flow based on a specified aggregation mode and output to the NetStream Collector (NSC). - Outputting Aggregated Flows
To ensure that aggregated flows are correctly output to the NMS, specify the aging time, output format, and source and destination addresses for aggregated flows. - (Optional) Adjusting the AS Field Mode and Interface Index Type
Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC. - Sampling IPv4 Flows
You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface. - Verifying the Configuration of Statistics Collection of IPv4
Aggregated Flows
In routine maintenance or after pertaining configurations of NetStream are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.
Specifying a NetStream Service Processing Mode
After t sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NE20E has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability.
Context
NetStream services can be processed in the following modes:
Distributed mode
An interface board samples packets, aggregates flows, and outputs flows.
The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.
- The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.
Configuring an Aggregation Mode for IPv4 Flows
Original flows with the same attributes can be combined into a single aggregated flow based on a specified aggregation mode and output to the NetStream Collector (NSC).
Procedure
- Run system-view
The system view is displayed.
- Run ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vlan-id | bgp-community
| vni-sip-dip }
The NetStream aggregation view is created.
NOTE:
If the NetStream flow aggregation function is enabled on a device, the device classifies and aggregates original flows based on specified rules and sends the aggregated flows to the NetStream Data Analyzer (NDA) for analysis. Aggregating original flows minimizes the consumption of network bandwidths, CPU resources, and memory resources. Flow attributes based on which flows are aggregated vary according to flow aggregation modes. Table 3-1 describes the mapping between aggregation modes and flow attributes.Table 3-1 Mapping between aggregation modes and flow attributesAggregation mode
Description
as
NetStream combines flows with the same source AS number, destination AS number, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
as-tos
NetStream combines flows with the same source AS number, destination AS number, inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.
bgp-nexthop-tos
NetStream combines flows with the same destination AS number, source AS number, BGP next hop, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix
NetStream combines flows with the same destination AS number, destination mask length, destination prefix, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix-tos
NetStream combines flows with the same destination AS number, destination mask length, destination prefix, ToS, and outbound interface index into an aggregated flow and generates one aggregation record.
index-tos
NetStream combines flows with the same inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.
mpls-label
Indicates the MPLS label aggregation, which aggregates flows with the same first layer label, second layer label, third layer label, TopLabelIpAddress, stack bottom symbol of the first layer label, and the EXP value of the first layer label.
prefix
NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
prefix-tos
NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
protocol-port
NetStream combines flows with the same protocol number, source port, and destination port into an aggregated flow and generates one aggregation record.
protocol-port-tos
NetStream combines flows with the same protocol number, source port, destination port, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
source-prefix
NetStream combines flows with the same source AS number, source mask length, source prefix, and inbound interface index into an aggregated flow and generates one aggregation record.
source-prefix-tos
NetStream combines flows with the same source AS number, source mask length, source prefix, ToS, and inbound interface index into an aggregated flow and generates one aggregation record.
source-index-tos
NetStream combines flows with the same source interface index, ToS and BGP next hop into an aggregated flow and generates one aggregation record.
bgp-community
Indicates the BGP community aggregation, which aggregates flows with the same inbound and outbound interface indexes and BGP community.
vlan-id
NetStream combines flows with the same VLAN ID and inbound interface index into an aggregated flow and generates one aggregation record.
vni-sip-dip NetStream combines flows with the same VNI ID and the same source and destination IP addresses of tenants into an aggregated flow and generates one aggregation record. - Run enable
Statistics collection of flows aggregated in a specified aggregation mode is enabled.
- (Optional) Run mask { source | destination } minimum mask-length
The length of the aggregate mask is set. The effective mask is the greater one between the mask in the FIB table and the configured mask. If no aggregate mask is set, the system uses the mask in the FIB table for flow aggregation.
NOTE:
The aggregate mask takes effect only on flows aggregated in the following modes: destination-prefix, destination-prefix-tos, prefix, prefix-tos, source-prefix, and source-prefix-tos. - Run commit
The configuration is committed.
Outputting Aggregated Flows
To ensure that aggregated flows are correctly output to the NMS, specify the aging time, output format, and source and destination addresses for aggregated flows.
Procedure
- Run system-view
The system view is displayed.
- Run ip
netstream export host { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.
If the destination IP addresses are specified in both the system and the aggregation views, the configuration in the aggregation view takes effect.
- Run ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vlan-id | bgp-community
| vni-sip-dip }
The IPv4 NetStream aggregation view is displayed.
- (Optional) Run export version { 8 | 9 | ipfix }
The output format is specified for the aggregated flows.
Flows aggregated in as, as-tos, destination-prefix, destination-prefix-tos, prefix, prefix-tos, protocol-port, protocol-port-tos, source-prefix, or source-prefix-tos mode are output in V8 format by default. You can specify the output format for aggregated flows as needed.
NOTE:
For the vlan-id, bgp-nhp-tos, vni-sip-dip, and index-tos aggregation modes, aggregated packets can be encapsulated only in the default V9 format. You can change the format to IPFIX using the export version command.
- NetStream packets are configured to carry
the flow sequence field.
- Run slot slot-id
The view of the slot in which the interface board for NetStream sampling resides is displayed.
Run ip netstream export sequence-mode flow
NetStream packets are configured to carry the flow sequence field.
- Run quit
The system view is displayed.
NOTE:
The command applys to the V9 format only. - Run slot slot-id
- (Optional) Run template timeout-rate timeout-interval
The interval at which the template for outputting aggregated flows in the V9 or IPFIX format is refreshed is set.
- Run ip
netstream export source { ip-address | ipv6 ipv6-address }
The source IP address is specified for aggregated flows.
The source IP address specified in the aggregation view takes precedence over that specified in the system view. If no source IP address is specified in the aggregation view, the source IP address specified in the system view takes effect.
- Run ip
netstream export host { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.
NOTE:
The destination IP address specified in the system view takes precedence over that specified in the NetStream aggregation view.
- (Optional) Set parameters for aging aggregated flows.
Run ip netstream aggregation timeout { active active-interval | active interval-second active-interval-second }
The active aging time is set for NetStream aggregated flows.
Run ip netstream aggregation timeout inactive inactive-interval
The inactive aging time is set for NetStream aggregated flows.
- (Optional) Exit the IPv4 aggregated
configuration mode view. In the system view, run:
ip netstream export template sequence-number fixedThe sequence numbers of template packets and option template packets in IPFIX format are configured to remain unchanged, but data packets and option data packets in IPFIX format are still consecutively numbered.
- Run commit
The configuration is committed.
(Optional) Adjusting the AS Field Mode and Interface Index Type
Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC.
Context
AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.
If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS.
Procedure
- Run system-view
The system view is displayed.
- Run ip netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
- Run ip
netstream export index-switch { 16 | 32 }
The type of the interface index carried in the NetStream packet output by the router is configured.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:- Original flows are output in V9 or IPFIX format.
- The NetStream packet format for all aggregated flows is V9 or IPFIX format.
Sampling IPv4 Flows
You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.
Context
NOTE: If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.
Procedure
- Run system-view
The system view is displayed.
- Configure
sampling mode and sampling ratio, perform at least one of the following
steps:
- Configure a sampling mode and sampling ratio globally.
- Run ip netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
The sampling mode and sampling ratio are configured globally.
- Run interface interface-type interface-number
The interface view is displayed.
- Run ip netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
- Configure sampling mode and sampling ratio for the interface.
- Run interface interface-type interface-number
The interface view is displayed.
- Run ip netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
The sampling mode and sampling ratio are configured for the interface.
NOTE:
The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view takes precedence over those configured in the system view.
- Run interface interface-type interface-number
- Configure a sampling mode and sampling ratio globally.
- Run ip netstream { inbound | outbound }
NetStream is enabled on the interface.
Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information.
- Run commit
The configuration is committed.
Verifying the Configuration of Statistics Collection of IPv4 Aggregated Flows
In routine maintenance or after pertaining configurations of NetStream are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.
Procedure
- Run the display ip netstream cache { as | as-tos | bgp-nexthop-tos | bgp-community | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vni-sip-dip | vlan-id | flexflowtpl record-name } slot slot-id command to check flows aggregated in different modes in the buffer.
- Run the display ip netstream statistics slot slot-id command to view statistics about NetStream flows.
- Run the display ip netstream statistics interface interface-type interface-number command to view the statistics about the sampled packets on an interface.
- Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
- Run the display ip netstream cache aggregation statistics slot slot-id command to view aggregation flow table specifications and the number of current flows of a specific board.
Example
<HUAWEI> display ip netstream cache as slot 2 DstIf SrcIf DstAs Streams Packets Direction SrcAs -------------------------------------------------------------------------- GI0/2/0 Unknown 0 985988 985988 out 0
<HUAWEI> display ip netstream statistics slot 1 Netstream statistic information on slot 1: -------------------------------------------------------------------------------- length of packets Number Protocol Number -------------------------------------------------------------------------------- 1 ~ 64 : 0 IPV4 : 2779 65 ~ 128 : 985 IPV6 : 0 129 ~ 256 : 1 MPLS : 0 257 ~ 512 : 360 L2 : 0 513 ~ 1024 : 360 Total : 2779 1025 ~ 1500 : 357 longer than 1500 : 716 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Aggregation Current Streams Aged Streams Created Streams Exported Packets Exported Streams -------------------------------------------------------------------------------- origin 2 92 94 65 92 as 0 0 0 0 0 as-tos 0 0 0 0 0 protport 0 0 0 0 0 protporttos 0 0 0 0 0 srcprefix 0 0 0 0 0 srcpretos 0 0 0 0 0 dstprefix 0 0 0 0 0 dstpretos 0 0 0 0 0 prefix 0 0 0 0 0 prefix-tos 0 0 0 0 0 mpls-label 0 0 0 0 0 vlan-id 0 0 0 0 0 bgp-nhp-tos 0 0 0 0 0 index-tos 0 0 0 0 0 src-index-tos 0 0 0 0 0 bgp-community 0 0 0 0 0 vni-sip-dip 0 0 0 0 0 system: bbbb 0 0 0 0 0 aaaa 0 0 0 0 0 bbbb 0 0 all-aggre 2 92 94 65 92 -------------------------------------------------------------------------------- srcprefix = source-prefix, srcpretos = source-prefix-tos, dstprefix = destination-prefix, dstpretos = destination-prefix-tos, protport = protocol-port, protporttos = protocol-port-tos, src-index-tos = source-index-tos, all-aggre = all aggregation streams "---" means that the current board is not supported.
<HUAWEI> display ip netstream statistics interface GigabitEthernet0/1/0 Netstream statistic information of <GigabitEthernet0/1/0>: Inbound : IPV4 :1000 Bytes, 10 Packets IPV6 :1000 Bytes, 10 Packets MPLS :0 Bytes, 0 Packets Total :2000 Bytes, 20 Packets Outbound : IPV4 :1000 Bytes, 10 Packets IPV6 :1000 Bytes, 10 Packets MPLS :0 Bytes, 0 Packets Total :2000 Bytes, 20 Packets
Run the display netstream { all | global | interface interface-type interface-number } command to view NetStream configurations in different views.
<HUAWEI> display netstream all system ip netstream export version 9 origin-as ip netstream timeout active 50 ip netstream timeout inactive 10 ip netstream export source 10.1.1.1 ip netstream export host 4.4.4.4 10000 ip netstream aggregation as enable export version 9 ip netstream export source 1.1.1.2 ip netstream export host 3.3.3.3 555 ip netstream export host 1.1.1.2 55 slot 1 interface GigabitEthernet0/1/3 ip netstream sampler fix-packets 1000 inbound Slot Slot 1:ip netstream sampler to slot 2
<HUAWEI> display ip netstream cache aggregation statistics slot 1 ------------------------------------------- Total Streams Current Streams ------------------------------------------- 524288 1000
