Collecting Statistics About IPv6 Original Flows
Before collecting statistics about IPv6 original flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.
Usage Scenario
On the network shown in Figure 3-6, a carrier enables NetStream on the router functioning as an NDE to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.
Statistics about original flows are collected based on the 7-tuple information. The NetStream Data Exporter (NDE) samples IPv6 flows passing through it, collects statistics about sampled flows, encapsulates the aging NetStream original flows into UDP packets, and sends the packets to the NetStream Collector (NSC) for processing. Unlike collecting statistics about aggregated flows, collecting statistics about original flows imposes less impact on NDE performance. Original flows consume more storage space and network bandwidth resources because the volume of original flows is greater than that of aggregated flows.
Pre-configuration Tasks
Before collecting the statistics about IPv6 original flows, complete the following task:
Configure parameters of the link layer protocol and IP addresses for interfaces so that the link layer protocol on the interfaces can go Up.
Configure static routes or enable an IGP to implement network connectivity.
Configuration Procedures
- Specifying a NetStream Service Processing Mode
After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NE20E has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability. - Outputting Original Flows
To ensure that original flows can be correctly output to the NMS, configure the aging time, output format, and source and destination addresses for original flows. - (Optional) Configuring NetStream Monitoring Services
NetStream monitoring services can be configured on the NetStream Data Exporter (NDE), which enables carriers to implement more delicate traffic statistics and management over IPv6 original flows. - (Optional) Adjusting the AS Field Mode and Interface Index
Type
Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC. - (Optional) Enabling Statistics Collection of TCP Flags in Original
Flows
There are six flag bits (URG, ACK, PSH, RST, SYN, and FIN) in a TCP packet header. The flag bits, together with the destination IP address, source IP address, destination port number, and source port number of a TCP packet, identify the function and status of the TCP packet on a TCP connection. TCP flags can be extracted from packets. Their statistics can be collected and sent to the NMS. The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets. - Sampling IPv6 Flows
You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface. - Verifying the Configuration of Statistics Collection of IPv6
Original Flows
In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.
Specifying a NetStream Service Processing Mode
After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NE20E has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability.
Context
NetStream services can be processed in the following modes:
Distributed mode
An interface board samples packets, aggregates flows, and outputs flows.
The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.
- The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.
Outputting Original Flows
To ensure that original flows can be correctly output to the NMS, configure the aging time, output format, and source and destination addresses for original flows.
Procedure
- Run system-view
The system view is displayed.
- Run ipv6 netstream export
version { 9 [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] | ipfix [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] }
The output format of original flows is configured.
- (Optional) Configure NetStream packets to
carry the flow sequence field.
- Run slot slot-id
The view of the slot in which the interface board for NetStream sampling resides is displayed.
Run ip netstream export sequence-mode flow
NetStream packets are configured to carry the flow sequence field.
- Run quit
The system view is displayed.
NOTE:
The command applys to the V9 format only. - Run slot slot-id
- (Optional) Run ipv6 netstream export template sequence-number fixed
The sequence numbers of template packets and option template packets in IPFIX format are configured to remain unchanged, but data packets and option data packets in IPFIX format are still consecutively numbered.
- (Optional) Run ipv6 netstream export template timeout-rate timeout-interval
The interval at which the template for outputting original flows in the V9 or IPFIX format is refreshed.
- Run ipv6 netstream export source { ip-address | ipv6 ipv6-address }
The source IP address is specified for original flows.
- Specify the destination IP address and UDP port number
of the peer NSC for NetStream original flows in the system or slot view.
In the system view:
Run ipv6 netstream export host { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address and destination port number for traffic statistics are specified.
In the slot view:
Run slot slot-id
The view of the slot in which the interface board for NetStream sampling resides is displayed.
Run ipv6 netstream export host { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address and destination port number for traffic statistics are specified.
Run quit
The system view is displayed.
- (Optional) Set parameters for aging original flows.
Run ipv6 netstream timeout { active active-interval | active interval-second active-interval-second }
The active aging time is set for NetStream original flows.
Run ipv6 netstream timeout inactive inactive-interval
The inactive aging time is set for NetStream original flows.
- Run commit
The configuration is committed.
(Optional) Configuring NetStream Monitoring Services
NetStream monitoring services can be configured on the NetStream Data Exporter (NDE), which enables carriers to implement more delicate traffic statistics and management over IPv6 original flows.
Context
Increasing types of services and applications on networks urge carriers to provide more delicate management and accounting services.
If NetStream is configured on multiple interfaces on an NDE, all interfaces send traffic statistics to a single NetStream Collector (NSC). The NSC cannot distinguish interfaces, and therefore, cannot manage or analyze traffic statistics based on interfaces. In addition, the NSC will be overloaded due to a great amount of information.
NetStream monitoring configured on an NDE allows the NDE to send traffic statistics collected on specified interfaces to specified NSCs for analysis, which achieves interface-specific service monitoring. Traffic statistics can be balanced among these NSCs.
Procedure
- Run system-view
The system view is displayed.
- Run ipv6 netstream monitor monitor-name
A NetStream monitoring service view is created and displayed. If a NetStream monitoring service view already exists, the view is displayed.
- Run ipv6 netstream export host [ ip-address | ipv6 ipv6-address ] port [ vpn-instance vpn-instance-name ] [ version { 9 | ipfix } ] [ dscp dscp-value ]
The destination IP address and destination port number for traffic statistics are specified.
- Run quit
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run ipv6 netstream monitor monitor-name { inbound | outbound }
NetStream monitoring services are configured in the inbound or outbound direction of an interface.
NOTE:
If NetStream monitoring services have been configured on the interface, statistics about original flows are sent to the destination IP address specified in the NetStream monitoring service view, not the system view. - Run commit
The configuration is committed.
(Optional) Adjusting the AS Field Mode and Interface Index Type
Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC.
Context
AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.
If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS.
Procedure
- Run system-view
The system view is displayed.
- Run ipv6 netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
- Run ipv6 netstream export index-switch { 16 | 32 }
The type of the interface index carried in the NetStream packet output by the router is specified.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:- Original flows are output in V9 or IPFIX format.
- Aggregated flows are output in V9 or IPFIX format.
(Optional) Enabling Statistics Collection of TCP Flags in Original Flows
There are six flag bits (URG, ACK, PSH, RST, SYN, and FIN) in a TCP packet header. The flag bits, together with the destination IP address, source IP address, destination port number, and source port number of a TCP packet, identify the function and status of the TCP packet on a TCP connection. TCP flags can be extracted from packets. Their statistics can be collected and sent to the NMS. The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets.
Context
Perform the following steps on the router on which TCP flag statistics are to be collected.
By enabling statistics collection of TCP flags, you can extract the TCP-flag information from network packets and send it to the NMS. The NMS can determine whether there are flood attacks to the network.
Sampling IPv6 Flows
You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.
Context
NOTE: If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.
Procedure
- Run system-view
The system view is displayed.
- Configure
sampling mode and sampling ratio, perform at least one of the following
steps:
- Configure a sampling mode and sampling ratio globally.
- Run ipv6 netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
The sampling mode and sampling ratio are configured globally.
- Run interface interface-type interface-number
The interface view is displayed.
- Run ipv6 netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
- Configure sampling mode and sampling ratio for the interface.
- Run interface interface-type interface-number
The interface view is displayed.
- Run ipv6 netstream sampler { fix-packets fix-packets-number | random-packets random-packets-number | fix-time fix-time-value } { inbound | outbound }
The sampling mode and sampling ratio are configured for the interface.
The ip netstream sampler command has the same function as the ipv6 netstream sampler command.NOTE:
The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view takes precedence over those configured in the system view.- The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that sampling modes configured by the ip netstream sampler and ipv6 netstream sampler commands are the same.
- Packets are sampled at the set sampling ratio, regardless of packet types. For example, if the sampling ratio in fixed packet sampling mode is set to 1000:1, one packet will be sampled every 1000 packets, regardless of these packets are IPv4 or IPv6 packets.
- Run interface interface-type interface-number
- Configure a sampling mode and sampling ratio globally.
- Run ipv6 netstream { inbound | outbound }
NetStream is enabled on the interface.
Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information.
- Run commit
The configuration is committed.
Verifying the Configuration of Statistics Collection of IPv6 Original Flows
In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.
Procedure
- Run the display ipv6 netstream cache origin slot slot-id command to check information about the NetStream buffer.
- Run the display ipv6 netstream statistics slot slot-id command to check statistics about NetStream flows.
- Run the display ipv6 netstream monitor { all | monitor-name } command to check the monitoring information about IPv6 original flows.
Example
<HUAWEI> display ipv6 netstream cache origin slot 1 DstIf SrcIf DstP Msk Pro Tos SrcP Msk Flags Ttl Packets Bytes NextHop Direction DstIP DstAs SrcIP SrcAs BGP: BGP NextHop TopLabelType Label1 Exp1 Bottom1 Label2 Exp2 Bottom2 Label3 Exp3 Bottom3 TopLabelIpAddress VlanId VniId -------------------------------------------------------------------------- Unknown GigabitEthernet0/1/1 0 0 59 0 0 0 0 100 443426 56758528 :: in FEC0::101:200:0:C055:101 0 FEC0::101:200:0:C0A8:101 0 :: UNKNOWN 0 0 0 0 0 0 0 0 0 0.0.0.0 0 0
<HUAWEI> system-view [~HUAWEI] display ipv6 netstream statistics slot 1 Netstream statistic information on slot 1: ------------------------------------------------------------------------------------ length of packets Number Protocol Number ------------------------------------------------------------------------------------ 1 ~ 64 : 0 IPV4 : 0 65 ~ 128 : 14939665 IPV6 : 14939665 129 ~ 256 : 0 MPLS : 0 257 ~ 512 : 0 L2 : 0 513 ~ 1024 : 0 Total : 14939665 1025 ~ 1500 : 0 longer than 1500 : 0 ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ Aggregation Current Streams Aged Streams Created Streams Exported Packets Exported Streams ------------------------------------------------------------------------------------ origin 100 428 528 0 0 as 0 0 0 0 0 as-tos 0 0 0 0 0 protport 0 0 0 0 0 protporttos 0 0 0 0 0 srcprefix 3 1 4 0 0 srcpretos 0 0 0 0 0 dstprefix 0 0 0 0 0 dstpretos 0 0 0 0 0 prefix 0 0 0 0 0 prefix-tos 0 0 0 0 0 mpls-label 0 0 0 0 0 vlan-id 0 0 0 0 0 bgp-nhp-tos 0 0 0 0 0 index-tos 0 0 0 0 0 system: bbbb 0 0 0 0 0 aaaa 0 0 0 0 0 bbbb 0 0 all-aggre 3 1 4 0 0 ------------------------------------------------------------------------------------ srcprefix = source-prefix, srcpretos = source-prefix-tos, dstprefix = destination-prefix, dstpretos = destination-prefix-tos, protport = protocol-port, protporttos = protocol-port-tos, all-aggre = all aggregation streams "---" means that the current board is not supported.
Run the display ipv6 netstream monitor { all | monitor-name } command to view the monitoring information about IPv6 original flows.
<HUAWEI> display ipv6 netstream monitor monitora
Monitor monitora
ID : 1
AppCount : 0
Address Port
1.1.1.1 1
2.2.2.2 2
------------------------------------------------------------
