No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - System Monitor 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - System Monitor
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Collecting Statistics About Abnormal IPv4 Flows on the User Side

Example for Collecting Statistics About Abnormal IPv4 Flows on the User Side

This section provides an example for configuring NetStream to collect statistics about abnormal IPv4 packets on the user side. The NetStream traffic statistics collection function helps rapidly analyze the type and location of abnormal traffic.

Networking Requirements

On the network shown in Figure 3-8, NetStream is configured to collect statistics about the source IP address, destination IP address, port, and protocol information of network packets on the user side. Such statistics help analyze users' behaviors and detect the virus-infected terminals, source and destination of Denial of service (DoS) and Distributed Denial of service (DDoS) attacks, source of spams, and unauthorized websites. In addition, NetStream allows users to rapidly identify virus types and locate the IP address of abnormal traffic. Based on other NetStream flow attributes, users can filter out virus-infected traffic and prevent it from spreading over the network.

Figure 3-8 Networking diagram for collecting statistics about abnormal IPv4 flows on the user side
NOTE:
  • Interfaces 1 through 2 in this example are GE0/1/0 and GE0/2/0, respectively.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure PEs and CEs to communicate.

  2. Configure NetStream to collect statistics about incoming and outgoing flows on the user-side interface of the PE.

Data Preparation

To complete the configuration, you need the following data:

  • Name of the user-side interface of the PE

  • Output format of NetStream flows

  • Destination IP address, destination port number, and source IP address of NetStream flows to be output

Procedure

  1. Configure PEs and CEs to communicate.

    # Assign the IP address and mask to each interface according to Figure 3-8. For configuration details, see Configuration Files in this section.

  2. Enable the NetStream statistics collection function on GigabitEthernet 0/1/0 of the PE.

    # Enable the statistics collection for TCP flags in original flows.

    [*PE]ip
    netstream tcp-flag enable

    # Specify the destination address, destination port number, and source address for NetStream flows output in V5 format.

    [*PE] ip
    netstream export host 192.168.2.2 9001
    [*PE] ip
    netstream export source 192.168.2.1

    # Enable NetStream sampling and configure the fixed packet sampling mode.

    [*PE] ip netstream sampler fix-packets 10000 inbound
    [*PE] ip netstream sampler fix-packets 10000 outbound
    [*PE] commit

    # Configure NetStream to collect statistics about incoming and outgoing flows on GigabitEthernet 0/1/0 of the PE.

    [*PE] interface GigabitEthernet 0/1/0
    [*PE-GigabitEthernet0/1/0] undo shutdown 
    [*PE-GigabitEthernet0/1/0] ip netstream inbound
    [*PE-GigabitEthernet0/1/0] ip netstream outbound
    [*PE-GigabitEthernet0/1/0] quit
    [*PE] commit

  3. Verify the configuration.

    # Run the display ip netstream cache origin slot 10 command in the user view. You can view information about various original flows in the NetStream flow buffer.

    <HUAWEI> display ip netstream cache origin slot 10
     DstIf                         
     SrcIf                           
     DstP                          Msk          Pro            Tos 
     SrcP                          Msk          Flags          Ttl
     Packets                                                   Bytes
     NextHop                                                   Direction
     DstIP                                                     DstAs
     SrcIP                                                     SrcAs
     BGP: BGP NextHop                                          TopLabelType
     Label1                        Exp1         Bottom1
     Label2                        Exp2         Bottom2
     Label3                        Exp3         Bottom3
     TopLabelIpAddress                          VlanId         VniId
     --------------------------------------------------------------------------
    
     Unknown                                                          
     GigabitEthernet0/1/0                                            
     0                             0            253            0
     0                             0            0              
    0
     3                                                         384       
     0.0.0.0                                                   in
     192.172.133.151                                           0         
     192.172.131.151                                           0         
     0.0.0.0                                                   UNKNOWN             
     0                             0            0         
     0                             0            0         
     0                             0            0         
     0.0.0.0                                    0              0        
    
     Unknown                                                          
     GigabitEthernet0/1/1                                            
     0                             0            253            0  
     0                             0            0              
    0
     1                                                         128       
     0.0.0.0                                                   in
     192.173.81.232                                            0         
     192.173.79.232                                            0         
     0.0.0.0                                                   UNKNOWN             
     0                             0            0         
     0                             0            0         
     0                             0            0         
     0.0.0.0                                    0              0

Configuration Files

  • CE configuration file

    #
    sysname CE
    #
    interface GigabitEthernet 0/1/0
     ip address 192.168.1.2 255.255.255.0
    # 
    return 
  • PE configuration file

    #
    sysname PE
    #
    ip
    netstream tcp-flag enable
    ip netstream sampler fix-packets 10000 inbound 
    ip netstream sampler fix-packets 10000 outbound
    ip
    netstream export source 192.168.2.1
    ip
    netstream export host 192.168.2.2 9001
    #
    interface gigabitethernet 0/2/0
     ip address 192.168.2.1 255.255.255.0
    #
    interface GigabitEthernet 0/1/0
     ip address 192.168.1.1 255.255.255.0
     ip netstream inbound
     ip netstream outbound
    # 
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058924

Views: 7031

Downloads: 24

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next