No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Basic ECA Functions

Configuring Basic ECA Functions

Context

Before enabling ECA on a switch, ensure that the switch and the CIS server are routable and the resource allocation mode has been set to eca. In addition, you need to configure a NetStream flexible flow statistics profile to output statistics on the ECA session.

Procedure

  1. Set the resource allocation mode of the switch to eca.
    1. Run system-view

      The system view is displayed.

    2. Run assign resource-mode eca

      The resource allocation mode of the switch is set to eca.

    By default, the resource allocation mode of the S5720HI, S5730HI, and S6720HI is enhanced-arp. For the entry space specifications after the resource allocation mode is set to eca, refer to assign resource-mode.

    NOTE:

    The eca mode takes effect only after the device reboots.

  2. Configure parameters for the interconnection between the switch and CIS server.
    1. Run system-view

      The system view is displayed.

    2. Run flow-probe metadata-collect server ip ip-address [ port port-number ]

      The IP address and port number of the CIS server are configured.

      By default, the IP address of the CIS server is not specified and the default port number is 8514.

    3. Run flow-probe metadata-collect source { ip ip-address port port-number | vpn-instance vpn-instance-name } *

      The source IP address for sending metadata from the switch to the CIS server is configured.

      By default, the source IP address is not specified.

  3. Enable ECA.
    1. Run defence engine enable

      The IAE is enabled.

      You must enable the IAE before enabling ECA. By default, the IAE is disabled.

    2. Run interface interface-type interface-number

      The interface view is displayed.

      NOTE:

      ECA can only be configured on physical and VLANIF interfaces. If ECA is enabled on a VLANIF interface, you do not need to enable ECA on the physical interface of the VLAN corresponding to the VLANIF interface.

    3. Run ec-analytics enable [ inbound | outbound ]

      ECA is enabled.

      By default, the ECA function is disabled.

    4. Run quit

      Return to the system view.

  4. Configure a NetStream flexible flow statistics profile.

    To obtain abundant ECA session statistics, you need to configure a NetStream flexible flow statistics profile to collect information, such as the 5-tuple information, packet quantity, byte quantity, inbound and outbound interface index, and apply the profile to an ECA-enabled interface.

    1. Run ip netstream record record-name

      A NetStream flexible flow statistics profile is created and the profile view is displayed.

    2. Configure aggregation keywords for the NetStream flexible flow statistics profile.

      • Run match ip source-address

        ECA session statistics are aggregated based on the source IP address.

      • Run match ip destination-address

        ECA session statistics are aggregated based on the destination IP address.

      • Run match ip source-port

        ECA session statistics are aggregated based on the source port number.

      • Run match ip destination-port

        ECA session statistics are aggregated based on the destination port number.

      • Run match ip protocol

        ECA session statistics are aggregated based on the protocol type.

      • Run collect counter packets

        ECA session statistics are specified to include the packet quantity.

      • Run collect counter bytes

        ECA session statistics are specified to include the byte quantity.

      • Run collect interface input

        ECA session statistics are specified to include the inbound interface index.

      • Run collect interface output

        ECA session statistics are specified to include the outbound interface index.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The interface view is displayed.

      NOTE:
      • The NetStream flexible flow statistics profile must be applied on an ECA-enabled interface.
      • The NetStream flexible flow statistics profile cannot be applied on a VLANIF interface. If ECA is enabled on a VLANIF interface, apply the NetStream flexible flow statistics profile on all physical interfaces in the VLAN corresponding to the VLANIF interface.

    5. Enable the IPv4 traffic statistics collection function on an interface.

      • Run ip netstream inbound

        The IPv4 traffic statistics collection function is enabled on the inbound interface.

      • Run ip netstream outbound

        The IPv4 traffic statistics collection function is enabled on the outbound interface.

    6. Configure the sampling ratio for IPv4 packets on an interface.

      • Run ip netstream sampler fix-packets 1 inbound

        The sampling ratio for IPv4 packets on the inbound interface is set to 1:1.

      • Run ip netstream sampler fix-packets 1 outbound

        The sampling ratio for IPv4 packets on the outbound interface is set to 1:1.

      NOTE:

      By default, the sampling ratio of IPv4 packets is 1000:1. For ECA, the sampling ratio must be set to 1:1; otherwise, the ECA effect is poor.

    7. Run port ip netstream record record-name

      The NetStream flexible flow statistics profile is applied to the interface.

    8. Run quit

      Return to the system view.

    9. (Optional) Run ip netstream tcp-flag enable

      NetStream flows are aged according to the FIN or RST flag in TCP packet headers to save memory space.

  5. (Optional) Run ec-analytics enhance-mode disable

    The ECA enhanced mode is disabled.

    NOTE:

    By default, the ECA enhanced mode is enabled. After the ECA enhanced mode is disabled, the number of packets sent for each ECA session flow to the IAE decreases from 50 to 20. This improves the processing performance of the IAE, but reduces the accuracy of encrypted traffic identification. Therefore, you are advised to enable the ECA enhanced mode when the device performance meets requirements.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 53281

Downloads: 504

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next