Example for Configuring Traffic Distribution Based on Eth-Trunk

S12700 and S12700E V200R019C10 Configuration Guide - Network Management and Monitoring

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, Traffic Distribution, NetStream, sFlow, TWAMP Light, NETCONF, eMDI, and Intelligent Video O&M.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Example for Configuring Traffic Distribution Based on Eth-Trunk

Networking Requirements

In the example shown in Figure 10-5, SwitchA, which is a traffic distribution device, is connected to a third-party network probe through XGE2/0/1, and the network probe forwards a copy of traffic to SwitchA through XGE2/0/1.

In this example, the customer requires that packets from the traffic distribution device be distributed to four packet analysis servers for processing, only UDP packets with destination port 10000 be analyzed, and a bidirectional flow pair between two communicating parties be distributed to the same server. Only a single fiber is deployed between SwitchA and each packet analysis server, and the packet analysis servers receive data but do not send data, ensuring data confidentiality on the servers.

Figure 10-5 Traffic distribution based on the Eth-Trunk

Configuration Roadmap

The configuration roadmap is as follows:

Create an Eth-Trunk and configure Eth-Trunk-based flow pair distribution to the same server, so that packets to be analyzed are distributed to four servers for processing.
Configure a traffic policy and apply the traffic policy to the inbound interface connected to the upstream traffic distribution device, so that packets to be analyzed are classified and redirected to the Eth-Trunk.
Configure unidirectional single-fiber communication to ensure data security on the packet analysis servers.

Procedure

Create an Eth-Trunk, add member interfaces to the Eth-Trunk, and configure Eth-Trunk-based flow pair distribution to the same server.
# Create Eth-Trunk1, and add GE 1/0/1, GE 1/0/2, GE 1/0/3, as well as GE 1/0/4 to Eth-Trunk1.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface eth-trunk 1
[SwitchA-Eth-Trunk1] trunkport gigabitethernet 1/0/1 to 1/0/4
```
# Configure Eth-Trunk-based flow pair distribution to the same server.
```
[SwitchA-Eth-Trunk1] load-balance diffluence
[SwitchA-Eth-Trunk1] quit
```

Configure a traffic policy to redirect the UDP packets with the destination port 10000 to Eth-Trunk1.

# Create ACL 3000 to match the UDP packets with the destination port 10000.

[SwitchA] acl 3000
[SwitchA-acl-adv-3000] rule 5 permit udp destination-port eq 10000
[SwitchA-acl-adv-3000] quit

# Define the traffic classifier test and configure ACL 3000.

[SwitchA] traffic classifier test
[SwitchA-classifier-test] if-match acl 3000
[SwitchA-classifier-test] quit

# Define the traffic behavior test and set the traffic action to redirection.

[SwitchA] traffic behavior test
[SwitchA-behavior-test] redirect interface eth-trunk 1
[SwitchA-behavior-test] quit

# Define the traffic policy test and bind the traffic policy to the traffic classifier and the traffic behavior.

[SwitchA] traffic policy test
[SwitchA-trafficpolicy-test] classifier test behavior test
[SwitchA-trafficpolicy-test] quit

# Apply the traffic policy to the inbound interface.

[SwitchA] interface xgigabitethernet 2/0/1
[SwitchA-XGigabitEthernet2/0/1] traffic-policy test inbound
[SwitchA-XGigabitEthernet2/0/1] quit

Configure unidirectional single-fiber communication.

# Configure unidirectional single-fiber communication on GE interfaces connected to packet analysis servers.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] undo negotiation auto
[SwitchA-GigabitEthernet1/0/1] single-fiber enable
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] undo negotiation auto
[SwitchA-GigabitEthernet1/0/2] single-fiber enable
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] undo negotiation auto
[SwitchA-GigabitEthernet1/0/3] single-fiber enable
[SwitchA-GigabitEthernet1/0/3] quit
[SwitchA] interface gigabitethernet 1/0/4
[SwitchA-GigabitEthernet1/0/4] undo negotiation auto
[SwitchA-GigabitEthernet1/0/4] single-fiber enable
[SwitchA-GigabitEthernet1/0/4] quit

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
acl number 3000
 rule 5 permit udp destination-port eq 10000
#
traffic classifier test operator or precedence 5
 if-match acl 3000
#
traffic behavior test
 permit
 redirect interface Eth-Trunk1
#
traffic policy test match-order config
 classifier test behavior test
#
interface Eth-Trunk1 
 mac-address learning disable
 load-balance diffluence
# 
interface GigabitEthernet1/0/1 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/2 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/3 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface GigabitEthernet1/0/4 
 undo negotiation auto 
 single-fiber enable
 eth-trunk 1
# 
interface XGigabitEthernet2/0/1 
 mac-address learning disable
 traffic-policy test inbound 
#
return

Networking Requirements
Configuration Roadmap

Translation

简体中文

Download

Updated: 2022-05-20

Document ID: EDOC1100126923

Downloads: 112

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode