NetEngine 8000 F1A V800R022C00SPC600 Configuration Guide

NetStream Configuration

NetStream Description
NetStream Configuration

NetStream Description

The NetStream feature may be used to analyze the communication information of terminal customers for network traffic statistics and management purposes. Before enabling the NetStream feature, ensure that it is performed within the boundaries permitted by applicable laws and regulations. Effective measures must be taken to ensure that information is securely protected.

Overview of NetStream

Definition

NetStream is a Huawei-proprietary technology used to collect statistics about network traffic and export the statistics. The statistics can be used for various purposes:

Network management and planning
Enterprise accounting and departmental charging
ISP billing report
Data storage
Data mining for marketing purposes

Object

The rapid development of the Internet provides customers with higher bandwidth and predictable QoS. Meanwhile, with the increase of services and applications, carriers need to provide more fine-grained metering for network management and accounting. As shown in Table 1-1321, traditional methods to collect stream statistics have drawbacks. Developing a technology to answer the preceding demands becomes urgent.

Table 1-1321 Implementation and drawbacks of the traditional traffic statistics methods

Method	Implementation	Drawback
Based on IP addresses	A counter index is saved in the routing table to count bytes and packets passing through the device.	This method can only calculate packets of limited types.
Based on ACLs	ACLs are used to accurately match packets and then collect statistics about matching packets.	A great number of ACLs need to be configured, and mismatching packets cannot be counted.
Based on SNMP	The SNMP protocol is used to implement the statistics function on a device to collect interface statistics, IP statistics, and ACL matching statistics.	The statistics function is not strong enough. It needs to collect the statistics through continuous polling, which puts heavy load on the CPU and network.
Based on interface mirroring	With interface mirroring, traffic passing through an interface is duplicated and then sent to a special server to implement the statistics function.	The cost is high. A special server is needed to collect statistics, and an additional interface is used. The statistics cannot be performed on the interface that does not support the mirroring function.
Based on the traffic duplication at the physical layer	Traffic is duplicated using the splitter or other devices at the physical layer and then sent to a special server to implement the statistics function.	The cost is high. The special server and device must be purchased.

Benefits

NetStream enables carriers to implement more fine-grained metering for network management and accounting.

Understanding NetStream

The implementation of the NetStream function is as follows:

Packet sampling: Packets are replicated and sent to a NetStream board. The process of sampling packets is as follows:
1. After the NetStream function is enabled on an interface, the system stores NetStream information in the interface information table.
2. The system samples packets passing through the interface at a configured sampling ratio.
Stream processing: Streams are constructed, maintained, aged, aggregated, and added to packets for export.
1. After receiving a packet, the NetStream board extracts packet attributes (such as source address and destination address) and compares them with those of existing streams created from packets.
2. If the attributes match, the packet is added to the stream, and the packet count is refreshed. If the received attribute does not match the local one, a new stream is created. Then, the NetStream board ages and aggregates streams and sends the statistics to the specified network management system (NMS) for analysis.

NetStream services are deployed in distributed service processing mode. That is, packet sampling and stream processing are performed on an interface board.

After NetStream is enabled, packets are involved in the establishment and counting of NetStream flows. If a large number of packets are sampled, the forwarding performance of the device is affected. The reasonable sampling ratio is 1000:1.

Basic Functions of NetStream

As the Internet develops rapidly, more bandwidth resources are provided for users, and at the same time a higher requirement for delicate network monitoring and management is raised. To address this issue, NetStream has been introduced. NetStream is a technique that collects highly granular per-flow traffic statistics. It classifies traffic flow statistics and calculates resource usage on networks. NetStream also helps monitor and manage networks based on the types of services and resources.

Application Scenarios for NetStream

Accounting statistics

NetStream provides detailed accounting statistics, including IP addresses, number of packets, number of bytes, time, type of service (ToS), and application types. Based on the collected statistics, the Internet service provider (ISP) can charge users flexibly based on resource information, such as time periods, bandwidth, applications, or service quality, and enterprises can estimate their expenses and assign costs to efficiently use resources.
Network planning and analysis

NetStream provides key information for advanced network management tools to optimize the network design and plan. This helps achieve the best network performance and reliability with the lowest network operation cost.
Network monitoring

NetStream monitors network traffic in real time.
Application monitoring and analysis

NetStream provides detailed network application information. For example, it allows a network administrator to view the proportion of each application, such as web, the File Transfer Protocol (FTP), Telnet, and other TCP/IP applications, to communication traffic. Based on the information, the Internet Content Provider (ICP) and ISP can properly plan and allocate network application resources.
Abnormal traffic detection

By analyzing NetStream flows, the NMS can detect abnormal traffic, such as different types of attacks on networks in real time. The NMS uses alarm information reported by NetStream to monitor devices to secure network operation.

Operation Process of NetStream

Figure 1-3939 shows the operation process of NetStream, which consists of the following phases:

Figure 1-3939 Operation process of NetStream

Samples flows in a specified mode.
Establishes NetStream flows based on 5-tuple information.
Ages out NetStream flows in a specified mode.
Exports NetStream flows based on the specified mode and packet version.

The NetStream function involves three devices. Figure 1-3940 shows the relationships between the three devices.

Figure 1-3940 NetStream device roles

NetStream Data Exporter (NDE): samples packets and outputs traffic statistics.
NetStream Collector (NSC): collects and stores traffic statistics sent by the NDE.
NetStream Data Analyzer (NDA): analyzes traffic statistics. The analysis result is used as the reference for various functions, such as network accounting, network planning, network monitoring, application monitoring, and traffic analysis.

The device supports the NDE function.

The device supports the distributed NetStream service processing mode. That is, an interface board can independently sample packets, aggregate flows, and output flows. The device supports complete NetStream functions.

Flow Sampling and Establishment

Flow Sampling

With flow sampling, information about only a few packets needs to be extracted for analysis, which reduces the impact of the NetStream function on the device performance. Figure 1-3941 shows the NetStream sampling process.

Figure 1-3941 NetStream sampling process

There are four flow sampling modes:

Packet-based random sampling

One packet out of a random number of packets is sampled. For example, the sample ratio configured on a NetStream-enabled interface is M:1, and N packets out of N x M packets passing through the interface are sampled.
Packet-based regular sampling

One packet is regularly sampled at a fixed packet interval. If the packet interval is set to 100 and the fifth packet has been sampled, a device samples every 100th packet. For example, packets 105, 205, 305 are sampled.
Time-based random sampling

One packet is randomly sampled at a random interval. If the sampling time period is 100 ms, one packet is randomly sampled among packets that pass through the interface within every 100 ms.
Time-based regular sampling

One packet is regularly sampled at a fixed time interval. If the time interval is 100 ms and the first packet has been sampled at the 30th ms, the device samples packets that pass through the interface every 100 ms. For example, packets are sampled at the 130th ms, 230th ms, and 330th ms.

The NetEngine 8000 F supports three sampling modes: packet-based regular sampling, packet-based random sampling, and time-based regular sampling.

Flow Establishment

NetStream can define flows based on the 5-tuple, ToS, and inbound or outbound interface information.

Aging of a Flow

NetStream traffic on the network bursts intermittently. Tens of thousands of flows are generated in a few seconds. As the NDE memory capacity is limited, flows that are saved on the NDE earlier must be exported rapidly to release space. This process is called aging.

A flow is aged in any of the following situations:

Regular aging

A flow is aged after its inactive time (from the time no packets are added to the flow to the current time) or its active time (from the time the flow is constructed to the current time) elapses. After the active time elapses, the system does not age the flow in the buffer until a new flow enters the buffer. After the inactive time elapses, the system immediately ages the flow, regardless of whether the flow is within the active time.

The active time is used to periodically export the long-lasting flow.

The inactive time is used to export the flow to which packets are intermittently added. Once packets stop being added to the flow, the flow is exported to release memory space.
FIN-based or RST-based aging

A flow is aged when the FIN or RST bit in a packet of a flow is detected. This is because the FIN or RST bit in the packet transmitted over a TCP connection indicates that the TCP connection is terminated. If a packet containing the FIN or RST bit is added to a flow, the system immediately ages the flow.

By default, the system ages a flow that contains a packet carrying the FIN or RST bit. To collect statistics about packets carrying TCP flags, disable the system from aging a flow that contains a packet carrying the FIN or RST bit.
Bytes-based aging

A flow is aged when the number of bytes exceeds the upper limit. Bytes of packets in the flows cached in the buffer are counted. The system therefore immediately ages the flow to avoid the byte counting error.
Forcible aging

You can configure the device to forcibly age all original flows in the existing buffer. Forcible aging is used when the aging conditions are not met but new flows need to be added to the buffer or when the NetStream service becomes abnormal, causing flows in the buffer not to be aged.

Export of a Flow

Export of original flows

Information in aging original flows is collected and then encapsulated into UDP packets to be sent to an NSC. The NSC obtains detailed information about each original flow and process these flow records flexibly. This, however, increases network bandwidth and CPU usage. In addition, to store these flow records, a great amount of memory is used, and the device overhead is increased.

Export of aggregated flows

After information about aging original flows is collected, original flows are classified, combined, and constructed into aggregated flows based on specified rules. When the aggregation timer in the system expires, aggregated flows are exported to the NSC as UDP packets. Aggregation helps original flows be transmitted with less network bandwidth, CPU usage, and storage space. The device supports aggregation modes listed in Table 1-1322.

Table 1-1322 List of aggregation modes

Aggregation Mode	Description
as	Indicates the autonomous system (AS) aggregation, which aggregates flows with the same source AS number, destination AS number, inbound interface index, and outbound interface index.
as-tos	Indicates the AS-ToS aggregation, which aggregates flows with the same source AS number, destination AS number, inbound interface index, outbound interface index, and type of service (ToS).
bgp-nexthop-tos	Indicates the BGP-nexthop-ToS aggregation, which aggregates flows with the same Border Gateway Protocol (BGP) next hop, source AS number, destination AS number, inbound interface index, and outbound interface index. A device aggregates flows with the same attributes into one flow and then generates one record about the aggregated flow.
destination-prefix	Indicates the destination-prefix aggregation, which aggregates flows with the same destination AS number, destination mask length, destination prefix, and outbound interface index.
destination-prefix-tos	Indicates the destination-prefix-ToS aggregation, which aggregates flows with the same destination AS number, destination mask length, destination prefix, outbound interface index and ToS.
index-tos	Indicates the index-ToS aggregation, which aggregates flows with the same inbound interface index, outbound interface index, and ToS.
mpls-label	Indicates the MPLS label aggregation, which aggregates flows with the same first layer label, second layer label, third layer label, TopLabelIpAddress, stack bottom symbol of the first layer label, and the EXP value of the first layer label.
prefix	Indicates the prefix aggregation, which aggregates flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index.
prefix-tos	Indicates the prefix-ToS aggregation, which aggregates flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, outbound interface index, and ToS.
protocol-port	Indicates the protocol-port aggregation, which aggregates flows with the same protocol number, source port, and destination port.
protocol-port-tos	Indicates the protocol-port-ToS aggregation, which aggregates flows with the same protocol number, source port, destination port, ToS, inbound interface index, and outbound interface index.
source-prefix	Indicates the source-prefix aggregation, which aggregates flows with the same source AS number, source mask length, source prefix, and inbound interface index.
source-prefix-tos	Indicates the source-prefix-ToS aggregation, which aggregates flows with the same source AS number, source mask length, source prefix, ToS, and inbound interface index.
source-index-tos	Indicates the inbound interface index-ToS aggregation. It classifies flows based on inbound interface index, ToS, and BGP next hop.
vlan-id	Indicates the VLAN-ID aggregation, which aggregates flows with the same virtual local area network (VLAN) ID and inbound interface index.
bgp-community	Indicates BGP community aggregation. NetStream flows are classified based on the inbound and outbound interface indexes, BGP community name, and three key values.
vni-sip-dip	Indicates a VNI aggregation mode. NetStream combines flows with the same VNI ID and the same source and destination IP addresses of tenants into an aggregated flow and generates one aggregation record.

Export of flexible flows

In each aggregation mode, original flows are classified and merged based on fixed rules, aggregated flow information is generated, aged out, and exported to the server. Users cannot customize aggregation modes as required. Flexible flow packets provide user-defined templates for users to customize matching and collected fields as required. The user-defined template improves traffic analysis accuracy and reduces network bandwidth occupation, CPU usage, and storage space usage.
Export to a server

NetStream packets can be exported to a specified server. The following server addresses can be used:
- Global server address specified in the system view for original and aggregated flows
- Server address specified in the aggregation view
- Server address specified in a template that is bound to an interface
For aggregated flows, a server address can be specified in the system, slot, or monitoring view. The server addresses configured in the system view, slot view, and monitoring view are arranged in ascending order. If multiple server addresses are configured, the address with the highest priority takes effect. Multiple service addresses of interfaces can be specified in the monitoring view so that sampling packets of original flows can be exported to different servers. Packets can be output to specified interfaces, which helps filter out unnecessary packets and improve flexibility.

For aggregated flows, a server address can be specified in the system, slot, or aggregation view. After sampling packets, including original flows, are aggregated, the aggregated flows are output to the same server. The server address configured in the aggregation view takes precedence over that configured in the system view. If the server address is configured in both views, the server address configured in the aggregation view takes effect.

Format Versions of NetStream Packets

The format versions of NetStream packets include V5, V8, IPFIX and V9. NetStream packets of all formats are transmitted using UDP. Each data packet contains a header and one or several stream records.

Original streams can be exported in V5, IPFIX or V9 format. Aggregated streams can be exported in V8, IPFIX or V9 format, flexible streams can be exported in V9 format.

Different from V5 or V8, the V9 and IPFIX format is used in a template, which allows traffic statistics to be exported more flexibly, new fields to be used easily, and new records to be generated easily.

Figure 1-3942 shows the structure of a NetStream packet.

Figure 1-3942 NetStream packet

Packet Exported in V5 Format

Header of a NetStream Packet Exported in V5 Format

Figure 1-3943 shows the format of the header of a NetStream packet exported in V5 format. This header corresponds to the Header field in Figure 1-3942. Table 1-1323 describes the fields in the header.

Figure 1-3943 Header of a NetStream packet exported in V5 format

Table 1-1323 Description of fields in the header of the NetStream packet exported in V5 format

Field	Description
version	Version number of the format in which NetStream packets are exported. Value 0x05 indicates the V5 format.
count	Number of stream records in the existing NetStream packet. The value ranges from 1 to 30.
system up time	Period (in milliseconds) from the time the system is booted to the time a NetStream packet was generated.
unix_secs	Integer number of seconds elapsed from 00:00:00, January 1st, 1970 to the time a NetStream packet was generated.
unix_nsecs	Integer number of nanoseconds equal to the time the packet was generated minus unix_secs.
flow sequence	Sequence number of an exported stream record: In the first NetStream packet, the value is 0, and the count of streams in the NetStream packet is c1 (count = c1). In the second NetStream packet, the value is c1, and the count of streams in the NetStream packet is c2 (count = c2). In the third NetStream packet, the value is c2 + c1. ... In the n - 1 NetStream packet, the value is fs(n - 1), and the count of streams in the NetStream packet is c(n - 1). In the Nth NetStream packet, the value is fs(n - 1) + c(n - 1). You can check whether a NetStream packet is dropped based on the flow sequence value. When the stream sequence number overflows, NetStream packets transmission continues.
engine type	Type of the flow switching engine. The value is the device type.
engine id	Slot number of the switching engine. The value is the slot number of the NetStream board.
reserved	Reserved field, which is all 0s.

Information Carried in the NetStream Packet Exported in V5 Format

Information carried in an NetStream packet exported in V5 format is marked dark as shown in Figure 1-3944.

Figure 1-3944 V5 format information

UDP packets of version 5 carrying NetStream outbound statistics and inbound statistics are generated independently.

Packet Exported in V8 Format

Header of a NetStream Packet Exported in V8 Format

Figure 1-3945 shows the format of the header of a NetStream packet exported in V8 format. This header corresponds to the Header field in Figure 1-3942. Table 1-1324 describes the fields in the header.

Figure 1-3945 Header of a NetStream packet exported in V8 format

Table 1-1324 Description of fields in the header of the NetStream packet exported in V8 format

Field	Description
version	Version number of the format in which NetStream packets are exported. Value 0x08 indicates the V8 format.
count	Number of streams in the existing NetStream packet, not the number of streams in all NetStream packets.
system up time	Period (in milliseconds) from the time the system is booted to the time a NetStream packet was generated.
unix_secs	Integer number of seconds elapsed from 00:00:00, January 1st, 1970 to the time a NetStream packet was generated.
unix_nsecs	Integer number of nanoseconds equal to the time the packet was generated minus unix_secs.
flow sequence	Sequence number of an exported stream record: In the first NetStream packet, the value is 0, and the count of streams in the NetStream packet is c1 (count = c1). In the second NetStream packet, the value is c1, and the count of streams in the NetStream packet is c2 (count = c2). In the third NetStream packet, the value is c2 + c1. ... In the n - 1 NetStream packet, the value is fs(n - 1), and the count of streams in the NetStream packet is c(n - 1). In the Nth NetStream packet, the value is fs(n - 1) + c(n - 1). You can check whether a NetStream packet is dropped based on the flow sequence value. When the stream sequence number overflows, NetStream packets transmission continues.
engine type	Type of the flow switching engine. The value is the device type.
engine id	Slot number of the switching engine. The value is the slot number of the NetStream board.
aggregation	Aggregation mode: 01: as 02: protocol-port 03: source-prefix 04: destination-prefix 05: prefix 09: as-tos 0a: protocol-port-tos 0b: source-prefix-tos 0c: destination-prefix-tos 0d: prefix-tos
aggregation version	Version number of the format in which the aggregated NetStream packet is exported. The value is 0x02.
sampling interval	Sampling interval. The value is 0.
reserved	Reserved field, which is all 0s.

Information Carried in the NetStream Packet Exported in V8 Format

Starting from V8, original streams can be aggregated on an NDE. Aggregation refers to the action of classifying and combining original streams into one stream based on specified rules. Aggregated streams can be transmitted with less network bandwidth. In earlier versions, flow aggregation is implemented by NSC.

Aggregation based on the AS

Figure 1-3946 Schematic diagram for flow aggregation based on the AS

This aggregation mode is primarily used to collect statistics about packets and bytes exchanged between devices in two ASs. You can perform payment settlement based on the collected traffic of AS domain packets. For the source AS:

If an original AS is used as a source AS, the source AS number identifies the AS to which the source address belongs.
If a peer AS is used as a source AS, the source AS number identifies an AS along an AS path.
If the source address belongs to a local AS or if the AS number cannot be obtained from the routing table, the source AS number is set to 0.

The destination AS numbers are as follows:

If the destination AS is the original AS, the destination AS number is the AS to which the destination address belongs.
If the destination AS is the peer AS, the destination AS identifies an AS along an AS path.
If the destination address belongs to the local AS or if the AS number cannot be obtained from the routing table, the destination AS number is set to 0.

The source and destination AS numbers are used to perform AS-based flow aggregation.

Aggregation based on the protocol type

Figure 1-3947 Schematic diagram for flow aggregation based on the protocol type

In this mode, packets of the same protocol type at the transmission layer (TCP and UDP), and with the same source and destination port numbers are aggregated. If the Protocol Type field is 6, the protocol is TCP. If the Protocol Type field is 17, that the protocol is UDP.

For non-TCP or non-UDP packets, the source port number is 0. For ICMP packets, the destination port number is determined by the Type and Code fields in the packets.

For non-TCP or non-UDP packets, the destination port number is 0.

Aggregation based on the destination IP address prefix

Figure 1-3948 Schematic diagram for flow aggregation based on the destination IP address prefix

In this mode, packets with the same destination IP address prefix are aggregated.

Aggregation based on the source IP address prefix

Figure 1-3949 Schematic diagram for flow aggregation based on the source IP address prefix

Aggregation based on source and destination IP address prefixes

Figure 1-3950 Schematic diagram for flow aggregation based on source and destination IP address prefixes

In this mode, packets with the same source IP address prefix and the destination IP address prefix are aggregated.

Aggregation based on ToS + AS

Figure 1-3951 Schematic diagram for flow aggregation based on ToS + AS

Type of service (ToS) is a field in the IP packet header used to set a packet priority value.

Aggregation based on ToS + protocol type

Figure 1-3952 Schematic diagram for flow aggregation based on ToS + protocol type

Aggregation based on ToS + source IP address prefix

Figure 1-3953 Schematic diagram for flow aggregation based on ToS + source IP address prefix

Aggregation based on ToS + destination IP address prefix

Figure 1-3954 Aggregation based on ToS + destination IP address prefix

Aggregation based on ToS + IP address prefix

Figure 1-3955 Schematic diagram for flow aggregation based on ToS + IP address prefix

Packet Exported in V9 Format

Header of a NetStream Packet Exported in V9 Format

Figure 1-3956 shows the format of the header of a NetStream packet exported in V9 format. This header corresponds to the Header field in Figure 1-3942. Table 1-1325 describes the fields in the header.

Figure 1-3956 Header of a NetStream packet exported in V9 format

Table 1-1325 Description of fields in the header of the NetStream packet exported in V9 format

Field	Description
version	Version number of the format in which NetStream packets are exported. Value 0x09 indicates the V9 format.
count	Number of FlowSet records (including records in the template FlowSet and data FlowSet) exported in a NetStream packet.
system up time	Period (in milliseconds) from the time the system is booted to the time a NetStream packet was generated.
unix_secs	Integer number of seconds elapsed from 00:00:00, January 1st, 1970 to the time a NetStream packet was generated.
package sequence	Sequence number of an exported packet. You can check whether a NetStream packet is dropped based on the flow sequence value. NOTE: The meaning of this field in the header of the NetStream packet exported in V9 is different from that in V5 or V8 format. In V5 and V8, this field indicates the sequence number of all flows.
source id	Source ID used to uniquely identify a device exporting packets. The value occupies 4 bytes. The Source ID field is equal to the Engine Type and Engine ID fields in the header of a NetStream packet exported in V5 or V8 format. The Source ID field value can be defined.

Information Carried in the NetStream Packet Exported in V8 Format

The exported packet information in V9 is Export Packet, which consists of Packet Header, Template FlowSet, and Data FlowSet. shows the format of the exported packet information.

Figure 1-3957 Schematic diagram for an NetStream packet exported in V9 format

Both a template FlowSet and a data FlowSet contain template IDs, but these FlowSets are independent of each other. Upon receipt of a NetStream packet, an NSC parses data records in a data FlowSet and obtains a template ID. Although the NSC also obtains a template ID carried in a template FlowSet, the NSC can only use this template ID to parse the following exported NetStream packets.

The template flowset and data flowset are optional in the Export Packet area. The possible combinations are as follows:

Contain both template and data FlowSets. The NSC obtains template information carried in each template FlowSet and uses the template to parse data records carried in data FlowSets of subsequent NetStream packets.
Only contain data FlowSets. If the template ID is predefined, a NetStream-enabled device exports a NetStream packet only carrying the data FlowSet to the NSC.
Only contain template FlowSets. Template and data FlowSets are packed into one exported NetStream packet to better use network bandwidth. After templates are configured on a device and the device is restarted, the device sends all templates to NSC immediately. In this situation, each exported NetStream packet only contains a template FlowSet. When a template expires after a specified period of time elapses, the NSC deletes the template. To allow the NSC to use available templates, a device periodically transmits a template FlowSet to the NSC even if no data FlowSet is generated.

The fields are described as follows:

Describes stream information in an exported NetStream packet. A NetStream-enabled device encapsulates template information in the NetStream packet and sends the packet to an NSC to establish a convention. Based on the convention, the device and the NSC parse information. A template FlowSet, as the V9 format core, consists of multiple template records. Template FlowSet is the core of version 9. Upon receipt of the template sent by the device, the NSC can parse stream information carried in the exported NetStream packet without a parsing format pre-defined. This greatly increases the flexibility and scalability of NetStream records and facilitates the development of the third party's software and the NetStream function.
Template Record: corresponds to each data record in Export Packet. Stream information in a data record is parsed based on a template record.
Template ID: identifies a template. Each template has a specific ID. A data record contains a template ID used to select a template.
Indicates a combination of one or multiple data records.
Data Record: corresponds to a NetStream record.

Template FlowSet Format

Figure 1-3958 shows the template FlowSet format.

Figure 1-3958 Template FlowSet format

In this example, a template FlowSet contains two template records. Table 1-1326 describes the fields in CFM packets.

Table 1-1326 Template FlowSet fields and their meanings

Field	Description
FlowSet ID	ID of a template FlowSet. The FlowSet ID value can be: For a template FlowSet: 0 to 255 For a data FlowSet: 256 to 511 An NDC uses FlowSet IDs to distinguish template records from data records in an exported NetStream packet.
Length	Total length of the template FlowSet. The Length field contents are represented in the type-length-value (TLV) format, and its value is equal to the sum of the following lengths: Lengths of the FlowSet ID field and the Length field itself Length of each template record carried in the template FlowSet Length of each template record carried in the template FlowSetA single template FlowSet contains multiple template IDs. The length value helps determine the position of the next template or data FlowSet record.
Template ID	ID of a template record in the template FlowSet. A template record is mapped to a specific type of NetStream data to be exported. The template ID is unique on a device. A template ID is equal to a data FLowSet ID and ranges from 256 to 511.
Field Count	Number of fields in a template record. A template FlowSet includes one or more template records. The Field Count value helps determine the end of an existing template record and the start of the next one.
Field Type	Type of data in a template record. The value can be defined. For example, if statistics are collected based on the destination IP address, protocol type, ToS, and MPLS label, a field type is used to define each of these four attributes.
Field Length	Length (in bytes) of a defined field type. For example, if the field type is set to a destination IP address, the field length value is 4 bytes.

Data FlowSet Format

Figure 4 Data FlowSet packet format shows the Data FlowSet packet format.

Figure 1-3959 Data FlowSet packet format

In this example, a data FlowSet contains two data records. The data FlowSet ID is used to parse the two data records. Table 1-1327 describes the fields carried in the data FlowSet.

Table 1-1327 Data FlowSet fields and meanings

Field	Description
FlowSet ID = Template ID	ID of a data FlowSet. A data FlowSet ID is equal to a template ID in a template FlowSet. An NDC and a display application use a FlowSet ID to map to the type and length of a field.
Length	Length of a data FlowSet. The Length field contents are represented in the TLV format, and its value is equal to the sum of the following lengths: Lengths of the FlowSet ID field and the length field itself Length of each data record carried in the data FlowSet Length of padding bits
record n -field n	Field value in each data record of the data FlowSet.
Padding	A 32–bit field at the end of the data FlowSet. Note that the length field includes the length of padding bits.

Relationship Between a Data Stream Format and the V9 Template Format

Figure 1-3960 shows the relationship between the data stream format and the V9 template format.

Figure 1-3960 Relationship between the data stream format and the V9 template format

Packet Exported in IPFIX Format

Packets exported in IPFIX format and V9 format have similar structures except for the packet header and Field Specifier.

Header of a NetStream Packet Exported in IPFIX Format

Figure 1-3961 shows the format of the header of a NetStream packet exported in IPFIX format. This header corresponds to the Header field in Figure 1-3942. Table 1-1328 describes the fields in the header.

Figure 1-3961 Header of a NetStream packet exported in IPFIX format

Table 1-1328 Fields of a NetStream packet header in IPFIX format

Field	Description
Version Number	Version number of the format in which NetStream packets are exported.
Length	The packet length of the Header of a NetStream Packet Exported in IPFIX Format, including message header, in bytes.
Export Time	Indicates the UTC time when the flow record is sent from Exporter (total number of offset seconds from 00:00:00 on January 1, 1970 to the current time), in seconds.
Sequence Number	Sequence number of an exported packet. You can check whether a NetStream packet is dropped based on the flow sequence value. No serial number is added to the template and option template.
Observation Domain ID	Indicates the Observation Domain ID. It is a unique number to identify a flow sending from a router.

IPFIX Field Specifier

The IPFIX Field Specifier contains enterprise identifier information in addition to the V9-formatted content of the Field Type and Field Length fields. Figure 1-3962 shows the format of an IPFIX Field Specifier. Table 1-1329 describes the fields in an IPFIX Field Specifier.

Figure 1-3962 Format of an IPFIX Field Specifier

Table 1-1329 Fields in an IPFIX Field Specifier

Field	Description
E	Enterprise bit, which is the first bit of an IPFIX Field Specifier. If the value is set to 0, the Information Element Identifier field identifies an Information Element in [IANA-IPFIX], and the 4-byte Enterprise Number field must not exist. If the value is set to 1, the Information Element Identifier field identifies an enterprise-specific Information Element, and the Enterprise Number field must exist.
Information Element Identifier	A numeric value that represents the Information Element.
Field Length	Length of the corresponding encoded Information Element, in bytes.
Enterprise Number	IANA enterprise number [IANA-PEN] of the authority that defines the Information Element Identifier in this template record.

Application Scenarios for NetStream

Inter-AS NetStream

Figure 1-3963 Schematic diagram for inter-AS NetStream

A NetStream packet can carry either original AS attribute or peer AS attribute for BGP routes. Original and peer AS types are mutually exclusive. A device advertises BGP routes within an original AS or transparently transmits BGP route information from a peer AS to a local AS.

Inter-AS NetStream monitors and collects statistics about traffic sent by the original or peer AS to a local AS, which provides reference for network deployment. As shown in Figure 1-3963:

Traffic is transmitted from AS800 to AS500 through AS700, AS900, and AS600. If NetStream is enabled on AS600 and Peer-As is valid, traffic from AS700 and AS900 to AS600 can be monitored.
Traffic is transmitted from AS800 and AS100 to AS500 through AS200, AS300, and AS400. If NetStream is enabled in AS300 and Origin-As is valid, traffic from AS800 and AS100 to AS500 can be monitored.

IP Address Prefix-Based Charging for ISPs

Figure 1-3964 IP address prefix-based charging for ISPs

A specific IP address prefix is assigned to each ISP network. NetStream destination-prefix aggregation helps collect statistics about traffic traveling to ISP networks can be collected based on destination IP addresses and masks. Traffic with different destination IP addresses and masks is charged separately.

Analyzing the Service Mode on an MPLS Network

Figure 1-3965 Schematic diagram for the analysis of the service mode on an MPLS network

NetStream is deployed on a user interface of a PE to collect statistics about traffic exchanged between an MPLS network and an IP network. The statistics helps provide an accounting scheme.

NetStream is deployed on a network interface on the PE and P to collect statistics about MPLS packets. The MPLS service mode can be pinpointed.

Collecting VPN Traffic Statistics

Figure 1-3966 Schematic diagram for collecting VPN traffic statistics

NetStream collects statistics about VPN traffic based on VPN instance IDs.

NetStream Configuration

NetStream is a technique used to sample and distribute traffic information on networks. It collects traffic statistics based on the volume and resource consumption and helps users implement management and accounting on various services.

Context

Overview of NetStream

NetStream provides the following functions:

Accounting statistics

NetStream provides detailed accounting statistics, including IP addresses, number of packets, number of bytes, time, type of service (ToS), and application types. Based on the collected statistics, the Internet service provider (ISP) can charge users flexibly based on resource information, such as time periods, bandwidth, applications, or service quality, and enterprises can estimate their expenses and assign costs to efficiently use resources.
Network planning and analysis

NetStream provides key information for advanced network management tools to optimize the network design and plan. This helps achieve the best network performance and reliability with the lowest network operation cost.
Network monitoring

NetStream monitors network traffic in real time.
Application monitoring and analysis

NetStream provides detailed network application information. For example, it allows a network administrator to view the proportion of each application, such as web, the File Transfer Protocol (FTP), Telnet, and other TCP/IP applications, to communication traffic. Based on the information, the Internet Content Provider (ICP) and ISP can properly plan and allocate network application resources.
Abnormal traffic detection

By analyzing NetStream flows, the NMS can detect abnormal traffic, such as different types of attacks on networks in real time. The NMS uses alarm information reported by NetStream to monitor devices to secure network operation.

The NetStream function involves three devices. Figure 1-3967 shows the relationships between the three devices.

Figure 1-3967 NetStream device roles

NetStream Data Exporter (NDE): samples packets and outputs traffic statistics.
NetStream Collector (NSC): collects and stores traffic statistics sent by the NDE.
NetStream Data Analyzer (NDA): analyzes traffic statistics. The analysis result is used as the reference for various functions, such as network accounting, network planning, network monitoring, application monitoring, and traffic analysis.

The NetEngine 8000 F is used as an NDE.

Configuration Precautions for NetStream

Feature Requirements

Table 1-1330 Feature requirements

Feature Requirements	Series	Models
IPv4 private network routes and IPv6 private network routes support multi-PE load balancing. Route information is missing in the data sampled.	NetEngine 8000 F1A	NetEngine 8000 F1A
In upstream original flow sampling on a sub-interface, the source VLAN ID of packets cannot be collected. The source VLAN ID is fixed at 0. Only the destination VLAN ID of packets can be collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
In the case of MPLS tunnel forwarding, neither the upstream nor the downstream next-hop IP address information of the ingress PE can be collected. Instead, FEC next-hop information can be collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
In tunnel forwarding scenarios, the inbound interface cannot be restored in downstream sampling on the P node.	NetEngine 8000 F1A	NetEngine 8000 F1A
Information about the outbound interface, VLAN, and next hop cannot be collected for discarded packets.	NetEngine 8000 F1A	NetEngine 8000 F1A
If the outbound interface of a route is found based on the source IP address and used as the inbound interface for downstream sampling, the outbound interface may be different from the actual traffic. If the outbound interface of the route cannot be found based on the source IP address, the inbound interface can only be restored to the physical main interface of the actual inbound interface or the physical member interface of the trunk interface.	NetEngine 8000 F1A	NetEngine 8000 F1A
During aging processing, the aging time of multi-core boards has a maximum error of 10s.	NetEngine 8000 F1A	NetEngine 8000 F1A
In a P2MP&NG-MVPN scenario: 1. Upstream sampling does not support the collection of outbound interface, next hop, TopLabelType, and TopLabelIpAddress information. 2. Downstream sampling does not support the obtaining of the next hop, top label type, and TopLabelIpAddress information.	NetEngine 8000 F1A	NetEngine 8000 F1A
In downstream sampling on the multicast VPN root node, only the source main interface can be sampled, and sub-interfaces and other logical interfaces cannot be sampled.	NetEngine 8000 F1A	NetEngine 8000 F1A
VXLAN packet sampling supports VXLAN packet sampling after VXLAN encapsulation and before VXLAN decapsulation, but does not support user packet sampling before user packets enter a VXLAN tunnel. In this scenario, the next hop and outbound interface cannot be sampled.	NetEngine 8000 F1A	NetEngine 8000 F1A
When traffic loading balancing is configured, a maximum of 64 equal-cost routes can be sampled.	NetEngine 8000 F1A	NetEngine 8000 F1A
1. In IPv4 multicast packet sampling, the outbound interface, next hop, and number of replication times cannot be obtained. 2. Transparently transmitted packets cannot be sampled. 3. In multicast VPN downstream sampling, only the source main interface can be sampled, and sub-interfaces and other logical interfaces cannot be sampled.	NetEngine 8000 F1A	NetEngine 8000 F1A
SR-MPLS TE does not support downstream sampling on the ingress PE.	NetEngine 8000 F1A	NetEngine 8000 F1A
If MPLS packets are not sampled, only the packets in the sampling process can be sampled separately. If the VPN header has been removed from or added to the original packets, the original packets cannot be sampled separately.	NetEngine 8000 F1A	NetEngine 8000 F1A
If an interface flaps when the device is not disconnected, the sampling inbound interface cannot collect data. After the flow table is aged and reestablished, the interface recovers.	NetEngine 8000 F1A	NetEngine 8000 F1A
If the NetStream feature needs to be configured on a board, but the board does not support sampling data processing, you can configure a centralized sampling board that supports centralized service processing to process data.	NetEngine 8000 F1A	NetEngine 8000 F1A
See the model specifications. For the NetEngine 8000 F1A: Inbound sampling on Layer 3 sub-interfaces does not collect VLAN information of packets in the following scenarios: 1. MPLS forwarding, including LDP, TE, BGP LSP, and SR Policy. 2. QinQ forwarding. 3. 6to4/4to6 tunnel. 4. GRE/MGRE. 5. VXLAN. 6. BRAS scenario. 7. SRv6 TE Policy scenario.	NetEngine 8000 F1A	NetEngine 8000 F1A
When NetStream works with CGN, if inbound sampling is configured and the sampling packet type is original packet, destination VPN, outbound interface, and destination route information cannot be collected if inbound-interface, outbound-interface, IPv4 route, or IPv6 route-based traffic diversion is configured.	NetEngine 8000 F1A	NetEngine 8000 F1A
When NetStream works with CGN and the sampling direction is outbound and the sampled packet type is original packet, the source VPN information of the IPv4 forward behavior cannot be collected in the scenario where inbound interface traffic diversion, outbound interface traffic diversion, IPv4 route traffic diversion, IPv6 route traffic diversion, or hairpin is configured, and inbound interface information and source route information cannot be collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
When NetStream and IPsec are configured together and the sampling direction is inbound, the destination VPN information, outbound interface information, and destination address routing information cannot be collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
When NetStream and IPsec are configured together and the sampling direction is outbound, the source VPN information, inbound interface information, and source address routing information cannot be collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
The mask sampled from SRv6 packets is affected in the following scenarios: 1. In an SRv6 BE tunnel scenario, the mask in sampled inner packets on a transit node is displayed as 0. 2. In an SRv6 TE Policy scenario, the sampled mask on a transit node is displayed as 0. 3. On the network side of a PE where an SRv6 BE/TE Policy is configured, the mask in sampled outer packets is displayed as 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
In an L2VPN/EVPN over SRv6 tunnel scenario, inner packet sampling does not take effect on a transit node. After inner packet sampling is enabled, the transit node still samples packets based on outer packets.	NetEngine 8000 F1A	NetEngine 8000 F1A
1. In an L2VPN/EVPN L2VPN over SRv6 tunnel scenario, sampling is not supported in the network-side outbound direction of the ingress and egress. 2. In an L2VPN/EVPN L2VPN over SRv6 tunnel scenario, sampling is supported in the network-side inbound direction of the ingress and egress. The ipv6 netstream srv6-aware inner-header command fails to take effect after being run, and outer packets are still sampled. In addition, information about the outbound interface (displayed as Unknown), next hop (displayed as 0.0.0.0), BGP next hop (displayed as 0.0.0.0), BGP AS number (displayed as 0), and mask (displayed as 0) cannot be obtained.	NetEngine 8000 F1A	NetEngine 8000 F1A
In an L2VPN/EVPN L2VPN over SRv6 tunnel scenario where inbound interface sampling is configured on the AC interfaces of the ingress and egress, information about the outbound interface (displayed as Unknown), next hop (displayed as 0.0.0.0), BGP next hop (displayed as 0.0.0.0), BGP AS number (displayed as 0), and mask (displayed as 0) cannot be obtained. If outbound interface sampling is configured, information about the inbound interface (displayed as unknown), next hop (displayed as 0.0.0.0), BGP next hop (displayed as 0.0.0.0), BGP AS number (displayed as 0), and mask (displayed as 0) cannot be obtained. In this case, SRv6 sampling results are affected.	NetEngine 8000 F1A	NetEngine 8000 F1A
In SRv6 scenarios, information about packets with more than two layers of IPv6+SRH headers or packets with more than two layers of SRH headers following the IPv6 header cannot be collected. A reference packet format is as follows: IPv6+SRH+IPv6+SRH+IPv6+SRH+PayLoad or IPv6+SRH+SRH+SRH+Payload.	NetEngine 8000 F1A	NetEngine 8000 F1A
SRv6 sampling results are affected in the following network slicing scenarios: 1. The basic interface and slice interface are different physical interfaces in a FlexE group, and outbound interface sampling is configured. When traffic enters through the slice interface, the inbound interface for sampling is restored to the main interface where the slice interface resides. 2. In the scenario where the basic interface is a physical main interface and the slice interface is a channelized sub-interface, after outbound interface sampling is configured, the inbound interface for sampling is restored to the basic interface when traffic enters through the slice interface.	NetEngine 8000 F1A	NetEngine 8000 F1A
In IP over SRv6 TE Policy scenarios (including L3EVPNv4/EVPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv4/L3VPNv6 over SRv6 TE Policy, public network IP over SRv6 TE Policy, public network IP over SRv6 TE flow group, IPv6 shourtcut to SRv6 TE Policy, and IPv6 shortcut to SRv6 TE flow group scenarios), SRv6 sampling results are affected if inbound sampling (interface or flow sampling) on the ingress PE meets one of the following conditions: 1. The list has only one layer and the first SID is the local End.X. 2. The first SID is a binding SID or a local End SID. 3. The first SID shortcuts to a policy or flow group. 4. The locator route of BE's first node shortcuts to a policy in the L3VPNv4/L3VPNv6 over SRv6 BE, EVPN L3VPNv4/L3VPNv6 over SRv6, or public network IPv4/IPv6 over SRv6 BE scenario. DstIf is displayed as UnKnown, NextHop is displayed as 0.0.0.0 or ::, BGPNextHop is displayed as 0.0.0.0 or ::, and DstAs is displayed as 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
In IP over SRv6 TE Policy scenarios (including L3EVPNv4/EVPNv6 over SRv6 TE flow group, L3EVPNv4/L3EVPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv4/L3VPNv6 over SRv6 TE policy, public network IP over SR-TE Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SR-TE Policy, and IPv6 shortcut to SR-TE flow group), SRv6 sampling results are affected if outbound sampling (interface or flow sampling) on the ingress PE meets one of the following conditions: 1. The list has only one layer and the first SID is the local End.X. 2. The first SID is a binding SID or a local End SID. 3. The first SID shortcuts to the inbound policy or flow group. 4. The locator route on the first node of BE shortcuts to a policy in L3VPNv4/L3VPNv6 over SRv6 BE, EVPN L3VPNv4/L3VPNv6 over SRv6, public network IPv4/IPv6 over SRv6 BE scenarios. The display of SrcIf is related to the encapsulation source-address command of SRv6: 1. If the configured source-address has a corresponding interface, SrcIf is displayed as the interface. 2. If the configured source-address does not have a corresponding interface, the interface displayed in the SrcIf field (may be any physical interface on the sampling board, NULL0, or UnKnown) is incorrect. BGPnexthop is displayed as :: and DstAs as 0. 3. If source-address is not configured, the interface displayed in the SrcIf field (may be any physical interface on the sampling board or UnKnown) is incorrect. BGPNextHop is displayed as :: and DstAs as 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
In IP over SRv6 TE Policy scenarios (including L3EVPNv4/EVPNv6 over SRv6 TE flow group, L3EVPNv4/L3EVPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv4/L3VPNv6 over SRv6 TE policy, public network IP over SR-TE Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SR-TE Policy, and IPv6 shortcut to SR-TE flow group), SRv6 sampling results are affected if outbound sampling (interface or flow sampling) on the ingress PE meets one of the following conditions: 1. The route to the first-hop SID is unreachable. 2. The backup link for a switchover to is a TI-LFA link. 3. Switchover microloop avoidance takes effect. 4. Switchback microloop avoidance takes effect. 5. TE FRR is triggered. The display of SrcIf is related to the encapsulation source-address command of SRv6: 1. If the configured source-address has a corresponding interface, SrcIf is displayed as the interface. 2. If the configured source-address does not have a corresponding interface, the interface displayed in the SrcIf field (may be any physical interface on the sampling board, NULL0, or UnKnown) is incorrect. BGPNextHop is displayed as :: and DstAs as 0. 3. If source-address is not configured, the interface displayed in the SrcIf field (may be any physical interface on the sampling board or UnKnown) is incorrect. BGPNextHop is displayed as :: and DstAs as 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
When service chains are configured in IP over SRv6 TE Policy scenarios (including L3EVPN4/EVPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 Policy, EVPN L3VPNv4/L3VPNv6 over SRv6 TE Policy, IP over SRv6 TE Policy, IP over SRv6 TE flow group, IPv6 shortcut to SRv6-TE- Policy, IPv6 shortcut to SRv6 TE flow group scenarios), SRv6 sampling results are affected in the following situation: When inbound interface sampling is performed on the SFF in the SFF -> SF scenario, the value of DstIf is displayed as UnKnown, and inaccurate values are displayed in the NextHop and BgpNextHop fields.	NetEngine 8000 F1A	NetEngine 8000 F1A
In an IP over SRv6 service chain scenario, SRv6 sampling results are affected in the following situation: In the SF -> SFF scenario, when inbound interface sampling is performed on the SFF for traffic from the SF, DstIf is displayed as UnKnown, and inaccurate values are displayed in the NextHop and BgpNextHop fields.	NetEngine 8000 F1A	NetEngine 8000 F1A
When sampling is performed on the outbound interface with penultimate hop popping in IP over SRv6 TE Policy scenarios (including L3EVPNv4/EVPNv6 over SRv6 TE flow group, L3EVPNv4/L3EVPNv6 over SRv6 TE flow group, L3VPNv4/L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv4/L3VPNv6 over SRv6 TE policy, public network IP over SR-TE Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SR-TE Policy, and IPv6 shortcut to SR-TE flow group), if the actual outbound interface is different from the outbound interface specified in the route information of the last-level SID, SRv6 sampling results are affected, BgpNextHop is incorrect, and DstAs is 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
In a scenario where BGP FlowSpec and ACL redirection to a tunnel are configured, after inbound interface sampling is configured, the information collected for NextHop and BGP NextHop is 0.0.0.0 or ::, and DstAs is displayed as 0. If the actual outbound interface is a logical interface such as a sub-interface or tunnel interface, the outbound interface can only be displayed as the corresponding physical main interface or trunk main interface.	NetEngine 8000 F1A	NetEngine 8000 F1A
In a scenario where BGP FLowSpec and ACL redirection to a tunnel are configured, if outbound interface sampling is configured and the actual outbound interface is different from the pre-redirection outbound interface, the NextHop and BGP NextHop values are 0.0.0.0 or ::, and the DstAs value is 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
In IP over SRv6 Policy scenarios (including L3EVPN over SRv6 TE flow group, L3VPN over SRv6 TE flow group, L3VPN over SRv6 TE Policy, EVPN L3VPN over SRv6 TE Policy, public network IP over SRv6 Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SRv6 TE Policy, and IPv6 shortcut to SRv6 TE Flow group scenarios), SRv6 sampling is not supported in SID compression scenarios.	NetEngine 8000 F1A	NetEngine 8000 F1A
When sampling is performed on the AC side of the ingress and egress nodes on an EVC sub-interface, the public network-side interface (Unknown in the flow table and 0 in the reported data), mask (0), as (0), nexthop (0), bgpnexthop (0), and DstVlanId (0) of packets cannot be obtained.	NetEngine 8000 F1A	NetEngine 8000 F1A
In an L2VPN/EVPN L2VPN accessing L3 tunnel scenario, upstream and downstream sampling on a PE cannot obtain or output RD values.	NetEngine 8000 F1A	NetEngine 8000 F1A
In SRv6 TE Policy scenarios (including EVPN L3VPNv4 over SRv6 TE flow group, L3VPNv4 over SRv6 TE flow group, L3VPNv4 over SRv6 TE Policy, EVPN L3VPNv4 over SRv6 TE Policy, EVPN L3VPNv6 over SRv6 TE flow group, L3VPNv6 over SRv6 TE flow group, L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv6 over SRv6 TE Policy, public network IP over SRv6 TE Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SRv6 TE Policy, IPv6 shortcut to SRv6 TE flow group scenarios), inbound sampling (interface or flow sampling) is performed on a P node. When one of the following conditions is met: 1. The list has only one layer, and the first SID is the local End.X SID. 2. The first SID is a binding or local End SID. 3. The first SID is shortcut to Policy or flow group. 4. The first-hop SID route is unreachable. 5. The standby link for a switchover is a TI-LFA link. 6. Switchover microloop avoidance takes effect. 7. Switchback microloop avoidance takes effect. 8. TE FRR is triggered. Information displayed in the DstIf, nexthop, BGPnexthop, and DstAs fields is incorrect.	NetEngine 8000 F1A	NetEngine 8000 F1A
In SRv6 TE Policy scenarios (including EVPN L3VPNv4 over SRv6 TE flow group, L3VPNv4 over SRv6 TE flow group, L3VPNv4 over SRv6 TE Policy, EVPN L3VPNv4 over SRv6 TE Policy, EVPN L3VPNv6 over SRv6 TE flow group, L3VPNv6 over SRv6 TE flow group, L3VPNv6 over SRv6 TE Policy, EVPN L3VPNv6 over SRv6 TE Policy, public network IP over SRv6 TE Policy, public network IP over SRv6 TE flow group, IPv6 shortcut to SRv6 TE Policy, IPv6 shortcut to SRv6 TE flow group scenarios), inbound sampling (interface or flow sampling) is performed on a P node. When one of the following conditions is met: 1. The list has only one layer, and the first SID is the local End.X SID. 2. The first SID is a binding or local End SID. 3. The first SID is shortcut to Policy or flow group. 4. The first-hop SID route is unreachable. 5. The standby link for a switchover is a TI-LFA link. 6. Switchover microloop avoidance takes effect. 7. Switchback microloop avoidance takes effect. 8. TE FRR is triggered. Information displayed in the Nexthop, BGP Nexthop, and DstAs fields is incorrect.	NetEngine 8000 F1A	NetEngine 8000 F1A
In End.X PSP scenarios where an SRv6 TE Policy in encap or insert mode crosses Policy P nodes (including Sid, ShortCut, EPE, etc.) or in End.X Usd scenarios where traffic leaves a tunnel, when inbound interface sampling is performed, NextHop and DstAS information is incorrectly collected. When the actual outbound interface is different from the outbound interface in the routing information of the last-level SID, outbound interface (DstIf) information is incorrectly collected, aftecting SRv6 sampling results. During outbound interface sampling, inbound interface (SrcIf) information may be incorrectly collected, and the NextHop and DstAS information is incorrectly collected.	NetEngine 8000 F1A	NetEngine 8000 F1A
In IP over SRv6 TE Policy (including L3EVPN over SRv6 TE flow group, L3VPN over SRv6-TE flow group, L3VPN over SRv6 TE Policy, EVPN L3VPN over SRv6 TE Policy, public network IP over SRv6 TE Policy, public network IP over SRv6 Te flow group, IPv6 shortcut to SRv6 TE Policy, and IPv6 shortcut to SRv6 Te flow group) reduce scenarios: When outbound sampling is performed on the first P node and the node is an End.X node, the correct DIP ReIndex cannot be obtained, and DstIf and NextHop are displayed as the outbound interface and next hop corresponding to the next-hop SID.	NetEngine 8000 F1A	NetEngine 8000 F1A
In SRv6 network slicing scenarios, packets with slice headers on the public network side do not support sampling.	NetEngine 8000 F1A	NetEngine 8000 F1A
Sampling for communication between Option B SRv6 and MPLS: 1. In the SRv6 -> MPLS direction, the inbound interface restored for outbound interface sampling is the main interface. The outbound interface restored for inbound interface sampling is the main interface. The sampling data of the next hop and BGP next hop is 0. 2. In the MPLS -> SRv6 direction, the inbound interface restored for outbound interface sampling is the main interface. The sampling data of the next hop and BGP next hop is 0.	NetEngine 8000 F1A	NetEngine 8000 F1A
After the upgrade, the 16-bit NSIndex is dynamically allocated to interfaces on the device. The NSIndex allocated to each interface may change. The sampling server needs to synchronize the mapping between the interface index and NSIndex on the device. Otherwise, the sampling server may fail to restore interface traffic based on the NSIndex before the upgrade.	NetEngine 8000 F1A	NetEngine 8000 F1A

Collecting Statistics About IPv4 Original Flows

Before collecting statistics about IPv4 original flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.

Usage Scenario

On the network shown in Figure 1-3968, a carrier enables NetStream on the router functioning as a NetStream Data Exporter (NDE) to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Statistics about original flows are collected based on the 7-tuple information. The NDE samples IPv4 flows passing through it, collects statistics about sampled flows, encapsulates the aging NetStream original flows into UDP packets, and sends the packets to the NetStream Collector (NSC) for processing. Unlike collecting statistics about aggregated flows, collecting statistics about original flows imposes less impact on NDE performance. Original flows consume more storage space and network bandwidth resources because the volume of original flows is greater than that of aggregated flows.

Figure 1-3968 Networking diagram for collecting IPv4 flow statistics

Pre-configuration Tasks

Before collecting the statistics about IPv4 original flows, configure static routes or enable an IGP to implement network connectivity.

Specifying a NetStream Service Processing Mode

After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NetEngine 8000 F has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability.

Context

NetStream services can be processed in the following modes:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.

The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.

Procedure

Specify the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ip netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Outputting Original Flows

To ensure that original flows can be correctly output to the NMS, configure the aging time, output format, and source and destination addresses for original flows.

Procedure

Run system-view
The system view is displayed.
(Optional) Run ip netstream export version { 5 [ origin-as | peer-as ] | 9 [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] [ route-distinguisher ] | ipfix [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] }
The output format of original flows is configured.

NetStream original flow packets support V5 and V9 as well as IPFIX packet formats. V5, IPFIX, and V9 packet formats are mutually exclusive.

The V9 format allows the output original flows to carry more variable statistics, to expand newly defined flow elements more flexibly, and to generate new records more easily.

Compared with the V9 format, the IPFIX format improves packet extensibility and compatibility, security, and reliability. In addition, the IPFIX format has an enterprise identifier field added. When setting this field, you must use the IPFIX format for the outputting of NetStream IPv4 original flows.
The V5 format is fixed, and the system cost is low. In most cases, NetStream original flows are output in V5 format. In any of the following situations, NetStream original flows must be output in V9 format or IPFIX:
- NetStream original flows need to carry BGP next-hop information.
- Interface indexes carried in the output NetStream original flows need to be extended from 16 bits to 32 bits.
(Optional) Configure NetStream packets to carry the flow sequence field.
1. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
2. Run ip netstream export sequence-mode flow
  
  The NetStream export sequence mode is set to flow.
  
  The command applies to the V9 format only.
3. Run quit
  The system view is displayed.
By default, NetStream packets carry the packet sequence field.
(Optional) Run ip netstream export template sequence-number fixed
The sequence numbers of template packets and option template packets in IPFIX format are configured to remain unchanged, but data packets and option data packets in IPFIX format are still consecutively numbered.
(Optional) Run ip netstream export template timeout-rate timeout-interval
The interval at which the template for outputting original flows in the V9 or IPFIX format is updated.
Run ip netstream export source { ip-address | ipv6ipv6-address } [ port ]
The source IP address and source port are specified for original flows to be output.
In the system or slot view: specify the destination IP address and UDP port number of the peer NSC for original flows to be output.
- In the system view:
  
  Run ip netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
  
  The destination IP address and UDP port number of the peer NSC are specified for original flows to be output.
- In the slot view:
  1. Run slot slot-id
    
    The view of the slot in which the interface board for NetStream sampling resides is displayed.
  2. Run ip netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
    
    The destination IP address and UDP port number of the peer NSC are specified for original flows to be output.
  3. Run quit
    
    The system view is displayed.
(Optional) Set parameters for aging original flows as needed.
- Run ip netstream timeout active { active-interval | interval-second active-interval-second } The active aging time is set for NetStream original flows.
- Run ip netstream timeout inactive inactive-interval
  
  The inactive aging time is set for NetStream original flows.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Monitoring Services

NetStream monitoring services can be configured on the NetStream Data Exporter (NDE), which enables carriers to implement more delicate traffic statistics and management over IPv4 original flows.

Context

Increasing types of services and applications on networks urge carriers to provide more delicate management and accounting services.

If NetStream is configured on multiple interfaces on an NDE, all interfaces send traffic statistics to a single NetStream Collector (NSC). The NSC cannot distinguish interfaces, and therefore, cannot manage or analyze traffic statistics based on interfaces. In addition, the NSC will be overloaded due to a great amount of information.

NetStream monitoring configured on an NDE allows the NDE to send traffic statistics collected on specified interfaces to specified NSCs for analysis, which achieves interface-specific service monitoring. Traffic statistics can be balanced among these NSCs.

Procedure

Run system-view
The system view is displayed.
Run ip netstream monitor monitor-name
A NetStream monitoring service is created and its view is displayed. If a NetStream monitoring service view already exists, the view is displayed.
(Optional) Run ip netstream export source { ip-address | ipv6 ipv6-address } [ port ]
A source IP address and a source port are configured for output NetStream flows.
Run ip netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ version { 5 | 9 | ipfix } ] [ dscp dscp-value ]
The destination IP address and destination port number for traffic statistics are specified.
Run quit
Return to the system view.
Run interface interface-type interface-number
The interface view is displayed.
Run ip netstream monitor monitor-name { inbound | outbound }
NetStream monitoring services are configured in the inbound or outbound direction of the interface.

If NetStream monitoring services have been configured on the interface, statistics about original flows are sent to the destination IP address specified in the NetStream monitoring service view, not the system view. The source address and source port configured in the NetStream monitoring service view are also used for output NetStream flows.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC.

Context

Before you enable the NSC to properly receive and parse NetStream packets output by the NDE, specify the same AS field mode and interface index type on the NDE and NSC.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS. For example, if the NMS can parse 32-bit interface indexes, set the format of the interface indexes contained in output NetStream packets to 32-bit.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ip netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
Run the ip netstream export index-switch { 16 | 32 } command to configure the length type of the interface index carried in the NetStream packet output by the router.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:
- Original flows are output in V9 or IPFIX format.
- The NetStream packet format for all aggregated flows is V9 or IPFIX format.

(Optional) Enabling Statistics Collection of TCP Flags

There are six flag bits (URG, ACK, PSH, RST, SYN, and FIN) in a TCP packet header. The flag bits, together with the destination IP address, source IP address, destination port number, and source port number of a TCP packet, identify the function and status of the TCP packet on a TCP connection. TCP flags can be extracted from packets. Their statistics can be collected and sent to the NMS. The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets.

Procedure

Run system-view
The system view is displayed.
Run ip netstream tcp-flag enable
Statistics collection of TCP flags is enabled.

An original flow for each flag value is created. If statistics collection for TCP flags is enabled, the number of original flows will greatly increase.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

Regardless of the flow format in which the traffic statistics are output, option packet data is exported to the NetStream Collector (NSC) as a supplement. In this way, the NetStream Data Exporter (NDE) can obtain information, such as the sampling ratio and whether the sampling function is enabled, to reflect the actual network traffic.

At present, the following option packets are supported on IPv4 networks:

Interface option packets: These packets are used to send the NetStream configurations of all the boards on the NDE to the NSC in a scheduled manner. The configurations cover the interface index, statistics collection direction, and sampling value in the inbound/outbound direction.
Time application label (TAL) option packets: These packets are used to send application label data to the NSC. The application label option function provides data, such as the application type of system labels, for users to collect L3VPN NetStream statistics. For details, see Collecting Statistics About BGP/MPLS VPN Flows.

Option packets, which are independent of statistics packets, are exported to the NSC in V9 or IPFIX format. Therefore, the required option template is sent to the NMS for parsing option packets. You can set option template refreshing parameters as needed to regularly refresh the template to notify the NSC of the latest option template format.

Procedure

Run system-view
The system view is displayed
Run the following commands as required to configure functions related to interface option packets.
- Run the ip netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ip netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ip netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv4 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Context

If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.

Procedure

Run system-view
The system view is displayed.
Configure the sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ip netstream sampler { fix-packets packet-interval | random-packets packet-interval | fix-time time-interval } { inbound | outbound }
    
    A global sampling mode and sampling ratio are configured.
  2. Run interfaceinterface-typeinterface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interfaceinterface-typeinterface-number
    The interface view is displayed.
  2. Run ip netstream sampler { fix-packets packet-interval | random-packets packet-interval | fix-time time-interval } { inbound | outbound }
    
    A sampling mode and sampling ratio are configured on the interface.
    
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
Run ip netstream { inbound | outbound }
NetStream is enabled on the interface.

Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information.
(Optional) Run ip netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
(Optional) Run ip netstream sampler except deny-action
NetStream is not applied to traffic matching the ACL rule or traffic behavior that contains deny.

The traffic behavior view must be displayed before you run this command.
Run commit
The configuration is committed.

Verifying the Configuration of Statistics Collection of IPv4 Original Flows

In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to view the running status of NetStream functions.

Procedure

Run the display ip netstream cache origin [ source-ip source-ip ] [ source-port source-port ] [ destination-ip destination-ip ] [ destination-port destination-port ] [ protocol { udp | tcp | protocol-number } ] [ time-range from start-time to end-time ] [ source-interface { source-interface-type source-interface-num | source-interface-name } ] [ destination-interface { destination-interface-type destination-interface-num | destination-interface-name } ] slot slot-id command to check information about the NetStream buffer.

If the netstream sampling function configured in the outbound logical interface, running the command can only display the information about the NetStream buffer of the physical interface on which the logical interface configured.
Run the display ip netstream statistics slot slot-id command to check statistics about NetStream flows.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ip netstream monitor { all | monitor-name } command to check the monitoring information about IPv4 original flows.
Run the display ip netstream cache origin statistics slot slot-id to check original flow table specifications and the number of current flows of a specific board.
Run the display ip netstream cache [ source-ip source-ip ] [ source-port source-port ] [ destination-ip destination-ip ] [ destination-port destination-port ] [ protocol { tcp | udp | protocol-number } ] [ time-range from start-time to end-time ] [ interface { interface-name | interface-type interface-num } ] [ type { ipv4 | mpls } ] slot slot-id command to query the sampling information of the original flows in the NetStream IPv4 or MPLS buffer based on the 5-tuple information.

Collecting Statistics About IPv4 Aggregated Flows

Before collecting statistics about IPv4 aggregated flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.

Usage Scenario

On the network shown in Figure 1-3969, a carrier enables NetStream on the router functioning as a NetStream Data Exporter (NDE) to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Statistics about NetStream aggregated flows contain information about original flows with the same attributes, whereas statistics about NetStream original flows contain information about sampled packets. The volume of aggregated flow statistics is greater than that of original flow statistics.

Figure 1-3969 Networking diagram for collecting IPv4 flow statistics

Pre-configuration Tasks

Before collecting statistics about IPv4 aggregated flows, complete the following tasks:

Configure static routes or enable an IGP to implement network connectivity.
Enable statistics collection for NetStream original flows.

Specifying a NetStream Service Processing Mode

Context

NetStream services can be processed in the following modes:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.

The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.

Procedure

Specify the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ip netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Configuring an Aggregation Mode for IPv4 Flows

Configuring an aggregation mode is to specify an attribute type for original flows to be aggregated. Original flows with the same attributes can be combined into a single aggregated flow based on a specified aggregation mode and output to the NetStream Collector (NSC).

Procedure

Run system-view
The system view is displayed.

Run ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vlan-id | bgp-community | vni-sip-dip } The NetStream aggregation view is created

If the NetStream flow aggregation function is enabled on a device, the device classifies and aggregates original flows based on specified rules and sends the aggregated flows to the NetStream Data Analyzer (NDA) for analysis. Aggregating original flows minimizes the consumption of network bandwidths, CPU resources, and memory resources. Flow attributes based on which flows are aggregated vary according to flow aggregation modes.

Table 1-1331 Mapping between aggregation modes and flow attributes

Aggregation mode	Description
as	NetStream combines flows with the same source AS number, destination AS number, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
as-tos	NetStream combines flows with the same source AS number, destination AS number, inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.
bgp-nexthop-tos	NetStream combines flows with the same destination AS number, source AS number, BGP next hop, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix	NetStream combines flows with the same destination AS number, destination mask length, destination prefix, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix-tos	NetStream combines flows with the same destination AS number, destination mask length, destination prefix, ToS, and outbound interface index into an aggregated flow and generates one aggregation record.
index-tos	NetStream combines flows with the same inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.
mpls-label	Indicates the MPLS label aggregation, which aggregates flows with the same first layer label, second layer label, third layer label, TopLabelIpAddress, stack bottom symbol of the first layer label, and the EXP value of the first layer label.
prefix	NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
prefix-tos	NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
protocol-port	NetStream combines flows with the same protocol number, source port, and destination port into an aggregated flow and generates one aggregation record.
protocol-port-tos	NetStream combines flows with the same protocol number, source port, destination port, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
source-prefix	NetStream combines flows with the same source AS number, source mask length, source prefix, and inbound interface index into an aggregated flow and generates one aggregation record.
source-prefix-tos	NetStream combines flows with the same source AS number, source mask length, source prefix, ToS, and inbound interface index into an aggregated flow and generates one aggregation record.
source-index-tos	NetStream combines flows with the same source interface index, ToS and BGP next hop into an aggregated flow and generates one aggregation record.
vlan-id	Indicates the BGP community aggregation, which aggregates flows with the same inbound and outbound interface indexes and BGP community.
bgp-community	NetStream combines flows with the same VLAN ID and inbound interface index into an aggregated flow and generates one aggregation record.
vni-sip-dip	Indicates a VNI aggregation mode. NetStream combines flows with the same VNI ID and the same source and destination IP addresses of tenants into an aggregated flow and generates one aggregation record.

Run enable
Statistics collection of flows aggregated in a specified aggregation mode is enabled.
(Optional) Run mask { source | destination } minimummask-length
The length of the aggregate mask is set. The effective mask is the greater one between the mask in the FIB table and the configured mask. If no aggregate mask is set, the system uses the mask in the FIB table for flow aggregation.

The aggregate mask takes effect only on flows aggregated in the following modes: destination-prefix, destination-prefix-tos, prefix, prefix-tos, source-prefix, and source-prefix-tos.
Run commit
The configuration is committed.

Outputting Aggregated Flows

To ensure that aggregated flows are correctly output to the NMS, specify the aging time, output format, and source and destination addresses for aggregated flows.

Procedure

Run system-view
The system view is displayed.
Run ip netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.

If the destination IP addresses are specified in both the system and the aggregation views, the configuration in the aggregation view takes effect.
Run ip netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vlan-id | bgp-community | vni-sip-dip}
The IPv4 NetStream aggregation view is displayed.
Run enable
The NetStream aggregation mode is enabled.
(Optional) Run export version { 8 | 9 | ipfix }
The output format is specified for the aggregated flows. Flows aggregated in as, as-tos, destination-prefix, destination-prefix-tos, prefix, prefix-tos, protocol-port, protocol-port-tos, source-prefix, or source-prefix-tos mode are output in V8 format by default. You can specify the output format for aggregated flows as needed.

For the vlan-id, bgp-nhp-tos, vni-sip-dip, and index-tos aggregation modes, aggregated packets can be encapsulated only in the default V9 format. You can change the format to IPFIX using the export version command.
(Optional) Run template timeout-rate timeout-interval
The interval at which the template for outputting aggregated flows in the V9 or IPFIX format is refreshed is set.
Run ip netstream export source { ip-address | ipv6 ipv6-address } [ port ]
The source IP address and source port are specified for aggregated flows.

The source IP address and source port specified in the aggregation view take precedence over that specified in the system view. If no source IP address or source port is specified in the aggregation view, the source IP address and source port specified in the system view take effect.
Run ip netstream export host { ip-address | ipv6 ipv6-address } port [ vpn-instance vpn-instance-name ] [ vpn-instancevpn-instance-name ] [ dscp dscp-value ]
The destination IP address and UDP port number of the peer NSC are specified for NetStream original flows to be output.

The destination IP address specified in the NetStream aggregation view takes precedence over that specified in the system view.
Run quit
Return to the system view.
(Optional) Configure NetStream packets to carry the flow sequence field.
1. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
2. Run ip netstream export sequence-mode flow
  
  The NetStream export sequence mode is set to flow.
  
  The command applies to the V9 format only.
3. Run quit
  Return to the system view.
By default, NetStream packets carry the packet sequence field.
(Optional) Set parameters for aging aggregated flows.
- Run ip netstream aggregation timeout active { active-interval | interval-second active-interval-second }
  
  The active aging time of NetStream aggregated flows is set.
- Run ip netstream aggregation timeout inactive inactive-interval
  
  The inactive aging time is set for NetStream aggregated flows.
(Optional) Exit the IPv4 aggregated configuration mode view. In the system view, run ip netstream export template sequence-number fixed
The sequence numbers of template packets and option template packets in IPFIX format are configured to remain unchanged, but data packets and option data packets in IPFIX format are still consecutively numbered.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Context

Before you enable the NSC to properly receive and parse NetStream packets output by the NDE, specify the same AS field mode and interface index type on the NDE and NSC.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS. For example, if the NMS can parse 32-bit interface indexes, set the format of the interface indexes contained in output NetStream packets to 32-bit.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ip netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
Run the ip netstream export index-switch { 16 | 32 } command to configure the length type of the interface index carried in the NetStream packet output by the router.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:
- Original flows are output in V9 or IPFIX format.
- The NetStream packet format for all aggregated flows is V9 or IPFIX format.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

At present, the following option packets are supported on IPv4 networks:

Interface option packets: These packets are used to send the NetStream configurations of all the boards on the NDE to the NSC in a scheduled manner. The configurations cover the interface index, statistics collection direction, and sampling value in the inbound/outbound direction.
Time application label (TAL) option packets: These packets are used to send application label data to the NSC. The application label option function provides data, such as the application type of system labels, for users to collect L3VPN NetStream statistics. For details, see Collecting Statistics About BGP/MPLS VPN Flows.

Procedure

Run system-view
The system view is displayed
Run the following commands as required to configure functions related to interface option packets.
- Run the ip netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ip netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ip netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv4 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Context

If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.

Procedure

Run system-view
The system view is displayed.
Configure the sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ip netstream sampler { fix-packets packet-interval | random-packets packet-interval | fix-time time-interval } { inbound | outbound }
    
    A global sampling mode and sampling ratio are configured.
  2. Run interfaceinterface-typeinterface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interfaceinterface-typeinterface-number
    The interface view is displayed.
  2. Run ip netstream sampler { fix-packets packet-interval | random-packets packet-interval | fix-time time-interval } { inbound | outbound }
    
    A sampling mode and sampling ratio are configured on the interface.
    
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
Run ip netstream { inbound | outbound }
NetStream is enabled on the interface.

Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information.
(Optional) Run ip netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
(Optional) Run ip netstream sampler except deny-action
NetStream is not applied to traffic matching the ACL rule or traffic behavior that contains deny.

The traffic behavior view must be displayed before you run this command.
Run commit
The configuration is committed.

Verifying the Configuration of Statistics Collection of IPv4 Aggregated Flows

In routine maintenance or after pertaining configurations of NetStream are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.

Procedure

Run the display ip netstream cache { as | as-tos | bgp-nexthop-tos | bgp-community | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vni-sip-dip | vlan-id | flexflowtpl record-name } slot slot-id command to check flows aggregated in different modes in the buffer.
Run the display ip netstream statistics slot slot-id command to check statistics about NetStream flows.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ip netstream cache aggregation statistics slot slot-id command to check aggregation flow table specifications and the number of current flows of a specific board.

Collecting Statistics About IPv6 Original Flows

Before collecting statistics about IPv6 original flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.

Usage Scenario

On the network shown in Figure 1-3970, a carrier enables NetStream on the router to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Statistics about original flows are collected based on the 7-tuple information. The NetStream data exporter (NDE) samples IPv6 flows passing through it, encapsulates information about the post-aging NetStream original flows into UDP packets, and sends the packets to the NetStream Collector (NSC) for further processing. Unlike collecting statistics about aggregated flows, collecting statistics about original flows imposes less impact on NDE performance. Original flows consume more storage space and network bandwidth resources of the NSC because the volume of original flows is greater than that of aggregated flows.

Figure 1-3970 Networking diagram for collecting IPv6 flow statistics

Pre-configuration Tasks

Before collecting the statistics about IPv6 original flows, complete the following task:

Configure parameters of the link layer protocol and IP addresses for interfaces so that the link layer protocol on the interfaces can go Up.
Configure static routes or enable an IGP to implement network connectivity.

Specifying a NetStream Service Processing Mode

Context

NetStream services can be processed in the following modes:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.

The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.

Procedure

Specify the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ipv6 netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Outputting Original Flows

To ensure that original flows can be correctly output to the NMS, configure the aging time, output format, and source and destination addresses for original flows.

Context

IPv6 original flows can be exported only in V9 or IPFIX format.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream export version { 9 [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] [ route-distinguisher ] | ipfix [ origin-as | peer-as ] [ bgp-nexthop ] [ ttl ] }
The format of exported packets is configured.
(Optional) Configure NetStream packets to carry the flow sequence field.
1. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
2. Run ip netstream export sequence-mode flow
  
  The NetStream export sequence mode is set to flow.
  
  The command applies to the V9 format only.
3. Run quit
  Return to the system view.
(Optional) Run ipv6 netstream export template sequence-number fixed
The device is configured to keep the sequence numbers of template packets and option template packets in IPFIX format unchanged and to consecutively number data packets and option data packets in IPFIX format.
(Optional) Run ipv6 netstream export template timeout-rate timeout-interval
The interval at which the template is refreshed when original flows are exported in V9 or IPFIX format is set.
Run ipv6 netstream export source { ip-address | ipv6 ipv6-address } [ port ]
The source address and source port for exporting statistics are configured.
In the system or slot view, specify the destination address and UDP port number of the peer NSC for original flows to be output.
- In the system view:
  
  Run the ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ] command to configure a destination address for exporting statistics and a UDP port number for the peer NSC.
- In the slot view:
  1. Run slot slot-id
    The view of the slot in which the interface board for NetStream sampling resides is displayed.
  2. Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
    
    A destination IP address for exporting statistics and a UDP port number for the peer NSC are configured.
  3. Run quit
    Return to the system view.
(Optional) Set parameters for aging original flows.
- To configure the active aging time for NetStream original flows, run the ipv6 netstream timeout active { active-interval | interval-second active-interval-second } command.
- To configure the inactive aging time for NetStream original flows, run the ipv6 netstream timeout inactive inactive-interval command.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Monitoring Services

NetStream monitoring services can be configured on the NetStream Data Exporter (NDE), which enables carriers to implement more delicate traffic statistics and management over IPv6 original flows.

Context

Increasing types of services and applications on networks urge carriers to provide more delicate management and accounting services.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream monitor monitor-name
A NetStream monitoring service view is created and displayed, or an existing NetStream monitoring service view is directly displayed.
Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ version { 9 | ipfix } ] [ dscp dscp-value ]
The destination address for exporting statistics and UDP port number of the peer NSC are configured.
(Optional) Run ipv6 netstream export source { ip-address | ipv6 ipv6-address } [ port ]
The source address and source port for exporting statistics are configured.
Run quit
Return to the system view.
Run interface interface-type interface-number
The interface view is displayed.
Run ipv6 netstream monitor monitor-name { inbound | outbound }
NetStream monitoring services in the inbound or outbound direction of an interface are configured.

If monitoring services have been configured on the interface, statistics about original flows are sent to the destination IP address specified in the monitoring service view, not the system view. The source address and source port configured in the monitoring service view is also used for exporting statistics.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Context

Before you enable the NSC to properly receive and parse NetStream packets output by the NDE, specify the same AS field mode and interface index type on the NDE and NSC.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS. For example, if the NMS can parse 32-bit interface indexes, set the format of the interface indexes contained in output NetStream packets to 32-bit.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream as-mode { 16 | 32 }
The AS field mode is configured for the router.
Run ipv6 netstream export index-switch { 16 | 32 }
The length type of the interface index carried in the NetStream packets exported by the router is configured.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:
- The export version of original flows is in V9 or IPFIX format.
- The export version of all aggregated flows is in V9 or IPFIX format.

(Optional) Enabling Statistics Collection of TCP Flags in Original Flows

Context

Perform the following steps on the router on which TCP flag statistics are to be collected.

By enabling statistics collection of TCP flags, you can extract the TCP-flag information from network packets and send it to the NMS. The NMS can determine whether there are flood attacks to the network.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream tcp-flag enable
Statistics collection of TCP flags in original flows is enabled.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

Currently, the option packets supported by IPv6 networks are interface option packets, which are used to send the NetStream configurations of all the boards on the NDE to the NSC in a scheduled manner. The configurations cover the interface index, statistics collection direction, and sampling value in the inbound/outbound direction.

Option packets, which are independent of statistics packets, are exported to the NSC in V9 or IPFIX format. Therefore, the corresponding option template is sent to the NMS for parsing option packets. You can set option template refreshing parameters as needed for the device to regularly refresh the template to notify the NSC of the latest option template format.

Procedure

Run system-view
The system view is displayed.
Run the following commands as required to configure functions related to interface option packets.
- Run the ipv6 netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ipv6 netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ipv6 netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv6 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Context

If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.

Procedure

Run system-view
The system view is displayed.
Configure a sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured globally.
  2. Run interface interface-type interface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interface interface-type interface-number
    The interface view is displayed.
  2. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured on the interface.
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
    
    The ip netstream sampler command has the same function as the ipv6 netstream sampler command.
    - The execution of either command takes effect on all packets, and there is no need to configure both of them.
    - Packets are sampled at the set sampling ratio, regardless of packet types. For example, if the sampling ratio in fixed packet sampling mode is set to 1000:1, one packet will be sampled every 1000 packets, regardless of these packets are IPv4 or IPv6 packets.
Run ipv6 netstream { inbound | outbound }
The NetStream statistics function is enabled on the interface. When NetStream is enabled on an interface and statistics about the BGP next hop of packets are collected, the original flow information exported in V5 format cannot carry BGP next hop information.
(Optional) Run ipv6 netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
Run commit
The configuration is committed.

Verifying the Configuration

In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.

Prerequisites

NetStream IPv6 flow statistics have been collected.

Procedure

Run the display ipv6 netstream cache origin [ source-ipv6 source-ip ] [ source-port source-port ] [ destination-ipv6 destination-ip ] [ destination-port destination-port ] [ protocol { udp | tcp | protocol-number } ] [ time-range from start-time to end-time ] [ source-interface { source-interface-type source-interface-num | source-interface-name } ] [ destination-interface { destination-interface-type destination-interface-num | destination-interface-name } ] slot slot-id command to view information about the NetStream buffer.
Run the display ipv6 netstream statistics slot slot-id command to check statistics about NetStream packets.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ipv6 netstream monitor { all | monitor-name } command to view the monitoring information about IPv6 original flows.
Run the display ip netstream cache origin statistics slot slot-id command to check original flow table specifications and the number of current flows of a specific board.

Collecting Statistics About IPv6 Aggregated Flows

Before collecting statistics about IPv6 aggregated flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.

Usage Scenario

On the network shown in Figure 1-3971, a carrier enables NetStream on the router to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Figure 1-3971 Networking diagram for collecting IPv6 flow statistics

Pre-configuration Tasks

Before collecting the statistics about IPv6 aggregated flows, complete the following tasks:

Configure parameters of the link layer protocol and IP addresses for interfaces so that the link layer protocol on the interfaces can go Up.
Configure static routes or enable an IGP to implement network connectivity.
Enable statistics collection for NetStream original flows.

Specifying a NetStream Service Processing Mode

Context

NetStream services can be processed in the following modes:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

The ip netstream sampler to slot command has the same function as the ipv6 netstream sampler to slot command.

The execution of either command takes effect on all packets, and there is no need to configure both of them. If it is required to configure both of them, ensure that NetStream service processing modes are the same. A mode inconsistency causes an error.

Procedure

Specify the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ipv6 netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Configuring an Aggregation Mode for IPv6 Flows

Configuring an aggregation mode is to specify an attribute type for original flows to be aggregated. An aggregation mode must be specified before original flows with the same attributes are aggregated as one flow and output to the NetStream Collector (NSC).

Procedure

Run system-view
The system view is displayed.

Run the ipv6 netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | vlan-id } command to create the aggregation configuration mode view.

After collecting statistics about NetStream original flows, the router aggregates original flows into aggregated flows based on specified rules, encapsulates aggregated flows into UDP packets, and sends UDP packets after the aging timer expires. Aggregating original flows minimizes the consumption of network bandwidths, CPU resources, and memory resources. Attributes based on which flows are aggregated vary according to aggregation modes.

Table 1-1332 Mapping between aggregation modes and flow attributes

Aggregation mode	Description
as	NetStream combines flows with the same source AS number, destination AS number, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
as-tos	NetStream combines flows with the same source AS number, destination AS number, inbound interface index, outbound interface index, and Type of Service (ToS) into an aggregated flow and generates one aggregation record.
bgp-nexthop-tos	NetStream combines flows with the same destination AS number, source AS number, BGP next hop, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix	NetStream combines flows with the same destination AS number, destination mask length, destination prefix, and outbound interface index into an aggregated flow and generates one aggregation record.
destination-prefix-tos	NetStream combines flows with the same destination AS number, destination mask length, destination prefix, ToS, and outbound interface index into an aggregated flow and generates one aggregation record.
index-tos	NetStream combines flows with the same inbound interface index, outbound interface index, and ToS into an aggregated flow and generates one aggregation record.
mpls-label	Indicates the MPLS label aggregation, which aggregates flows with the same first layer label, second layer label, third layer label, TopLabelIpAddress, stack bottom symbol of the first layer label, and the EXP value of the first layer label.
prefix	NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
prefix-tos	NetStream combines flows with the same source AS number, destination AS number, source mask length, destination mask length, source prefix, destination prefix, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
protocol-port	NetStream combines flows with the same protocol number, source port, and destination port into an aggregated flow and generates one aggregation record.
protocol-port-tos	NetStream combines flows with the same protocol number, source port, destination port, ToS, inbound interface index, and outbound interface index into an aggregated flow and generates one aggregation record.
source-prefix	NetStream combines flows with the same source AS number, source mask length, source prefix, and inbound interface index into an aggregated flow and generates one aggregation record.
source-prefix-tos	NetStream combines flows with the same source AS number, source mask length, source prefix, ToS, and inbound interface index into an aggregated flow and generates one aggregation record.
vlan-id	NetStream combines flows with the same VLAN ID and inbound interface index into an aggregated flow and generates one aggregation record.

Run enable
Statistics collection of flows aggregated in a specified aggregation mode is enabled.
(Optional) Run mask { source | destination } minimum mask-length
The length of the aggregate mask is set. The mask used by the system is the greater one between the mask in the FIB table and the configured mask. If no aggregate mask is set, the system uses the mask in the FIB table for flow aggregation.

The aggregate mask takes effect only on flows aggregated in the following modes: destination-prefix, destination-prefix-tos, prefix, prefix-tos, source-prefix, and source-prefix-tos.
Run commit
The configuration is committed.

Outputting Aggregated Flows

To ensure that aggregated flows are correctly output to the NMS, configure the aging time, source address, and destination address for aggregated flows.

Context

IPv6 aggregated flows can be exported only in V9 or IPFIX format.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream export host ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
The destination IP address of the exported packets carrying statistics is configured.

The destination IP address specified in the system view takes precedence over that specified in the aggregation view.
Run ipv6 netstream aggregation { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | vlan-id }
The IPv6 NetStream aggregation view is displayed.
Run enable
The NetStream aggregation mode is enabled.
(Optional) Run export version { 9 | ipfix }
The output format of aggregated flows is configured.
(Optional) Run template timeout-rate timeout-interval
The interval at which the template is refreshed when aggregated flows are exported in the V9 or IPFIX format is set.
Run ipv6 netstream export source { ip-address | ipv6 ipv6-address } [ port ]
The source address and source port for exporting statistics are configured.

The source IP address and the source port configured in the aggregation view take precedence over that configured in the system view. If no source IP address and source port are configured in the aggregation view, the source IP address and the source port configured in the system view are used.
Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
A destination IP address for exporting statistics and a UDP port number for the peer NSC are configured.
- You can specify eight destination IP addresses in the system view, IPv4 aggregation view, and IPv6 aggregation view.
- The destination IP address specified in the system view takes precedence over that specified in the aggregation view.
Run quit
Return to the system view.
(Optional) Set parameters for aging aggregated flows as needed.
- Run the ipv6 netstream aggregation timeout active { active-interval | interval-second active-interval-second } command to set the active aging time for NetStream aggregated flows.
- Run the ipv6 netstream aggregation timeout inactive inactive-interval command to set the inactive aging time for NetStream aggregated flows.
(Optional) Run ipv6 netstream export template sequence-number fixed
The device is configured to keep the sequence numbers of template packets and option template packets in IPFIX format unchanged and to consecutively number data packets and option data packets in IPFIX format.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Context

Before you enable the NSC to properly receive and parse NetStream packets output by the NDE, specify the same AS field mode and interface index type on the NDE and NSC.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS. For example, if the NMS can parse 32-bit interface indexes, set the format of the interface indexes contained in output NetStream packets to 32-bit.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream as-mode { 16 | 32 }
The AS field mode is configured for the router.
Run ipv6 netstream export index-switch { 16 | 32 }
The length type of the interface index carried in the NetStream packets exported by the router is configured.
An interface index can be changed from 16 bits to 32 bits only after the following conditions are met:
- The export version of original flows is in V9 or IPFIX format.
- The export version of all aggregated flows is in V9 or IPFIX format.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

Procedure

Run system-view
The system view is displayed.
Run the following commands as required to configure functions related to interface option packets.
- Run the ipv6 netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ipv6 netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ipv6 netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv6 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Context

If a NetStream-enabled interface is bound to a VPN instance, all packets in the VPN instance are sampled.

Procedure

Run system-view
The system view is displayed.
Configure a sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured globally.
  2. Run interface interface-type interface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interface interface-type interface-number
    The interface view is displayed.
  2. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured on the interface.
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
    
    The ip netstream sampler command has the same function as the ipv6 netstream sampler command.
    - The execution of either command takes effect on all packets, and there is no need to configure both of them.
    - Packets are sampled at the set sampling ratio, regardless of packet types. For example, if the sampling ratio in fixed packet sampling mode is set to 1000:1, one packet will be sampled every 1000 packets, regardless of these packets are IPv4 or IPv6 packets.
Run ipv6 netstream { inbound | outbound }
The NetStream statistics function is enabled on the interface. When NetStream is enabled on an interface and statistics about the BGP next hop of packets are collected, the original flow information exported in V5 format cannot carry BGP next hop information.
(Optional) Run ipv6 netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
Run commit
The configuration is committed.

Verifying the Configuration

In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to check whether NetStream is enabled on the device.

Context

Run the following command to check the previous configuration.

Procedure

Run the display ipv6 netstream cache { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | mpls-label | vlan-id | flexflowtpl record-name } slot slot-id command to view various aggregated flows in the buffer.
Run the display ipv6 netstream statistics slot slot-id command to check statistics about NetStream packets.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ip netstream cache aggregation statistics slot slot-id command to check aggregation flow table specifications and the number of current flows of a specific board.

Collecting Statistics About IPv4 Flexible Flows

Before collecting statistics about IPv4 flexible flows, familiarize yourself with the applicable environment and complete the pre-configuration tasks. This can help you complete the configuration task quickly and accurately.

Usage Scenario

On the network shown in Figure 1-3972, a carrier enables NetStream on the router functioning as an NDE to obtain detailed network application information. The user can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Flexible flow packets provide user-defined templates for users to customize matching and collected fields as required. The user-defined template improves traffic analysis accuracy and reduces network bandwidth occupation, CPU usage, and storage space usage.

Figure 1-3972 Networking diagram for collecting IPv4 flow statistics

Pre-configuration Tasks

Before collecting the statistics about IPv4 flexible flows, configure static routes or enable an IGP to implement network connectivity.

Specifying a NetStream Service Processing Mode

After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output.

Context

NetStream services can be processed in the following mode:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

Procedure

Configure the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ip netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Configuring a Flexible Flow Statistics Template

When configuring the flexible flow statistics output function, configure a flexible flow statistics template, customize matching and collected fields, and apply the template to an interface.

Procedure

Run system-view
The system view is displayed.
Run ip netstream record record-name
An IPv4 flexible flow statistics template is created, and its recording view is displayed.
Run match { { source | destination } { vlan | as | port | address | mask } | mpls top-label ip-address | mpls label position | { protocol | tos | direction | tcp-flag } | { input | output } interface | next-hop [ bgp ] }
Aggregation keywords of the flexible flow statistics template are configured.
(Optional) Run collect {{ first | last } switched | input { packets | bytes } length | flow-end-reason }
The device is configured to add the number of packets, number of bytes, flow aging reasons, and first and last forwarding time to the flexible flow statistics sent to the NetStream Collector (NSC).
Run commit
The configuration is committed.

Outputting Flexible Flows

To ensure that flexible flows can be correctly output to the NMS, specify the related parameters for flexible flows.

Procedure

Run system-view
The system view is displayed.
Run ip netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ]
The output version number and AS option of flexible flow packets are specified.

NetStream flexible flow packets support only the V9 packet format.
(Optional) Configure NetStream packets to carry the flow sequence field.
1. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
2. Run ip netstream export sequence-mode flow
  
  The NetStream export sequence mode is set to flow.
  
  The command applies to the V9 format only.
3. Run quit
  The system view is displayed.
By default, NetStream packets carry the packet sequence field.
Run ip netstream apply record record-name
Flexible flows are applied in the system view.

Flexible flow packets can be output only in the V9 format. If the ip netstream export version command is run in the system view to specify the V5 or IPFIX packet output format, the ip netstream apply record command does not take effect.
(Optional) Run ip netstream export template timeout-rate timeout-interval
The interval at which the template for outputting flexible flows in the V9 format is updated.
Run ip netstream export source ip-address [ port ]
The source IP address and source port are specified for flexible flows.
Specify the destination IP address and UDP port number of the peer NSC for NetStream flexible flows in the system or slot view.
- In the system view:
  
  Run ip netstream export host ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
  
  The destination IP address and UDP port number of the peer NSC are specified for NetStream flexible flows to be output.
- In the slot view:
  1. Run slot slot-id
    The view of the slot in which the interface board for NetStream sampling resides is displayed.
  2. Run ip netstream export host ip-address port [ vpn-instance vpn-instance-name ] [ dscp dscp-value ]
    
    The destination IP address and UDP port number of the peer NSC are specified for NetStream flexible flows to be output.
  3. Run quit
    The system view is displayed.
(Optional) Set parameters for aging flexible flows as needed.
- Run ip netstream aggregation timeout active { active-interval | interval-second active-interval-second }
  
  The active aging time of NetStream flexible flows is set.
- Run ip netstream aggregation timeout inactive inactive-interval
  
  The inactive aging time is set for NetStream flexible flows.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Monitoring Services

NetStream services can be configured on the NetStream Data Exporter (NDE) to enable carriers to implement more delicate traffic statistics and management over IPv4 flexible flows.

Context

Increasing types of services and applications on networks urge carriers to provide more delicate management and accounting services.

Procedure

Run system-view
The system view is displayed.
Run ip netstream monitor monitor-name
A NetStream monitoring service is created and its view is displayed. If a NetStream monitoring service view already exists, the view is displayed.
(Optional) Run ip netstream export source { ip-address | ipv6 ipv6-address } [ port ]
A source IP address and a source port are configured for output NetStream flows.
Run ip netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ version { 5 | 9 | ipfix } ] [ dscp dscp-value ]
The destination IP address and destination port number for traffic statistics are specified.
Run apply record record-name
Flexible flows are applied to monitoring services.
Run quit
Return to the system view.
Run interface interface-type interface-number
The interface view is displayed.
Run ip netstream monitor monitor-name { inbound | outbound }
NetStream monitoring services are configured in the inbound or outbound direction of the interface.

If flexible flows are applied to both the NetStream monitoring service view and system view, statistics about flexible flows are sent to the destination IP address specified in the NetStream monitoring service view, not the system view. The source address and source port configured in the NetStream monitoring service view are also used for output NetStream flows.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Context

The NSC can properly receive and parse NetStream packets output by the NDE only when the AS field modes and interface index types on the NDE and NSC are the same.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ip netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
Run ip netstream export index-switch { 16 | 32 }
The type of the interface index carried in the NetStream packet output by the router is configured.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

At present, the following option packets are supported on IPv4 networks:

Interface option packets: These packets are used to send the NetStream configurations of all the boards on the NDE to the NSC in a scheduled manner. The configurations cover the interface index, statistics collection direction, and sampling value in the inbound/outbound direction.
Time application label (TAL) option packets: These packets are used to send application label data to the NSC. The application label option function provides data, such as the application type of system labels, for users to collect L3VPN NetStream statistics. For details, see Collecting Statistics About BGP/MPLS VPN Flows.

Procedure

Run system-view
The system view is displayed
Run the following commands as required to configure functions related to interface option packets.
- Run the ip netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ip netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ip netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv4 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Procedure

Run system-view
The system view is displayed.
Configure a sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ip netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    
    A sampling mode and sampling ratio are configured globally.
  2. Run interface interface-type interface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interface interface-type interface-number
    The interface view is displayed.
  2. Run ip netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured on the interface.
    
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
Run ip netstream { inbound | outbound }
NetStream is enabled on the interface. Statistics about packets' BGP next-hop information can also be collected.
(Optional) Run ip netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
(Optional) Run ip netstream sampler except deny-action
NetStream is not applied to traffic matching the ACL rule or traffic behavior that contains deny.
Run commit
The configuration is committed.

Verifying the Configuration of IPv4 Flexible Flow Statistics Collection

After NetStream configurations are complete, you can run the display commands in any view to verify the running status of NetStream functions.

Procedure

Run the display ip netstream statistics slot slot-id command to check NetStream packet statistics.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ip netstream monitor { all | monitor-name } command to check monitoring information about IPv4 flexible flows.

Collecting Statistics About IPv6 Flexible Flows

Before collecting statistics about IPv6 flexible flows, familiarize yourself with the applicable environment and complete the pre-configuration tasks. This can help you complete the configuration task quickly and accurately.

Usage Scenario

On the network shown in Figure 1-3973, a carrier enables NetStream on the router functioning as an NDE to obtain detailed network application information. The user can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

Figure 1-3973 Networking diagram for collecting IPv6 flow statistics

Pre-configuration Tasks

Before collecting the statistics about IPv6 flexible flows, configure static routes or enable an IGP to implement network connectivity.

Specifying a NetStream Service Processing Mode

After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output.

Context

NetStream services can be processed in the following mode:

Distributed mode

An interface board samples packets, aggregates flows, and outputs flows.

Procedure

Configure the distributed NetStream service processing mode.
1. Run system-view
  The system view is displayed.
2. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
3. Run ipv6 netstream sampler to slot self
  The distributed NetStream service processing mode is specified.
4. Run commit
  The configuration is committed.

Configuring a Flexible Flow Statistics Template

When configuring the flexible flow statistics output function, configure a flexible flow statistics template, customize matching and collected fields, and apply the template to an interface.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream record record-name
An IPv6 flexible flow statistics template is created, and its recording view is displayed.
Run match { { source | destination } { vlan | as | port | address | mask } | mpls top-label ip-address | mpls label position | { protocol | tos | direction | tcp-flag } | { input | output } interface | next-hop [ bgp ] }
Aggregation keywords of the flexible flow statistics template are configured.
(Optional) Run collect { { first | last } switched | input { packets | bytes } length | flow-end-reason }
The device is configured to add the number of packets, number of bytes, flow aging reasons, and first and last forwarding time to the flexible flow statistics sent to the NetStream Collector (NSC).
Run commit
The configuration is committed.

Outputting Flexible Flows

To ensure that flexible flows can be correctly output to the NMS, specify the related parameters for flexible flows.

Context

IPv6 flexible flow packets can be output only in the V9 format.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ]
The output version number and AS option of flexible flow packets are specified.
(Optional) Configure NetStream packets to carry the flow sequence field.
1. Run slot slot-id
  The view of the slot in which the interface board for NetStream sampling resides is displayed.
2. Run ip netstream export sequence-mode flow
  
  The NetStream export sequence mode is set to flow.
  
  The command applies to the V9 format only.
3. Run quit
  The system view is displayed.
Run ipv6 netstream apply record record-name
Flexible flows are applied in the system view.

Flexible flow packets can be output only in the V9 format. If the ipv6 netstream export version command is run in the system view to specify the IPFIX packet output format, the ipv6 netstream apply record command does not take effect.
(Optional) Run ipv6 netstream export template timeout-rate timeout-interval
The interval at which the template for outputting flexible flows in the V9 format is updated.
Run ipv6 netstream export source { ip-address | ipv6 ipv6-address } [ port ]
The source IP address and source port are specified for flexible flows.
Specify the destination IP address and UDP port number of the peer NSC for NetStream flexible flows in the system or slot view.
- In the system view:
  
  Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ version { 9 | ipfix } ] [ dscp dscp-value ]
  
  The destination IP address and the UDP port number for traffic statistics export are specified.
- In the slot view:
  1. Run slot slot-id
    The view of the slot in which the interface board for NetStream sampling resides is displayed.
  2. Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instancevpn-instance-name ] [ version { 9 | ipfix } ] [ dscpdscp-value ]
    
    The destination IP address and the UDP port number for traffic statistics export are specified.
  3. Run quit
    Return to the system view.
(Optional) Set parameters for aging flexible flows as needed.
- Run ipv6 netstream aggregation timeout active { active-interval | interval-second active-interval-second }
  The active aging time is set for NetStream flexible flows.
- Run ipv6 netstream aggregation timeout inactive inactive-interval
  
  The inactive aging time is set for NetStream flexible flows.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Monitoring Services

NetStream services can be configured on the NetStream Data Exporter (NDE) to enable carriers to implement more delicate traffic statistics and management over IPv6 flexible flows.

Context

Increasing types of services and applications on networks urge carriers to provide more delicate management and accounting services.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream monitor monitor-name
An IPv6 NetStream monitoring service is created and its view is displayed. If an IPv6 NetStream monitoring service view already exists, the view is displayed.
Run ipv6 netstream export host [ ipv6 ] ip-address port [ vpn-instance vpn-instance-name ] [ version { 9 | ipfix } ] [ dscp dscp-value ]
The destination IPv6 address and destination port number for traffic statistics are specified.
(Optional) Run ipv6 netstream export source { ip-address | ipv6 ipv6-address } [ port ]
A source IP address and a source port are configured for output NetStream flows.
Run apply record record-name
Flexible flows are applied to monitoring services.
Run quit
Return to the system view.
Run interface interface-type interface-number
The interface view is displayed.
Run ipv6 netstream monitor monitor-name { inbound | outbound }
NetStream monitoring services are configured in the inbound or outbound direction of the interface.

If flexible flows are applied to both the NetStream monitoring service view and system view, statistics about flexible flows are sent to the destination IP address specified in the NetStream monitoring service view, not the system view. The source address and source port configured in the NetStream monitoring service view are also used for output NetStream flows.
Run commit
The configuration is committed.

(Optional) Adjusting the AS Field Mode and Interface Index Type

Context

The NSC can properly receive and parse NetStream packets output by the NDE only when the AS field modes and interface index types on the NDE and NSC are the same.

AS field mode: The length of the AS field in IP packets can be set to 16 bits or 32 bits. Devices on a network must use the same AS field mode. An AS field mode inconsistency causes NetStream to fail to sample inter-AS traffic.

If the 32-bit AS field mode is used, the NMS must identify the 32-bit AS field. If the NMS cannot identify the 32-bit AS field, the NMS fails to identify inter-AS traffic sent by devices.
Interface index: The NMS uses an interface index carried in a NetStream packet output by the NDE to query information about the interface that sends the packet. The interface index can be 16 or 32 bits long. The index length is determined by NMS devices of different vendors. Therefore, the NDE must use a proper interface index type that is also supported by the NMS.

Compared with the default 16-bit interface index, the 32-bit interface index can be identified by more third-party NMSs.

Procedure

Run system-view
The system view is displayed.
Run ip netstream as-mode { 16 | 32 }
The AS field mode is specified on the router.
Run ipv6 netstream export index-switch { 16 | 32 }
The type of the interface index carried in the NetStream packet output by the router is configured.
Run commit
The configuration is committed.

(Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters

This section describes how to configure NetStream interface option packets and set option template refreshing parameters.

Context

Procedure

Run system-view
The system view is displayed.
Run the following commands as required to configure functions related to interface option packets.
- Run the ipv6 netstream export template option sampler command to enable the function of exporting statistics about interface option packets.
- Run the ipv6 netstream export template option { refresh-rate packet-number | timeout-rate timeout-interval } command to set the packet sending interval and timeout interval for option template refreshing.
  The packet sending interval and timeout interval are set for option template refreshing. An option template can be refreshed at a fixed packet sending interval or timeout interval. The two intervals can both take effect. In the command:
  - refresh-rate packet-interval indicates that the option template is refreshed at a fixed packet sending interval.
  - timeout-rate timeout-interval indicates that the option template is refreshed at a fixed timeout interval.
- Run the ipv6 netstream export option sampler timeout-rate tmval command to set the interval for refreshing option packets.

Sampling IPv6 Flows

You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.

Procedure

Run system-view
The system view is displayed.
Configure a sampling mode and sampling ratio by performing at least one of the following steps:
- Configure a sampling mode and sampling ratio globally.
  1. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured globally.
  2. Run interface interface-type interface-number
    The interface view is displayed.
- Configure a sampling mode and sampling ratio on an interface.
  1. Run interface interface-type interface-number
    The interface view is displayed.
  2. Run ipv6 netstream sampler { fix-packets fix-packet-number | random-packets random-packet-number | fix-time fix-time-number } { inbound | outbound }
    A sampling mode and sampling ratio are configured on the interface.
    The sampling mode and sampling ratio configured in the system view are applicable to all interfaces on the device. The sampling mode and sampling ratio configured in the interface view take precedence over those configured in the system view.
    
    The ip netstream sampler command has the same function as the ipv6 netstream sampler command.
    - The execution of either command takes effect on all packets, and there is no need to configure both of them.
    - Packets are sampled at the set sampling ratio, regardless of packet types. For example, if the sampling ratio in fixed packet sampling mode is set to 1000:1, one packet will be sampled every 1000 packets, regardless of these packets are IPv4 or IPv6 packets.
Run ipv6 netstream { inbound | outbound }
NetStream is enabled on the interface. Statistics about packets' BGP next-hop information can also be collected.
(Optional) Run ip netstream statistics enable
The traffic statistics diagnosis function is enabled so that you can compare the traffic statistics collected by the device with the traffic statistics collected by the NMS to determine the cause of inaccurate sampling.
Run commit
The configuration is committed.

Verifying the Configuration of IPv6 Flexible Flow Statistics Collection

After NetStream configurations are complete, you can run the display commands in any view to verify the running status of NetStream functions.

Prerequisites

NetStream IPv6 flow statistics have been collected.

Procedure

Run the display ipv6 netstream statistics slot slot-id command to check statistics about NetStream flows.
Run the display ip netstream statistics interface { interface-name | interface-type interface-number } command to check statistics about sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ipv6 netstream monitor { all | monitor-name } command to check monitoring information about IPv6 flexible flows.

Collecting Statistics About MPLS IPv4 Packets

Collecting packet statistics on MPLS networks helps you monitor MPLS network status.

Usage Scenario

On the network shown in Figure 1-3974, a carrier enables NetStream on the router functioning as a NetStream Data Exporter (NDE) to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

If statistics about MPLS packets are collected on the P, the P sends statistics to inform the NetStream Collector (NSC) of the MPLS label-specific traffic volume.

Figure 1-3974 Networking diagram for collecting MPLS flow statistics

Context

Before collecting statistics about MPLS IPv4 packets, enable MPLS on the device and interfaces and configure the MPLS network.

Procedure

Run system-view
The system view is displayed.
Output statistics about MPLS IPv4 packets in the form of original or aggregated flows.

MPLS original and aggregated flows can be output in V9 or IPFIX format.
- Statistics about original flows
  1. Run ip netstream mpls-aware { label-only | ip-only | label-and-ip }
    
    Statistics collection of MPLS packets is enabled.
    
    One of the following parameters can be configured to sample MPLS packets:
    - label-only: The device samples only MPLS labels, not inner IP packets.
    - ip-only: The device samples only inner IP packets, not MPLS labels.
    - label-and-ip: The device samples both MPLS labels and inner IP packets.
  2. For other configurations, see Collecting Statistics About IPv4 Original Flows.
- Statistics about aggregated flows
  1. Run system-view
    
    The system view is displayed.
  2. Run ip netstream aggregation mpls-label
    The NetStream aggregation view is displayed.
  3. For other configurations, see Collecting Statistics About IPv4 Aggregated Flows.

Collecting Statistics About MPLS IPv6 Packet

Collecting packet statistics on MPLS networks helps you to monitor MPLS network conditions.

Usage Scenario

On the network shown in Figure 1-3975, a carrier enables NetStream on the router to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.

If statistics about MPLS packets are collected on the P (NDE), the P sends statistics to inform the NetStream Collector (NSC) of the MPLS label-specific traffic volume.

The NetStream can be functioned only in the user side of the MPLS network, if the SR-MPLS TE tunnel is applied in public network.

Figure 1-3975 Networking diagram for collecting MPLS flow statistics

Context

Before collecting statistics about MPLS IPv6 packets, enable MPLS on the device and interfaces and configure the MPLS network.

Procedure

Run system-view
The system view is displayed.
Run ipv6 netstream mpls-aware { label-only | ip-only | label-and-ip }
Statistics collection for MPLS packets is enabled.

One of the following parameters can be configured to sample MPLS packets:
- label-only: The device samples only MPLS labels, not inner IP packets.
- ip-only: The device samples only inner IP packets, not MPLS labels.
- label-and-ip: The device samples both MPLS labels and inner IP packets.
Output statistics about MPLS IPv6 packets in the form of original or aggregated flows. See Collecting Statistics About IPv6 Original Flows and Collecting Statistics About IPv6 Aggregated Flows as required.

Statistics about MPLS original flows and aggregated flows can be collected in V9 or IPFIX format.

Collecting Statistics About BGP/MPLS VPN Flows

Collecting traffic statistics on BGP/MPLS VPN networks helps monitor the BGP/MPLS VPN network condition.

Usage Scenario

In Figure 1-3976, statistics about MPLS flows sent by the P to the NetStream Collector (NSC) inform the NSC of the traffic volume and traffic type corresponding to each label. Such statistics, however, cannot tell to which VPN each traffic belongs. In this case, the PE sends the meaning of each label (1024 in the figure) to the NSC so that the NSC can determine to which VPN the received traffic belongs. The NSC can analyze the traffic data of each VPN and display the result.

Figure 1-3976 Networking diagram for collecting statistics about BGP/MPLS VPN flows

Context

Before collecting statistics about BGP/MPLS VPN flows, deploy the BGP/MPLS VPN network.

Procedure

Enable the P to collect statistics about MPLS flows.
Set the parameters according to Collecting Statistics About MPLS IPv4 Packets or Collecting Statistics About MPLS IPv6 Packet.
(Optional) Run the ip netstream export template option application-label command to enable the TAL option exporting and export the TAL option template to the NSC.

Configuring NetStream for SRv6 Inner Packet Information

This section describes how to configure NetStream for SRv6 inner packet information.

Context

On the network shown in Figure 1-3977, you can deploy NetStream on an SRv6 network to obtain detailed network application information. When inner packet statistics reach the NDE, the NDE can collect both outer IPv6 information and inner IPv4 information. After the NDE sends flow statistics to the NSC, the NSC collects the statistics and sends them to the NSA for analysis.

Figure 1-3977 Configuring NetStream for SRv6 inner packet information

Procedure

Run the system-view command to enter the system view.
To sample outer IPv6 packets, configure IPv6 flow statistics collection as required. For details, see Collecting Statistics About IPv6 Original Flows, Collecting Statistics About IPv6 Flexible Flows, or Collecting Statistics About IPv6 Aggregated Flows.
To sample inner packet information carried by SRv6, perform the following operations as required:
- In an IPv6 over SRv6 scenario, run the ipv6 netstream srv6-aware inner-header command to enable NetStream for SRv6 inner packet information to sample inner IPv6 packets.
- In an IPv4 over SRv6 scenario:
  1. Configure IPv4 flow statistics collection as required. For details, see Collecting Statistics About IPv4 Original Flows, Collecting Statistics About IPv4 Flexible Flows, or Collecting Statistics About IPv4 Aggregated Flows.
  2. Run the ipv6 netstream srv6-aware inner-header command to enable NetStream for SRv6 inner packet information to sample inner IPv4 packets.
Run the commit command to commit the configuration.

Maintaining NetStream

This section describes how to maintain NetStream.

Monitoring the NetStream Operating Status

In routine maintenance, you can run the following command in any view to check the NetStream operating status.

Procedure

Run the display ip netstream cache origin slot slot-id command to check information about the NetStream flow buffer.
Run the display ip netstream statistics slot slot-id command to check statistics about NetStream packets.
Run the display ip netstream statistics interface interface-type interface-number command to check statistics about the sampled packets on an interface.
Run the display netstream { all | global | interface interface-type interface-number } command to check NetStream configurations in different views.
Run the display ip netstream cache { as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | mpls-label | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | source-index-tos | vni-sip-dip | vlan-id } slot slot-id command to check information about various aggregated flows in the buffer.
Run the display ip netstream export option command to check information about the output option template.
Run the display ipv6 netstream cache { origin | as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | index-tos | prefix | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos | mpls-label | vlan-id } slot slot-id command to check information about various aggregated flows in the buffer.
Run the display ipv6 netstream statistics slot slot-id command to check statistics about NetStream statistics.
Run the display ip netstream sampler-id allocated-info [ slot slot-id ] command to check the sampling ID allocation information on a specified interface board.

Deleting NetStream Template Statistics

You can delete existing NetStream template statistics before collecting up-to-date statistics.

Procedure

Run the reset ip netstream statistics command to delete NetStream template statistics.
Run the reset ipv6 netstream statistics command to delete NetStream template statistics.

Configuration Examples for NetStream

This section provides NetStream configuration examples.

Context

In the following examples, the service processing mode needs to be configured in the slot of the IPU. The actual configuration depends on the device.

Example for Collecting Statistics About IPv4 Original Flows

This section provides an example for configuring NetStream traffic statistics collection, helping you rapidly analyze the type and location of abnormal traffic.

Networking Requirements

On the network shown in Figure 1-3978, NetStream is configured to collect statistics about the source IP address, destination IP address, port, and protocol information of network packets on the user side. Such statistics help analyze users' behaviors and detect the virus-infected terminals, source and destination of denial of service (DoS) and distributed denial of service (DDoS) attacks, source of spams, and unauthorized websites. Based on other characteristics of NetStream data flows, other network devices can filter out and restrict the spread of virus-infected traffic.

Figure 1-3978 Network diagram of NetStream traffic statistics collection

In this example, interface1 and interface2 represent GE 0/1/0 and GE 0/1/8, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Configure the PE and CE to communicate.
Configure NetStream to collect statistics about incoming and outgoing packets on the user-side interface of the PE.

Data Preparation

To complete the configuration, you need the following data:

Name of the user-side interface of the PE
Version for outputting NetStream flows
Destination address, destination port number, and source address of the output NetStream flows
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Configure the PE and CE to communicate.
Assign an IP address and a mask to each interface according to Figure 1-3978. The configuration details are not provided.
Enable NetStream statistics collection on GE 0/1/0 of the PE.
# Configure the board to process NetStream services in distributed mode.
```
[*PE] slot 1
```
```
[*PE-slot-1] ip netstream sampler to slot self
```
```
[*PE-slot-1] quit
```
# Collect statistics about TCP flags in original flows.
```
[*PE] ip netstream tcp-flag enable
```
# Set the version for outputting NetStream flows to V5, and specify the source and destination addresses and destination port number for the output flows.
```
[*PE] ip netstream export host 192.168.2.2 9001
```
```
[*PE] ip netstream export source 192.168.2.1
```
# Enable NetStream sampling and configure the fixed packet sampling mode.
```
[*PE] ip netstream sampler fix-packets 10000 inbound
```
```
[*PE] ip netstream sampler fix-packets 10000 outbound
```
```
[*PE] commit
```
# Configure NetStream to collect statistics about incoming and outgoing flows on GigabitEthernet 0/1/0 of the PE.
```
[*PE] interface GigabitEthernet 0/1/0
```
```
[*PE-GigabitEthernet0/1/0] undo shutdown 
```
```
[*PE-GigabitEthernet0/1/0] ip netstream inbound
```
```
[*PE-GigabitEthernet0/1/0] ip netstream outbound
```
```
[*PE-GigabitEthernet0/1/0] quit
```
```
[*PE] commit
```
NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.

Verify the configuration.

# Run the display ip netstream cache origin slot 1 command after completing the configuration. The command output shows information about various original flows in the NetStream flow buffer.

[~PE] display ip netstream cache origin slot 1
 DstIf                         
 SrcIf                           
 DstP                          Msk          Pro            Tos 
 SrcP                          Msk          Flags          Ttl
 Packets                                                   Bytes
 NextHop                                                   Direction
 DstIP                                                     DstAs
 SrcIP                                                     SrcAs
 BGP: BGP NextHop                                          TopLabelType
 Label1                        Exp1         Bottom1
 Label2                        Exp2         Bottom2
 Label3                        Exp3         Bottom3
 TopLabelIpAddress                          VlanId         VniId
 CreateFlowTime                LastRefreshTime             VPN
 FlowLabel                     Rdvalue
 ForwardStatus
  --------------------------------------------------------------------------

 GigabitEthernet0/1/8                                                         
 GigabitEthernet0/1/0                                            
 0                             24            253            0
 0                             24            0              60
 3                                                          384       
 192.168.2.1                                                in
 192.168.1.3                                                0         
 192.168.1.4                                                0         
 0.0.0.0                                                    UNKNOWN             
 0                             0            0         
 0                             0            0         
 0                             0            0         
 0.0.0.0                                    0               0        
 2018-05-09 11:38:07           2018-05-09 11:40:30          --
 --                            -:-
 66(Forwarded Not Fragmented)

Configuration Files

CE configuration file

sysname CE

interface GigabitEthernet 0/1/0

 ip address 192.168.1.2 255.255.255.0

return

PE configuration file

slot 1

 ip netstream sampler to slot self

sysname PE

ip netstream tcp-flag enable

ip netstream sampler fix-packets 10000 inbound

ip netstream sampler fix-packets 10000 outbound

ip netstream export source 192.168.2.1

ip netstream export host 192.168.2.2 9001

interface gigabitethernet 0/1/8

 ip address 192.168.2.1 255.255.255.0

interface GigabitEthernet 0/1/0

 ip address 192.168.1.1 255.255.255.0

 ip netstream inbound

 ip netstream outbound

return

Example for Collecting Statistics About IPv4 Aggregated Flows

This section provides an example for configuring NetStream to collect statistics about IPv4 flows aggregated based on the AS number. This facilitates accounting and management.

Networking Requirements

On the network shown in Figure 1-3979, DeviceD connects network A and network B to the wide area network (WAN). DeviceD samples and aggregates flows before sending them to the NetStream Collector (NSC).

Figure 1-3979 Networking diagram of collecting statistics about aggregated flows

In this example interface1, interface2, interface3, and interface4 represent GE 0/1/0, GE 0/1/8, GE 0/1/16, and GE 0/1/24, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Configure reachable routes between the egress router of the LAN and the WAN.
Configure reachable routes between the ingress router of the LAN and the NSC.
Configure the ingress router of the LAN to sent traffic statistics to the specified NSC.
Configure the ingress router of the LAN to sent traffic statistics to the inbound interface on the NSC.
Aggregate sampled flows to reduce the data sent to the NSC.
Enable NetStream on the inbound interface of the ingress router.

Data Preparation

To complete the configuration, you need the following data:

IP address of each interface
Address of the NSC
Version for outputting NetStream flows
NetStream sampling ratio
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Configure IP addresses for each router. The configuration details are not provided here.
Configure reachable routes between the WAN, DeviceA, and DeviceB.
# Configure reachable routes between DeviceA and DeviceD.
```
[*DeviceA] ip route-static 1.1.1.1 24 GigabitEthernet 0/1/0
```
```
[*DeviceA] commit
```
# Configure reachable routes between DeviceB and DeviceD.
```
[*DeviceB] ip route-static 1.1.1.1 24 GigabitEthernet 0/1/0
```
```
[*DeviceB] commit
```
Configure reachable routes between DeviceD and the NSC.
# Configure reachable routes between DeviceD and DeviceC.
```
[*DeviceD] ip route-static 2.2.2.1 24 3.3.3.2
```

Enable NetStream on DeviceD.

# Specify the distributed NetStream sampling mode on a board.

[*DeviceD] slot 1

[*DeviceD-slot-1] ip netstream sampler to slot self

[*DeviceD-slot-1] quit

# Enable NetStream statistics collection for incoming traffic.

[*DeviceD] interface gigabitethernet 0/1/16

[*DeviceD-GigabitEthernet0/1/16] ip netstream inbound

NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.

# Output aggregated flows in V9 format.

[*DeviceD] ip netstream aggregation as

[*DeviceD-aggregation-as] enable

[*DeviceD-aggregation-as] ip netstream export host 2.2.2.1 3000

[*DeviceD-aggregation-as] ip netstream export source 3.3.3.1

[*DeviceD-aggregation-as] export version 9

# Enable NetStream packet sampling.

[*DeviceD-GigabitEthernet0/1/16] ip netstream sampler fix-packets 1000 inbound

[*DeviceD-GigabitEthernet0/1/16] quit

[*DeviceD] commit

Verify the configuration.

# Check whether flows are output.

[~DeviceB] display ip netstream cache as slot 1
 DstIf   
 SrcIf  
 DstAs      Streams    Packets    Direction     SrcAs   
--------------------------------------------------------------------------
 GI0/1/8        
 Unknown         
 0          985988     985988     out           0

Configuration Files

DeviceA configuration file

 sysname DeviceA

interface GigabitEthernet0/1/0

 ip address 172.16.0.1 255.255.255.0

ip route-static 1.1.1.1 255.255.255.0 GigabitEthernet0/1/0

return

DeviceB configuration file

 sysname DeviceB

interface GigabitEthernet0/1/0

 ip address 172.17.1.1 255.255.255.0

ip route-static 1.1.1.1 255.255.255.0 GigabitEthernet0/1/0

return

DeviceC configuration file

 sysname DeviceC

interface GigabitEthernet0/1/0

 ip address 3.3.3.2 255.255.255.0

return

DeviceD configuration file

slot 1

 ip netstream sampler to slot self

 sysname DeviceD

interface GigabitEthernet0/1/0

 ip address 172.16.0.2 255.255.255.0

interface GigabitEthernet0/1/8

 ip address 172.17.1.2 255.255.255.0

interface GigabitEthernet0/1/16

 ip address 1.1.1.1 255.255.255.0

 ip netstream inbound

 ip netstream sampler fix-packets 1000 inbound

interface GigabitEthernet0/1/24

 ip address 3.3.3.1 255.255.255.0

ip netstream aggregation as

 enable

 export version 9

 ip netstream export source 3.3.3.1

 ip netstream export host 2.2.2.1 3000

return

Example for Collecting Statistics About MPLS Original Flows

This section provides an example for configuring NetStream to collect statistics about MPLS original flows. Statistics about MPLS original flows with a specified label can be collected.

Networking Requirements

In Figure 1-3980, DeviceA, DeviceB, and DeviceC support MPLS and use OSPF as an IGP on the MPLS backbone network.

Local Label Distribution Protocol (LDP) sessions are established between DeviceA and DeviceB and between DeviceB and DeviceC. A remote LDP session is established between DeviceA and DeviceC. NetStream is enabled on DeviceB to collect statistics about MPLS flows.

Figure 1-3980 Networking diagram of collecting statistics about MPLS original flows

In this example, interface1 and interface2 represent GE 0/1/0 and GE 0/1/8, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Configure an LDP session between every two routers.
Specify the remote peer and its address on the two routers that have established a remote LDP session.
Specify the destination address, destination port number, and source address of the output NetStream flows

Data Preparation

To complete the configuration, you need the following data:

IP addresses of interfaces on each router as shown in Figure 1-3980, OSPF process ID (1), and area (Area0)
DeviceA's remote peer (DeviceC) with name Devicec and IP address 3.3.3.9
DeviceC's remote peer (DeviceA) with name Devicea and IP address 1.1.1.9
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Assign an IP address to each involved interface.
# Assign an IP address and a mask to each interface (including loopback interfaces) according to Figure 1-3980. The configuration details are not provided here.
Configure an LDP session between every two routers.
# Configure OSPF to advertise host routes to the specified label switching router (LSR) ID and of the network segments to which interfaces on the router are connected. Enable basic MPLS functions and LDP on each router and its interfaces.

For configurations of the static MPLS TE tunnel, see "Basic MPLS Configurations" in NetEngine 8000 FNetEngine 8000 F Configuration Guide > MPLS.
Enable NetStream statistics collection on GigabitEthernet 0/1/0 of DeviceB.
# Specify the distributed NetStream sampling mode on a board.
```
[*DeviceB] slot 1
```
```
[*DeviceB-slot-1] ip netstream sampler to slot self
```
```
[*DeviceB-slot-1] quit
```
# Configure NetStream to collect statistics about incoming and outgoing packets on GigabitEthernet 0/1/0 of DeviceB.
```
[*DeviceB] interface GigabitEthernet 0/1/0
```
```
[*DeviceB-GigabitEthernet0/1/0] ip netstream inbound
```
```
[*DeviceB-GigabitEthernet0/1/0] ip netstream outbound
```
```
[*DeviceB-GigabitEthernet0/1/0] quit
```
NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.

# Configure NetStream to sample both inner IP packets and labels of MPLS packets.
```
[*DeviceB] ip netstream mpls-aware label-and-ip
```
# Specify the destination address, destination port number, and source address for the output flows.
```
[*DeviceB] ip netstream export host 192.168.1.2 2100
```
```
[*DeviceB] ip netstream export source 10.1.2.1
```
# Enable NetStream sampling and configure the fixed packet sampling mode.
```
[*DeviceB] ip netstream sampler fix-packets 10000 inbound
```
```
[*DeviceB] ip netstream sampler fix-packets 10000 outbound
```
```
[*DeviceB] commit
```

Verify the configuration.

# Run the display ip netstream cache origin slot 1 command in the user view after completing the configuration. The command output shows information about the NetStream flow buffer and statistics about output packets.

[~DeviceB] display ip netstream cache origin slot 1
 DstIf                         
 SrcIf                           
 DstP                          Msk          Pro            Tos 
 SrcP                          Msk          Flags          Ttl
 Packets                                                   Bytes
 NextHop                                                   Direction
 DstIP                                                     DstAs
 SrcIP                                                     SrcAs
 BGP: BGP NextHop                                          TopLabelType
 Label1                        Exp1         Bottom1
 Label2                        Exp2         Bottom2
 Label3                        Exp3         Bottom3
 TopLabelIpAddress                          VlanId         VniId
 CreateFlowTime                LastRefreshTime             VPN
 FlowLabel                     Rdvalue
 ForwardStatus
  --------------------------------------------------------------------------

 GigabitEthernet0/1/8                                                          
 GigabitEthernet0/1/0                                            
 0                             24            253            0
 0                             24            0              60
 3                                                          384       
 10.1.2.1                                                   in
 10.1.1.5                                                   0         
 192.168.1.4                                                0         
 0.0.0.0                                                    UNKNOWN             
 0                             0            0         
 0                             0            0         
 0                             0            0         
 0.0.0.0                                    0               0        
 2018-05-09 11:38:07           2018-05-09 11:40:30          --
 --                            -:-
 66(Forwarded Not Fragmented)

Configuration Files

DeviceA configuration file

 sysname DeviceA

 mpls lsr-id 1.1.1.9

mpls

 lsp-trigger all

mpls ldp

 mpls ldp remote-peer Devicec

 remote-ip 3.3.3.9

interface GigabitEthernet0/1/0

 undo shutdown

 ip address 10.1.1.1 255.255.255.0

 mpls

 mpls ldp

interface LoopBack1

 ip address 1.1.1.9 255.255.255.255

ospf 1

 area 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 1.1.1.9 0.0.0.0

return

DeviceB configuration file

slot 1

 ip netstream sampler to slot self

 sysname DeviceB

ip netstream sampler fix-packets 10000 inbound

ip netstream sampler fix-packets 10000 outbound

ip netstream export host 192.168.1.2 2100

ip netstream export source 10.1.2.1

 mpls lsr-id 2.2.2.9

mpls

 lsp-trigger all

mpls ldp

interface GigabitEthernet0/1/0

 undo shutdown

 ip address 10.1.1.2 255.255.255.0

 ip netstream inbound

 ip netstream outbound

 mpls

 mpls ldp

interface GigabitEthernet0/1/8

 undo shutdown

 ip address 10.1.2.1 255.255.255.0

 mpls

 mpls ldp

interface LoopBack1

 ip address 2.2.2.9 255.255.255.255

ospf 1

 area 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 10.1.2.0 0.0.0.255

  network 2.2.2.9 0.0.0.0

return

DeviceC configuration file

 sysname DeviceC

 ip netstream mpls-aware label-and-ip

 mpls lsr-id 3.3.3.9

mpls

 lsp-trigger all

mpls ldp

 mpls ldp remote-peer DeviceA

 remote-ip 1.1.1.9

interface GigabitEthernet0/1/0

 undo shutdown

 ip address 10.1.2.2 255.255.255.0

 mpls

 mpls ldp

interface LoopBack1

 ip address 3.3.3.9 255.255.255.255

ospf 1

 area 0.0.0.0

  network 4.1.1.0 0.0.0.255

  network 3.3.3.9 0.0.0.0

return

Example for Deploying NetStream on a BGP/MPLS IP VPN Network

This section provides an example for configuring NetStream on a BGP/MPLS IP VPN network to monitor VPN service traffic.

Networking Requirements

As Layer 3 virtual private network (L3VPN) services develop, carriers place increasingly higher requirements on VPN traffic statistics collection. After conventional IP networks carry voice and video services, it has become commonplace for carriers and their customers to sign Service Level Agreements (SLAs). Deploying NetStream on a BGP/MPLS IP VPN network allows users to analyze LSP traffic between PEs and adjust the network to better meet service requirements.

On the IPv4 BGP/MPLS IP VPN network shown in Figure 1-3981:

Packets with specified application labels are sampled on PE2 and sent to the NetStream Collector (NSC) and NetStream Data Analyzer (NDA).
Statistics collection of incoming and outgoing packets with specified application labels is enabled on the P. Packets with specified application labels sent by the CE are sampled and sent to the NSC and NDA.
Traffic statistics are analyzed on the NSC and NDA to obtain users' traffic volume between PEs.

Figure 1-3981 Networking diagram of the BGP/MPLS IP VPN

In this example, interface1, interface2, and interface3 represent GE 0/1/0, GE 0/1/8, and GE 0/1/16, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Assign an IP address to each involved interface.
Configure the BGP/MPLS IP VPN.
Enable NetStream to sample packets with specified application labels on PE2.
Enable NetStream to collect statistics about incoming and outgoing packets with specified labels on the P.

Data Preparation

To complete the configuration, you need the following data:

Version for outputting NetStream flows and sampling interval
Destination address, destination port number, and source address of the output NetStream flows
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Assign an IP address to each involved interface.
Assign an IP address and a mask to each interface (including loopback interfaces) according to Figure 1-3981. The configuration details are not provided here.
Configure the BGP/MPLS IP VPN.
For configuration details, see "BGP/MPLS IP VPN Configuration" in NetEngine 8000 F Configuration Guide > VPN.
Enable NetStream to sample packets with specified application labels on PE2.
# Configure the board on PE2 to process NetStream services in distributed mode.
```
[*PE2] slot 1
[*PE2-slot-1] ip netstream sampler to slot self
[*PE2-slot-1] quit
```
# Configure PE2 to send information about L3VPN application labels to the NSC.
```
[*PE2] ip netstream export template option application-label
```
# Set the version for outputting NetStream flows to V9, and specify the source and destination addresses and destination port number for the output flows.
```
[*PE2] ip netstream export version 9
[*PE2] ip netstream export host 192.168.2.2 9000
[*PE2] ip netstream export source 192.168.2.1
```
Enable NetStream to collect statistics about incoming and outgoing packets with specified application labels on the P.
# Configure the board on the P to process NetStream services in distributed mode.
```
[*P] slot 1
[*P-slot-1] ip netstream sampler to slot self
[*P-slot-1] quit 
```
# Collect statistics about incoming and outgoing packets on GigabitEthernet 0/1/0 of the P.
```
[*P] interface GigabitEthernet 0/1/0
[*P-GigabitEthernet0/1/0] ip netstream inbound
[*P-GigabitEthernet0/1/0] ip netstream outbound
[*P-GigabitEthernet0/1/0] quit
```
NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.
# Configure NetStream to sample both inner IP packets and labels of MPLS packets.
```
[*P] ip netstream mpls-aware label-and-ip
```
# Set the version for outputting NetStream flows to V9, and specify the source and destination addresses and destination port number for the output flows.
```
[*P] ip netstream export version 9
[*P] ip netstream export host 192.168.2.2 9001
[*P] ip netstream export source 172.16.2.1
```
# Enable NetStream sampling and configure the fixed packet sampling mode.
```
[*P] ip netstream sampler fix-packets 10000 inbound
[*P] ip netstream sampler fix-packets 10000 outbound
[*P] commit
```

Verify the configuration.

# Run the display ip netstream cache origin slot 1 command on the P after completing the configuration. The command output shows IP and MPLS related information about VPN packets cached in the NetStream flow buffer.

[~P] display ip netstream cache origin slot 1
 DstIf                         
 SrcIf                           
 DstP                          Msk          Pro            Tos 
 SrcP                          Msk          Flags          Ttl
 Packets                                                   Bytes
 NextHop                                                   Direction
 DstIP                                                     DstAs
 SrcIP                                                     SrcAs
 BGP: BGP NextHop                                          TopLabelType
 Label1                        Exp1         Bottom1
 Label2                        Exp2         Bottom2
 Label3                        Exp3         Bottom3
 TopLabelIpAddress                          VlanId         VniId
 CreateFlowTime                LastRefreshTime             VPN
 FlowLabel                     Rdvalue
 ForwardStatus
  --------------------------------------------------------------------------

 GigabitEthernet0/1/8                                                          
 GigabitEthernet0/1/0                                            
 0                             24            253            0
 0                             24            0              60
 3                                                          384       
 172.16.3.1                                                 in
 10.2.1.5                                                   0         
 10.4.1.5                                                   0         
 0.0.0.0                                                    UNKNOWN             
 0                             0            0         
 0                             0            0         
 0                             0            0         
 0.0.0.0                                    0               0        
 2018-05-09 11:38:07           2018-05-09 11:40:30          --
 --                            -:-
 66(Forwarded Not Fragmented)

Configuration Files

PE1 configuration file

 sysname PE1

ip vpn-instance vpna

 route-distinguisher 100:1

 apply-label per-instance

 vpn-target 100:1 export-extcommunity

 vpn-target 100:1 import-extcommunity

 mpls lsr-id 1.1.1.9

mpls

interface GigabitEthernet0/1/0

 ip binding vpn-instance vpna

 ip address 10.2.1.2 255.255.255.0

interface GigabitEthernet0/1/16

  ip address 172.16.1.1 255.255.255.0

  mpls

  mpls ldp

interface LoopBack1

 ip address 1.1.1.9 255.255.255.255

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack1

 ipv4-family unicast

  peer 3.3.3.9 enable

 ipv4-family vpnv4

  policy vpn-target

  peer 3.3.3.9 enable

 ipv4-family vpn-instance vpna

  import-route direct

  peer 10.1.1.1 as-number 65440

ospf 1

 area 0.0.0.0

  network 1.1.1.9 0.0.0.0

  network 172.16.1.0 0.0.0.255

return

P configuration file

slot 1

 ip netstream sampler to slot self

 sysname P

 ip netstream mpls-aware label-and-ip

 ip netstream export version 9

 ip netstream sampler fix-packets 10000 inbound

 ip netstream sampler fix-packets 10000 outbound

 ip netstream export source 172.16.2.1

 ip netstream export host 172.16.2.2 9001

mpls lsr-id 2.2.2.9

mpls

 lsp-trigger all

mpls ldp

interface GigabitEthernet0/1/0

 ip address 172.16.1.2 255.255.255.0

 mpls

 mpls ldp

interface GigabitEthernet0/1/8

 ip address 172.16.3.1 255.255.255.0

 ip netstream inbound

 ip netstream outbound

 mpls

 mpls ldp

interface GigabitEthernet0/1/16

 ip address 172.16.2.1 255.255.255.0

interface LoopBack1

 ip address 2.2.2.9 255.255.255.255

ospf 1

 area 0.0.0.0

  network 172.16.1.0 0.0.0.255

  network 172.17.1.0 0.0.0.255

  network 2.2.2.9 0.0.0.0

return

PE2 configuration file

slot 1

 ip netstream sampler to slot self

 sysname PE2

 ip netstream export version 9

 ip netstream export source 192.168.2.1

 ip netstream export host 192.168.2.2 9000

 ip netstream export template option application-label

ip vpn-instance vpna

 route-distinguisher 200:1

 apply-label per-instance

 vpn-target 100:1 export-extcommunity

 vpn-target 100:1 import-extcommunity

mpls lsr-id 3.3.3.9

mpls

 lsp-trigger all

mpls ldp

interface GigabitEthernet0/1/0

 ip binding vpn-instance vpna

 ip address 10.3.1.2 255.255.255.0

interface GigabitEthernet0/1/16

 ip address 172.16.3.2 255.255.255.0

 mpls

 mpls ldp

interface LoopBack1

 ip address 3.3.3.9 255.255.255.255

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack1

 ipv4-family unicast

  peer 1.1.1.9 enable

 ipv4-family vpnv4

  policy vpn-target

  peer 1.1.1.9 enable

 ipv4-family vpn-instance vpna

  import-route direct

  peer 10.4.1.1 as-number 65440

ospf 1

 area 0.0.0.0

  network 172.17.1.0 0.0.0.255

  network 3.3.3.9 0.0.0.0

return

CE2 configuration file

 sysname CE2

interface GigabitEthernet0/1/0

 ip address 10.2.1.1 255.255.255.0

bgp 65420

 peer 10.2.1.2 as-number 100

 ipv4-family unicast

  import-route direct

  peer 10.2.1.2 enable

return

CE4 configuration file

 sysname CE4

interface GigabitEthernet0/1/0

 ip address 10.4.1.1 255.255.255.0

bgp 65440

 peer 10.4.1.2 as-number 100

 ipv4-family unicast

  import-route direct

  peer 10.4.1.2 enable

return

Example for Collecting Statistics About IPv6 Original Flows

This section provides an example for deploying NetStream to collect statistics about original flows. This example uses the configurations on an IPv6 network.

Networking Requirements

As the Internet continues to develop rapidly, carrier networks support higher bandwidth and predictable QoS parameters. As such, carriers need to provide finer-grained management and accounting services. To implement classified monitoring over networks more effectively, you can configure NetStream monitoring services to output traffic statistics collected on specified interfaces to specified NSCs and NDAs for analysis. This enables collected statistics to be output to multiple addresses.

As shown in Figure 1-3982, GE0/1/0 of DeviceC is connected to two IPv6 networks through A and B respectively. DeviceC collects traffic statistics, aggregates the statistics, and sends them to NMS1 and NMS2.

To collect flow-specific statistics, configure NetStream monitoring services in the inbound direction of GE 0/1/0 and GE 0/1/8 on DeviceC. Traffic statistics collected on GE 0/1/0 are sent to NMS1 with an IPv4 address and traffic statistics collected on GE 0/1/8 are sent to NMS2 with an IPv6 address.

Figure 1-3982 Network diagram of NetStream traffic statistics collection

In this example, interface1 and interface2 represent GE 0/1/0 and GE 0/1/8, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Assign an IP address to each interface on each router.
Enable NetStream statistics collection on routerC.
Configure NetStream monitoring services on routerC.

Data Preparation

To complete the configuration, you need the following data:

IP address of each interface on each router
Version for outputting NetStream flows
Source and destination addresses, destination port number, and monitoring view name of the output NetStream flows
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Configure IP addresses for each router. The configuration details are not provided here.

Enable NetStream statistics collection on DeviceC.

# Configure the board to process NetStream services in distributed mode.

[*DeviceC] slot 1

[*DeviceC-slot-1] ipv6 netstream sampler to slot self

[*DeviceC-slot-1] quit

# Collect statistics about TCP flags in original flows.

[*DeviceC] ipv6 netstream tcp-flag enable

# Enable NetStream sampling and configure the fixed packet sampling mode.

[*DeviceC] ipv6 netstream sampler fix-packets 10000 inbound

# Set the version number and source address of the output packets carrying original flow statistics.

[*DeviceC] ipv6 netstream export version 9

[*DeviceC] ipv6 netstream export source ipv6 2001:db8:100::1

# Configure NetStream to collect statistics about incoming flows on GE 0/1/0 and GE 0/1/8.

[*DeviceC] interface GigabitEthernet0/1/0

[*DeviceC-GigabitEthernet0/1/0] undo shutdown

[*DeviceC-GigabitEthernet0/1/0] ipv6 netstream inbound

[*DeviceC-GigabitEthernet0/1/0] quit

[*DeviceC] interface GigabitEthernet0/1/8

[*DeviceC-GigabitEthernet0/1/8] undo shutdown

[*DeviceC-GigabitEthernet0/1/8] ipv6 netstream inbound

[*DeviceC-GigabitEthernet0/1/8] quit

NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.

Configure NetStream monitoring services.

[*DeviceC] ipv6 netstream monitor monitor1

[*DeviceC-monitor-monitor1] ipv6 netstream export host 192.168.0.2 6000

[*DeviceC-monitor-monitor1] quit

[*DeviceC] ipv6 netstream monitor monitor2

[*DeviceC-monitor-monitor2] ipv6 netstream export host ipv6 2001:db8:100::1 6000

[*DeviceC-monitor-monitor2] quit

[*DeviceC] interface gigabitethernet 0/1/0

[*DeviceC-GigabitEthernet0/1/0] ipv6 netstream monitor monitor1 inbound

[*DeviceC-GigabitEthernet0/1/0] quit

[*DeviceC] interface gigabitethernet 0/1/8

[*DeviceC-GigabitEthernet0/1/8] ipv6 netstream monitor monitor2 inbound

[*DeviceC-GigabitEthernet0/1/8] quit

[*DeviceC] commit

Verify the configuration.

Run the display ipv6 netstream monitor all command to check information about all NetStream monitoring services.

[~DeviceC] display ipv6 netstream monitor all

Monitor monitor1
 ID        : 1
 AppCount  : 1

 Address                                   Port            
 192.168.0.2                               6000            
------------------------------------------------------------
Monitor monitor2
 ID        : 2
 AppCount  : 1

 Address                                   Port            
 2001:DB8:100::1                           6000            
------------------------------------------------------------

# Run the display ipv6 netstream cache origin slot 1 command to check information about various original flows in the NetStream flow buffer.

[~DeviceC] display ipv6 netstream cache origin slot 1

 DstIf                         
 SrcIf                           
 DstP                          Msk          Pro            Tos 
 SrcP                          Msk          Flags          Ttl
 Packets                                                   Bytes
 NextHop                                                   Direction
 DstIP                                                     DstAs
 SrcIP                                                     SrcAs
 BGP: BGP NextHop                                          TopLabelType
 Label1                        Exp1         Bottom1
 Label2                        Exp2         Bottom2
 Label3                        Exp3         Bottom3
 TopLabelIpAddress                          VlanId         VniId
 CreateFlowTime                LastRefreshTime             VPN
 FlowLabel                     Rdvalue
 ForwardStatus
 --------------------------------------------------------------------------

 GigabitEthernet0/1/8                                                        
 GigabitEthernet0/1/0                                          
 0                             0            59             0  
 0                             0            0              100
 443426                                                    56758528  
 ::                                                        in
 2001:DB8:20::1                                            0         
 2001:DB8:80::1                                            0         
 ::                                                        UNKNOWN             
 0                             0            0         
 0                             0            0         
 0                             0            0         
 0.0.0.0                                    0              0
 2018-05-09 11:38:07           2018-05-09 11:40:30         --
 112706                        -:-
 64(Forwarded Unknown)

Configuration Files

DeviceA configuration file

# 
sysname DeviceA
# 
interface GigabitEthernet0/1/0
 undo shutdown
 ipv6 enable
 ipv6 address 2001:DB8:200::2/96
#
return

DeviceB configuration file

# 
sysname DeviceB
# 
interface GigabitEthernet0/1/0
 undo shutdown
 ipv6 enable
 ipv6 address 2001:DB8:300::2/96
#
return

DeviceC configuration file

# 
sysname DeviceC
 # 
ipv6 netstream tcp-flag enable
ipv6 netstream sampler fix-packets 10000 inbound 
ipv6 netstream export version 9
ipv6 netstream export source ipv6 2001:DB8:100::1
 # 
ipv6 netstream monitor monitor1
 ipv6 netstream export host 192.168.0.1 6000
#
ipv6 netstream monitor monitor2
 ipv6 netstream export host ipv6 2001:DB8:100::1 6000
#
interface GigabitEthernet0/1/0
 undo shutdown
 ipv6 enable
 ipv6 address 2001:DB8:200::1/96
 ipv6 netstream inbound
 ipv6 netstream monitor monitor1 inbound
#
interface GigabitEthernet0/1/8
 undo shutdown
 ipv6 enable
 ipv6 address 2001:DB8:300::1/96
 ipv6 netstream inbound
 ipv6 netstream monitor monitor2 inbound
#
slot 1
 ipv6 netstream sampler to slot self
#      
return

Example for Collecting Statistics About IPv4 Flexible Flows

This section provides an example for deploying NetStream to collect statistics about IPv4 flexible flows. This example uses the configurations on an IPv4 network.

Networking Requirements

On the network shown in Figure 1-3983, DeviceD connects network A and network B to the wide area network (WAN). DeviceD samples and aggregates flows before sending them to the NetStream Collector (NSC).

Figure 1-3983 Networking diagram of collecting statistics about IPv4 flexible flows

In this example, interface1, interface2, interface3, and interface4 represent GE 0/1/0, GE 0/1/8, GE 0/1/16, and GE 0/1/24, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Configure reachable routes between DeviceA and DeviceB of the LAN and the WAN.
Configure reachable routes between DeviceD and the NSC.
Configure DeviceD to send traffic statistics to the inbound interface of the specified NSC.
Configure the flexible flow output function for traffic.
Enable NetStream on the outbound interface of DeviceD.

Data Preparation

To complete the configuration, you need the following data:

IP address of each interface
Version for outputting NetStream flows
NetStream sampling ratio
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Configure IP addresses for each router. The configuration details are not provided here.

Configure reachable routes between the WAN, DeviceA, and DeviceB.

# Configure reachable routes between DeviceA and DeviceD.

[~DeviceA] ip route-static 192.168.1.1 24 gigabitethernet 0/1/0

[*DeviceA] commit

# Configure reachable routes between DeviceB and DeviceD.

[~DeviceB] ip route-static 192.168.1.1 24 gigabitethernet 0/1/0

[*DeviceB] commit

# Configure reachable routes between DeviceD and DeviceE.

[~DeviceD] ip route-static 172.17.1.3 24 gigabitethernet 0/1/16

[*DeviceD] commit

Configure reachable routes between DeviceD and the NSC.
# Configure reachable routes between DeviceD and DeviceC.
```
[~DeviceD] ip route-static 192.168.2.1 24 192.168.2.2
```
```
[*DeviceD] commit
```

Enable NetStream on DeviceD.

# Specify the distributed NetStream sampling mode on a board.

[~DeviceD] slot 1

[~DeviceD-slot-1] ip netstream sampler to slot self

[*DeviceD-slot-1] quit

[*DeviceD] commit

# Enable NetStream statistics collection for incoming traffic.

[~DeviceD] interface gigabitethernet 0/1/16

[*DeviceD-GigabitEthernet0/1/16] ip netstream inbound

[~DeviceD-GigabitEthernet0/1/16] quit

[*DeviceD] commit

NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.

# Configure the flexible flow template in V9 format.

[~DeviceD] ip netstream record aa

[*DeviceD-record-aa] match source as

[*DeviceD-record-aa] collect first switched

[*DeviceD] commit

# Output flexible flows in V9 format.

[~DeviceD] ip netstream export version 9

[~DeviceD] ip netstream apply record aa

[~DeviceD] ip netstream export source 192.168.2.1

[~DeviceD] ip netstream export host 192.168.2.2 3000

[*DeviceD] commit

# Enable NetStream packet sampling.

[~DeviceD] interface gigabitethernet 0/1/16

[*DeviceD-GigabitEthernet0/1/16] ip netstream sampler fix-packets 1000 inbound

[*DeviceD-GigabitEthernet0/1/16] quit

[*DeviceD] commit

Verify the configuration.

# Check whether the flexible flow template is output correctly.

[~DeviceD] display ip netstream export template

------------------------------------------------------
TemplateName                        Success     Failed
------------------------------------------------------
origin                                   69          0
Record(system)                           14          0

Configuration Files

DeviceA configuration file

 sysname DeviceA

interface GigabitEthernet0/1/0

 ip address 172.16.0.1 255.255.255.0

ip route-static 192.168.1.1 255.255.255.0 GigabitEthernet0/1/0

return

DeviceB configuration file

 sysname DeviceB

interface GigabitEthernet0/1/0

 ip address 172.17.1.1 255.255.255.0

ip route-static 192.168.1.1 255.255.255.0 GigabitEthernet0/1/0

return

DeviceC configuration file

 sysname DeviceC

interface GigabitEthernet0/1/0

 ip address 192.168.2.2 255.255.255.0

return

DeviceD configuration file

slot 1

 ip netstream sampler to slot self

 sysname DeviceD

interface GigabitEthernet0/1/0

 ip address 172.16.0.2 255.255.255.0

interface GigabitEthernet0/1/8

 ip address 172.17.1.2 255.255.255.0

interface GigabitEthernet0/1/16

 ip address 192.168.1.1 255.255.255.0

 ip route-static 172.17.1.3 24 gigabitethernet 0/1/16

 ip netstream inbound

 ip netstream sampler fix-packets 1000 inbound

interface GigabitEthernet0/1/24

 ip address 192.168.2.1 255.255.255.0

 ip netstream export version 9

 ip netstream export source 192.168.2.1

 ip netstream export host 192.168.2.2 3000

 ip netstream record aa

 match source address

 collect first switched

 ip netstream apply record aa

return

DeviceE configuration file

 sysname DeviceE

interface GigabitEthernet0/1/0

 ip address 172.17.1.3 255.255.255.0

return

Example for Configuring NetStream in an SRv6 Private Network Scenario

This section uses the SRv6 private network scenario as an example to describe how to configure NetStream to monitor VPN service traffic and collect private network information.

Networking Requirements

NetStream can be deployed in an SRv6 private network scenario to provide traffic analysis for forwarding paths between PEs and collect private network information. This helps users adjust network parameters to better meet service requirements.

In the SRv6 private network scenario shown in Figure 1-3984:

Configure the P to collect statistics about inner IPv4 packets in IPv6 original flows and send the statistics to the NSC and NDA.
Analyze traffic on the NSC and NDA to obtain user traffic between PEs and collect private network information.
Figure 1-3984 Network diagram of configuring NetStream in an SRv6 private network scenario
- In this example, interface1, interface2, and interface3 represent GE 0/1/0, GE 0/1/8, and GE 0/1/16, respectively.

Configuration Roadmap

The configuration roadmap is as follows:

Assign an IP address and a mask to each interface.
Configure an L3VPN over SRv6 TE Policy.
Configure NetStream on the P to collect statistics about inner IPv4 packets in IPv6 original flows.

Data Preparation

To complete the configuration, you need the following data:

Version for outputting NetStream flows and sampling interval
Destination address, destination port number, and source address of the output NetStream flows
ID of the slot in which the NetStream service processing board resides (In this example, the NetStream service processing board is in slot 1.)

Procedure

Assign an IP address to each involved interface.
Assign an IP address and a mask to each interface (including loopback interfaces) according to Figure 1-3984. For configuration details, see Configuration Files.
Configure an L3VPN over SRv6 TE Policy.
For the configuration roadmap, see Segment Routing IPv6 Configuration. For configuration details, see Configuration Files.
Configure NetStream on the P to collect statistics about inner IPv4 packets in IPv6 original flows.
# Configure the board on the P to process NetStream services in distributed mode.
```
[*P] slot 1
```
```
[*P-slot-1] ipv6 netstream sampler to slot self
```
```
[*P-slot-1] quit 
```
# Collect statistics about incoming and outgoing packets on GigabitEthernet 0/1/0 of the P.
```
[*P] interface GigabitEthernet 0/1/0
```
```
[*P-GigabitEthernet0/1/0] ipv6 netstream inbound
```
```
[*P-GigabitEthernet0/1/0] ipv6 netstream outbound
```
```
[*P-GigabitEthernet0/1/0] quit
```
NetStream enabled on a main interface cannot collect traffic statistics about its sub-interface.
# Configure the output format of IPv6 packets, and the source address, destination address, and destination port of the output packets.
```
[*P] ipv6 netstream export version 9
```
```
[*P] ipv6 netstream export host ipv6 2001:DB8:111::1 9001
```
```
[*P] ipv6 netstream export source ipv6 2001:DB8:30::1
```
# Configure NetStream to sample the outer IPv6 packets and set the mode to fixed packet sampling.
```
[*P] ipv6 netstream sampler fix-packets 10000 inbound
```
```
[*P] ipv6 netstream sampler fix-packets 10000 outbound
```
```
[*P] quit
```
After completing the preceding configuration, the device samples outer IPv6 packets. You can run the display ipv6 netstream cache origin slot slot-id command to check sampling information about outer packets.

To sample inner IPv4 packets, you need to configure NetStream IPv4.
# Configure the output format of IPv4 packets, and the source address, destination address, and destination port of the output packets.
```
[*P] ip netstream export version 9
```
```
[*P] ip netstream export host ipv6 2001:DB8:111::1 9001
```
```
[*P] ip netstream export source ipv6 2001:DB8:30::1
```
# Configure NetStream to sample inner IPv4 packets.
```
[*P] ipv6 netstream srv6-aware inner-header
```
```
[*P] commit
```

Verify the configuration.

# Run the display ip netstream cache origin slot 1 command on the P after completing the configuration. The command output shows information about inner IPv4 packets in the NetStream flow buffer.

[~P] display ip netstream cache origin slot 1
 DstIf                         
 SrcIf                           
 DstP                          Msk          Pro            Tos 
 SrcP                          Msk          Flags          Ttl
 Packets                                                   Bytes
 NextHop                                                   Direction
 DstIP                                                     DstAs
 SrcIP                                                     SrcAs
 BGP: BGP NextHop                                          TopLabelType
 Label1                        Exp1         Bottom1
 Label2                        Exp2         Bottom2
 Label3                        Exp3         Bottom3
 TopLabelIpAddress                          VlanId         VniId
 CreateFlowTime                LastRefreshTime             VPN
 FlowLabel                     Rdvalue
 ForwardStatus
 --------------------------------------------------------------------------

 GigabitEthernet0/1/8                                                         
 GigabitEthernet0/1/0                                            
 0                             64            253            0
 0                             128            0             60
 3                                                          384       
 2001:DB8:20::2                                             in
 10.1.1.2                                                   0         
 10.2.1.2                                                   0         
 ::                                                         UNKNOWN             
 0                             0            0         
 0                             0            0         
 0                             0            0         
 0.0.0.0                                    0               0        
 2020-05-09 11:38:07           2020-05-09 11:40:30          --
 --                            -:-
 66(Forwarded Not Fragmented)

Configuration Files

PE1 configuration file

#
sysname PE1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  tnl-policy p1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#               
segment-routing ipv6
 encapsulation source-address 2001:DB8:1::1
 locator as1 ipv6-prefix 2001:DB8:100:: 64 static 32
  opcode ::111 end
 srv6-te-policy locator as1
 segment-list list1
  index 5 sid ipv6 2001:DB8:200::222
  index 10 sid ipv6 2001:DB8:300::333
 srv6-te policy policy1 endpoint 2001:DB8:3::3 color 101
  binding-sid 2001:DB8:100::100
  candidate-path preference 100
   segment-list list1 
#               
isis 1          
 is-level level-1
 cost-style wide
 network-entity 10.0000.0000.0001.00
 #              
 ipv6 enable topology ipv6
 segment-routing ipv6 locator as1 auto-sid-disable
 #              
#               
interface GigabitEthernet0/1/8
 undo shutdown  
 ip binding vpn-instance vpna
 ip address 10.1.1.1 255.255.255.0
#               
interface GigabitEthernet0/1/0
 undo shutdown  
 ipv6 enable    
 ipv6 address 2001:DB8:10::1/96
 isis ipv6 enable 1
#               
interface LoopBack1
 ipv6 enable    
 ipv6 address 2001:DB8:1::1/64
 isis ipv6 enable 1
#               
bgp 100         
 router-id 1.1.1.1
 peer 2001:DB8:3::3 as-number 100
 peer 2001:DB8:3::3 connect-interface LoopBack1
 #              
 ipv4-family unicast
  undo synchronization
 #              
 ipv6-family unicast
  undo synchronization
 #              
 ipv4-family vpnv4
  policy vpn-target
  peer 2001:DB8:3::3 enable
  peer 2001:DB8:3::3 route-policy p1 import
  peer 2001:DB8:3::3 prefix-sid
 #              
 ipv4-family vpn-instance vpna
  import-route direct
  segment-routing ipv6 locator as1
  segment-routing ipv6 traffic-engineer best-effort
  peer 10.1.1.2 as-number 65410
#               
route-policy p1 permit node 10
 apply extcommunity color 0:101
#               
tunnel-policy p1
 tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
#               
return

P configuration file

#
sysname P        
#               
segment-routing ipv6
 encapsulation source-address 2001:DB8:2::2
 locator as1 ipv6-prefix 2001:DB8:200:: 64 static 32
  opcode ::222 end
#               
isis 1          
 is-level level-1
 cost-style wide
 network-entity 10.0000.0000.0002.00
 #              
 ipv6 enable topology ipv6
 segment-routing ipv6 locator as1 auto-sid-disable
 #
#               
interface GigabitEthernet0/1/0
 undo shutdown  
 ipv6 enable    
 ipv6 address 2001:DB8:10::2/96
 isis ipv6 enable 1
 ipv6 netstream inbound
 ipv6 netstream outbound 
# 
interface GigabitEthernet0/1/8
 undo shutdown  
 ipv6 enable    
 ipv6 address 2001:DB8:20::1/96
 isis ipv6 enable 1  
#
interface GigabitEthernet0/1/16
 undo shutdown  
 ipv6 enable    
 ipv6 address 2001:DB8:30::1/96
 isis ipv6 enable 1
#               
interface LoopBack1
 ipv6 enable    
 ipv6 address 2001:DB8:2::2/64
 isis ipv6 enable 1
#
slot 1
 ip netstream sampler to slot self
#
ip netstream export version 9
ip netstream export host ipv6 2001:DB8:111::1 9001 
ip netstream export source ipv6 2001:DB8:30::1
#
ipv6 netstream srv6-aware inner-header
ipv6 netstream export version 9 
ipv6 netstream export host ipv6 2001:DB8:111::1 9001 
ipv6 netstream export source ipv6 2001:DB8:30::1
ipv6 netstream sampler fix-packets 10000 inbound
ipv6 netstream sampler fix-packets 10000 outbound
#               
return

PE2 configuration file

#
sysname PE2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 200:1
  apply-label per-instance
  tnl-policy p1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#               
segment-routing ipv6
 encapsulation source-address 2001:DB8:3::3
 locator as1 ipv6-prefix 2001:DB8:300:: 64 static 32
  opcode ::333 end
 srv6-te-policy locator as1
 segment-list list1
  index 5 sid ipv6 2001:DB8:200::222
  index 10 sid ipv6 2001:DB8:100::111
 srv6-te policy policy1 endpoint 2001:DB8:1::1 color 101
  binding-sid 2001:DB8:300::300
  candidate-path preference 100
   segment-list list1 
#               
isis 1          
 is-level level-1
 cost-style wide
 network-entity 10.0000.0000.0003.00
 #              
 ipv6 enable topology ipv6
 segment-routing ipv6 locator as1 auto-sid-disable
 #              
#               
interface GigabitEthernet0/1/0
 undo shutdown  
 ipv6 enable    
 ipv6 address 2001:DB8:20::2/96
 isis ipv6 enable 1
#               
interface GigabitEthernet0/1/8
 undo shutdown  
 ip binding vpn-instance vpna
 ip address 10.2.1.1 255.255.255.0
#               
interface LoopBack1
 ipv6 enable    
 ipv6 address 2001:DB8:3::3/64
 isis ipv6 enable 1
#               
bgp 100         
 router-id 2.2.2.2
 peer 2001:DB8:1::1 as-number 100
 peer 2001:DB8:1::1 connect-interface LoopBack1
 #              
 ipv4-family unicast
  undo synchronization
 #              
 ipv6-family unicast
  undo synchronization
 #              
 ipv4-family vpnv4
  policy vpn-target
  peer 2001:DB8:1::1 enable
  peer 2001:DB8:1::1 route-policy p1 import
  peer 2001:DB8:1::1 prefix-sid
 #              
 ipv4-family vpn-instance vpna
  import-route direct
  segment-routing ipv6 locator as1
  segment-routing ipv6 traffic-engineer best-effort
  peer 10.2.1.2 as-number 65420
#               
route-policy p1 permit node 10
 apply extcommunity color 0:101
#               
tunnel-policy p1
 tunnel select-seq ipv6 srv6-te-policy load-balance-number 1
#               
return

CE1 configuration file

#
sysname CE1
#
interface GigabitEthernet0/1/0
 undo shutdown  
 ip address 10.1.1.2 255.255.255.0
#               
interface LoopBack1
 ip address 11.11.11.11 255.255.255.255
#               
bgp 65410       
 peer 10.1.1.1 as-number 100
 #              
 ipv4-family unicast
  undo synchronization
  network 11.11.11.11 255.255.255.255
  peer 10.1.1.1 enable
#               
return

CE2 configuration file

#
sysname CE2
#
interface GigabitEthernet0/1/0
 undo shutdown
 ip address 10.2.1.2 255.255.255.0
#
interface LoopBack1
 ip address 22.22.22.22 255.255.255.255
#
bgp 65420
 peer 10.2.1.1 as-number 100
#
 ipv4-family unicast
  undo synchronization
  network 22.22.22.22 255.255.255.255
  peer 10.2.1.1 enable
#
return

NetStream Description
NetStream Configuration

Translation

Favorite

Download

Update Date：2022-11-28

Document ID：EDOC1100279009

Downloads：1095

Average rating：0.0Points

Digital Signature File

digtal sigature tool