Login
- Table of Contents
-
- 13-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-NTP configuration
- 04-SNMP configuration
- 05-RMON configuration
- 06-Event MIB configuration
- 07-NETCONF configuration
- 08-EAA configuration
- 09-Process monitoring and maintenance configuration
- 10-Sampler configuration
- 11-Mirroring configuration
- 12-NetStream configuration
- 13-IPv6 NetStream configuration
- 14-Information center configuration
- 15-Flow log configuration
- 16-GOLD configuration
- 17-Packet capture configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-IPv6 NetStream configuration | 204.60 KB |
IPv6 NetStream configuration task list
Configuring IPv6 NetStream filtering·
Configuring IPv6 NetStream sampling
Configuring attributes of the IPv6 NetStream data export
Configuring the IPv6 NetStream data export format
Configuring the refresh rate for IPv6 NetStream version 9 templates
Configuring MPLS-aware NetStream··
Configuring IPv6 NetStream flow aging·
Configuring the IPv6 NetStream data export
Configuring the IPv6 NetStream traditional data export
Configuring the IPv6 NetStream aggregation data export
Displaying and maintaining IPv6 NetStream
IPv6 NetStream configuration examples
IPv6 NetStream traditional data export configuration example
IPv6 NetStream aggregation data export configuration example
Configuring IPv6 NetStream
Overview
IPv6 NetStream is an accounting technology that provides statistics on a per-flow basis. An IPv6 flow is defined by the following 8-tuple elements:
· Destination IPv6 address.
· Source IPv6 address.
· Destination port number.
· Source port number.
· Protocol number.
· Traffic class.
· Flow label.
· Input or output interface.
IPv6 NetStream architecture
A typical IPv6 NetStream system includes the following elements:
· NetStream data exporter—A device configured with IPv6 NetStream. The NDE provides the following functions:
¡ Classifies traffic flows by using the 8-tuple elements.
¡ Collects data from the classified flows.
¡ Aggregates and exports the data to the NSC.
· NetStream collector—A program running in a Unix or Windows operating system. The NSC parses the packets received from the NDEs, and saves the data to its database.
· NetStream data analyzer—A network traffic analyzing tool. Based on the data in NSC, the NDA generates reports for traffic billing, network planning, and attack detection and monitoring. The NDA can collect data from multiple NSCs. Typically, the NDA features a Web-based system for easy operation.
NSC and NDA are typically integrated into a NetStream server.
H3C network devices act as NDEs in the IPv6 NetStream system. This document focuses on NDE configuration.
Figure 1 IPv6 NetStream system
Flow aging
IPv6 NetStream uses flow aging to enable the NDE to export IPv6 NetStream data to NetStream servers. IPv6 NetStream creates an IPv6 NetStream entry for each flow for storing the flow statistics in the cache.
When a flow is aged out, the NDE does the following operations:
· Exports the summarized data to NetStream servers in an IPv6 NetStream data export format.
· Clears IPv6 NetStream entry information in the cache.
For more information about flow aging types and configurations, see "Configuring IPv6 NetStream flow aging."
IPv6 NetStream data export
Traditional data export
IPv6 NetStream collects the statistics of each flow and exports the statistics to NetStream servers.
This method consumes a lot of bandwidth and CPU usage, and requires a large cache size. In addition, you do not need all of the data in most cases.
Aggregation data export
An IPv6 NetStream aggregation mode merges the flow statistics according to the aggregation criteria of the aggregation mode, and it sends the summarized data to NetStream servers. The IPv6 NetStream aggregation data export uses less bandwidth than the traditional data export.
Table 1 lists the available IPv6 NetStream aggregation modes. In each mode, the system merges multiple flows with the same values for all aggregation criteria into one aggregate flow. The system records the statistics for the aggregate flow. These aggregation modes work independently and can take effect concurrently.
Table 1 IPv6 NetStream aggregation modes
|
· Source AS number · Destination AS number · Input interface index · Output interface index |
|
|
· Protocol number · Source port · Destination port |
|
|
· Source AS number · Source mask · Source prefix (source network address) · Input interface index |
|
|
· Destination AS number · Destination mask · Destination prefix (destination network address) · Output interface index |
|
|
Source-prefix and destination-prefix aggregation |
· Source AS number · Source mask · Source prefix (source network address) · Input interface index · Destination AS number · Destination mask · Destination prefix (destination network address) · Output interface index |
|
BGP-nexthop |
· BGP next hop · Output interface index |
If IPv6 packets are not forwarded according to the BGP routing table, the AS number or BGP next hop cannot be obtained.
IPv6 NetStream data export format
IPv6 NetStream exports data in the version 9 format, which is template based.
The version 9 format supports exporting the IPv6 NetStream aggregation data and collecting statistics about BGP next hop and MPLS packets.
IPv6 NetStream filtering
IPv6 NetStream filtering uses an ACL to identify packets. Whether IPv6 NetStream collects data for identified packets depends on the action in the matching rule.
· IPv6 NetStream collects data for packets that match permit rules in the ACL.
· IPv6 NetStream does not collect data for packets that match deny rules in the ACL.
For more information about ACLs, see ACL and QoS Configuration Guide.
IPv6 NetStream sampling
IPv6 NetStream sampling collects statistics on fewer packets and is useful when the network has a large amount of traffic. IPv6 NetStream on sampled traffic lessens the impact on the device's performance. For more information about sampling, see "Configuring samplers."
Protocols and standards
RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information
IPv6 NetStream configuration task list
When you configure IPv6 NetStream, choose the following configurations as needed:
· Select the device on which you want to enable IPv6 NetStream.
· If multiple service flows are passing through the NDE, use an ACL to select the target data.
· If the network has a large amount of traffic, configure IPv6 NetStream sampling.
· Determine the export format for the IPv6 NetStream data export.
· Configure IPv6 NetStream flow aging.
To reduce the bandwidth consumption of the IPv6 NetStream data export, configure IPv6 NetStream aggregation.
Figure 2 IPv6 NetStream configuration flow
To configure IPv6 NetStream, perform the following tasks:
|
(Optional.) Configuring IPv6 NetStream filtering |
|
(Optional.) Configuring IPv6 NetStream sampling |
|
(Optional.) Configuring attributes of the IPv6 NetStream data export |
|
(Optional.) Configuring IPv6 NetStream flow aging |
|
(Required.) Perform at least one of the following tasks to configure the IPv6 NetStream data export: |
Enabling IPv6 NetStream
|
2. Enable IPv6 NetStream on the interface. |
By default, IPv6 NetStream is disabled on an interface. |
Configuring IPv6 NetStream filtering
When you configure IPv6 NetStream filtering, follow these restrictions and guidelines:
· The IPv6 NetStream filtering feature does not take effect on MPLS packets.
· If IPv6 NetStream filtering and sampling are both configured, IPv6 packets are filtered first, and then the permitted packets are sampled.
To configure IPv6 NetStream filtering:
|
3. Configure IPv6 NetStream filtering on the interface. |
ipv6 netstream { inbound | outbound } filter acl ipv6-acl-number |
By default, IPv6 NetStream filtering is disabled. IPv6 NetStream collects statistics of all IPv6 packets passing through the interface. |
Configuring IPv6 NetStream sampling
|
sampler sampler-name mode { fixed | random } packet-interval rate |
For more information about samplers, see "Configuring samplers." |
|
|
4. Configure IPv6 NetStream sampling. |
By default, IPv6 NetStream sampling is disabled. |
Configuring attributes of the IPv6 NetStream data export
Configuring the IPv6 NetStream data export format
An IPv6 NetStream entry for a flow records the source IPv6 address, destination IPv6 address, and their respective AS numbers. The origin-as and peer-as keywords in the ipv6 netstream export version 9 command specify the AS numbers to be exported.
· origin-as—Specifies the source AS of the source address and the destination AS of the destination address.
· peer-as—Specifies the ASs before and after the AS where the NetStream device resides as the source AS and the destination AS, respectively.
For example, as shown in Figure 3, a flow starts at AS 20, passes AS 21 through AS 23, and then reaches AS 24. IPv6 NetStream is enabled on the device in AS 22.
· The origin-as keyword defines AS 20 as the source AS and AS 24 as the destination AS.
· The peer-as keyword defines AS 21 as the source AS and AS 23 as the destination AS.
Figure 3 Recorded AS information varies by different keyword configurations
To configure the IPv6 NetStream data export format:
|
2. Configure the IPv6 NetStream data export format, and specify whether to record AS and BGP next hop information. |
ipv6 netstream export version 9 { origin-as | peer-as } [ bgp-nexthop ] |
By default: · The version 9 format is used to export IPv6 NetStream traditional data, IPv6 NetStream aggregation data, and MPLS flow data with IPv6 fields. · The peer AS numbers are recorded. · The BGP next hop is not recorded. |
Configuring the refresh rate for IPv6 NetStream version 9 templates
Version 9 is template-based and supports user-defined formats. An IPv6 NetStream device must send the updated template to NetStream servers regularly, because the servers do not permanently save templates.
For an IPv6 NetStream server to use correct version 9 templates, configure the refresh frequency or refresh interval for version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
To configure the refresh rate for IPv6 NetStream version 9 templates:
|
2. Configure the refresh rate for IPv6 NetStream version 9 templates. |
· Refresh frequency: · Refresh interval: |
By default, the version 9 templates are sent: · Every 20 packets. |
Configuring MPLS-aware NetStream
An MPLS flow is identified by the same labels in the same position and the same 8-tuple elements. MPLS-aware NetStream collects and exports statistics on a maximum of three labels in the label stack, with or without IP fields.
To configure MPLS-aware IPv6 NetStream:
|
2. Collect and export statistics on MPLS packets. |
By default, statistics of MPLS packets are not collected or exported. For more information about the ip netstream mpls command, see Network Management and Monitoring Command Reference. |
Configuring IPv6 NetStream flow aging
Flow aging methods
Periodical aging
Periodical aging has the following methods:
· Inactive flow aging—A flow is inactive if no packet arrives for the IPv6 NetStream entry within the period specified by using the ipv6 netstream timeout inactive command. When the inactive flow aging timer expires, the following events occur:
¡ The inactive flow entry is aged out.
¡ The statistics of the flow are sent to NetStream servers and are cleared in the cache. The statistics can no longer be displayed by using the display ipv6 netstream cache command.
When you use the inactive flow aging method, the cache is large enough for new flow entries.
· Active flow aging—A flow is active if packets arrive for the IPv6 NetStream entry within the period specified by using the ipv6 netstream timeout active command. When the active flow aging timer expires, the statistics of the active flow are exported to NetStream servers. The device continues to collect its statistics, which can be displayed by using the display ipv6 netstream cache command. The active flow aging method periodically exports the statistics of active flows to NetStream servers.
Forced aging
To implement forced aging, use one of the following commands:
· Use the reset ipv6 netstream statistics command. This command ages out all IPv6 NetStream entries, and exports and clears the statistics.
· Use the ipv6 netstream max-entry command. This command provides the following processing options when the upper limit is reached:
¡ Age out the oldest entries.
¡ Disable creation of a new entry in the cache.
Configuration procedure
To configure IPv6 NetStream flow aging:
|
· Set the active flow aging timer: · Set the inactive flow aging timer: |
By default: · The active flow aging timer is 30 minutes. · The inactive flow aging timer is 30 seconds. |
|
|
· Manually age out IPv6 NetStream entries: a. Exit to user view: b. Age out IPv6 NetStream entries: |
Configuring the IPv6 NetStream data export
Configuring the IPv6 NetStream traditional data export
|
2. Specify a destination host for IPv6 NetStream traditional data export. |
By default, no destination host is specified. |
|
|
3. (Optional.) Specify the source interface for IPv6 NetStream data packets sent to the NetStream servers. |
ipv6 netstream export source interface interface-type interface-number |
By default, no source interface is specified for IPv6 NetStream data packets. The packets take the primary IPv6 address of the output interface as the source IPv6 address. As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface. |
|
4. (Optional.) Limit the IPv6 NetStream data export rate. |
Configuring the IPv6 NetStream aggregation data export
Configuration restrictions and guidelines
Configurations in IPv6 NetStream aggregation mode view apply only to the IPv6 NetStream aggregation data export. Configurations in system view apply to the IPv6 NetStream traditional data export. When no configuration in IPv6 NetStream aggregation mode view is provided, the configurations in system view apply to the IPv6 NetStream aggregation data export.
Configuration procedure
To configure the IPv6 NetStream aggregation data export:
|
2. Specify an IPv6 NetStream aggregation mode and enter its view. |
ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix } |
By default, no IPv6 NetStream aggregation mode is configured. |
|
3. Specify a destination host for IPv6 NetStream aggregation data export. |
By default, no destination host is specified. If you expect only IPv6 NetStream aggregation data, specify the destination host only in the related IPv6 NetStream aggregation mode view. |
|
|
4. (Optional.) Specify the source interface for IPv6 NetStream data packets sent to the NetStream servers. |
ipv6 netstream export source interface interface-type interface-number |
By default, no source interface is specified for IPv6 NetStream data packets. The packets take the primary IPv6 address of the output interface as the source IPv6 address. You can configure different source interfaces in different IPv6 NetStream aggregation mode views. If no source interface is configured in IPv6 NetStream aggregation mode view, the source interface configured in system view applies. |
|
5. Enable the IPv6 NetStream aggregation mode. |
By default, the IPv6 NetStream aggregation is disabled. |
Displaying and maintaining IPv6 NetStream
Execute display commands in any view and reset commands in user view.
|
Display IPv6 NetStream entry information (in standalone mode). |
display ipv6 netstream cache [ slot slot-number ] [ verbose ] |
|
Display IPv6 NetStream entry information (in IRF mode). |
display ipv6 netstream cache [ chassis chassis-number slot slot-number ] [ verbose ] |
|
Display information about the IPv6 NetStream data export. |
|
|
Display IPv6 NetStream template information (in standalone mode). |
|
|
Display IPv6 NetStream template information (in IRF mode). |
display ipv6 netstream template [ chassis chassis-number slot slot-number ] |
|
Age out, export all IPv6 NetStream data, and clear the cache. |
IPv6 NetStream configuration examples
IPv6 NetStream traditional data export configuration example
Network requirements
As shown in Figure 4, configure IPv6 NetStream on the router to collect statistics on packets passing through the router.
· Enable IPv6 NetStream for incoming and outgoing traffic on GigabitEthernet 2/1/1.
· Configure the router to export the IPv6 NetStream traditional data to UDP port 5000 of the NetStream server.
Configuration procedure
# Assign an IP address to each interface, as shown in Figure 4. (Details not shown.)
# Enable IPv6 NetStream for incoming and outgoing traffic on GigabitEthernet 2/1/1.
[RouterA] interface gigabitethernet 2/1/1
[RouterA-GigabitEthernet2/1/1] ipv6 netstream inbound
[RouterA-GigabitEthernet2/1/1] ipv6 netstream outbound
[RouterA-GigabitEthernet2/1/1] quit
[RouterA] ipv6 netstream export host 40::1 5000
Verifying the configuration
# Display information about IPv6 NetStream entries.
<RouterA> display ipv6 netstream cache
IPv6 NetStream cache information:
Active flow timeout : 60 min
Inactive flow timeout : 10 sec
Max number of entries : 1000
IPv6 active flow entries : 2
MPLS active flow entries : 0
IPL2 active flow entries : 0
IPv6 flow entries counted : 10
MPLS flow entries counted : 0
IPL2 flow entries counted : 0
Last statistics resetting time : 01/01/2000 at 00:01:02
IPv6 packet size distribution (1103746 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK)Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2001::1(1024) 2002::1(21) 6 0 0x0 0x0 GE2/1/1(I) 42996
IP 2002::1(21) 2001::1(1024) 6 0 0x0 0x0 GE2/1/1(O) 42996
# Display information about the IPv6 NetStream data export.
[RouterA] display ipv6 netstream export
IPv6 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (5000)
Version 9 exported flow number : 10
Version 9 exported UDP datagrams number (failed): 10 (0)
IPv6 NetStream aggregation data export configuration example
Network requirements
As shown in Figure 5, all routers in the network are running IPv6 EBGP. Configure IPv6 NetStream on the router to meet the following requirements:
· Export the IPv6 NetStream traditional data to port 5000 of the NetStream server.
· Perform the IPv6 NetStream aggregation in the modes of AS, protocol-port, source-prefix, destination-prefix, and prefix.
· Export the aggregation data of different modes to the UDP ports 2000, 3000, 4000, 6000, and 7000.
Configuration procedure
# Assign an IP address to each interface, as shown in Figure 5. (Details not shown.)
# Enable IPv6 NetStream for incoming and outgoing traffic on GigabitEthernet 2/1/1.
[RouterA] interface gigabitEthernet 2/1/1
[RouterA-GigabitEthernet2/1/1] ipv6 netstream inbound
[RouterA-GigabitEthernet2/1/1] ipv6 netstream outbound
[RouterA-GigabitEthernet2/1/1] quit
[RouterA] ipv6 netstream export host 40::1 5000
# Set the aggregation mode to AS, and specify the destination host for the aggregation data export.
[RouterA] ipv6 netstream aggregation as
[RouterA-ns6-aggregation-as] enable
[RouterA-ns6-aggregation-as] ipv6 netstream export host 40::1 2000
[RouterA-ns6-aggregation-as] quit
# Set the aggregation mode to protocol-port, and specify the destination host for the aggregation data export.
[RouterA] ipv6 netstream aggregation protocol-port
[RouterA-ns6-aggregation-protport] enable
[RouterA-ns6-aggregation-protport] ipv6 netstream export host 40::1 3000
[RouterA-ns6-aggregation-protport] quit
# Set the aggregation mode to source-prefix, and specify the destination host for the aggregation data export.
[RouterA] ipv6 netstream aggregation source-prefix
[RouterA-ns6-aggregation-srcpre] enable
[RouterA-ns6-aggregation-srcpre] ipv6 netstream export host 40::1 4000
[RouterA-ns6-aggregation-srcpre] quit
# Set the aggregation mode to destination-prefix, and specify the destination host for the aggregation data export.
[RouterA] ipv6 netstream aggregation destination-prefix
[RouterA-ns6-aggregation-dstpre] enable
[RouterA-ns6-aggregation-dstpre] ipv6 netstream export host 40::1 6000
[RouterA-ns6-aggregation-dstpre] quit
# Set the aggregation mode to prefix, and specify the destination host for the aggregation data export.
[RouterA] ipv6 netstream aggregation prefix
[RouterA-ns6-aggregation-prefix] enable
[RouterA-ns6-aggregation-prefix] ipv6 netstream export host 40::1 7000
[RouterA-ns6-aggregation-prefix] quit
Verifying the configuration
# Display information about the IPv6 NetStream data export.
[RouterA] display ipv6 netstream export
as aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (2000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0(0)
protocol-port aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (3000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
source-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (4000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
destination-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (6000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (7000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
IPv6 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
