Login
- Table of Contents
-
- 14-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-NTP configuration
- 04-PTP configuration
- 05-Network synchronization configuration
- 06-SNMP configuration
- 07-RMON configuration
- 08-NETCONF configuration
- 09-CWMP configuration
- 10-EAA configuration
- 11-Process monitoring and maintenance configuration
- 12-Sampler configuration
- 13-Mirroring configuration
- 14-NetStream configuration
- 15-IPv6 NetStream configuration
- 16-Fast log output configuration
- 17-Flow log configuration
- 18-Information center configuration
- 19-GOLD configuration
- 20-Packet capture configuration
- 21-Flow monitor configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-NetStream configuration | 178.57 KB |
Restrictions and guidelines: Hardware compatibility with NetStream
Configuring NetStream flow mirroring
Enabling NetStream on an interface
Configuring NetStream sampling
Configuring the NetStream data export format
Configuring the refresh rate for NetStream version 9 or version 10 template
Configuring MPLS-aware NetStream··
Configuring NetStream flow aging
Configuring periodical flow aging
Enabling TCP FIN- and RST-triggered flow aging
Configuring the NetStream data export
Configuring the NetStream traditional data export
Configuring the NetStream aggregation data export
Enabling archiving of cached NetStream entries
Display and maintenance commands for NetStream
NetStream configuration examples
General restrictions and guidelines
Example: Configuring NetStream traditional data export (NetStream flow mirroring)
Example: Configuring NetStream traditional data export (NetStream port mirroring)
Example: Configuring NetStream aggregation data export (NetStream flow mirroring)
Example: Configuring NetStream aggregation data export (NetStream port mirroring)
Configuring NetStream
About NetStream
NetStream is an accounting technology that provides statistics on a per-flow basis. An IPv4 flow is defined by the following 7-tuple elements:
· Destination IP address.
· Source IP address.
· Destination port number.
· Source port number.
· Protocol number.
· ToS.
· Inbound or outbound interface.
NetStream architecture
A typical NetStream system includes the following elements:
· NetStream data exporter—A device configured with NetStream. The NDE provides the following functions:
¡ Classifies traffic flows by using the 7-tuple elements.
¡ Collects data from the classified flows.
¡ Aggregates and exports the data to the NSC.
· NetStream collector—A program running on an operating system. The NSC parses the packets received from the NDEs, and saves the data to its database.
· NetStream data analyzer—A network traffic analyzing tool. Based on the data in NSC, the NDA generates reports for traffic billing, network planning, and attack detection and monitoring. The NDA can collect data from multiple NSCs. Typically, the NDA features a Web-based system for easy operation.
NSC and NDA are typically integrated into a NetStream server.
Figure 1 NetStream system
NetStream flow aging
NetStream uses flow aging to enable the NDE to export NetStream data to NetStream servers. NetStream creates a NetStream entry for each flow for storing the flow statistics in the cache.
When a flow is aged out, the NDE performs the following operations:
· Exports the summarized data to NetStream servers in a specific format.
· Clears NetStream entry information in the cache.
NetStream supports the following flow aging methods:
· Periodical aging.
· Forced aging.
· TCP FIN- and RST-triggered aging.
Periodical aging
Periodical aging uses the following methods:
· Inactive flow aging—A flow is inactive if no packet arrives for the NetStream entry within the inactive flow aging timer. When the timer expires, the following events occur:
¡ The inactive flow entry is aged out.
¡ The statistics of the flow are sent to NetStream servers and are cleared in the cache. The statistics can no longer be displayed by using the display ip netstream cache command.
This method ensures that inactive flow entries are cleared from the cache in a timely manner so new entries can be cached.
· Active flow aging—A flow is active if packets arrive for the NetStream entry within the active flow aging timer. When the timer expires, the statistics of the active flow are exported to NetStream servers. The device continues to collect active flow statistics.
This method periodically exports the statistics of active flows to NetStream servers.
Forced aging
To implement forced aging, use one of the following methods:
· Clear the NetStream cache immediately. All entries in the cache are aged out and exported to NetStream servers.
· Specify the upper limit for cached entries and configure the system to take either of the following actions when the limit is reached:
¡ Age out the oldest entries.
¡ Disable creation of a new entry in the cache.
TCP FIN- and RST-triggered aging
TCP FIN- and RST-triggered aging is automatically performed when a TCP connection is terminated.
A TCP connection is terminated when a packet with a FIN or RST flag is received.
When a packet with a FIN or RST flag is recorded for a flow with an existing NetStream entry, the entry is immediately aged out, exported, and cleared. However, when the first packet of a flow has a FIN or RST flag, a new NetStream entry is created instead of being aged out.
NetStream data export
Traditional data export
Traditional NetStream collects the statistics of each flow and exports the statistics to NetStream servers.
This method consumes more bandwidth and CPU than the aggregation method, and it requires a large cache size.
Aggregation data export
NetStream aggregation merges the flow statistics according to the aggregation criteria of an aggregation mode, and it sends the summarized data to NetStream servers. The NetStream aggregation data export uses less bandwidth than the traditional data export.
Table 1 lists the available aggregation modes. In each mode, the system merges statistics for multiple flows into statistics for one aggregate flow if each aggregation criterion is of the same value. The system records the statistics for the aggregate flow. These aggregation modes work independently and can take effect concurrently.
For example, when the aggregation mode configured on the NDE is protocol-port, NetStream aggregates the statistics of flow entries by protocol number, source port, and destination port. Four NetStream entries record four TCP flows with the same destination address, source port, and destination port, but with different source addresses. In the aggregation mode, only one NetStream aggregation entry is created and sent to NetStream servers.
Table 1 NetStream aggregation modes
|
Aggregation mode |
Aggregation criteria |
|
AS aggregation |
· Source AS number · Destination AS number · Inbound interface index · Outbound interface index |
|
BGP community |
· Inbound interface index · Outbound interface index · BGP community attribute |
|
Protocol-port aggregation |
· Protocol number · Source port · Destination port |
|
Source-prefix aggregation |
· Source AS number · Source address mask length · Source prefix (source network address) · Inbound interface index |
|
Destination-prefix aggregation |
· Destination AS number · Destination address mask length · Destination prefix (destination network address) · Outbound interface index |
|
Prefix aggregation |
· Source AS number · Destination AS number · Source address mask length · Destination address mask length · Source prefix · Destination prefix · Inbound interface index · Outbound interface index |
|
Prefix-port aggregation |
· Source prefix · Destination prefix · Source address mask length · Destination address mask length · ToS · Protocol number · Source port · Destination port · Inbound interface index · Outbound interface index |
|
ToS-AS aggregation |
· ToS · Source AS number · Destination AS number · Inbound interface index · Outbound interface index |
|
ToS-source-prefix aggregation |
· ToS · Source AS number · Source prefix · Source address mask length · Inbound interface index |
|
ToS-destination-prefix aggregation |
· ToS · Destination AS number · Destination address mask length · Destination prefix · Outbound interface index |
|
ToS-prefix aggregation |
· ToS · Source AS number · Source prefix · Source address mask length · Destination AS number · Destination address mask length · Destination prefix · Inbound interface index · Outbound interface index |
|
ToS-protocol-port aggregation |
· ToS · Protocol type · Source port · Destination port · Inbound interface index · Outbound interface index |
|
ToS-BGP-nexthop |
· ToS · BGP next hop · Outbound interface index |
If packets are not forwarded according to the BGP routing table, the AS number or BGP next hop cannot be obtained.
NetStream export formats
NetStream exports data in UDP datagrams in one of the following formats:
· Version 5—Exports original statistics collected based on the 7-tuple elements and does not support the NetStream aggregation data export. The packet format is fixed and cannot be extended.
· Version 8—Supports the NetStream aggregation data export. The packet format is fixed and cannot be extended.
· Version 9—Based on a template that can be configured according to the template formats defined in RFCs. Version 9 supports exporting the NetStream aggregation data and collecting statistics about BGP next hop and MPLS packets.
· Version 10—Similar to version 9. The difference between version 9 and version 10 is that version 10 export format is compliant with the IPFIX standard.
NetStream mirroring
NetStream mirroring copies packets that pass through the device to a NetStream module for collecting traffic statistics. The forwarding performance of the device is not affected.
NetStream flow mirroring copies the packets that meet specific QoS match criteria to a NetStream module.
NetStream port mirroring copies the packets passing through an interface to a NetStream module.
NetStream sampling
NetStream sampling collects statistics on fewer packets and is useful when the network has a large amount of traffic. NetStream on sampled traffic lessens the impact on the device's performance. For more information about sampling, see "Configuring samplers."
Protocols and standards
RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information
Restrictions and guidelines: Hardware compatibility with NetStream
To configure NetStream flow mirroring, follow the rules:
· The device supports inbound, outbound, and sampled NetStream flow mirroring for interfaces on SPEX cards, CSPC-GE24L-E cards, CSPC-GP24GE8XP2L-E cards, CSPC-GE16XP4L-E cards, CSPEX cards, and CEPC cards.
For NetStream sampling to operate correctly for NetStream flow mirroring on a device, the samplers used by NetStream flow mirroring must use the same sampling rate calculation method.
· The device supports inbound NetStream flow mirroring but does not support outbound or sampled NetStream flow mirroring for interfaces on SPC cards and MPE-1104 cards.
· To mirror inbound or outbound traffic on SPEX cards, CSPC-GE24L-E cards, CSPC-GP24GE8XP2L-E cards, CSPC-GE16XP4L-E cards, CSPEX cards, and CEPC cards to a card, you must specify the sampler keyword in the mirror-to command.
· NetStream cannot collect statistics of traffic on a subinterface of a Layer 3 aggregate interface that contains member ports on SPC cards and MPE-1104 cards.
· NetStream collects statistics of traffic on a subinterface of a Layer 2 aggregate interface that contains member ports on SPC cards and MPE-1104 cards.
¡ If NetStream flow mirroring is enabled both on the inbound and oubound directions, NetStream only collects statistics of inbound traffic.
¡ If only outbound NetStream flow mirroring is enabled, NetStream collects statistics of outbound traffic.
· NetStream flow mirroring supports mirroring traffic only to the current interface module.
To configure NetStream port mirroring, follow the rules:
· The device supports NetStream port mirroring only for Layer 2 and Layer 3 Ethernet interfaces on CSPEX cards (except for CSPEX-1104-E cards) and CEPC cards.
For NetStream sampling to operate correctly for NetStream port mirroring on a device, the samplers used by NetStream port mirroring must use the same sampling rate calculation method.
· If you configure NetStream sampling for both NetStream flow mirroring and NetStream port mirroring on an interface, only the sampling for NetStream port mirroring takes effect.
· If a QoS policy with a redirect-to-CPU action is applied to the outbound direction of an interface, the NetStream sampling does not take effect on packets matching the QoS action.
NetStream tasks at a glance
NetStream tasks at a glance
To configure NetStream, perform the following tasks:
1. Enabling NetStream globally
2. Configuring NetStream flow mirroring
3. (Optional.) Configuring the NetStream data export format
4. (Optional.) Configuring the refresh rate for NetStream version 9 or version 10 template
5. (Optional.) Configuring MPLS-aware NetStream
6. (Optional.) Configuring NetStream flow aging
¡ Configuring periodical flow aging
¡ Configuring forced flow aging
¡ Enabling TCP FIN- and RST-triggered flow aging
7. Configuring the NetStream data export
a. Configuring the NetStream traditional data export
b. (Optional.) Configuring the NetStream aggregation data export
8. Enabling archiving of cached NetStream entries
NetStream tasks at a glance
To configure NetStream, perform the following tasks:
1. Enabling NetStream on an interface
2. (Optional.) Configuring NetStream sampling
3. (Optional.) Configuring the NetStream data export format
4. (Optional.) Configuring the refresh rate for NetStream version 9 or version 10 template
5. (Optional.) Configuring MPLS-aware NetStream
6. (Optional.) Configuring NetStream flow aging
¡ Configuring periodical flow aging
¡ Configuring forced flow aging
¡ Enabling TCP FIN- and RST-triggered flow aging
7. Configuring the NetStream data export
a. Configuring the NetStream traditional data export
b. (Optional.) Configuring the NetStream aggregation data export
8. Enabling archiving of cached NetStream entries
Enabling NetStream globally
1. Enter system view.
system-view
2. Enable NetStream globally.
ip netstream
By default, NetStream is disabled globally.
Configuring NetStream flow mirroring
1. Enter system view.
system-view
2. Create a traffic class and enter traffic class view.
traffic classifier classifier-name [ operator { and | or } ]
3. Define a match criterion.
if-match [ not ] match-criteria
For more information about this command, see the QoS commands in ACL and QoS Command Reference.
4. Return to system view.
quit
5. Create a traffic behavior and enter traffic behavior view.
traffic behavior behavior-name
6. Configure a mirroring action for the traffic behavior.
Choose the options to configure as needed:
¡ Mirror traffic to a slot.
In standalone mode:
mirror-to slot slot-number [ sampler sampler-name ]
In IRF mode:
mirror-to chassis chassis-number slot slot-number [ sampler sampler-name ]
By default, no mirroring actions are configured to mirror traffic to a slot.
For more information about these commands, see the mirroring commands in Network Management and Monitoring Command Reference.
¡ Mirror traffic to the slot where the traffic was received or sent out.
mirror-to local [ sampler sampler-name ]
By default, no mirroring actions are configured to mirror traffic to the slot where the traffic was received or sent out.
For more information about the mirror-to local command, see the mirroring commands in Network Management and Monitoring Command Reference.
7. Return to system view.
quit
8. Create a QoS policy and enter QoS policy view
qos policy policy-name
9. Associate the traffic behavior with the traffic class in the QoS policy.
classifier classifier-name behavior behavior-name [ qppb-manipulation | insert-before before-classifier-name ] *
10. Apply the QoS policy.
For information about applying a QoS policy, see the QoS configuration in ACL and QoS Configuration Guide.
Enabling NetStream on an interface
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Enable NetStream on the interface.
ip netstream [ inbound | outbound ]
By default, NetStream is disabled on an interface.
Configuring NetStream sampling
Procedure
1. Enter system view.
system-view
2. Create a sampler.
sampler sampler-name mode { fixed | random } packet-interval [ n-power ] rate
For more information about a sampler, see "Configuring samplers."
3. Enter interface view.
interface interface-type interface-number
4. Enable NetStream sampling.
ip netstream [ inbound | outbound ] sampler sampler-name
By default, NetStream sampling is disabled.
Configuring the NetStream data export format
About NetStream data export
When you configure the NetStream data export format, you can also specify the following settings:
· Whether or not to export the BGP next hop information.
Only version 9 and version 10 formats support exporting the BGP next hop information.
· How to export the autonomous system (AS) information: origin-as or peer-as.
¡ origin-as—Records the original AS numbers for the flow source and destination.
¡ peer-as—Records the peer AS numbers for the flow source and destination.
For example, as shown in Figure 2, a flow starts at AS 20, passes AS 21 through AS 23, and then reaches AS 24. NetStream is enabled on the device in AS 22.
· Specify the origin-as keyword to export AS 20 as the source AS and AS 24 as the destination AS.
· Specify the peer-as keyword to export AS 21 as the source AS and AS 23 as the destination AS.
Figure 2 Recorded AS information varies by different keyword configurations
Procedure
1. Enter system view.
system-view
2. Configure the NetStream data export format, and configure the AS and BGP next hop export attributes.
Choose one option as needed:
¡ Set NetStream data export format to version 5 and configure the AS export attribute.
ip netstream export version 5 { origin-as | peer-as }
¡ Set NetStream data export format to version 9 or version 10 and configure the AS and BGP export attributes.
ip netstream export version { 9 | 10 } { origin-as | peer-as } [ bgp-nexthop ]
By default:
¡ NetStream data export uses the version 9 format.
¡ The peer AS numbers for the flow source and destination are exported.
¡ The BGP next hop information is not exported.
Configuring the refresh rate for NetStream version 9 or version 10 template
About NetStream template refresh rate
Version 9 and version 10 are template-based and support user-defined formats. A NetStream device must send the template to NetStream servers regularly, because the servers do not permanently save templates.
For a NetStream server to use the correct version 9 or version 10 template, configure the time-based or packet count-based refresh rate. If both settings are configured, the template is sent when either of the conditions is met.
Procedure
1. Enter system view.
system-view
2. Configure the refresh rate for the NetStream version 9 or version 10 template.
ip netstream export template refresh-rate { packet packets | time minutes }
By default, the packet count-based refresh rate is 20 packets, and the time-based refresh interval is 30 minutes.
Configuring MPLS-aware NetStream
About MPLS-aware NetStream
An MPLS flow is identified by the same labels in the same position and the same 7-tuple elements. MPLS-aware NetStream collects statistics on a maximum of three labels in the label stack, with or without IP fields.
Restrictions and guidelines
NetStream cannot collect statistics of outbound traffic on SPC cards and MPE-1104 cards.
Procedure
1. Enter system view.
system-view
2. Collect statistics on MPLS packets.
ip netstream mpls [ label-positions label-position1 [ label-position2 [ label-position3 ] ] ] [ no-ip-fields ]
By default, statistics about MPLS packets are not collected.
Configuring NetStream flow aging
Configuring periodical flow aging
1. Enter system view.
system-view
2. Set the aging timer for active flows.
ip netstream timeout active minutes
By default, the aging timer for active flows is 30 minutes.
3. Set the aging timer for inactive flows.
ip netstream timeout inactive seconds
By default, the aging timer for inactive flows is 30 seconds.
Configuring forced flow aging
1. Enter system view.
system-view
2. Specify the processing method when the upper limit of cached NetStream entries is reached.
ip netstream max-entry { aging | disable-caching }
By default, the system ages out the oldest entries when the upper limit of cached NetStream entries is reached.
3. Return to user view.
quit
4. Clear the cache, including the cached NetStream entries and the related statistics.
reset ip netstream statistics
Enabling TCP FIN- and RST-triggered flow aging
1. Enter system view.
system-view
2. Enable TCP FIN- and RST-triggered aging.
ip netstream aging
By default, TCP FIN- and RST-triggered flow aging are enabled.
Configuring the NetStream data export
Configuring the NetStream traditional data export
1. Enter system view.
system-view
2. Specify a destination host for NetStream traditional data export.
In standalone mode:
ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ] [ slot slot-number ]
In IRF mode:
ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number ]
By default, no destination host is specified.
3. (Optional.) Specify the source interface for NetStream data packets sent to NetStream servers.
ip netstream export source interface interface-type interface-number
By default, NetStream data packets take the IP address of their output interface (interface that is connected to the NetStream device) as the source IP address.
As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface.
4. (Optional.) Limit the data export rate.
ip netstream export rate rate
By default, the data export rate is not limited.
Configuring the NetStream aggregation data export
About NetStream aggregation data export
NetStream aggregation merges the flow statistics according to the aggregation mode criteria, and stores the data in the cache. When an aggregation entry is aged out, the data is exported. For each NetStream aggregation mode, you can specify different NetStream servers for NetStream aggregation data export.
NetStream aggregation data export requires less bandwidth for exporting NetStream packets to NetStream servers.
Restrictions and guidelines
Configurations in NetStream aggregation mode view apply only to the NetStream aggregation data export, and those in system view apply to the NetStream traditional data export. If configurations in NetStream aggregation mode view are not provided, the configurations in system view apply to the NetStream aggregation data export.
If the version 5 format is configured to export NetStream data, NetStream aggregation data export uses the version 8 format.
Procedure
1. Enter system view.
system-view
By default, NetStream hardware aggregation is disabled.
2. Specify a NetStream aggregation mode and enter its view.
ip netstream aggregation { as | bgp-community | destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-as | tos-bgp-nexthop | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix }
By default, no NetStream aggregation mode is configured.
3. Enable the NetStream aggregation mode.
enable
By default, all NetStream aggregation modes are disabled.
4. Specify a destination host for NetStream aggregation data export.
ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ]
By default, no destination host is specified.
If you expect only NetStream aggregation data, specify the destination host only in the related NetStream aggregation mode view.
5. (Optional.) Specify the source interface for NetStream data packets sent to NetStream servers.
ip netstream export source interface interface-type interface-number
By default, no source interface is specified for NetStream data packets. The packets take the IP address of the output interface as the source IP address.
Source interfaces in different NetStream aggregation mode views can be different.
If no source interface is configured in NetStream aggregation mode view, the source interface configured in system view applies.
Enabling archiving of cached NetStream entries
About archiving of cached NetStream entries
By default, archiving of cached NetStream entries is disabled. NetStream entries are cleared from the cache after they are exported to NetStream servers. You cannot view the exported NetStream entry information.
This feature archives the cached NetStream entries in binary format to a local file named netstream.log when the entries are exported to NetStream servers. You can view the archived NetStream entries by using the display ip netstream cache archive command.
If not enough storage space is available for archiving a new NetStream entry, the system will overwrite the earliest entry with the new entry.
Procedure
1. Enter system view.
system-view
2. Enable archiving of cached NetStream entries.
ip netstream cache archive enable
By default, archiving of cached NetStream entries is disabled.
Display and maintenance commands for NetStream
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display NetStream entry information. |
In standalone mode: display ip netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ slot slot-number ] ] In IRF mode: display ip netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ chassis chassis-number slot slot-number ] |
|
Display the locally archived NetStream entries. |
In standalone mode: display ip netstream cache archive [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ slot slot-number ] In IRF mode: display ip netstream cache archive [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ chassis chassis-number slot slot-number ] |
|
Display information about the NetStream data export. |
In standalone mode: display ip netstream export [ slot slot-number ] In IRF mode: display ip netstream export [ chassis chassis-number slot slot-number ] |
|
Display NetStream template information. |
In standalone mode: display ip netstream template [ slot slot-number ] In IRF mode: display ip netstream template [ chassis chassis-number slot slot-number ] |
|
Age out and export all NetStream data, and clear the cache. |
reset ip netstream statistics |
NetStream configuration examples
General restrictions and guidelines
To use interfaces on the cards, follow the restrictions and guidelines described in "Restrictions and guidelines: Hardware compatibility with NetStream."
Example: Configuring NetStream traditional data export (NetStream flow mirroring)
Network configuration
As shown in Figure 3, configure NetStream on Router A to meet the following requirements:
· Collect incoming traffic statistics on GigabitEthernet 3/1/1.
· Export NetStream traditional data to UDP port 5000 of the NetStream server.
Procedure
# Assign an IP address to each interface, as shown in Figure 3. (Details not shown.)
# Configure sampler samp1 in fixed sampling mode, and set the sampling rate to 8.
<RouterA> system-view
[RouterA] sampler samp1 mode fixed packet-interval n-power 8
[RouterA] ip netstream
# Configure a QoS policy to mirror all IPv4 traffic to slot 3 by using the sampler samp1.
[RouterA] acl advanced 3000
[RouterA-acl-ipv4-adv-3000] rule 0 permit ip
[RouterA-acl-ipv4-adv-3000] quit
[RouterA] traffic classifier ns_ipv4
[RouterA-classifier-ns_ipv4] if-match acl 3000
[RouterA-classifier-ns_ipv4] quit
[RouterA] traffic behavior ns_ipv4
[RouterA-behavior-ns_ipv4] mirror-to slot 3 sampler samp1
[RouterA-behavior-ns_ipv4] quit
[RouterA] qos policy ns_ipv4
[RouterA-qospolicy-ns_ipv4] classifier ns_ipv4 behavior ns_ipv4
[RouterA-qospolicy-ns_ipv4] quit
# Apply the QoS policy to the inbound direction of GigabitEthernet 3/1/1.
[RouterA] interface GigabitEthernet 3/1/1
[RouterA-GigabitEthernet3/1/1] qos apply policy ns_ipv4 inbound
[RouterA-GigabitEthernet3/1/1] quit
# Specify 12.110.2.2 as the IP address of the destination host and UDP port 5000 as the export destination port number.
[RouterA] ip netstream export host 12.110.2.2 5000
Verifying the configuration
# Display NetStream entry information.
[RouterA] display ip netstream cache
IP NetStream cache information:
Active flow timeout : 30 min
Inactive flow timeout : 30 sec
Max number of entries : 1331200
IP active flow entries : 1
MPLS active flow entries : 0
L2 active flow entries : 0
IPL2 active flow entries : 0
IP flow entries counted : 4
MPLS flow entries counted : 0
L2 flow entries counted : 0
IPL2 flow entries counted : 0
Last statistics resetting time : Never
IP packet size distribution (87 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .505 .482 .000 .000 .000 .000 .011 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
------------------------------------------------------------------------------
UDP-other 1 0 0 1 0 30
ICMP 1 0 0 8 32 30
UDP-NetBios 1 0 0 42 60 30
TCP-Telnet 1 0 0 24 18 10
Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
------------------------------------------------------------------------------
IP 10.1.1.1(2048) 100.1.1.2(0) 1 0 N/A GE3/1/1(I) 12
# Display information about the NetStream data export.
[RouterA] display ip netstream export
IP export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 12.110.2.2 (5000)
Version 5 exported flow number : 0
Version 5 exported UDP datagram number (failed): 0 (0)
Version 9 exported flow number : 4
Version 9 exported UDP datagram number (failed): 4 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPL2 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 12.110.2.2 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
Example: Configuring NetStream traditional data export (NetStream port mirroring)
Network configuration
As shown in Figure 4, configure NetStream on Router A to meet the following requirements:
· Enable NetStream for incoming traffic on GigabitEthernet 3/1/1.
· Configure the router to export NetStream traditional data to UDP port 5000 of the NetStream server.
· Configure fixed sampling in the inbound direction of GigabitEthernet 3/1/1 and set the sampling rate to 8.
Procedure
# Assign an IP address to each interface, as shown in Figure 4. (Details not shown.)
# Configure sampler 1 in fixed sampling mode, and set the sampling rate to 8.
<RouterA> system-view
[RouterA] sampler samp1 mode fixed packet-interval n-power 8
# Enable NetStream for incoming traffic on GigabitEthernet 3/1/1.
[RouterA] interface gigabitethernet 3/1/1
[RouterA-GigabitEthernet3/1/1] ip netstream inbound
# Use sampler 1 for inbound NetStream sampling on GigabitEthernet 3/1/1.
[RouterA-GigabitEthernet3/1/1] ip netstream inbound sampler samp1
[RouterA-GigabitEthernet3/1/1] quit
# Specify 12.110.2.2 as the IP address of the destination host and UDP port 5000 as the export destination port number.
[RouterA] ip netstream export host 12.110.2.2 5000
Verifying the configuration
# Display NetStream entry information.
[RouterA] display ip netstream cache
IP NetStream cache information:
Active flow timeout : 30 min
Inactive flow timeout : 30 sec
Max number of entries : 1638400
IP active flow entries : 2
MPLS active flow entries : 0
L2 active flow entries : 0
IPL2 active flow entries : 0
IP flow entries counted : 0
MPLS flow entries counted : 0
L2 flow entries counted : 0
IPL2 flow entries counted : 0
Last statistics resetting time : Never
IP packet size distribution (11 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .909 .000 .000 .090 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
---------------------------------------------------------------------------
Type DstIP(Port) SrcIP(Port) Pro ToS If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 10.1.1.1 (21) 100.1.1.2(1024) 1 0 GE3/1/1(I) 5
IP 100.1.1.2 (1024) 10.1.1.1 (21) 1 0 GE3/1/1(O) 5
# Display information about the NetStream data export.
[RouterA] display ip netstream export
IP export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 12.110.2.2 (5000)
Version 5 exported flow number : 0
Version 5 exported UDP datagram number (failed) : 0 (0)
Version 9 exported flow number : 10
Version 9 exported UDP datagram number (failed) : 10 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPL2 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 12.110.2.2 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
Example: Configuring NetStream aggregation data export (NetStream flow mirroring)
Network configuration
As shown in Figure 5, all routers in the network are running EBGP. Configure NetStream on Router A to meet the following requirements:
· Use version 5 format to export NetStream traditional data to port 5000 of the NetStream server.
· Perform NetStream aggregation in the modes of AS, protocol-port, source-prefix, destination-prefix, and prefix.
· Export the aggregation data of different modes to the NetStream server at 4.1.1.1/16, with UDP ports 2000, 3000, 4000, 6000, and 7000.
· Collect incoming traffic statistics on GigabitEthernet 3/1/1.
Procedure
# Assign an IP address to each interface, as shown in Figure 5. (Details not shown.)
# Configure sampler samp1 in fixed sampling mode, and set the sampling rate to 8.
<RouterA> system-view
[RouterA] sampler samp1 mode fixed packet-interval n-power 8
# Specify version 5 format to export NetStream traditional data.
[RouterA] ip netstream export version 5 origin-as
# Enable NetStream globally.
[RouterA] ip netstream
# Configure a QoS policy to mirror all IPv4 traffic to slot 3 by using the sampler samp1.
[RouterA] acl advanced 3000
[RouterA-acl-ipv4-adv-3000] rule 0 permit ip
[RouterA-acl-ipv4-adv-3000] quit
[RouterA] traffic classifier ns_ipv4
[RouterA-classifier-ns_ipv4] if-match acl 3000
[RouterA-classifier-ns_ipv4] quit
[RouterA] traffic behavior ns_ipv4
[RouterA-behavior-ns_ipv4] mirror-to slot 3 sampler samp1
[RouterA-behavior-ns_ipv4] quit
[RouterA] qos policy ns_ipv4
[RouterA-qospolicy-ns_ipv4] classifier ns_ipv4 behavior ns_ipv4
[RouterA-qospolicy-ns_ipv4] quit
# Apply the QoS policy to the inbound direction of GigabitEthernet 3/1/1.
[RouterA] interface GigabitEthernet 3/1/1
[RouterA-GigabitEthernet3/1/1] qos apply policy ns_ipv4 inbound
[RouterA-GigabitEthernet3/1/1] quit
# Specify 4.1.1.1 as the IP address of the destination host and UDP port 5000 as the export destination port number.
[RouterA] ip netstream export host 4.1.1.1 5000
# Set the aggregation mode to AS, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation as
[RouterA-ns-aggregation-as] enable
[RouterA-ns-aggregation-as] ip netstream export host 4.1.1.1 2000
[RouterA-ns-aggregation-as] quit
# Set the aggregation mode to protocol-port, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation protocol-port
[RouterA-ns-aggregation-protport] enable
[RouterA-ns-aggregation-protport] ip netstream export host 4.1.1.1 3000
[RouterA-ns-aggregation-protport] quit
# Set the aggregation mode to source-prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation source-prefix
[RouterA-ns-aggregation-srcpre] enable
[RouterA-ns-aggregation-srcpre] ip netstream export host 4.1.1.1 4000
[RouterA-ns-aggregation-srcpre] quit
# Set the aggregation mode to destination-prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation destination-prefix
[RouterA-ns-aggregation-dstpre] enable
[RouterA-ns-aggregation-dstpre] ip netstream export host 4.1.1.1 6000
[RouterA-ns-aggregation-dstpre] quit
# Set the aggregation mode to prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation prefix
[RouterA-ns-aggregation-prefix] enable
[RouterA-ns-aggregation-prefix] ip netstream export host 4.1.1.1 7000
[RouterA-ns-aggregation-prefix] quit
Verifying the configuration
# Display information about the NetStream data export.
[RouterA] display ip netstream export
as aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (2000)
Version 8 exported flow number : 5
Version 8 exported UDP datagram number (failed): 5 (5)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
protocol-port aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (3000)
Version 8 exported flow number : 5
Version 8 exported UDP datagram number (failed): 5 (5)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
source-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (4000)
Version 8 exported flow number : 4
Version 8 exported UDP datagram number (failed): 4 (4)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
destination-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (6000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed): 2 (2)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (7000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed): 2 (2)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IP export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (5000)
Version 5 exported flow number : 5
Version 5 exported UDP datagram number (failed): 5 (5)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPL2 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
Example: Configuring NetStream aggregation data export (NetStream port mirroring)
Network configuration
As shown in Figure 6, all routers in the network are running EBGP. Configure NetStream on Router A to meet the following requirements:
· Use version 5 format to export NetStream traditional data to port 5000 of the NetStream server.
· Perform NetStream aggregation in the modes of AS, protocol-port, source-prefix, destination-prefix, and prefix.
· Export the aggregation data of different modes to the NetStream server at 4.1.1.1/16, with UDP ports 2000, 3000, 4000, 6000, and 7000.
· Configure fixed sampling in the inbound direction of GigabitEthernet 3/1/1 and set the sampling rate to 8.
Procedure
# Assign an IP address to each interface, as shown in Figure 6. (Details not shown.)
# Configure sampler 1 in fixed sampling mode, and set the sampling rate to 8.
<RouterA> system-view
[RouterA] sampler samp1 mode fixed packet-interval n-power 8
# Enable NetStream for incoming traffic on GigabitEthernet 3/1/1.
[RouterA] interface gigabitethernet 3/1/1
[RouterA-GigabitEthernet3/1/1] ip netstream inbound
# Use sampler 1 for inbound NetStream sampling on GigabitEthernet 3/1/1.
[RouterA-GigabitEthernet3/1/1] ip netstream inbound sampler samp1
[RouterA-GigabitEthernet3/1/1] quit
# Specify version 5 format to export NetStream traditional data and record the original AS numbers for the flow source and destination.
[RouterA] ip netstream export version 5 origin-as
# Specify 4.1.1.1 as the IP address of the destination host and UDP port 5000 as the export destination port number.
[RouterA] ip netstream export host 4.1.1.1 5000
# Set the aggregation mode to AS, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation as
[RouterA-ns-aggregation-as] enable
[RouterA-ns-aggregation-as] ip netstream export host 4.1.1.1 2000
[RouterA-ns-aggregation-as] quit
# Set the aggregation mode to protocol-port, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation protocol-port
[RouterA-ns-aggregation-protport] enable
[RouterA-ns-aggregation-protport] ip netstream export host 4.1.1.1 3000
[RouterA-ns-aggregation-protport] quit
# Set the aggregation mode to source-prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation source-prefix
[RouterA-ns-aggregation-srcpre] enable
[RouterA-ns-aggregation-srcpre] ip netstream export host 4.1.1.1 4000
[RouterA-ns-aggregation-srcpre] quit
# Set the aggregation mode to destination-prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation destination-prefix
[RouterA-ns-aggregation-dstpre] enable
[RouterA-ns-aggregation-dstpre] ip netstream export host 4.1.1.1 6000
[RouterA-ns-aggregation-dstpre] quit
# Set the aggregation mode to prefix, and specify the destination host for the aggregation data export.
[RouterA] ip netstream aggregation prefix
[RouterA-ns-aggregation-prefix] enable
[RouterA-ns-aggregation-prefix] ip netstream export host 4.1.1.1 7000
[RouterA-ns-aggregation-prefix] quit
Verifying the configuration
# Display information about the NetStream data export.
[RouterA] display ip netstream export
as aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (2000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed) : 2 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0(0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
protocol-port aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (3000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed) : 2 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
source-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (4000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed) : 2 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
destination-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (6000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed) : 2 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (7000)
Version 8 exported flow number : 2
Version 8 exported UDP datagram number (failed) : 2 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IP export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (5000)
Version 5 exported flow number : 10
Version 5 exported UDP datagram number (failed) : 10 (0)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPL2 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 4.1.1.1 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
