Login
- Table of Contents
-
- 12-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-NTP configuration
- 04-PoE configuration
- 05-SNMP configuration
- 06-RMON configuration
- 07-NETCONF configuration
- 08-EAA configuration
- 09-Process monitoring and maintenance configuration
- 10-Sampler configuration
- 11-Mirroring configuration
- 12-NetStream configuration
- 13-IPv6 NetStream configuration
- 14-sFlow configuration
- 15-Information center configuration
- 16-GOLD configuration
- 17-Packet capture configuration
- 18-VCF fabric configuration
- 19-CWMP configuration
- 20-SmartMC configuration
- 21-Ansible configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-IPv6 NetStream configuration | 158.04 KB |
Feature and hardware compatibility
IPv6 NetStream configuration task list
Enabling IPv6 NetStream on an interface
Configuring attributes of the IPv6 NetStream data export
Configuring the IPv6 NetStream data export format
Configuring the refresh rate for IPv6 NetStream version 9 or version 10 template
Configuring IPv6 NetStream flow aging·
Configuring the IPv6 NetStream data export
Configuring the IPv6 NetStream traditional data export
Configuring the IPv6 NetStream aggregation data export
Displaying and maintaining IPv6 NetStream
IPv6 NetStream configuration examples
IPv6 NetStream traditional data export configuration example
IPv6 NetStream aggregation data export configuration example
Configuring IPv6 NetStream
Overview
IPv6 NetStream is an accounting technology that provides statistics on a per-flow basis. An IPv6 flow is defined by the following 8-tuple elements:
· Destination IPv6 address.
· Source IPv6 address.
· Destination port number.
· Source port number.
· Protocol number.
· Traffic class.
· Flow label.
· Input or output interface.
IPv6 NetStream architecture
A typical IPv6 NetStream system includes the following elements:
· NetStream data exporter—A device configured with IPv6 NetStream. The NDE provides the following functions:
¡ Classifies traffic flows by using the 8-tuple elements.
¡ Collects data from the classified flows.
¡ Aggregates and exports the data to the NSC.
· NetStream collector—A program running in a Unix or Windows operating system. The NSC parses the packets received from the NDEs, and saves the data to its database.
· NetStream data analyzer—A network traffic analyzing tool. Based on the data in NSC, the NDA generates reports for traffic billing, network planning, and attack detection and monitoring. The NDA can collect data from multiple NSCs. Typically, the NDA features a Web-based system for easy operation.
NSC and NDA are typically integrated into a NetStream server.
H3C network devices act as NDEs in the IPv6 NetStream system. This document focuses on NDE configuration.
Figure 1 IPv6 NetStream system
Flow aging
IPv6 NetStream uses flow aging to enable the NDE to export IPv6 NetStream data to NetStream servers. IPv6 NetStream creates an IPv6 NetStream entry for each flow for storing the flow statistics in the cache.
When a flow is aged out, the NDE does the following operations:
· Exports the summarized data to NetStream servers in an IPv6 NetStream data export format.
· Clears IPv6 NetStream entry information in the cache.
For more information about flow aging types and configurations, see "Configuring IPv6 NetStream flow aging."
IPv6 NetStream data export
Traditional data export
IPv6 NetStream collects the statistics of each flow and exports the statistics to NetStream servers.
This method consumes a lot of bandwidth and CPU usage, and requires a large cache size. In addition, you do not need all of the data in most cases.
Aggregation data export
An IPv6 NetStream aggregation mode merges the flow statistics according to the aggregation criteria of the aggregation mode, and it sends the summarized data to NetStream servers. The IPv6 NetStream aggregation data export uses less bandwidth than the traditional data export.
Table 1 lists the available IPv6 NetStream aggregation modes. In each mode, the system merges multiple flows with the same values for all aggregation criteria into one aggregate flow. The system records the statistics for the aggregate flow. These aggregation modes work independently and can take effect concurrently.
Table 1 IPv6 NetStream aggregation modes
|
Aggregation mode |
Aggregation criteria |
|
Protocol-port aggregation |
· Protocol number · Source port · Destination port |
|
Source-prefix aggregation |
· Source AS number · Source mask · Source prefix (source network address) · Input interface index |
|
Destination-prefix aggregation |
· Destination AS number · Destination mask · Destination prefix (destination network address) · Output interface index |
|
Source-prefix and destination-prefix aggregation |
· Source AS number · Source mask · Source prefix (source network address) · Input interface index · Destination AS number · Destination mask · Destination prefix (destination network address) · Output interface index |
If IPv6 packets are not forwarded according to the BGP routing table, the AS number or BGP next hop cannot be obtained.
IPv6 NetStream data export format
IPv6 NetStream exports data in the version 9 or version 10 format.
Both formats are template-based and support exporting the IPv6 NetStream aggregation data and collecting BGP next hop statistics.
The version 10 export format is compliant with the IPFIX standard.
Protocols and standards
RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information
Feature and hardware compatibility
The IPv6 NetStream feature is available on the following interface modules:
· SD, EB, and EC.
· LSQ3GV48SC0.
· LSQ1TGS8SC0.
IPv6 NetStream configuration task list
When you configure IPv6 NetStream, choose the following configurations as needed:
· Select the device on which you want to enable IPv6 NetStream.
· If multiple service flows are passing through the NDE, use an ACL to select the target data.
· Determine the export format for the IPv6 NetStream data export.
· Configure IPv6 NetStream flow aging.
To reduce the bandwidth consumption of the IPv6 NetStream data export, configure IPv6 NetStream aggregation.
Figure 2 IPv6 NetStream configuration flow
To configure IPv6 NetStream, perform the following tasks:
|
Tasks at a glance |
|
(Required.) Enabling IPv6 NetStream on an interface |
|
(Optional.) Configuring attributes of the IPv6 NetStream data export |
|
(Optional.) Configuring IPv6 NetStream flow aging |
|
(Required.) Perform at least one of the following tasks to configure the IPv6 NetStream data export: |
Enabling IPv6 NetStream on an interface
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
1. Enter interface view. |
interface interface-type interface-number |
N/A |
|
2. Enable IPv6 NetStream on the interface. |
ipv6 netstream { inbound | outbound } |
By default, IPv6 NetStream is disabled on an interface. |
Configuring attributes of the IPv6 NetStream data export
Configuring the IPv6 NetStream data export format
An IPv6 NetStream entry for a flow records the source IPv6 address, destination IPv6 address, and their respective AS numbers. The origin-as and peer-as keywords in the ipv6 netstream export version command specify the AS numbers to be exported.
· origin-as—Specifies the source AS of the source address and the destination AS of the destination address.
· peer-as—Specifies the ASs before and after the AS where the NetStream device resides as the source AS and the destination AS, respectively.
For example, as shown in Figure 3, a flow starts at AS 20, passes AS 21 through AS 23, and then reaches AS 24. IPv6 NetStream is enabled on the device in AS 22.
· The origin-as keyword defines AS 20 as the source AS and AS 24 as the destination AS.
· The peer-as keyword defines AS 21 as the source AS and AS 23 as the destination AS.
Figure 3 Recorded AS information varies by different keyword configurations
To configure the IPv6 NetStream data export format:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure the IPv6 NetStream data export format, and specify whether to record AS and BGP next hop information. |
· Configure the version 10 format: |
By default: · The version 9 format is used to export IPv6 NetStream data. · The peer AS numbers are recorded. · The BGP next hop is not recorded. |
Configuring the refresh rate for IPv6 NetStream version 9 or version 10 template
Version 9 and version 10 are template-based and supports user-defined formats. An IPv6 NetStream device must send the updated template to NetStream servers regularly, because the servers do not permanently save templates.
For an NetStream server to use correct version 9 or version 10 template, configure the time-based or packet count-based refresh rate. If both settings are configured, the template is sent when either of the conditions is met.
To configure the refresh rate for IPv6 NetStream version 9 or version 10 template:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure the refresh rate for IPv6 NetStream version 9 or version 10 template. |
· Refresh frequency: · Refresh interval: |
By default, the packet count-based refresh rate is 20 packets, and the time-based refresh interval is 30 minutes. |
Configuring IPv6 NetStream flow aging
Flow aging methods
Periodical aging
Periodical aging has the following methods:
· Inactive flow aging—A flow is inactive if no packet arrives for the IPv6 NetStream entry within the period specified by using the ipv6 netstream timeout inactive command. When the inactive flow aging timer expires, the following events occur:
¡ The inactive flow entry is aged out.
¡ The statistics of the flow are sent to NetStream servers and are cleared in the cache. The statistics can no longer be displayed by using the display ipv6 netstream cache command.
When you use the inactive flow aging method, the cache is large enough for new flow entries.
· Active flow aging—A flow is active if packets arrive for the IPv6 NetStream entry within the period specified by using the ipv6 netstream timeout active command. When the active flow aging timer expires, the statistics of the active flow are exported to NetStream servers. The device continues to collect its statistics, which can be displayed by using the display ipv6 netstream cache command. The active flow aging method periodically exports the statistics of active flows to NetStream servers.
Forced aging
To implement forced aging, use the reset ipv6 netstream statistics command. This command ages out all IPv6 NetStream entries, and exports and clears the statistics.
Configuration procedure
To configure IPv6 NetStream flow aging:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Configure periodical aging. |
· Set the active flow aging timer: · Set the inactive flow aging timer: |
By default: · The active flow aging timer is 5 minutes. · The inactive flow aging timer is 300 seconds. |
|
3. (Optional.) Configure forced aging. |
a Return to user view: b Age out IPv6 NetStream entries: |
N/A |
Configuring the IPv6 NetStream data export
Configuring the IPv6 NetStream traditional data export
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify a destination host for IPv6 NetStream traditional data export. |
ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ] |
By default, no destination host is specified. |
|
3. (Optional.) Specify the source interface for IPv6 NetStream data packets sent to the NetStream servers. |
ipv6 netstream export source interface interface-type interface-number |
By default, no source interface is specified for IPv6 NetStream data packets. The packets take the IPv6 address of the output interface as the source IPv6 address. As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface. |
|
4. (Optional.) Limit the IPv6 NetStream data export rate. |
ipv6 netstream export rate rate |
By default, the data export rate is not limited. |
Configuring the IPv6 NetStream aggregation data export
The IPv6 NetStream aggregation can be implemented by software or hardware. Unless otherwise noted, NetStream aggregation refers to software NetStream aggregation.
IPv6 NetStream hardware aggregation uses hardware to directly merge the flow statistics according to the aggregation mode criteria, and stores the data in the cache. The aging of IPv6 NetStream hardware aggregation entries is the same as the aging of IPv6 NetStream traditional data entries. When a hardware aggregation entry is aged out, the data is exported.
IPv6 NetStream hardware aggregation reduces resource consumption.
Configuration restrictions and guidelines
When you configure the IPv6 NetStream aggregation data export, follow these restrictions and guidelines:
· The IPv6 NetStream hardware aggregation does not take effect in the following situations:
¡ The destination host is configured for NetStream traditional data export.
¡ The configured aggregation mode is not supported by IPv6 NetStream hardware aggregation.
· Configurations in IPv6 NetStream aggregation mode view apply only to the IPv6 NetStream aggregation data export. Configurations in system view apply to the IPv6 NetStream traditional data export. When no configuration in IPv6 NetStream aggregation mode view is provided, the configurations in system view apply to the IPv6 NetStream aggregation data export.
Configuration procedure
To configure the IPv6 NetStream aggregation data export:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Enable the IPv6 NetStream hardware aggregation. |
ipv6 netstream aggregation advanced |
By default, the IPv6 NetStream hardware aggregation is disabled. |
|
3. Specify an IPv6 NetStream aggregation mode and enter its view. |
ipv6 netstream aggregation { destination-prefix | prefix | protocol-port | source-prefix } |
By default, no IPv6 NetStream aggregation mode is specified. |
|
4. Specify a destination host for IPv6 NetStream aggregation data export. |
ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ] |
By default, no destination host is specified. If you expect only IPv6 NetStream aggregation data, specify the destination host only in the related IPv6 NetStream aggregation mode view. |
|
5. (Optional.) Specify the source interface for IPv6 NetStream data packets sent to the NetStream servers. |
ipv6 netstream export source interface interface-type interface-number |
By default, no source interface is specified for IPv6 NetStream data packets. The packets take the IPv6 address of the output interface as the source IPv6 address. You can configure different source interfaces in different IPv6 NetStream aggregation mode views. If no source interface is configured in IPv6 NetStream aggregation mode view, the source interface configured in system view applies. |
|
6. Enable the IPv6 NetStream aggregation mode. |
enable |
By default, the IPv6 NetStream aggregation is disabled. |
Displaying and maintaining IPv6 NetStream
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
(In standalone mode.) Display IPv6 NetStream entry information. |
display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ipv6 | interface interface-type interface-number | source source-ipv6 ] * [ slot slot-number ] |
|
(In IRF mode.) Display IPv6 NetStream entry information. |
display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ipv6 | interface interface-type interface-number | source source-ipv6 ] * [ chassis chassis-number slot slot-number ] |
|
Display information about the IPv6 NetStream data export. |
display ipv6 netstream export |
|
(In standalone mode.) Display IPv6 NetStream template information. |
display ipv6 netstream template [ slot slot-number ] |
|
(In IRF mode.) Display IPv6 NetStream template information. |
display ipv6 netstream template [ chassis chassis-number slot slot-number ] |
|
Export all IPv6 NetStream data and clear the cache. |
reset ipv6 netstream statistics |
IPv6 NetStream configuration examples
IPv6 NetStream traditional data export configuration example
Network requirements
As shown in Figure 4, configure NetStream on Switch A to collect statistics on packets passing through Switch A.
· Enable NetStream for incoming and outgoing traffic on GigabitEthernet 1/0/1.
· Configure the switch to export NetStream traditional data to UDP port 5000 of the IPv6 NetStream server.
Configuration procedure
# Assign an IPv6 address to each interface, as shown in Figure 4. (Details not shown.)
# Configure GigabitEthernet 1/0/1 to operate in Layer 3 mode.
<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-mode route
# Enable IPv6 NetStream for incoming and outgoing traffic on GigabitEthernet 1/0/1.
[SwitchA-GigabitEthernet1/0/1] ipv6 netstream inbound
[SwitchA-GigabitEthernet1/0/1] ipv6 netstream outbound
[SwitchA-GigabitEthernet1/0/1] quit
# Specify 40::1 as the IPv6 address of the destination host and UDP port 5000 as the export destination port number.
[SwitchA] ipv6 netstream export host 40::1 5000
Verifying the configuration
# Display IPv6 NetStream entry information in the cache.
<Sysname> display ipv6 netstream cache slot 1 verbose
IPv6 NetStream cache information:
Active flow timeout : 5 min
Inactive flow timeout : 300 sec
Max number of entries : 8192
IPv6 active flow entries : 2
MPLS active flow entries : 0
IPL2 active flow entries : 0
IPv6 flow entries counted : 10
MPLS flow entries counted : 0
IPL2 flow entries counted : 0
Last statistics resetting time : Never
IPv6 packet size distribution (0 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .000 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK)Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2001::1(1024) 2002::1(21) 6 0 0x0 GE1/0/1(I) 42996
IP 2001::1(1024) 2002::1(21) 6 0 0x0 GE1/0/1(O) 42996
# Display the statistics of the IPv6 NetStream data export.
[SwitchA] display ipv6 netstream export
IPv6 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (5000)
Version 9 exported flow number : 10
Version 9 exported UDP datagrams number (failed) : 10 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPv6 NetStream aggregation data export configuration example
Network requirements
As shown in Figure 5, all devices in the network are running IPv6 EBGP. Configure IPv6 NetStream on Switch A to meet the following requirements:
· Export the IPv6 NetStream traditional data to port 5000 of the IPv6 NetStream server.
· Perform the IPv6 NetStream aggregation in the modes of protocol-port, source-prefix, destination-prefix, and prefix.
· Export the aggregation data of different modes to the UDP ports 3000, 4000, 6000, and 7000.
Configuration procedure
# Assign an IPv6 address to each interface, as shown in Figure 5. (Details not shown.)
# Configure GigabitEthernet 1/0/1 to operate in Layer 3 mode.
<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-mode route
# Enable IPv6 NetStream for incoming and outgoing traffic on GigabitEthernet 1/0/1.
[SwitchA-GigabitEthernet1/0/1] ipv6 netstream inbound
[SwitchA-GigabitEthernet1/0/1] ipv6 netstream outbound
[SwitchA-GigabitEthernet1/0/1] quit
# Specify 40::1 as the IPv6 address of the destination host and UDP port 5000 as the export destination port number.
[SwitchA] ipv6 netstream export host 40::1 5000
# Set the aggregation mode to protocol-port, and specify the destination host for the aggregation data export.
[SwitchA] ipv6 netstream aggregation protocol-port
[SwitchA-ns6-aggregation-protport] enable
[SwitchA-ns6-aggregation-protport] ipv6 netstream export host 40::1 3000
[SwitchA-ns6-aggregation-protport] quit
# Set the aggregation mode to source-prefix, and specify the destination host for the aggregation data export.
[SwitchA] ipv6 netstream aggregation source-prefix
[SwitchA-ns6-aggregation-srcpre] enable
[SwitchA-ns6-aggregation-srcpre] ipv6 netstream export host 40::1 4000
[SwitchA-ns6-aggregation-srcpre] quit
# Set the aggregation mode to destination-prefix, and specify the destination host for the aggregation data export.
[SwitchA] ipv6 netstream aggregation destination-prefix
[SwitchA-ns6-aggregation-dstpre] enable
[SwitchA-ns6-aggregation-dstpre] ipv6 netstream export host 40::1 6000
[SwitchA-ns6-aggregation-dstpre] quit
# Set the aggregation mode to prefix, and specify the destination host for the aggregation data export.
[SwitchA] ipv6 netstream aggregation prefix
[SwitchA-ns6-aggregation-prefix] enable
[SwitchA-ns6-aggregation-prefix] ipv6 netstream export host 40::1 7000
[SwitchA-ns6-aggregation-prefix] quit
Verifying the configuration
# Display information about the IPv6 NetStream data export.
[SwitchA] display ipv6 netstream export
protocol-port aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (3000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
source-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (4000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
destination-prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (6000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
prefix aggregation export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (7000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPv6 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 40::1 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagrams number (failed): 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
