· NetStream collector—A program running on an operating system. The NSC parses the packets received from the NDEs, and saves the data to its database.

· NetStream data analyzer—A network traffic analyzing tool. Based on the data in NSC, the NDA generates reports for traffic billing, network planning, and attack detection and monitoring. The NDA can collect data from multiple NSCs. Typically, the NDA features a Web-based system for easy operation.

NSC and NDA are typically integrated into a NetStream server.

Figure 1 NetStream system

‌

NetStream flow aging

NetStream uses flow aging to enable the NDE to export NetStream data to NetStream servers. NetStream creates a NetStream entry for each flow for storing the flow statistics in the cache.

When a flow is aged out, the NDE performs the following operations:

· Exports the summarized data to NetStream servers in a specific format.

· Clears NetStream entry information in the cache.

NetStream supports the following flow aging methods:

· Periodical aging.

· Forced aging.

Periodical aging

Periodical aging uses the following methods:

· Inactive flow aging—A flow is inactive if no packet arrives for the NetStream entry within the inactive flow aging timer. When the timer expires, the following events occur:

¡ The inactive flow entry is aged out.

¡ The statistics of the flow are sent to NetStream servers and are cleared in the cache. The statistics can no longer be displayed by using the display ip netstream cache command.

This method ensures that inactive flow entries are cleared from the cache in a timely manner so new entries can be cached.

· Active flow aging—A flow is active if packets arrive for the NetStream entry within the active flow aging timer. When the timer expires, the statistics of the active flow are exported to NetStream servers. The device continues to collect active flow statistics.

This method periodically exports the statistics of active flows to NetStream servers.

Forced aging

To implement forced aging, use one of the following methods:

· Clear the NetStream cache immediately. All entries in the cache are aged out and exported to NetStream servers.

· Specify the upper limit for cached entries and configure the system to take either of the following actions when the limit is reached:

¡ Age out the oldest entries.

¡ Disable creation of a new entry in the cache.

NetStream data export

Traditional data export

Traditional NetStream collects the statistics of each flow and exports the statistics to NetStream servers.

This method consumes more bandwidth and CPU than the aggregation method, and it requires a large cache size.

NetStream export formats

NetStream exports data in UDP datagrams in one of the following formats:

· Version 5—Exports original statistics collected based on the 7-tuple elements. The packet format is fixed and cannot be extended.

· Version 8—The packet format is fixed and cannot be extended.

· Version 9—Based on a template that can be configured according to the template formats defined in RFCs. Version 9 supports collecting statistics about BGP next hop packets.

· Version 10—Similar to version 9. The difference between version 9 and version 10 is that version 10 export format is compliant with the IPFIX standard.

NetStream sampling

NetStream sampling collects statistics on fewer packets and is useful when the network has a large amount of traffic. NetStream on sampled traffic lessens the impact on the device's performance. For more information about sampling, see "Configuring samplers."

Protocols and standards

RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information

Restrictions: Hardware compatibility with NetStream

NetStream is supported only on the devices installed with H3C LSWM2FPGA or H3C LSWM2FPGAB NetStream interface modules.

Restrictions and guidelines: NetStream configuration

NetStream is supported only in R6515P06 and later versions.

NetStream tasks at a glance

To configure NetStream, perform the following tasks:

1. Specifying a working mode for the NetStream interface module

2. Enabling NetStream

3. (Optional.) Configuring NetStream sampling

4. (Optional.) Configuring the NetStream data export format

5. (Optional.) Configuring the refresh rate for NetStream version 9 or version 10 template

6. (Optional.) Configuring NetStream flow aging

¡ Configuring periodical flow aging

¡ Configuring forced flow aging

7. Configuring the NetStream data export

Specifying a working mode for the NetStream interface module

About this task

You can install a NetStream interface module in the device to provide the NetStream feature. After the device mirrors traffic to the NetStream interface module, the field programmable gate array (FPGA) chip in the module collects and analyzes traffic statistics and creates NetStream entries. This NetStream approach saves ACL resources, improves NetStream entry creation performance, and greatly reduces NetStream impact on the device forwarding performance.

The NetStream interface module supports the following working modes:

· 0—Normal mode. In this mode, NetStream is not supported.

· 1—NetStream mode. The NetStream interface module works in the unidirectional NetStream mode.

· 2—Session-based NetStream mode. The NetStream interface module works in the session-based bidirectional NetStream mode.

Restrictions and guidelines

To make the configuration take effect, save the configuration and reboot the device. Before rebooting the device, evaluate the effect of the device reboot on the network.

Procedure

1. Enter system view.

system-view

2. Specify a working mode for the NetStream interface module.

fpga-working-mode slot slot-number 1

By default, the NetStream interface module works in mode 0 and the device does not support NetStream.

Enabling NetStream

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Enable NetStream on the interface.

ip netstream { inbound | outbound }

By default, NetStream is disabled on an interface.

Configuring NetStream sampling

Restrictions and guidelines

By default, NetStream collects all data of target flows. If the flow traffic is heavy, NetStream is resource-consuming and can cause high CPU usage, which impacts the device forwarding performance. NetStream sampling is helpful to decrease the NetStream traffic volume. If the collected statistics can basically reflect the network status, you can enable this feature and set a proper sampling rate. The higher the sampling rate, the less the impact on device performance.

Procedure

1. Enter system view.

system-view

2. Create a sampler.

sampler sampler-name mode { fixed | random } packet-interval n-power rate

For more information about a sampler, see "Configuring samplers."

3. Enter interface view.

interface interface-type interface-number

4. Enable NetStream sampling.

ip netstream { inbound | outbound } sampler sampler-name

By default, NetStream sampling is disabled.

Configuring the NetStream data export format

About this task

When you configure the NetStream data export format, you can also specify the following settings:

· Whether or not to export the BGP next hop information.

Only version 9 and version 10 formats support exporting the BGP next hop information.

· How to export the autonomous system (AS) information: origin-as or peer-as.

¡ origin-as—Records the original AS numbers for the flow source and destination.

¡ peer-as—Records the peer AS numbers for the flow source and destination.

For example, as shown in Figure 2, a flow starts at AS 20, passes AS 21 through AS 23, and then reaches AS 24. NetStream is enabled on the device in AS 22.

· Specify the origin-as keyword to export AS 20 as the source AS and AS 24 as the destination AS.

· Specify the peer-as keyword to export AS 21 as the source AS and AS 23 as the destination AS.

Figure 2 Recorded AS information varies by different keyword configurations

‌

Procedure

1. Enter system view.

system-view

2. Configure the NetStream data export format, and configure the AS and BGP next hop export attributes. Choose one option as needed:

¡ Set NetStream data export format to version 5 and configure the AS export attribute.

ip netstream export version 5 { origin-as | peer-as }

¡ Set NetStream data export format to version 9 or version 10 and configure the AS and BGP export attributes.

ip netstream export version { 9 | 10 } { origin-as | peer-as } [ bgp-nexthop ]

By default:

¡ NetStream data export uses the version 9 format.

¡ The peer AS numbers for the flow source and destination are exported.

¡ The BGP next hop information is not exported.

Configuring the refresh rate for NetStream version 9 or version 10 template

About this task

Version 9 and version 10 are template-based and support user-defined formats. A NetStream device must send the template to NetStream servers regularly to update the template on the servers.

For a NetStream server to use the correct version 9 or version 10 template, configure the time-based or packet count-based refresh rate. If both settings are configured, the template is sent when either of the conditions is met.

Procedure

1. Enter system view.

system-view

2. Configure the refresh rate for the NetStream version 9 or version 10 template.

ip netstream export template refresh-rate { packet packets | time minutes }

By default, the packet count-based refresh rate is 20 packets, and the time-based refresh interval is 30 minutes.

Configuring NetStream flow aging

Configuring periodical flow aging

1. Enter system view.

system-view

2. Set the aging timer for active flows.

ip netstream timeout active minutes

By default, the aging timer for active flows is 5 minutes.

3. Set the aging timer for inactive flows.

ip netstream timeout inactive seconds

By default, the aging timer for inactive flows is 300 seconds.

Configuring forced flow aging

1. Enter system view.

system-view

2. Set the upper limit for cached entries and specify the processing method when the limit is reached.

ip netstream max-entry { max-entries | aging | disable-caching }

By default, a maximum of 1048576 NetStream entries can be cached.

After you execute the ip netstream max-entry max-entries command, the maximum number of IPv6 entries can be cached in the output of the display ipv6 netstream cache command is changed simultaneously. However, the actual maximum number of IPv6 entries can be cached is limited by the ipv6 netstream max-entry command.

3. Return to user view.

quit

4. Clear the cache, including the cached NetStream entries and the related statistics.

reset ip netstream statistics

Configuring the NetStream data export

1. Enter system view.

system-view

2. Specify a destination host for NetStream traditional data export.

ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ]

By default, no destination host is specified.

3. (Optional.) Specify the source interface for NetStream data packets sent to NetStream servers.

ip netstream export source interface interface-type interface-number

By default, NetStream data packets take the IP address of their output interface (interface that is connected to the NetStream device) as the source IP address.

As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface.

4. (Optional.) Limit the data export rate.

ip netstream export rate rate

By default, the data export rate is not limited.

Display and maintenance commands for NetStream

Execute display commands in any view and reset commands in user view.

Task	Command
Display NetStream entry information.	display ip netstream cache [ verbose ] [ type { ip \| ipl2 \| l2 } ] [ destination destination-ip \| interface interface-type interface-number \| source source-ip ] * [ slot slot-number ]
Display information about the NetStream data export.	display ip netstream export
Display NetStream template information.	display ip netstream template [ slot slot-number ]
Age out and export all NetStream data, and clear the cache.	reset ip netstream statistics
Display the working mode of the NetStream interface module.	display fpga-working-mode status slot slot-number

‌

NetStream configuration examples

Example: Configuring NetStream traditional data export

Network configuration

As shown in Figure 3, configure NetStream on the device to collect statistics on packets passing through the device.

· Enable NetStream for incoming and outgoing traffic on GigabitEthernet 1/0/1.

· Configure the device to export NetStream traditional data to UDP port 5000 of the NetStream server.

Figure 3 Network diagram

‌

Procedure

# Specify the NetStream mode for the NetStream interface module. Save the configuration and reboot the device. (Details not shown.)

# Assign an IP address to each interface, as shown in Figure 3. (Details not shown.)

# Enable NetStream for incoming and outgoing traffic on GigabitEthernet 1/0/1.

<Device> system-view

[Device] interface gigabitethernet 1/0/1

[Device-GigabitEthernet1/0/1] ip netstream inbound

[Device-GigabitEthernet1/0/1] ip netstream outbound

[Device-GigabitEthernet1/0/1] quit

# Specify 12.110.2.2 as the IP address of the destination host and UDP port 5000 as the export destination port number.

[Device] ip netstream export host 12.110.2.2 5000

Verifying the configuration

# Display NetStream entry information.

[Device] display ip netstream cache

IP NetStream cache information:

Active flow timeout : 5 min

Inactive flow timeout : 300 sec

Inactive flow timeout : 30 sec

Max number of entries : 1048576

IP active flow entries : 2

MPLS active flow entries : 0

L2 active flow entries : 0

IPL2 active flow entries : 0

IP flow entries counted : 0

MPLS flow entries counted : 0

L2 flow entries counted : 0

IPL2 flow entries counted : 0

Last statistics resetting time : Never

IP packet size distribution (11 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .909 .000 .000 .090 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

---------------------------------------------------------------------------

Type DstIP(Port) SrcIP(Port) Pro ToS If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/MASK) Lbl-Exp-S-List

---------------------------------------------------------------------------

IP 10.1.1.1 (21) 100.1.1.2(1024) 1 0 GE1/0/1(I) 5

IP 100.1.1.2 (1024) 10.1.1.1 (21) 1 0 GE1/0/1(O) 5

# Display information about the NetStream data export.

[Device] display ip netstream cache

IP active flow entries : 2

MPLS active flow entries : 0

L2 active flow entries : 0

IPL2 active flow entries : 0

IP flow entries counted : 0

MPLS flow entries counted : 0

L2 flow entries counted : 0

IPL2 flow entries counted : 0

Last statistics resetting time : Never

IP packet size distribution (11 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .909 .000 .000 .090 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

---------------------------------------------------------------------------

Type DstIP(Port) SrcIP(Port) Pro ToS If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/MASK) Lbl-Exp-S-List

---------------------------------------------------------------------------

IP 10.1.1.1 (21) 100.1.1.2(1024) 1 0 GE1/0/1(I) 5

IP 100.1.1.2 (1024) 10.1.1.1 (21) 1 0 GE1/0/1(O) 5

# Display information about the NetStream data export.

[Device] display ip netstream export

IP export information:

Flow source interface : Not specified

Flow destination VPN instance : Not specified

Flow destination IP address (UDP) : 12.110.2.2 (5000)

Version 5 exported flow number : 0

Version 5 exported UDP datagram number (failed) : 0 (0)

Version 9 exported flow number : 10

Version 9 exported UDP datagram number (failed) : 10 (0)

Configuring session-based NetStream

About session-based NetStream

Session-based NetStream provides statistics for session-based services and exports the statistics in NetStream version 9 format to NetStream servers.

Session-based NetStream aggregation modes

Session-based NetStream aggregates session statistics according to the aggregation criteria of an aggregation mode and exports the statistics to NetStream servers.

The system merges statistics for multiple sessions if each aggregation criterion is of the same value. The system supports only the session aggregating mode in the current software version.

Table 1 a Session-based NetStream aggregation mode

Aggregation mode	Aggregation criteria
Session aggregation	· Source MAC address. · Destination MAC address. · Source IP address. · Destination IP address. · Source port number. · Destination port number. · Protocol type.

Aggregation mode

Aggregation criteria

Session aggregation

· Source MAC address.

· Destination MAC address.

· Source IP address.

· Destination IP address.

· Source port number.

· Destination port number.

· Protocol type.

Session-based NetStream data export

Session-based NetStream uses an aging mechanism to export session statistics to NetStream servers.

Upon receiving a session packet, the device creates a NetStream entry for the session and collects data for the session. The NetStream data for the session is cleared and exported to the NetStream servers when either of the following conditions is met:

· The aging timer of the inactive session expires. The session is inactive if no packet of the session arrives within its aging timer.

· The aging timer of the NetStream entry expires.

If the NetStream cache has insufficient storage space but none of the above conditions is met, the device stops generating NetStream entries for new sessions. Statistics collection for existing sessions continues.

Restrictions: Hardware compatibility with session-based NetStream

This feature is supported only on devices installed with H3C LSWM2FPGA or H3C LSWM2FPGAB NetStream interface modules.

Restrictions and guidelines: Session-based NetStream configuration

Session-based NetStream is supported only in R6515P06 and later versions.

The feature cannot be configured together with the IRF feature. If you use them together, IRF fabrics will split. For more information about IRF, see Virtual Technologies Configuration Guide.

To provide session-based NetStream, follow these guidelines:

· Use NetStream flow mirroring or NetStream port mirroring to copy packets to an internal interface of the NetStream interface module. The internal interface number varies by device model. For the H3C LSWM2FPGA NetStream interface module, the interface number is Ten-GigabitEthernet 1/1/5. For the H3C LSWM2FPGAB NetStream interface module, the interface number is Ten-GigabitEthernet 1/1/1.

· With NetStream flow mirroring configured, the QoS policies apply to the incoming traffic globally.

For more information about QoS policy, see ACL and QoS Configuration Guide.

Specifying a working mode for the NetStream interface module

About this task

The NetStream interface module supports the following working modes:

· 0—Normal mode. In this mode, NetStream is not supported.

· 1—NetStream mode. The NetStream interface module works in the unidirectional NetStream mode.

· 2—Session-based NetStream mode. The NetStream interface module works in the session-based bidirectional NetStream mode.

Restrictions and guidelines

To make the configuration take effect, save the configuration and reboot the device. Before rebooting the device, evaluate the effect of the device reboot on the network.

Procedure

1. Enter system view.

system-view

2. Specify a working mode for the NetStream interface module.

fpga-working-mode slot slot-number 2

By default, the NetStream interface module works in mode 0 and the device does not support NetStream.

Configuring session-based NetStream

1. Enter system view.

system-view

2. Enable session-based NetStream.

session-based netstream enable

By default, session-based NetStream is disabled.

3. (Optional.) Set the aging timer for inactive sessions.

session-based netstream session-timeout seconds

The default aging timer for inactive sessions varies by device model.

4. (Optional.) Set the aging timer for session-based NetStream entries.

session-based netstream timeout minutes

By default, the aging timer for session-based NetStream entries is 5 minutes.

5. Specify a destination host for session-based NetStream data export.

session-based netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ]

By default, no destination host is specified for session-based NetStream data export.

6. (Optional.) Specify a source IP address for session-based NetStream packets.

session-based netstream export source ip ip-address

By default, the source IP address of session-based NetStream packets is the primary IP address of the output interface.

Display and maintenance commands for session-based NetStream

Execute display commands in any view.

Task	Command
Display session-based NetStream statistics in the cache.	display session-based netstream aggregation-cache session [ slot slot-number ]
Display the working mode of the NetStream interface module.	display fpga-working-mode status slot slot-number

‌

Session-based NetStream configuration examples

Example: Configuring session-based NetStream data export

Network configuration

As shown in Figure 4:

1. Enable session-based NetStream in application aggregation mode on the device.

2. Configure the device to export the NetStream traffic statistics to UDP port 5000 on the NetStream server.

Figure 4 Network diagram

Procedure

1. Specify the session-based NetStream mode for the NetStream interface module. Save the configuration and reboot the device. (Details not shown.) This example uses the internal interface Ten-GigabitEthernet 1/1/5 of the NetStream interface module.

2. Enable session-based NetStream.

<Device> system-view

[Device] session-based netstream enable

3. Specify 12.110.2.2 as the IP address of the destination host and UDP port 5000 as the export destination port number.

[Device] session-based netstream export host 12.110.2.2 5000

4. Create an IPv4 advanced ACL numbered 3000, and configure a rule to match all IPv4 packets.

[Device] acl advanced 3000

[Device-acl-ipv4-adv-3000] rule permit ip

[Device-acl-ipv4-adv-3000] quit

5. Create a traffic class named c and use ACL 3000 as the match criterion in the traffic class.

[Device] traffic classifier c

[Device-classifier-c] if-match acl 3000

[Device-classifier-c] quit

6. Create a traffic behavior named b, and configure the action of copying packets to the internal interface Ten-GigabitEthernet 1/1/5 of the NetStream interface module.

[Device] traffic behavior b

[Device-behavior-b] mirror-to interface ten-gigabitethernet 1/1/5

[Device-behavior-b] quit

7. Create a QoS policy named p, and associate traffic class c with traffic behavior b in the QoS policy.

[Device] qos policy p

[Device-qospolicy-p] classifier c behavior b

[Device-qospolicy-p] quit

8. Apply Qos policy p to the incoming traffic globally.

[Device] qos apply policy p global inbound

Verifying the configuration

# Display session-based NetStream statistics in session aggregation mode.

<Device> display session-based netstream aggregation-cache session

Active entries :1

Timeout time for session-based NetStream entries :5

Session-timeout time for session-based NetStream entries :400

SrcMAC DstMAC SrcIP DstIP SrcPort DstPort

InPkts InBytes OutPkts OutBytes Pro LogType

0001-0001-0001 0002-0002-0002 192.168.1.1 192.168.2.1 4000 5000

4 240 4 240 6 0x1

# Display the configuration of ACL 3000.

<Device> display acl 3000

Advanced IPv4 ACL 3000, 1 rule,

ACL's step is 5, start ID is 0

rule 0 permit ip

# Display the configuration of NetStream flow mirroring.

<Device> display qos policy global inbound

Direction: Inbound

Policy: p

Classifier: c

Operator: AND

Rule(s) :

If-match acl 3000

Behavior: b

Mirroring:

Mirror to the interface: Ten-GigabitEthernet1/1/5

11-Network Management and Monitoring Configuration Guide

Periodical aging

Forced aging

Traditional data export

NetStream export formats

NetStream sampling

Protocols and standards

About this task

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

Configuring NetStream flow aging

Configuring forced flow aging

Display and maintenance commands for NetStream

NetStream configuration examples

Network configuration

Procedure

Verifying the configuration

Configuring session-based NetStream

About this task

Restrictions and guidelines

Procedure

Network configuration

Procedure

Verifying the configuration

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us