Login
- Table of Contents
-
- 02-Typical configuration example
- 01-AAA_Configuration_Examples
- 02-ACL_Configuration_Examples
- 03-ATM_Configuration_Examples
- 04-IGMP_Configuration_Examples
- 05-IP_Source_Guard_Configuration_Examples
- 06-Ethernet_OAM_Configuration_Examples
- 07-NQA_Configuration_Examples
- 08-QinQ_Configuration_Examples
- 09-OSPF_Configuration_Examples
- 10-MPLS_TE_Configuration_Examples
- 11-OpenFlow_Configuration_Examples
- 12-NAT_Configuration_Examples
- 13-RBAC_Configuration_Examples
- 14-IRF_Configuration_Examples
- 15-POS_Interface_Configuration_Examples
- 16-CPOS_Interface_Configuration_Examples
- 17-DLDP_Configuration_Examples
- 18-IS-IS_Configuration_Examples
- 19-MPLS_L3VPN_Configuration_Examples
- 20-SSH_Configuration_Examples
- 21-Login_Management_Configuration_Examples
- 22-SNMP_Configuration_Examples
- 23-Priority_Marking_and_Queue_Scheduling_Configuration_Examples
- 24-Multicast_VPN_Configuration_Examples
- 25-BGP_Configuration_Examples
- 26-HoVPN_Configuration_Examples
- 27-L2TP_Configuration_Examples
- 28-VRRP_Configuration_Examples
- 29-Traffic_Filtering_Configuration_Examples
- 30-Samplers_and_IPv4_NetStream_Configuration_Examples
- 31-Software_Upgrade_Examples
- 32-MPLS_L2VPN_Configuration_Examples
- 33-NetStream_Configuration_Examples
- 34-Policy-Based_Routing_Configuration_Examples
- 35-Traffic_Policing_Configuration_Examples
- 36-BFD_Configuration_Examples
- 37-OSPFv3_Configuration_Examples
- 38-VPLS_Configuration_Examples
- 39-GTS_and_Rate_Limiting_Configuration_Examples
- 40-IPv6_IS-IS_Configuration_Examples
- 41-MPLS OAM_Configuration_Examples
- 42-BGP_Route_Selection_Configuration_Examples
- 43-IS-IS_Route_Summarization_Configuration_Examples
- 44-Attack_Protection_Configuration_Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 33-NetStream_Configuration_Examples | 373.52 KB |
General restrictions and guidelines
Example: Configuring IPv4 NetStream
Configuring the NetStream server
Example: Configuring IPv6 NetStream
Configuring the NetStream server
Introduction
This document provides IPv4 NetStream and IPv6 NetStream configuration examples.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of NetStream.
General restrictions and guidelines
· Support for the feature depends on cards. For more information, see the configuration guides for the device.
· NetStream flow mirroring supports mirroring traffic only to the current interface module.
Example: Configuring IPv4 NetStream
Network configuration
As shown in Figure 1, configure IPv4 NetStream on the gateway to monitor traffic and user behavior of internal users in the education areas.
Restrictions and guidelines
When you configure IPv4 NetStream, follow these restrictions and guidelines:
· You must specify the UDP port number of the NetStream server as the destination UDP port for NetStream data export.
· In this example, the NetStream server runs IMC PLAT 7.0 (E0202).
Procedures
Configuring the gateway
[Gateway] ip netstream
# Set the aging timer for active flows to 1 minute.
[Gateway] ip netstream timeout active 1
# Configure a QoS policy to mirror all IPv4 traffic to interface Ten-GigabitEthernet 3/1/1.
[Gateway] acl advanced 3000
[Gateway-acl-ipv4-adv-3000] rule 0 permit ip
[Gateway-acl-ipv4-adv-3000] quit
[Gateway] traffic classifier ns_ipv4
[Gateway-classifier-ns_ipv4] if-match acl 3000
[Gateway-classifier-ns_ipv4] quit
[Gateway] traffic behavior ns_ipv4
[Gateway-behavior-ns_ipv4] mirror-to local
[Gateway-behavior-ns_ipv4] quit
[Gateway] qos policy ns_ipv4
[Gateway-qospolicy-ns_ipv4] classifier ns_ipv4 behavior ns_ipv4
[Gateway-qospolicy-ns_ipv4] quit
# Apply QoS policy ns_ipv4 to the inbound direction of interface Ten-GigabitEthernet 3/1/1.
[Gateway] interface ten-gigabitethernet 3/1/1
[Gateway- Ten-GigabitEthernet3/1/1] qos apply policy ns_ipv4 inbound
[Gateway- Ten-GigabitEthernet3/1/1] quit
# Specify 10.1.1.2 as the IP address of the destination host and UDP port 5000 as the export destination port number.
[Gateway] ip netstream export host 10.1.1.2 5000
Configuring the NetStream server
Adding the gateway to the NetStream server
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Device Management.
4. In the Device List area, click Add.
5. Add the gateway, as shown in Figure 2.
Deploying the server configuration
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Server Management.
4. In the Server List area, click the Modify icon
.
5. Configure the NetStream server parameters, as shown in Figure 3.
6. Click Deploy.
Figure 3 Deploying the server configuration
Adding an interface traffic analysis task
You can add multiple types of traffic analysis tasks. This example uses the interface traffic analysis task type.
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Traffic Analysis Task Management.
4. In the Traffic Analysis Task List area, click Add.
5. In the Select Task Type area, select Interface, and click Next.
6. Configure basic task parameters, select interfaces, and click OK, as shown in Figure 4.
Figure 4 Adding an interface traffic analysis task
Verifying the configuration
1. Verify that the gateway exports NetStream data to the NetStream server.
[Gateway] display ip netstream export
IP export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 10.1.1.2 (5000)
Version 5 exported flow number : 0
Version 5 exported UDP datagrams number (failed): 0 (0)
Version 9 exported flow number : 10
Version 9 exported UDP datagrams number (failed): 10 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
IPL2 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 10.1.1.2 (5000)
Version 9 exported flow number : 0
Version 9 exported UDP datagram number (failed) : 0 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
2. Display the report of an interface traffic analysis task:
a. Click the Service tab.
b. From the navigation tree, select Traffic Analysis and Audit > Interface Traffic Analysis Task.
c. Click the Expand icon next to Interface Traffic Analysis Task, and select interface from the shortcut menu.
The Traffic tab page displays interface traffic statistics for the task, as shown in Figure 5.
Figure 5 Interface traffic analysis
Configuration files
ip netstream
ip netstream timeout active 1
ip netstream export host 10.1.1.2 5000
#
traffic classifier ns_ipv4 operator and
if-match acl 3000
#
traffic behavior ns_ipv4
mirror-to local
#
qos policy ns_ipv4
classifier ns_ipv4 behavior ns_ipv4
#
interface Ten-GigabitEthernet3/1/1
qos apply policy ns_ipv4 inbound
#
acl advanced 3000
rule 0 permit ip
#
Example: Configuring IPv6 NetStream
Network configuration
As shown in Figure 6, configure IPv6 NetStream on the gateway to monitor traffic and user behavior of internal users in the education areas.
Restrictions and guidelines
When you configure IPv6 NetStream, follow these restrictions and guidelines:
· You must specify the UDP port number of the NetStream server as the destination UDP port for IPv6 NetStream data export.
· In this example, the NetStream server runs IMC PLAT 7.0 (E0202).
Procedures
Configuring the gateway
# Assign an IP address to the NetStream server. Make sure the gateway and NetStream server can reach each other. (Details not shown.)
# Enable IPv6 NetStream globally.
<Gateway> system-view
[Gateway] ipv6 netstream
# Set the aging timer for active flows to 1 minute.
[Gateway] ipv6 netstream timeout active 1
# Configure a QoS policy to mirror all IPv6 traffic to interface Ten-GigabitEthernet 3/1/1.
[Gateway] acl ipv6 advanced 3000
[Gateway-acl-ipv6-adv-3000] rule 0 permit ipv6
[Gateway-acl-ipv6-adv-3000] quit
[Gateway] traffic classifier ns_ipv6
[Gateway-classifier-ns_ipv6] if-match acl ipv6 3000
[Gateway-classifier-ns_ipv6] quit
[Gateway] traffic behavior ns_ipv6
[Gateway-behavior-ns_ipv6] mirror-to local
[Gateway-behavior-ns_ipv6] quit
[Gateway] qos policy ns_ipv6
[Gateway-qospolicy-ns_ipv6] classifier ns_ipv6 behavior ns_ipv6
[Gateway-qospolicy-ns_ipv6] quit
# Apply QoS policy ns_ipv6 to the inbound direction of Ten-GigabitEthernet 3/1/1.
[Gateway] interface ten-gigabitethernet 3/1/1
[Gateway-Ten-GigabitEthernet3/1/1] qos apply policy ns_ipv6 inbound
[Gateway-Ten-GigabitEthernet3/1/1] quit
# Specify 22.1.1.2 as the IPv6 address of the destination host and UDP port 5000 as the export destination port number.
[Gateway] ipv6 netstream export host 22.1.1.2 5000
Configuring the NetStream server
Adding the gateway to the NetStream server
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Device Management.
4. In the Device List area, click Add.
5. Add the gateway, as shown in Figure 7.
Deploying the server configuration
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Server Management.
4. In the Server List area, click the Modify icon
.
5. Configure the NetStream server parameters, as shown in Figure 8.
6. Click Deploy.
Figure 8 Deploying the server configuration
Adding an interface traffic analysis task
You can add multiple types of traffic analysis tasks. This example uses the interface traffic analysis task type.
1. Click the Service tab.
2. From the navigation tree, select Traffic Analysis and Audit > Settings.
3. In the Guide to Quick Traffic Analysis And Audit Configuration area, click Traffic Analysis Task Management.
4. In the Traffic Analysis Task List area, click Add.
5. In the Select Task Type area, select Interface, and click Next.
6. Configure basic task parameters, select interfaces, and click OK, as shown in Figure 9.
Figure 9 Adding an interface traffic analysis task
Verifying the configuration
1. Verify that the gateway exports IPv6 NetStream data to the NetStream server.
[Gateway] display ipv6 netstream export
IPv6 export information:
Flow source interface : Not specified
Flow destination VPN instance : Not specified
Flow destination IP address (UDP) : 22.1.1.2 (5000)
Version 9 exported flow number : 10
Version 9 exported UDP datagram number (failed) : 10 (0)
Version 10 exported flow number : 0
Version 10 exported UDP datagram number (failed): 0 (0)
2. Display the report of an interface traffic analysis task:
a. Click the Service tab.
b. From the navigation tree, select Traffic Analysis and Audit > Interface Traffic Analysis Task.
c. Click the Expand icon next to Interface Traffic Analysis Task, and select interface from the shortcut menu.
The Traffic tab page displays interface traffic statistics for the task, as shown in Figure 10.
Figure 10 Interface traffic analysis
Configuration files
#
ipv6 netstream
ipv6 netstream timeout active 1
ipv6 netstream export host 22.1.1.2 5000
#
traffic classifier ns_ipv6 operator and
if-match acl ipv6 3000
#
traffic behavior ns_ipv6
mirror-to local
#
qos policy ns_ipv6
classifier ns_ipv6 behavior ns_ipv6
#
interface Ten-GigabitEthernet3/1/1
qos apply policy ns_ipv6 inbound
#
acl ipv6 advanced 3000
rule 0 permit ipv6
#
ipv6 netstream export host 22.1.1.2 5000
ipv6 netstream export source interface GigabitEthernet1/0/2
Related documentation
· H3C CR16000-F Routers Network Management and Monitoring Configuration Guide-R8385P09
· H3C CR16000-F Routers Network Management and Monitoring Command Reference-R8385P09
