Login
- Table of Contents
-
- 15-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-iNQA configuration
- 04-iFIT configuration
- 05-SRPM configuration
- 06-NTP configuration
- 07-PTP configuration
- 08-Network synchronization configuration
- 09-SNMP configuration
- 10-RMON configuration
- 11-NETCONF configuration
- 12-CWMP configuration
- 13-EAA configuration
- 14-Process monitoring and maintenance configuration
- 15-Sampler configuration
- 16-Mirroring configuration
- 17-NetStream configuration
- 18-IPv6 NetStream configuration
- 19-TCP connection trace configuration
- 20-Performance management configuration
- 21-Fast log output configuration
- 22-Flow log configuration
- 23-Information center configuration
- 24-Packet capture configuration
- 25-Flow monitor configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 25-Flow monitor configuration | 116.33 KB |
Flow monitor tasks at a glance
Prerequisites for flow monitor
Restrictions and guidelines: flow monitor configuration
Freezing the flow monitor table
About adding flow monitor entries
Adding an IP flow monitor entry
Adding an MPLS flow monitor entry
About flow monitor entry deletion
Deleting an IP flow monitor entry
Deleting an MPLS flow monitor entry
Bulk deleting flow monitor entries
Deleting illegitimate flow monitor entries
Display and maintenance commands for flow monitor
Flow monitor configuration examples
Example: Configuring flow monitor
Configuring flow monitor
About flow monitor
Flow monitor is a traffic monitoring feature that provides basic traffic flow statistics and helps you quickly identify sources of illegitimate traffic flows.
Flow monitor table
The flow monitor feature automatically imports flow data from NetStream to the flow monitor table and allows you to manually add and delete flow monitor entries. A flow monitor entry in this table can be of the IP or MPLS type and records the following information of a traffic flow:
· Source and destination IPv4 addresses.
· IP protocol number.
· Inbound or outbound traffic direction.
· Interface that the traffic passes through.
· MPLS L3VPN (optional).
For more information about NetStream, see "Configuring NetStream."
Flow monitor table freezing
After the flow monitor table records information about all legitimate traffic flows in your network, you can perform the fix operation to freeze the table.
· Before you perform this operation, all flow monitor entries, automatically or manually added, are legitimate and in Unfixed state.
· After you perform this operation, the existing flow monitor entries are legitimate, and their state changes to Fixed. All new flow monitor entries generated based on new flow data are illegitimate (or invalid).
Flow monitor only records illegitimate entries. The device does not make forwarding decisions based on flow monitor table entries. To take action on the packets of an illegitimate flow, for example, to drop the packets, you must use features such as the packet filter.
Flow monitor tasks at a glance
2. (Optional.) Freezing the flow monitor table
3. (Optional.) Adding a flow monitor entry
¡ Adding an IP flow monitor entry
¡ Adding an MPLS flow monitor entry
4. (Optional.) Deleting flow monitor entries
¡ Deleting an IP flow monitor entry
¡ Deleting an MPLS flow monitor entry
¡ Bulk deleting flow monitor entries
¡ Deleting illegitimate flow monitor entries
Prerequisites for flow monitor
Before you configure flow monitor, enable NetStream in the desired direction.
Restrictions and guidelines: flow monitor configuration
For modules that support the hardware NetStream feature, if you configure both the hardware NetStream and flow monitor features, only the hardware NetStream feature takes effect. For example, if you first configure the flow monitor feature and then the hardware NetStream feature, the flow monitor feature will lose effect. To restore the flow monitor feature, you must first disable the hardware NetStream feature, and the flow monitor feature will automatically become active again. For more information about the hardware NetStream feature, see NetStream configuration.
Enabling flow monitor
Restrictions and guidelines
Make sure flow monitor is enabled in the same traffic direction as NetStream.
Procedure
1. Enter system view.
system-view
2. Enable flow monitor.
flow-monitor { inbound | outbound }
By default, flow monitor is disabled.
Freezing the flow monitor table
1. Enter system view.
system-view
2. Freeze the flow monitor table.
In standalone mode:
flow-monitor fixup [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
flow-monitor fixup [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
By default, the flow monitor table is in unfixed state.
Adding a flow monitor entry
About adding flow monitor entries
You can add IP and MPLS flow monitor entries before or after you freeze the flow monitor table.
· If no freeze operation has been performed, the entry you add is in Unfixed state.
· If the operation has been performed, the entry you add is in Fixed state. If the entry has already been identified as an illegitimate entry, the system automatically removes the entry from the illegitimate entry list.
Adding an IP flow monitor entry
1. Enter system view.
system-view
2. Add an IP flow monitor entry.
In standalone mode:
flow-monitor add ip source source-address destination dest-address protocol protocol-number interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
flow-monitor add ip source source-address destination dest-address protocol protocol-number interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
By default, no IP flow monitor entries exist.
Adding an MPLS flow monitor entry
1. Enter system view.
system-view
2. Add an MPLS flow monitor entry.
In standalone mode:
flow-monitor add mpls label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] [ source source-address destination dest-address protocol protocol-number ] interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
flow-monitor add mpls label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] [ source source-address destination dest-address protocol protocol-number ] interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
By default, no MPLS flow monitor entries exist.
Deleting flow monitor entries
About flow monitor entry deletion
You can delete unfixed entries from an unfrozen flow monitor table or delete fixed entries from a frozen flow monitor table.
Deleting an IP flow monitor entry
1. Enter system view.
system-view
2. Delete an IP flow monitor entry.
In standalone mode:
flow-monitor delete ip source source-address destination dest-address protocol protocol-number interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
flow-monitor delete ip source source-address destination dest-address protocol protocol-number interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Deleting an MPLS flow monitor entry
1. Enter system view.
system-view
2. Delete an MPLS flow monitor entry.
In standalone mode:
flow-monitor delete mpls label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] [ source source-address destination dest-address protocol protocol-number ] interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
flow-monitor delete mpls label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] [ source source-address destination dest-address protocol protocol-number ] interface interface-type interface-number { inbound | outbound } [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Bulk deleting flow monitor entries
1. Enter system view.
system-view
2. Bulk delete flow monitor entries.
In standalone mode:
reset flow-monitor entry [ ip | mpls ] [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
reset flow-monitor entry [ ip | mpls ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Deleting illegitimate flow monitor entries
1. Enter system view.
system-view
2. Delete illegitimate flow monitor entries.
In standalone mode:
reset flow-monitor entry invalid [ ip | mpls ] [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ] [ source slot source-slot-number [ cpu cpu-number ] ]
In IRF mode:
reset flow-monitor entry invalid [ ip | mpls ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] [ source chassis source-chassis-number slot source-slot-number [ cpu source-cpu-number ] ]
Display and maintenance commands for flow monitor
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display information about flow monitor entries. |
In standalone mode: display flow-monitor [ invalid ] [ verbose ] [ { ip | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] ] [ destination dest-address | interface interface-type interface-number | source source-address ] * [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display flow-monitor [ invalid ] [ verbose ] [ { ip | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] ] [ destination dest-address | interface interface-type interface-number | source source-address ] * [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
|
Clear flow monitor statistics. |
In standalone mode: reset flow-monitor statistics [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset flow-monitor statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
Flow monitor configuration examples
Example: Configuring flow monitor
Network configuration
As shown in Figure 1, configure flow monitor on the router to monitor the following traffic:
· Incoming traffic on Ten-GigabitEthernet 3/1/1.
· Outgoing traffic on Ten-GigabitEthernet 3/1/2 and Ten-GigabitEthernet 3/1/3.
Procedure
# Assign an IP address to each interface, as shown in Figure 1. (Details not shown.)
# Enable NetStream for incoming traffic on Ten-GigabitEthernet 3/1/1.
<Router> system-view
[Router] interface ten-gigabitethernet 3/1/1
[Router-Ten-GigabitEthernet3/1/1] ip netstream inbound
[Router-Ten-GigabitEthernet3/1/1] quit
# Enable NetStream for outgoing traffic on Ten-GigabitEthernet 3/1/2.
[Router] interface ten-gigabitethernet 3/1/2
[Router-Ten-GigabitEthernet3/1/2] ip netstream outbound
[Router-Ten-GigabitEthernet3/1/2] quit
# Enable NetStream for outgoing traffic on Ten-GigabitEthernet 3/1/3.
[Router] interface ten-gigabitethernet 3/1/3
[Router-Ten-GigabitEthernet3/1/3] ip netstream outbound
[Router-Ten-GigabitEthernet3/1/3] quit
# Enable flow monitor for incoming and outgoing traffic.
[Router] flow-monitor inbound
[Router] flow-monitor outbound
# Freeze the flow monitor table after the table has been populated with all legitimate entries.
[Router] flow-monitor fixup
# Add new legitimate flow monitor entries to the flow monitor table.
[Router] flow-monitor add ip source 192.168.40.2 destination 192.168.80.2 protocol 17 interface ten-gigabitethernet 3/1/2 outbound
[Router] flow-monitor add ip source 192.168.40.2 destination 192.168.80.2 protocol 17 interface ten-gigabitethernet 3/1/3 outbound
# Display flow monitor entries in the flow monitor table.
[Router] display flow-monitor
Total 11 matching IP flow monitor entries and 0 matching MPLS flow monitor entries.
State: Fixed
Type Source Destination Protocol Direction Interface VPN
Labels
-------------------------------------------------------------------------------
IP 192.168.40.2 192.168.80.2 17 Outbound XGE3/1/3
IP 192.168.40.2 192.168.80.2 17 outbound XGE3/1/2
IP 192.168.1.102 192.168.1.255 17 Inbound XGE3/1/1
IP 192.168.1.1 239.255.255.250 17 Outbound XGE3/1/2
IP 192.168.20.65 239.255.255.250 17 Inbound XGE3/1/1
IP 40.0.0.3 40.0.0.255 17 Inbound XGE3/1/1
IP 56.56.56.44 224.0.0.5 89 Outbound XGE3/1/3
IP 192.168.20.167 192.168.20.255 17 Outbound XGE3/1/2
IP 192.168.20.170 192.168.20.255 17 Inbound XGE3/1/1
IP 192.168.20.191 192.168.20.255 17 Outbound XGE3/1/2
IP 192.168.80.133 192.168.80.131 1 Outbound XGE3/1/3
# Delete a fixed flow monitor entry.
[Router] flow-monitor delete ip source 40.0.0.3 destination 40.0.0.255 protocol 17 interface ten-gigabitethernet 3/1/1 inbound
Verifying the configuration
# Verify that the flow monitor table is populated with only legitimate flow monitor entries.
[Router] display flow-monitor
Total 10 matching IP flow monitor entries and 0 matching MPLS flow monitor entries.
State: Fixed
Type Source Destination Protocol Direction Interface VPN
Labels
-------------------------------------------------------------------------------
IP 192.168.40.2 192.168.80.2 17 Outbound XGE3/1/3
IP 192.168.40.2 192.168.80.2 17 outbound XGE3/1/2
IP 192.168.1.102 192.168.1.255 17 Inbound XGE3/1/1
IP 192.168.1.1 239.255.255.250 17 Outbound XGE3/1/2
IP 192.168.20.65 239.255.255.250 17 Inbound XGE3/1/1
IP 56.56.56.44 224.0.0.5 89 Outbound XGE3/1/3
IP 192.168.20.167 192.168.20.255 17 Outbound XGE3/1/2
IP 192.168.20.170 192.168.20.255 17 Inbound XGE3/1/1
IP 192.168.20.191 192.168.20.255 17 Outbound XGE3/1/2
IP 192.168.80.133 192.168.80.131 1 Outbound XGE3/1/3
