Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Traffic Monitoring Through sFlow in U-Center 5.0 Configuration Examples | 870.96 KB |
Traffic Monitoring Through sFlow in U-Center 5.0
Configuration Examples
Document version: 5W100-20250827
Copyright © 2025 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Adding an interface traffic analysis task
Viewing interface traffic analysis data
Configure the firewall correctly
Introduction
U-Center 5.0 traffic monitoring supports monitoring interface traffic, VLAN traffic, application and host traffic, and inter-service traffic through sFlow logs. It provides reports based on traffic, applications, source hosts, destination hosts, and sessions. This feature helps network administrators understand and master the network's operating conditions, such as which services are running in the network, which data flows affect the network's operation, how network resources are deployed, and which users need control. Therefore, comprehensive management of network operations, planning, and analysis is achieved.
Usage guidelines
Prerequisites
· Install and deploy Unified Platform, U-Center 5.0 UCP, NTA, and NSM components.
· Devices such as routers and switches support the NetStream and NetFlow log sending function.
· Make sure the devices can communicate with the system.
· Before using sFlow logs for network traffic analysis with U-Center NTA 5.0, you must first enable the sFlow function on the sFlow device (sFlow agent) monitoring the traffic. Then, log in to the device and use the commands provided by the device.
Restrictions and guidelines
· U-Center NTA 5.0 currently only supports sFlow Version 5. Traffic analysis cannot be performed for devices that only support sFlow Version 4 or other versions.
· U-Center NTA 5.0 currently analyzes only Flow sampling data in sFlow and does not support analysis of counter sampling data. Make sure the Flow sampling is enabled on your device.
· By default, sFlow logs use port 6343, and you must change it to port 9020.
· U-Center NTA 5.0 currently analyzes and processes IPv4 and IPv6 packets encapsulated in Raw Packet Header data as well as IPv4 and IPv6 packets encapsulated using MPLS, VLAN, PPB, and VPLS. Other packet formats are not supported.
· The deployment nodes and traffic reporting nodes for the NTA component match those of the UCP component.
· The NTA device configuration varies by UCP deployment scenario.
¡ Full node deployment: UCP is deployed on all relevant nodes. In this case, you can configure a northbound IP address for all devices to enable comprehensive traffic monitoring and management, facilitating traffic analysis by the NTA component.
¡ Single-node deployment: UCP is deployed on one node only. In this case, due to the impact of UCP tags, only the IP address for that specific node can be configured.
Configuration example
sFlow operating mechanism
As shown in Figure 1, the sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector. The sFlow agent collects interface counter information and packet information and encapsulates the sampled information in sFlow packets. When the sFlow packet buffer is full, or the aging timer (fixed to 1 second) expires, the sFlow agent encapsulates the sFlow packets in the UDP datagrams and sends the UDP datagrams to the specified sFlow collector. The sFlow collector analyzes the information and displays the results. One sFlow collector can monitor multiple sFlow agents.
sFlow provides the following sampling mechanisms:
· Flow sampling—Obtains packet information.
· Counter sampling—Obtains interface counter information.
Figure 1 sFlow operating mechanism
U-Center NTA 5.0 acts as the sFlow collector in the sFlow system and supports monitoring network traffic from multiple sFlow devices simultaneously. Although sFlow supports both flow sampling and counter sampling mechanisms, U-Center NTA 5.0 currently only processes data from flow sampling. Therefore, to analyze sFlow logs for network traffic using U-Center NTA 5.0, you must configure flow sampling on devices.
Network configuration
Before using sFlow logs for network traffic analysis with U-Center NTA 5.0, you must first enable the sFlow function on the sFlow device (sFlow agent) monitoring the traffic. Then, log in to the device and use the commands provided by the device.
The command lines used to configure sFlow vary by device model. This example introduces commands supported by most devices. For specific configurations, see the command reference for that model.
As shown in Figure 2. perform the following tasks:
· Configure flow sampling in random mode on GigabitEthernet 1/0/1 to monitor traffic on the port.
· Configure the device to send sampled information in sFlow packets through to the U-Center NTA 5.0 server (sFlow collector).
The server and device version information is as follows:
· Unified Platform versions: UDTP (E7103), BMP (E7103)
· U-Center versions: NTA (E7102), UCP (E7102), NSM_Res (E7102)
Switch software version: H3C Comware Platform Software, Software Version 5.20, Release 1809P11
Configuring the sFlow device
1. Assign an IP address to each interface, as shown in Figure 2. (Details not shown.)
2. Configure sFlow agent and sFlow collector information.
a. Configure an IP address for the sFlow agent.
<Device> system-view</Device>
[Device] sflow agent ip 3.3.3.1
b. Configure information about the sFlow collector: Specify the sFlow collector ID as 1, IP address as 3.3.3.2, port number as 9020, and description as netserver.
[Device] sflow collector 1 ip 3.3.3.2 port 9020 description netserver
3. On GigabitEthernet 1/0/1, enable flow sampling and set the flow sampling mode to random and sampling interval to 4000.
[Device-GigabitEthernet1/0/1] sflow sampling-mode random
[Device-GigabitEthernet1/0/1] sflow sampling-rate 4000
4. Specify sFlow collector 1 for flow sampling
[Device-GigabitEthernet1/0/1] sflow flow collector 1
5. # Verify the following items:
¡ GigabitEthernet 1/0/1 enabled with sFlow is active.
¡ The counter sampling interval is 120 seconds.
¡ The flow sampling interval is 32768 (one packet is sampled from every 32768 packets).
[Device-GigabitEthernet1/0/1] ] display sflow
sFlow datagram version: 5
Global information:
Agent IP: 3.3.3.1(CLI)
Source address:
Collector information:
ID IP Port Aging Size VPN-instance Description
1 3.3.3.2 9020 N/A 1400 netserver
Port information:
Interface CID Interval(s) FID MaxHLen Rate Mode Status
GE1/0/1 1 120 1 128 4000 Random Active
Configuring U-Center 5.0
Adding devices
1. Log in to U-Center. 5.0 Click the Monitor tab. From the left navigation pane, select Network Traffic Monitor > Traffic Configuration.
2. Click the Device Management link.
3. Click Add. Configure the following basic information, as shown in Figure 3:
4. You can add devices by using either of the following methods:
¡ Manually add a device: Enter the IP address and device name, and click Select Parameter Template to select or add a parameter template. In this example, a device is added manually. The IP address is 192.167.1.142, and the device name is Switch142.
¡ Select devices from the list: Click Select Device to select devices.
5. Device Description: Enter a description. In this example, no description is entered.
6. SNMP Parameters: Click Select Parameter Template to select or add an SNMP template. In this example, SNMP template SNMPv2c_Config_Template is selected.
7. NetStream Flow Identifier: This option is enabled by default. In this example, the default is used.
8. NetStream New Feature: This option is enabled by default. In this example, the default is used.
9. Click OK to add the device.
Adding an interface traffic analysis task
1. Click the Monitor tab. From the left navigation pane, select Network Traffic Monitor > Interface Traffic.
2. On the Interface Traffic page, click Add to add an interface traffic analysis task, as shown in Figure 4.
Figure 4 Adding an interface traffic analysis task
3. Configure the following basic information:
¡ Name: In this example, sflow is entered.
¡ VLAN/VXLAN Traffic Analysis: With this parameter enabled, you can view VLAN/VXLAN traffic details of an interface in the interface traffic report. By default, this parameter is disabled. In this example, the default setting is used.
¡ Threshold Alarming: To enable threshold alarming on the page for adding an interface traffic analysis task, you must first enable threshold alarming on the Network Traffic Monitor > Traffic Configuration > Parameters page. By default, this parameter is disabled. In this example, the default setting is used.
¡ Baseline Analysis: To configure baseline analysis on the page for adding an interface traffic analysis task, you must first enable baseline analysis on the Network Traffic Monitor > Traffic Configuration > Parameters page. By default, this parameter is disabled. In this example, the default setting is used.
|
|
NOTE: For configuration on the Parameters page, see the online help. Ensure all necessary configurations are completed before enabling the related functions. |
4. Click Select Interfaces. The Select Interfaces page opens. You can select interfaces by using either of the following methods:
¡ Automatically obtain: Select interfaces and then click OK. In this example, this method is used.
¡ Manually configure: Configure the device information, interface name, interface index, interface alias, interface label, maximum rate, and then click OK.
5. Click OK to add the interface traffic analysis task, as shown Figure 5.
Figure 5 Interface traffic analysis task list
Verifying the configuration
Viewing interface traffic analysis data
1. Click the Monitor tab. From the left navigation pane, select Network Traffic Monitor > Interface Traffic. On the page, you can view traffic information for each interface traffic analysis task, including the alarm state, interface count, number of abnormal interfaces, inbound traffic size, outbound traffic size, and link usage.
2. Click the sflow link to view its traffic analysis information. The Traffic tab is displayed by default, as shown in Figure 6.
Figure 6 Interface analysis report for sflow
3. Click the Application tab to view the application analysis report for sflow, as shown in Figure 7.
Figure 7 Application analysis report for sflow
4. Click the Source tab to view the source host analysis report for sflow, as shown in Figure 8.
Figure 8 Source host-based traffic analysis report
5. Click the Destination tab to view the destination host-based analysis report for sflow, as shown in Figure 9.
Figure 9 Destination host-based analysis report for sflow
6. Click the Session tab to view the session-based analysis report for sflow, as shown in Figure 10.
Figure 10 Session-based analysis report for sflow
Troubleshooting
After an sFlow device is added in U-Center NTA 5.0, there is still no data in the interface traffic analysis task after a period of time. What could be the cause?
Configure the firewall correctly
1. Log in to the Linux server with NTA installed and execute the setup command. Click Firewall Configuration.
2. Select Run Tool and press Enter to identify whether the Linux firewall is enabled. If the Linux firewall is enabled, disable the firewall or select Customize to allow sFlow log messages to pass through.
Analysis
Solution 1
The issue might be due to a connectivity issue between the U-Center NTA 5.0 server and the sFlow device or due to the presence of a firewall. Check the network status based on the networking situation to ensure smooth connectivity and allow sFlow packets to be transmitted through the network.
Solution 2
Make sure the device has the sFlow function enabled. If it is not, see section "Configuring the sFlow device" to enable sFlow.
Solution 3
Make sure the U-Center NTA 5.0 server and the database server have the same time and time zone.
