Login
- Table of Contents
-
- 12-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-iNQA commands
- 04-NTP commands
- 05-PTP commands
- 06-SNMP commands
- 07-RMON commands
- 08-EPA commands
- 09-CWMP commands
- 10-EAA commands
- 11-Process monitoring and maintenance commands
- 12-Sampler commands
- 13-Mirroring commands
- 14-NetAnalysis commands
- 15-sFlow commands
- 16-Information center commands
- 17-Packet capture commands
- 18-VCF fabric commands
- 19-NetStream commands
- 20-IPv6 NetStream commands
- 21-eMDI commands
- 22-Performance management commands
- 23-SQA commands
- 24-TCP connection trace commands
- 25-SmartMC commands
- 26-NETCONF commands
- 27-ISDF commands
- 28-Quicknet commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 14-NetAnalysis commands | 306.85 KB |
NetAnalysis for RoCEv2 commands
display netanalysis rocev2 cache
display netanalysis rocev2 statistics
netanalysis rocev2 ai-ecn enable
netanalysis rocev2 drop global
netanalysis rocev2 report-interval
netanalysis rocev2 sampling-rate
netanalysis rocev2 timeout inactive
netanalysis rocev2 vxlan drop global
netanalysis rocev2 vxlan statistics
netanalysis rocev2 vxlan-ip drop global
netanalysis rocev2 vxlan-ip statistics
reset netanalysis rocev2 statistics
display netanalysis udp statistics
netanalysis udp identification block
netanalysis udp timeout inactive
reset netanalysis udp statistics
NetAnalysis unified flow commands
display netanalysis unified-flow
display netanalysis unified-flow isdf-detect event-log
reset netanalysis unified-flow
NetAnalysis commands
NetAnalysis for RoCEv2 commands
display netanalysis rocev2 cache
Use display netanalysis rocev2 cache to display the configuration and status of the RoCEv2 cache.
Syntax
display netanalysis rocev2 cache [ destination destination-ip | dstvxlan-id dstvxlan-id | source source-ip | srcvxlan-id srcxlan-id ]*
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
destination destination-ip: Specifies a server IP address.
dstvxlan-id dstvxlan-id: Specifies the destination VXLAN ID for the RoCEv2 flow. The value range of the dstvxlan-id argument is 0 to 16777215.
source source-ip: Specifies a client IP address.
srcvxlan-id srcvxlan-id: Specifies the source VXLAN ID for the RoCEv2 flow. The value range of the srcvxlan-id argument is 0 to 16777215.
Usage guidelines
The device uses the RoCEv2 cache to save RoCEv2 traffic statistics after receiving RoCEv2 flows. When an RoCEv2 flow ages out, the device deletes the related traffic statistics from the RoCEv2 cache.
Examples
# Display the configuration and status of the RoCEv2 cache when bidirectional mode is used for RoCEv2 traffic analysis.
<Sysname> display netanalysis rocev2 cache source 1.1.1.2 destination 2.2.2.1
NOTE:
S2D: source to destination D2S: destination to source
RTT: round trip time RPT: packet throughput in read mode
WPT: packet throughput in write mode SPT: packet throughput in send mode
I: input O: output L: local R: remote
NetAnalysis cache information:
--------------------------------------------------------------------------------
Flow created at Service type
Src IP Src QP S2D RTT S2D RPT S2D SPT/WPT
S2D NAK Pkts S2D Interface(I) S2D Interface(O)
S2D Src VXLAN ID S2D Dst VXLAN ID
Dst IP Dst QP D2S RTT D2S RPT D2S SPT/WPT
D2S NAK Pkts D2S Interface(I) D2S Interface(O)
D2S Src VXLAN ID D2S Dst VXLAN ID
--------------------------------------------------------------------------------
01/22/2019 09:08:15 RC
1.1.1.2 93309 50 11 11
2 XGE1/0/1(L) XGE1/0/2(L)
10 10
2.2.2.1 85353 50 11 11
8373 XGE1/0/2(L) XGE1/0/1(L)
10 10
Table 1 Command output
|
Field |
Description |
|
NOTE: S2D: source to destination D2S: destination to source RTT: round trip time RPT: packet throughput in read mode WPT: packet throughput in write mode SPT: packet throughput in send mode I: input O: output L: local R: remote |
Meanings of the acronyms: · S2D—Statistics about an RoCEv2 flow sent from a client to a server. · D2S—Statistics about an RoCEv2 flow sent from a server to a client. · RTT—RTT for an RoCEv2 flow. · RPT—Read packet throughput. · WPT—Write packet throughput. · SPT—Send packet throughput. · I—Incoming interface for an RoCEv2 flow. · O—Outgoing interface for an RoCEv2 flow. · L—Local interface. · R—Interface on an M-LAG peer. |
|
NetAnalysis cache information |
Configuration and status of the RoCEv2 cache. |
|
Flow created at |
Time when the RoCEv2 flow was created. |
|
Service type |
Service type of the RoCEv2 flow: · RC—Reliable connection. · UC—Unreliable connection. This type is not supported in the current software version. · RD—Reliable datagram. This type is not supported in the current software version. · UD—Unreliable datagram. · XRC—Extended reliable connection. This type is not supported in the current software version. |
|
Src IP |
Client IP address for the RoCEv2 flow. |
|
Dst IP |
Server IP address for the RoCEv2 flow. |
|
Src QP |
Client QP for the RoCEv2 flow. |
|
Dst QP |
Server QP for the RoCEv2 flow. |
|
S2D RPT |
Throughput in KBps for the Read packets sent from the client. |
|
D2S RPT |
Throughput in KBps for the Read packets sent from the server. If the RoCEv2 flow service type is UD, this field displays 0. |
|
S2D SPT/WPT |
Throughput in KBps for the Send and Write packets sent from the client. The value for this field might be inaccurate if the device is configured with the mirror-to cpu command or INT feature. |
|
D2S SPT/WPT |
Throughput in KBps for the Send and Write packets sent from the server. The value for this field might be inaccurate if the device is configured with the mirror-to cpu command or INT feature. If the RoCEv2 flow service type is UD, this field displays 0. |
|
S2D RTT |
RTT in nanoseconds for the RoCEv2 flow sent from the client. If the RoCEv2 flow service type is UD, this field displays 0. |
|
D2S RTT |
RTT in nanoseconds for the RoCEv2 flow sent from the server. If the RoCEv2 flow service type is UD, this field displays 0. |
|
S2D NAK Pkts |
Number of NAK packets sent from the client. Packet loss has occurred if this field is not 0. |
|
D2S NAK Pkts |
Number of NAK packets sent from the server. Packet loss has occurred if this field is not 0. |
|
S2D Interface(I) |
Incoming interface for the RoCEv2 flow sent from the client. |
|
S2D Interface(O) |
Outgoing interface for the RoCEv2 flow sent from the client. |
|
D2S Interface(I) |
Incoming interface for the RoCEv2 flow sent from the server. Packets sent by a loopback interface cannot carry physical interface information. If the RoCEv2 flow service type is UD, this field displays 0. |
|
D2S Interface(O) |
Outgoing interface for the RoCEv2 flow sent from the server. If the RoCEv2 flow service type is UD, this field displays 0. |
|
S2D Src VXLAN ID |
Source VXLAN ID of the RoCEv2 flow sent from the client. A value of N/A indicates non-VXLAN flow table. |
|
S2D Dst VXLAN ID |
Destination VXLAN ID for the RoCEv2 flow originating from the client. A value of N/A indicates non-VXLAN flow table. |
|
D2S Src VXLAN ID |
Source VXLAN ID for the RoCEv2 flow returned from the server. A value of N/A indicates non-VXLAN flow table. If the RoCEv2 flow service type is UD, this field displays 0. |
|
D2S Dst VXLAN ID |
Destination VXLAN ID for the RoCEv2 flow returned from the server. A value of N/A indicates non-VXLAN flow table. If the RoCEv2 flow service type is UD, this field displays 0. |
# Display the configuration and status of the RoCEv2 cache when unidirectional mode is used for RoCEv2 traffic analysis.
<sysname> display netanalysis rocev2 cache source 1.1.1.2 destination 2.2.2.1
NOTE:
RPT: packet throughput in read mode WPT: packet throughput in write mode
SPT: packet throughput in send mode
I: input O: output L: local R: remote
NetAnalysis cache information:
-----------------------------------------------------------------------------
Flow created at Service type
Src IP Dst IP Src QP Dst QP
Interface(I) Interface(O) RPT SPT/WPT
Src VXLAN ID Dst VXLAN ID
-----------------------------------------------------------------------------
01/22/2019 09:08:15 RC
1.1.1.2 2.2.2.1 N/A 8373
XGE1/0/1(L) XGE1/0/2(L) 11 11
10 10
Table 2 Command output
|
Field |
Description |
|
NOTE: RPT: packet throughput in read mode WPT: packet throughput in write mode SPT: packet throughput in send mode I: input O: output L: local R: remote |
Meanings of the acronyms: · RPT—Read packet throughput. · WPT—Write packet throughput. · SPT—Send packet throughput. · I—Incoming interface for an RoCEv2 flow. · O—Outgoing interface for an RoCEv2 flow. · L—Local interface. · R—Interface on an M-LAG peer. |
|
NetAnalysis cache information |
Configuration and status of the RoCEv2 cache. |
|
Flow created at |
Time when the RoCEv2 flow was created. |
|
Service type |
Service type of the RoCEv2 flow: · RC—Reliable connection. · UC—Unreliable connection. This type is not supported in the current software version. · RD—Reliable datagram. This type is not supported in the current software version. · UD—Unreliable datagram. · XRC—Extended reliable connection. This type is not supported in the current software version. |
|
Src IP |
Source IP address for the RoCEv2 flow. |
|
Dst IP |
Destination IP address for the RoCEv2 flow. |
|
Src QP |
Source QP for the RoCEv2 flow. |
|
Dst QP |
Destination QP for the RoCEv2 flow. |
|
RPT |
Throughput in KBps for Read packets. |
|
SPT/WPT |
Throughput in KBps for the Send and Write packets. The value for this field might be inaccurate if the device is configured with the mirror-to cpu command or INT feature. |
|
NAK Pkts |
Number of NAK packets. Packet loss has occurred if this field is not 0. |
|
Interface(I) |
Incoming interface for the RoCEv2 flow. |
|
Interface(O) |
Outgoing interface for the RoCEv2 flow. |
|
Src VXLAN ID |
Source VXLAN ID for the RoCEv2 flow. A value of N/A indicates non-VXLAN flow table. |
|
Dst VXLAN ID |
Destination VXLAN ID for the RoCEv2 flow. A value of N/A indicates non-VXLAN flow table. |
display netanalysis rocev2 statistics
Use display netanalysis rocev2 statistics to display RoCEv2 traffic statistics.
Syntax
display netanalysis rocev2 statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display RoCEv2 traffic statistics when bidirectional mode is used for RoCEv2 traffic analysis.
<Sysname> display netanalysis rocev2 statistics
Last statistics resetting time: Never
--------------------------------------------------------------------------------
Received packets: 1833088
--------------------------------------------------------------------------------
Type
Active Aged Created Reported
(Sessions) (Sessions) (Sessions) (Sessions)
--------------------------------------------------------------------------------
RoCEv2
2 0 2 10
--------------------------------------------------------------------------------
# Display RoCEv2 traffic statistics when unidirectional mode is used for RoCEv2 traffic analysis.
<Sysname> display netanalysis rocev2 statistics
Last statistics resetting time: Never
--------------------------------------------------------------------------------
Received packets: 2833088
--------------------------------------------------------------------------------
Type
Active Aged Created Reported
(Flows) (Flows) (Flows) (Flows)
--------------------------------------------------------------------------------
RoCEv2
4 0 2 20
--------------------------------------------------------------------------------
Table 3 Command output
|
Field |
Description |
|
Last statistics resetting time |
Time when the RoCEv2 traffic statistics were last cleared. |
|
Received packets |
Number of received RoCEv2 packets. |
|
Type |
Flow type. The current software version supports only the RoCEv2 flow type. |
|
Active (Flows) |
Number of active flows. |
|
Aged (Flows) |
Number of aged flows. |
|
Created (Flows) |
Number of created flows. |
|
Reported (Flows) |
Number of flows reported to the NDA. |
|
Active (Sessions) |
Number of active sessions. |
|
Aged (Sessions) |
Number of aged sessions. |
|
Created (Sessions) |
Number of created sessions. |
|
Reported (Sessions) |
Number of sessions reported to the NDA. |
Related commands
reset netanalysis rocev2 statistics
netanalysis rocev2 ai-ecn enable
Use netanalysis rocev2 ai-ecn enable to enable AI ECN for RoCEv2 traffic statistics collection.
Use undo netanalysis rocev2 ai-ecn enable to disable AI ECN for RoCEv2 traffic statistics collection.
Syntax
netanalysis rocev2 ai-ecn enable
undo netanalysis rocev2 ai-ecn enable
Default
AI ECN is disabled for RoCEv2 traffic statistics collection.
Views
System view
Predefined user roles
network-admin
Usage guidelines
AI ECN allows the device to collect RoCEv2 traffic statistics on a per-session basis on the outgoing interfaces for RoCEv2 traffic and send the RoCEv2 traffic statistics to the NDA. Based on the RoCEv2 traffic statistics, the NDA automatically adjusts the ECN threshold for lossless queues to ensure low latency and high throughput for lossless traffic. For more information about ECN, see QoS configuration in ACL and QoS Configuration Guide.
This feature is based on the global RoCEv2 traffic analysis. You must specify the global keyword for at least one of netanalysis rocev2 statistics, netanalysis rocev2 vxlan statistics, netanalysis rocev2 vxlan-ip statistics commands.
Examples
# Enable AI ECN for RoCEv2 traffic statistics collection.
<Sysname> system-view
[Sysname] netanalysis rocev2 ai-ecn enable
Related commands
netanalysis rocev2 mode
netanalysis rocev2 drop global
Use netanalysis rocev2 drop global to enable RoCEv2 packet loss analysis globally.
Use undo netanalysis rocev2 drop global to disable RoCEv2 packet loss analysis globally.
Syntax
netanalysis rocev2 drop global
undo netanalysis rocev2 drop global
Default
RoCEv2 packet loss analysis is disabled globally.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For RoCEv2 packet loss analysis to take effect, first enable bidirectional mode for RoCEv2 traffic analysis.
This command enables the device to perform RoCEv2 packet loss analysis for all received RoCEv2 packets.
To view RoCEv2 packet loss statistics, examine the S2D NAK Pkts and D2S NAK Pkts fields in the output from the display netanalysis rocev2 cache command.
Examples
# Enable RoCEv2 packet loss analysis globally.
<Sysname> system-view
[Sysname] netanalysis rocev2 drop global
Related commands
netanalysis rocev2 mode
netanalysis rocev2 mode
Use netanalysis rocev2 mode to set the mode of RoCEv2 traffic analysis.
Use undo netanalysis rocev2 mode to restore the default.
Syntax
netanalysis rocev2 mode { bidir | single } [ session ]
undo netanalysis rocev2 mode
Default
RoCEv2 traffic analysis is disabled, and the mode of RoCEv2 traffic analysis is not set.
Views
System view
Predefined user roles
network-admin
Parameters
bidir: Specifies bidirectional mode. In this mode, NetAnalysis collects RoCEv2 traffic statistics based on RoCEv2 sessions and provides the RTT and lost packet count for each RoCEv2 session.
single: Specifies unidirectional mode. In this mode, NetAnalysis collects RoCEv2 traffic statistics based on RoCEv2 flows and does not provides the flow-specific RTT or lost packet count.
session: Specifies session mode. In this mode, NetAnalysis collects RoCEv2 traffic statistics and analyze packet loss based on sessions
Usage guidelines
For NetAnalysis features to take effect, first set the mode of RoCEv2 traffic analysis.
When you change the mode of RoCEv2 traffic analysis, all NetAnalysis configuration and the RoCEv2 cache are cleared. Make sure you are fully aware of the impact of this operation when you perform it on a live network.
When multiple paths exist between an RDMA client and an RDMA server, set the mode of RoCEv2 traffic analysis as follows to ensure correct RoCEv2 traffic analysis:
· Enable bidirectional mode on the devices attached to the server and the client.
· Enable unidirectional mode on the intermediate devices.
If you set the bidirectional mode, the ACL specified in the netanalysis rocev2 statistics command must match both client-to-server traffic and server-to-client traffic.
When you specify the session keyword, the device analyzes RoCEv2 traffic based on session information (five-tuple and Opcode field) for NetAnalysis and packet loss, and sends the results to the NAP. In this case, you cannot configure NetAnalysis statistics or packet loss analysis separately on RoCEv2 traffic.
Examples
# Enable unidirectional RoCEv2 traffic analysis.
<Sysname> system-view
[Sysname] netanalysis rocev2 mode single
This operation will erase all the NetAnalysis configuration.
Continue?[Y/N]:y
# Enable bidirectional RoCEv2 traffic analysis.
<Sysname> system-view
[Sysname] netanalysis rocev2 mode bidir
This operation will erase all the NetAnalysis configuration.
Continue?[Y/N]:y
Related commands
netanalysis rocev2 statistics
netanalysis rocev2 report-interval
Use netanalysis rocev2 report-interval to set the interval for reporting RoCEv2 traffic statistics to the NDA.
Use undo netanalysis rocev2 report-interval to restore the default.
Syntax
netanalysis rocev2 report-interval interval
undo netanalysis rocev2 report-interval
Default
The device reports RoCEv2 traffic statistics to the NDA at an interval of 10 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Specifies an interval value in seconds, in the range of 5 to 500.
Usage guidelines
Use this command to adjust the interval at which the device reports RoCEv2 traffic statistics to the NDA.
Examples
# Configure the device to report RoCEv2 traffic statistics to the NDA at an interval of 15 seconds.
<Sysname> system-view
[Sysname] netanalysis rocev2 report-interval 15
netanalysis rocev2 sampling-rate
Use netanalysis rocev2 sampling-rate to set the sampling rate for RoCEv2 packets.
Use undo netanalysis rocev2 sampling-rate to restore the default.
Syntax
netanalysis rocev2 sampling-rate rate
undo netanalysis rocev2 sampling-rate
Default
No sampling rate is set for RoCEv2 packets.
Views
System view
Predefined user roles
network-admin
Parameters
rate rate: Specifies the sampling rate for RoCEv2 packets. The value range for the rate argument is 1 to 16384.
Usage guidelines
For the sampling rate to take effect, first set the mode of RoCEv2 traffic analysis.
A sampling rate allows the device to sample one packet from a number of RoCEv2 packets for analysis. For example, if you configure the sampling rate as 1000, the device samples 1 packet from 1000 RoCEv2 packets.
Examples
# Set the sampling rate for RoCEv2 packets to 1024.
<Sysname> system-view
[Sysname] netanalysis rocev2 sampling-rate 1024
Related commands
netanalysis rocev2 mode
netanalysis rocev2 statistics
Use netanalysis rocev2 statistics to enable RoCEv2 traffic statistics collection.
Use undo netanalysis rocev2 statistics to disable RoCEv2 traffic statistics collection.
Syntax
netanalysis rocev2 statistics { global | acl name acl-name }
undo netanalysis rocev2 statistics
Default
RoCEv2 traffic statistics collection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
global: Specifies all received RoCEv2 traffic.
acl name acl-name: Specifies an advanced ACL for filtering RoCEv2 traffic by its name, a case-insensitive string of 1 to 63 characters. The ACL name must begin with an uppercase or lowercase letter and cannot be all.
Usage guidelines
Use this command to enable NetAnalysis to analyze RoCEv2 traffic and send the analysis results to the NAP. You can use an ACL to match the RoCEv2 traffic of interest. The deny or permit action in the ACL does not take effect. NetAnalysis supports the following rules of advanced ACLs:
· Rule 1—Matches the UDP protocol and destination IPv4 address.
· Rule 2—Matches the UDP protocol and source IPv4 address.
· Rule 3—Matches the UDP protocol and source and destination IPv4 addresses.
To ensure correct collection and reporting of RoCEv2 traffic statistics, use the rules supported by NetAnalysis. For more information about ACLs, see ACL and QoS Configuration Guide.
If the specified ACL does not exist or does not contain any rules, this command does not take effect.
In an ACL, rules do not support the vpn-instance criterion, and the rule applies to both public network traffic and VPN traffic.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable NetAnalysis to collect statistics about all received RoCEv2 traffic.
<Sysname> system-view
[Sysname] netanalysis rocev2 statistics global
# Enable NetAnalysis to collect statistics about the received RoCEv2 traffic that matches ACL abc.
<Sysname> system-view
[Sysname] netanalysis rocev2 statistics acl name abc
netanalysis rocev2 timeout inactive
Use netanalysis rocev2 timeout inactive to set the aging timer for inactive RoCEv2 flows.
Use undo netanalysis rocev2 timeout inactive to restore the default.
Syntax
netanalysis rocev2 timeout inactive seconds
undo netanalysis rocev2 timeout inactive
Default
The aging timer for inactive RoCEv2 flows is set to 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the aging timer for inactive RoCEv2 flows, in seconds. The value range for this argument is 5 to 500 seconds.
Usage guidelines
When an inactive RoCEv2 flow ages out, the device outputs the related traffic statistics to the NDA and deletes these traffic statistics from the RoCEv2 cache.
Examples
# Set the aging timer for inactive RoCEv2 flows to 10 seconds.
<Sysname> system-view
[Sysname] netanalysis rocev2 timeout inactive 10
netanalysis rocev2 vxlan drop global
Use netanalysis rocev2 vxlan drop global to enable the global packet loss analysis feature for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Use undo netanalysis rocev2 vxlan drop global to disable the global packet loss analysis feature for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Syntax
netanalysis rocev2 vxlan drop global
undo netanalysis rocev2 vxlan drop global
Default
The global packet loss analysis feature is disabled for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For this feature to take effect, you must first set the mode of RoCEv2 traffic analysis to bidirectional.
In a VXLAN network with RoCEv2, ensuring zero packet loss for network traffic is crucial. You can configure this feature to analyze packet loss for decapsulated RoCEv2 traffic on intermediate nodes within the VXLAN tunnel.
You can execute the display netanalysis rocev2 cache command and view the S2D NAK Pkts and D2S NAK Pkts fields in the command output to view packet loss information.
Examples
# Enable the global packet loss analysis feature for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan drop global
Related commands
netanalysis rocev2 mode
netanalysis rocev2 vxlan statistics
Use netanalysis rocev2 vxlan statistics to enable the NetAnalysis statistics feature for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Use undo netanalysis rocev2 vxlan statistics to disable the NetAnalysis statistics feature for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Syntax
netanalysis rocev2 vxlan statistics { acl name acl-name | global }
undo netanalysis rocev2 vxlan statistics
Default
The NetAnalysis statistics feature is disabled for RoCEv2 traffic on VXLAN tunnel intermediate nodes.
Views
System view
Predefined user roles
network-admin
Parameters
acl name acl-name: Specifies the name of an advanced ACL. The acl-name represents the ACL name, a case-insensitive string of 1 to 63 characters. The string must start with a letter but cannot be all. If you do not specify this option, the command enables the statistics feature for all RoCEv2 flows on the intermediate nodes. If the specified ACL does not exist or the specified ACL does not contain valid rules, the configuration does not take effect and the command does not enable the statistics feature for any RoCEv2 flows on the intermediate nodes.
global: Enables NetAnalysis statistics for all RoCEv2 flows on the intermediate nodes.
Usage guidelines
Application scenarios
To understand and optimize network performance, and to enhance the transmission speed and reliability, you can configure the NetAnalysis statistics feature for RoCEv2 traffic within a VXLAN tunnel.
Operating mechanism
With this feature enabled, the device performs NetAnalysis statistical analysis on RoCEv2 traffic on VXLAN tunnel intermediate nodes. It characterizes each traffic flow's data, including volume, bandwidth, and latency, and uploads the analysis results to the Net-analysis Processor (NAP) for further processing.
Restrictions and guidelines
The specified RoCEv2 traffic is matched through ACL rules, but the designated deny or permit actions do not take effect. Currently, only the following advanced ACL rules are supported:
· rule1—Configures only the UDP protocol and destination IPv4 address.
· rule2—Configures only the UDP protocol and source IPv4 address.
· rule3—Configures only the UDP protocol, source IPv4 address, and destination IPv4 address.
Unsupported ACL rules do not take effect, preventing NAP from receiving the matched traffic flows. For more information about ACL rule configuration, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable the NetAnalysis statistics feature for RoCEv2 traffic matching ACL abc on VXLAN tunnel intermediate nodes
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan statistics acl name abc
# Enable the NetAnalysis statistics feature for all RoCEv2 traffic on VXLAN tunnel intermediate nodes.
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan statistics global
netanalysis rocev2 vxlan-ip drop global
Use netanalysis rocev2 vxlan-ip drop global to enable the global packet loss analysis feature for RoCEv2 traffic at the VXLAN tunnel edges.
Use undo netanalysis rocev2 vxlan-ip drop global to disable the global packet loss analysis feature for RoCEv2 traffic at the VXLAN tunnel edges.
Syntax
netanalysis rocev2 vxlan-ip drop global
undo netanalysis rocev2 vxlan-ip drop global
Default
The global packet loss analysis feature is disabled for RoCEv2 traffic at the VXLAN tunnel edges.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For this feature to take effect, you must first set the mode of RoCEv2 traffic analysis to bidirectional.
In a VXLAN network with RoCEv2, ensuring zero packet loss for network traffic is crucial. You can configure this feature to analyze packet loss for decapsulated RoCEv2 traffic at the edges of the VXLAN tunnel.
You can execute the display netanalysis rocev2 cache command and view the S2D NAK Pkts and D2S NAK Pkts fields in the command output to view packet loss information.
Examples
# Enable the global packet loss analysis feature for RoCEv2 traffic at the VXLAN tunnel edges.
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan-ip drop global
Related commands
netanalysis rocev2 mode
netanalysis rocev2 vxlan-ip statistics
Use netanalysis rocev2 vxlan-ip statistics to enable the NetAnalysis statistics feature for RoCEv2 traffic at the VXLAN tunnel edges.
Use undo netanalysis rocev2 vxlan-ip statistics to disable the NetAnalysis statistics feature for RoCEv2 traffic at the VXLAN tunnel edges.
Syntax
netanalysis rocev2 vxlan-ip statistics { acl name acl-name | global }
undo netanalysis rocev2 vxlan-ip statistics
Default
The NetAnalysis statistics feature is disabled for RoCEv2 traffic at the edges of a VXLAN tunnel.
Views
System view
Predefined user roles
network-admin
Parameters
acl name acl-name: Specifies the name of an advanced ACL. The acl-name represents the ACL name, a case-insensitive string of 1 to 63 characters. The string must start with a letter but cannot be all. If you do not specify this option, the command enables the statistics feature for all RoCEv2 flows at the VXLAN tunnel edges. If the specified ACL does not exist or the specified ACL does not contain valid rules, the configuration does not take effect and the command does not enable the statistics feature for any RoCEv2 flows at the VXLAN tunnel edges.
global: Enables NetAnalysis statistics for all RoCEv2 flows at the VXLAN tunnel edges.
Usage guidelines
Application scenarios
To understand and optimize network performance, and to enhance the transmission speed and reliability, you can configure the NetAnalysis statistics feature for RoCEv2 traffic within a VXLAN tunnel.
Operating mechanism
With this feature enabled, the device performs NetAnalysis statistical analysis on RoCEv2 traffic at VXLAN tunnel edges. It characterizes each traffic flow's data, including volume, bandwidth, and latency, and uploads the analysis results to the Net-analysis Processor (NAP) for further processing.
Restrictions and guidelines
The specified RoCEv2 traffic is matched through ACL rules, but the designated deny or permit actions do not take effect. Currently, only the following advanced ACL rules are supported:
· rule1—Configures only the UDP protocol and destination IPv4 address.
· rule2—Configures only the UDP protocol and source IPv4 address.
· rule3—Configures only the UDP protocol, source IPv4 address, and destination IPv4 address.
Unsupported ACL rules do not take effect, preventing NAP from receiving the matched traffic flows. For more information about ACL rule configuration, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable the NetAnalysis statistics feature for RoCEv2 traffic matching ACL abc at the VXLAN tunnel edges.
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan-ip statistics acl name abc
# Enable the NetAnalysis statistics feature for all RoCEv2 traffic at the VXLAN tunnel edges.
<Sysname> system-view
[Sysname] netanalysis rocev2 vxlan-ip statistics global
reset netanalysis rocev2 statistics
Use reset netanalysis rocev2 statistics to clear RoCEv2 traffic statistics.
Syntax
reset netanalysis rocev2 statistics
Views
User view
Predefined user roles
network-admin
Usage guidelines
Use this command to clear RoCEv2 traffic statistics if you want to collect RoCEv2 traffic statistics for a specific time period.
You cannot recover cleared RoCEv2 traffic statistics. Make sure you are fully aware of the impact of this command when you use it on a live network.
Examples
# Clear RoCEv2 traffic statistics.
<Sysname> reset netanalysis rocev2 statistics
Related commands
display netanalysis rocev2 statistics
NetAnalysis for UDP commands
display netanalysis udp cache
Use display netanalysis udp cache to display configuration and status of the UDP cache.
Syntax
display netanalysis udp cache [ destination destination-ip | interface interface-type interface-number | source source-ip | vni vxlan-id ]*
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
destination destination-ip: Specifies the IP address at the server end of the UDP flow.
interface interface-type interface-number: Specifies the ingress interface number of the UDP flow.
source source-ip: Specifies the IP address at the client end of the UDP flow.
vni vxlan-id: Specifies the VXLAN ID of the UDP flow, in the range of 1 to 16777215.
Usage guidelines
When the device receives UDP traffic, it does not immediately send NetAnalysis statistical information to the analyzer. Instead, it caches the statistical information in the UDP flow cache. The flow statistical information in the cache will be cleared after the inactive aging time of the UDP flow is reached.
Examples
# Display configuration and status of the UDP cache.
<sysname> display netanalysis udp cache source 1.1.1.2 destination 2.2.2.1
NetAnalysis cache information:
-----------------------------------------------------------------------------
Flow created at Direction
Src IP Dst IP Src Port Dst Port
Interface VNI Block Id Block Timestamp
Receive Packets Receive Bytes
-----------------------------------------------------------------------------
01/22/2019 09:08:15 inbound
1.1.1.2 2.2.2.1 1000 2000
XGE1/0/1 N/A 10 100000000
5000 6000000
Table 4 Command output
|
Field |
Description |
|
Direction |
UDP flow direction. |
|
Src IP |
Source IP address of the UDP flow. |
|
Dst IP |
Destination IP address of the UDP flow. |
|
Src Port |
Source port of the UDP flow. |
|
Dst Port |
Destination port of the UDP flow. |
|
Interface |
Ingress interface of the UDP flow. |
|
VNI |
VXLAN ID of the inner UDP packet encapsulated by VXLAN. |
|
Receive Packets |
Number of UDP packets within this block collected from the ingress interface of the UDP flow. |
|
Receive Bytes |
Bytes of UDP packets within this block collected from the ingress interface of the UDP flow. |
display netanalysis udp statistics
Use display netanalysis udp statistics to display UDP traffic statistics.
Syntax
display netanalysis udp statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display UDP traffic statistics.
<Sysname> display netanalysis udp statistics
Last statistics resetting time: Never
--------------------------------------------------------------------------------
Received packets: 2833088
--------------------------------------------------------------------------------
Type
Active Aged Created Reported
(Flows) (Flows) (Flows) (Flows)
--------------------------------------------------------------------------------
UDP
4 0 2 20
--------------------------------------------------------------------------------
Table 5 Command output
|
Field |
Description |
|
Last statistics resetting time |
Most recent time at which the UDP traffic statistics were cleared. |
|
Type |
Flow type. Only UDP is supported. |
|
Active (Flows) |
Number of active flows. |
|
Aged (Flows) |
Number of aged flows. |
|
Created (Flows) |
Number of created flows. |
|
Reported (Flows) |
Number of flows sent to the analyzer. |
Related commands
reset netanalysis udp statistics
netanalysis udp identification block
Use netanalysis udp identification block to specify the number of blocks for segment analysis of UDP traffic.
Use undo netanalysis udp identification block to restore the default.
Syntax
netanalysis udp identification block block-number
undo netanalysis udp identification block
Default
The number of blocks for segment analysis of UDP traffic is 256.
Views
System view
Predefined user roles
network-admin
Parameters
block-number: Specifies the number of blocks. Options include 4, 8, 16, 32, 64, 128, and 256.
Usage guidelines
NetAnalysis for UDP traffic performs analysis on UDP flows based on the Block granularity. Each UDP flow contains multiple UDP packets. With each packet sent, the Identification field increases by 1. The field value determines the UDP packet sequence number.
In a UDP flow, UDP packets have sequence numbers ranging from 0 to 65535. By segmenting the sequence numbers of UDP packets, a UDP flow can be divided into multiple blocks. For example, setting the number of blocks to 128 means dividing a UDP flow into 128 blocks, with UDP packets numbered 0 to 511 belonging to the first block.
The NAP creates a flow table for the received UDP block and analyzes all UDP packets contained in the block.
Do not configure this feature with RDMA Telemetry. If you fail to do so, this feature will affect RDMA Telemetry. For more information about RDMA Telemetry, see Telemetry Configuration Guide.
Examples
# Set the number of blocks for segment analysis of UDP traffic to 64.
<Sysname> system-view
[Sysname] netanalysis udp identification block 64
netanalysis udp statistics
Use netanalysis udp statistics to enable UDP traffic statistics collection.
Use undo netanalysis udp statistics to disable UDP traffic statistics collection.
Syntax
netanalysis udp statistics [ vxlan { single-tagged | untagged } ] acl name acl-name inbound
undo netanalysis udp statistics inbound
Default
UDP traffic statistics collection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
vxlan:: Performs statistics collection on packets that match the VXLAN inner layer information.
single-tagged: Performs statistics collection on packets that carry only one VLAN tag.
untagged: Performs statistics collection on untagged packets.
acl name acl-name: Specifies the name of the advanced ACL. The acl-name argument represents the name of the advanced ACL, a case-insensitive string of 1 to 63 characters that must start with a letter. To avoid confusion, the ACL name cannot be all.
inbound: Performs statistics collection on incoming UDP traffic.
Usage guidelines
Perform this task to enable NetAnalysis to analyze UDP traffic and send the analysis results to the NAP. You can use an ACL to match the UDP traffic of interest. The deny or permit action in the ACL does not take effect. NetAnalysis supports the following rules of advanced ACLs:
· Rule 1—Matches the UDP protocol and destination IPv4 address.
· Rule 2—Matches the UDP protocol and source IPv4 address.
· Rule 3—Matches the UDP protocol and source and destination IPv4 addresses.
· Rule 4—Matches the UDP protocol, source and destination IPv4 addresses, and UDP destination ports.
When you specify an ACL, follow these restrictions and guidelines:
· If the specified ACL does not exist or does not contain any rules, the system does not perform NetAnalysis statistics collection on UDP traffic received on the specified ingress interface.
· The ACL rules do not support using a VPN instance, and the rules apply to both public network packets and VPN packets.
For more information about ACL, see ACL and QoS Configuration Guide.
NetAnalysis statistics collection does not support RoCEv2 packets with a destination UDP port number of 4791.
If you execute this command multiple times, the most recent configuration takes effect.
If the following features (listed in descending order of priority) are configured, only the feature with the highest priority takes effect:
· NetAnalysis for UDP.
· NetAnalysis UFA.
· Flexible global load balancing (FGLB) adaptive routing.
· NetStream and IPv6 NetStream.
· MOD and flow group in delay monitoring mode.
For more information about FGLB adaptive routing, see adaptive routing in Layer 3—IP Routing Configuration Guide. For more information about NetStream and IPv6 NetStream, see Network Management and Monitoring Configuration Guide. For more information about MOD and flow groups, see MOD configuration and flow group configuration in Telemetry Configuration Guide.
Examples
# Enable UDP traffic analysis on packets matching the specified ACL in the inbound direction.
<Sysname> system-view
[Sysname] netanalysis udp statistics acl name abc inbound
netanalysis udp timeout inactive
Use netanalysis udp timeout inactive to set the aging timer for inactive UDP flow.
Use undo netanalysis udp timeout inactive to restore the default.
Syntax
netanalysis udp timeout inactive seconds
undo netanalysis udp timeout inactive
Default
The aging timer for inactive UDP flow is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Specifies the aging time in the range of 5 to 500 seconds.
Usage guidelines
With NetAnalysis statistics collection enabled for UDP traffic, the device must also send the UDP flow table containing the statistical results to the specified NDA to complete further processing and visualization of the flow information.
When an inactive UDP flow ages out, the device outputs the related traffic statistics to the NDA, deletes these traffic statistics from the UDP cache, and deletes the related flow entries.
Examples
# Set the aging timer for inactive UDP flow to 10 seconds.
<Sysname> system-view
[Sysname] netanalysis udp timeout inactive 10
reset netanalysis udp statistics
Use reset netanalysis udp statistics to clear UDP traffic statistics.
Syntax
reset netanalysis udp statistics
Views
User view
Predefined user roles
network-admin
Usage guidelines
When diagnosing and locating faults in the UDP flow analysis function, it is necessary to specifically count the UDP flow information over a certain period of time. In this case, you can use this command to first clear the history statistics.
Executing this command clears all historical UDP flow statistical information in the NetAnalysis function, and the cleared information cannot be recovered. Use this feature with caution.
Examples
# Clear UDP traffic statistics.
<Sysname> reset netanalysis udp statistics
Related commands
display netanalysis udp statistics
NetAnalysis unified flow commands
activate
Use activate to enable a measurement feature for a UFA instance.
Use undo activate to disable the measurement feature for a UFA instance.
Syntax
activate { { flow-analysis | ifit | isdf-detect drop } * | mod }
undo activate
Default
No measurement feature is enabled for a UFA instance.
Views
UFA instance view
Predefined user roles
network-admin
Parameters
flow-analysis: Enables flow analysis.
flow-monitor: Enables flow monitor.
ifit: Enables iFIT.
isdf-detect drop: Enables ISDF packet loss detection.
mod: Enables MOD.
Usage guidelines
For this command to take effect, you must create a UFA instance and configure a traffic matching rule before you execute this command.
To modify the settings of a UFA instance after you execute this command, you must first execute the undo activate command to disable the measurement feature.
Examples
# Enable flow analysis for a UFA instance.
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] flow ipv4
[Sysname-netanalysis-instance-1] activate flow-analysis
aging-time
Use aging-time to set the aging time for the software flow table.
Use undo aging-time to restore the default.
Syntax
aging-time time-value
undo aging-time
Default
The aging time for the software flow table is 30 seconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
time-value: Specifies the aging time for the software flow table, in the range of 5 to 500 seconds.
Usage guidelines
If a flow is idle for the specified aging time, the flow information will be deleted from the software flow table .
If you execute this command multiple times, the most recent configuration takes effect.
The aging time for the software flow table must be longer than the aging time for the hardware flow table configured by using the hardware-flow aging-time command and the iFIT measurement period configured by the ifit period command.
Examples
# Set the aging time for the software flow table to 50 seconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] aging-time 50
bind all-interface
Use bind all-interface to specify a default interface role.
Use undo bind all-interface to restore the default.
Syntax
bind all-interface { egress | ingress | ingress-egress [ bidirectional-flow ] | transit [ bidirectional-flow ] }
undo bind all-interface
Default
No default interface role is specified.
Views
UFA instance view
Predefined user roles
network-admin
Parameters
egress: Specifies the interface as an egress interface. This role can remove the color of packets. The device measures the outgoing traffic of an interface in this role.
ingress: Specifies the interface as an ingress interface. This role can color packets. The device measures the incoming traffic of an interface in this role.
ingress-egress: Specifies the interface as both an egress interface and an ingress interface. This role can both color packets and remove the color of packets. The device measures both the outgoing and incoming traffic of an interface in this role. The incoming traffic of an interface in this role will be colored, and the color of the outgoing traffic of the interface will be removed.
transit: Specifies the interface as a transit node. This role can count packets.
bidirectional-flow: Matches both the forward flow and return flow. If you do not specify this keyword, only the forward flow is matched.
Usage guidelines
The device measures the traffic on an interface according to the role of that interface.
If you do not specify a role for an interface by using the bind interface command, the device uses the default interface role for that interface.
Examples
# Specify egress node as the default interface role.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] flow ipv4 source-ip 10.1.1.1 24 destination-ip 10.2.2.2 24
[Sysname-netanalysis-instance-1] bind all-interface egress
Related commands
bind interface
bind interface
Use bind interface to specify a role for an interface.
Use undo bind interface to restore the default.
Syntax
bind interface interface-type interface-number { egress | ingress | ingress-egress [ bidirectional-flow ] | transit [ bidirectional-flow ] }
undo bind interface [ interface-type interface-number ]
Default
No role is specified for an interface.
Views
UFA instance view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
egress: Specifies the interface as an egress node. This role can remove the color of packets. The device measures the outgoing traffic of an interface in this role.
ingress: Specifies the interface as an ingress node. This role can color packets. The device measures the incoming traffic of an interface in this role.
ingress-egress: Specifies the interface as both an egress node and an ingress node. This role can both color packets and remove the color of packets. The device measures both the outgoing and incoming traffic of an interface in this role. The incoming traffic of an interface in this role will be colored, and the color of the outgoing traffic of the interface will be removed.
transit: Specifies the interface as a transit node. This role can count packets.
bidirectional-flow: Matches both the forward flow and return flow. If you do not specify this keyword, only the forward flow is matched.
Usage guidelines
The device measures the traffic on an interface according to the role of that interface.
If you execute both this command and the bind all-interface command, this command takes effect.
If you do not specify the interface-type interface-number argument when you execute the undo bind interface command, the roles specified for all interfaces are unbound.
You can specify roles for only Layer 2 physical interfaces and Layer 3 physical interfaces by using this command.
Examples
# Specify GigabitEthernet 1/0/1 as an egress node.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] flow ipv4 source-ip 10.1.1.1 24 destination-ip 10.2.2.2 24
[Sysname-netanalysis-instance-1] bind interface gigabitethernet 1/0/1 egress
display netanalysis unified-flow
Use display netanalysis unified-flow to display UFA flow table information.
Syntax
display netanalysis unified-flow ipv4 [ destination-ip dest-ip-address [ dest-mask-length ] | protocol { protocol-number | { sctp | tcp | udp } [ destination-port dest-port-number | source-port src-port-number ]* } | source-ip src-ip-address [ src-mask-length ] | vlan-id vlan-id-value | vxlan-id vxlan-id-value ]* [ slot slot-number ]
display netanalysis unified-flow ipv6 [ destination-ipv6 dest-ipv6-address [ dest-prefix-length ] | protocol { protocol-number | { sctp | tcp | udp } [ destination-port dest-port-number | source-port src-port-number ]* } | source-ipv6 src-ipv6-address [ src-prefix-length ] | vlan-id vlan-id-value | vxlan-id vxlan-id-value ]* [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv4: Displays the IPv4 UFA flow table information.
ipv6: Displays the IPv6 UFA flow table information.
destination-ip dest-ip-address: Specifies a destination IP address.
dest-mask-length: Specifies the mask length for the destination IPv4 address, in the range of 1 to 31. If you do not specify a mask length, the specified destination IPv4 address is a host address.
destination-ipv6 dest-ipv6-address: Specifies a destination IPv6 address.
dest-prefix-length: Specifies the prefix length for the destination IPv6 address, in the range of 1 to 127. If you do not specify a mask length, the specified destination IPv6 address is a host address.
protocol: Specifies a protocol.
sctp: Specifies SCTP.
tcp: Specifies TCP.
udp: Specifies UDP.
protocol-number: Specifies a protocol its number. The value range is 0 to 254 (excluding 6, 17, and 132).
source-port port-number: Specifies a source port number in the range of 1 65535. If you do not specify a source port number, any source port number can be matched.
destination-port dest-port-number: Specifies a destination port number in the range of 1 to 65535. If you do not specify a destination port number, any destination port number can be matched.
source-ip src-ip-address: Specifies a source IP address.
src-mask-length: Specifies the mask length for the source IPv4 address, in the range of 1 to 31. If you do not specify a mask length, the specified source IPv4 address is a host address.
source-ipv6 src-ipv6-address: Specifies a source IPv6 address.
src-prefix-length : Specifies the prefix length for the source IPv6 address, in the range of 1 to 127. If you do not specify a mask length, the specified source IPv6 address is a host address.
vxlan-id vxlan-id-value: Specifies a VXLAN ID in the range of 0 to 16777215.
vlan-id vxlan-id-value: Specifies a VLAN ID in the range of 0 to 4094.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
This command displays only flow table information for UFA enabled with flow analysis.
Examples
# Display the IPv4 UFA flow table information.
<Sysname> display netanalysis unified-flow ipv4 slot 1
Source IP/mask : 192.168.0.10/32
Destination IP/mask : 100.1.1.23/32
Source port : 20
Destination port : 30
Protocol : tcp
VNI : --
VLAN : --
# Display the IPv4 UFA flow table information for the specified 5-tuple.
<Sysname> display netanalysis unified-flow ipv4 source-ip 192.168.0.10 destination-ip 100.1.1.23 protocol 17 source-port 20 destination-port 30 slot 1
Direction : Inbound
Instance ID : 1
Source IP/mask : 192.168.0.10/32
Destination IP/mask : 100.1.1.23/32
Source port : 20
Destination port : 30
Protocol : 17
VNI : --
VLAN : --
VPN instance : --
Start time (sec) : 2025-02-07 09:54:53 (1738922093)
End time (sec) : 2025-02-07 09:55:30 (1738922130)
Input packets : 97569
Input bytes : 12488832
Output packets : 97569
Output bytes : 12488832
Current TTL : 0
Min TTL : 5
Max TTL : 5
Discarded packets : 0
Discarded bytes : 0
Discard reason : 0
Abnormal reason : 0
Cross chip : True
Current delay : 498ns
Average delay : 532ns
Min delay : 411ns
Max delay : 607ns
Average jitter : 60ns
Min jitter : 0ns
Max jitter : 120ns
Interface name : HundredGigE1/0/2
Main interface name : --
--------------------------------------------------------------------------------------------------------------
Role Period ID Color Packet count Byte count Timestamp(sec,nsec) IfName
--------------------------------------------------------------------------------------------------------------
Ingress 173892212 1 97569 12488832 1738922121,0 HundredGigE1/0/2
Ingress 173892211 0 99716 12763648 1738922111,0 HundredGigE1/0/2
--------------------------------------------------------------------------------------------------------------
Table 6 Command output
|
Field |
Description |
|
Direction |
Flow direction. |
|
Instance ID |
UFA instance ID. A smaller ID indicates a higher priority. |
|
Start time (sec) |
Start time of the flow: · For TCP packets, it is the time when the SYN packet was received. · For UDP/RoCEv2 packets, it is the time when the first packet was received. · For VXLAN packets, it is the time when the first packet was received. |
|
End time (sec) |
End time of the flow: · For TCP packets, it is the time when the FIN packet was received. · For UDP/RoCEv2 packets, it is the time when the last packet was received. · For VXLAN packets, it is the time when the last packet was received. |
display netanalysis unified-flow isdf-detect event-log
Use display netanalysis unified-flow isdf-detect event-log to display event information about silent faults
Syntax
display netanalysis unified-flow isdf-detect event-log
Views
Any view
Predefined user roles
network-operator
Usage guidelines
This command is used to display event information about silent faults after you enable ISDF.
Examples
# Display event information about silent faults.
<Sysname> display netanalysis unified-flow isdf-detect event-log
Time (sec) : 2025-08-06 20:14:36 (1754511276137)
Source IP : 2.2.2.2
Destination IP : 1.1.1.1
Protocol : TCP
Source port : 2000
Destination port : 1000
Input interface : GigabitEthernet2/0/1
Output interface : GigabitEthernet2/0/2
Table 7 Command output
|
Field |
Description |
|
Time (sec) |
Time when the fault is sent. |
|
Source IP |
Source IP address of the target flow. |
|
Destination IP |
Destination IP address of the target flow. |
|
Protocol |
Protocol of the target flow. Options include: · A value in the range of 0 to 5, 7 to 16, 18 to 131, and 133 to 254—ID of a protocol except for UDP, TCP, and SCTP. · UDP. · TCP. · SCTP. · Hyphen (-)—Invalid value. |
|
Source port |
Source port number for the target flow. Hyphens (--) are displayed for invalid values. |
|
Destination port |
Destination port number for the target flow. Hyphens (--) are displayed for invalid values. |
|
Input interface |
ID of the input interface for the faulty flow. |
|
Output interface |
ID of the output interface for the faulty flow. |
display uad detection-result
Use display uad detection-result to display unauthorized access detection results.
Syntax
display uad detection-result [ interface-type interface-number | interface-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
interface-name: Specifies an interface by its name.
Usage guidelines
If you do not specify an interface, this command displays unauthorized access detection results for all interfaces.
A maximum of 4096 detection results are displayed for each unauthorized access type.
Examples
# Display unauthorized access detection results for an interface.
<Sysname> display uad detection-result GE1/0/1
Interface MAC IP address VLAN UA-type Detected at
GE1/0/1 00e0-fc00-0001 10.136.112.32 -- Router 2022-10-15T20:13:16
Table 1 Command output
|
Field |
Description |
|
MAC |
MAC address of the unauthorized device. |
|
IP address |
IP address of the unauthorized device. This field displays two hyphens (--) for an unauthorized hub. |
|
VLAN |
VLAN ID of the unauthorized device. This field displays two hyphens (--) for an unauthorized router. |
|
UA type |
Unauthorized device type. |
|
Detected at |
Time when the unauthorized device was detected. |
exclude interface
Use exclude interface to exclude an interface from iFIT.
Use undo exclude interface to restore the default.
Syntax
exclude interface interface-type interface-number
undo exclude interface [ interface-type interface-number ]
Default
No interface is excluded from iFIT.
Views
UFA instance view
Predefined user roles
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Use this command if you do not need to perform iFIT on an interface.
If you do not specify the interface-type interface-number argument when you execute the undo exclude interface command, all excluded interfaces are removed.
To exclude multiple interfaces, repeat this command.
Examples
# Exclude GigabitEthernet 1/0/1 from iFIT.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] exclude interface Gigabitethernet 1/0/1
export-interval
Use export-interval to set the export interval for the software flow table.
Use undo export-interval to restore the default.
Syntax
export-interval interval
undo export-interval
Default
The export interval for the software flow table is 10 seconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
interval: Specifies the export interval for the software flow table, in the range of 10 to 1800 seconds.
Usage guidelines
After you execute this command, the data of the software flow table on the device will be sent to the analyzer at the specified export interval for further analysis.
The export interval for the software flow table must be longer than the export interval for the hardware flow table configured by using the hardware-flow export interval command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the export interval for the software flow table is 50 seconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] export-interval 50
netanalysis unified-flow
Use netanalysis unified-flow to enable unified flow analytics and enter unified flow analytics view, or enter the existing unified flow analytics view.
Use undo netanalysis unified-flow to disable unified flow analytics.
Syntax
netanalysis unified-flow
undo netanalysis unified-flow
Default
Unified flow analytics is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
NetAnalysis UFA is a network traffic monitoring and analysis technology designed for comprehensive traffic across the network. It is suitable for in-depth analysis of entire network traffic, helping users quickly detect and accurately locate network failures, thereby improving network operation efficiency. When users need to perform in-depth analysis on TCP/UDP/VXLAN traffic in the network, they can enable this function.
Operating mechanism
After UFA is enabled, the device will perform NetAnalysis statistical analysis on incoming TCP/UDP/VXLAN traffic. The device establishes flow tables and collects traffic statistics based on information such as the five-tuple of the traffic, and then uploads the statistical results to a network analytics processor (NAP) for further processing. The NAP helps users gain a more comprehensive understanding of traffic patterns within the network by analyzing forwarding paths of data flows, identifying TCP anomalies, and investigating packet loss during forwarding.
Restrictions and guidelines
If the following features (listed in descending order of priority) are configured, only the feature with the highest priority takes effect:
· NetAnalysis for UDP.
· NetAnalysis UFA.
· FGLB adaptive routing.
· NetStream and IPv6 NetStream.
· MOD and flow group in delay monitoring mode.
For more information about FGLB adaptive routing, see adaptive routing in Layer 3—IP Routing Configuration Guide. For more information about NetStream and IPv6 NetStream, see Network Management and Monitoring Configuration Guide. For more information about MOD and flow groups, see MOD configuration and flow group configuration in Telemetry Configuration Guide.
Examples
# Enable unified flow analytics and enter unified flow analytics view.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow]
flow
Use flow to configure a traffic matching rule for a UFA instance.
Use flow to delete the traffic matching rule from a UFA instance.
Syntax
flow any-ip
flow ipv4 [ destination-ip dest-ip-address [ dest-mask-length ] | protocol { protocol-number | { sctp | tcp | udp } [ destination-port dest-port-number | source-port src-port-number ] * } | source-ip src-ip-address [ src-mask-length ] ] *
flow ipv6 [ destination-ipv6 dest-ipv6-address [ dest-prefix-length ] | protocol { protocol-number | { sctp | tcp | udp } [ destination-port dest-port-number | source-port src-port-number ] * } | source-ipv6 src-ipv6-address [ src-prefix-length ] ] *
undo flow
Default
No traffic matching rule is configured for a UFA instance.
Views
UFA instance view
Predefined user roles
network-admin
Parameters
ipv4: Matches IPv4 traffic.
ipv6: Matches IPv6 traffic.
destination-ip dest-ip-address: Specifies a destination IP address.
dest-mask-length: Specifies the mask length for the destination IPv4 address, in the range of 1 to 31. If you do not specify a mask length, the specified destination IPv4 address is a host address.
destination-ipv6 dest-ipv6-address: Specifies a destination IPv6 address.
dest-prefix-length: Specifies the prefix length for the destination IPv6 address, in the range of 1 to 127. If you do not specify a mask length, the specified destination IPv6 address is a host address.
any-ip: Matches all IP traffic, including IPv4 and IPv6 traffic.
protocol: Specifies a protocol type.
sctp: Specifies SCTP.
tcp: Specifies TCP.
udp: Specifies UDP.
destination-port dest-port-number: Specifies a destination port number in the range of 1 to 65535. If you do not specify a destination port number, any destination port number can be matched.
source-port port-number: Specifies a source port number in the range of 1 65535. If you do not specify a source port number, any source port number can be matched.
protocol-number: Specifies a protocol other than TCP, UDP, and SCTP by its number. The value range is 0 to 254 (excluding 6, 17, and 132).
source-ip src-ip-address: Specifies a source IP address.
src-mask-length: Specifies the mask length for the source IPv4 address, in the range of 1 to 31. If you do not specify a mask length, the specified source IPv4 address is a host address.
source-ipv6 src-ipv6-address: Specifies a source IPv6 address.
src-prefix-length: Specifies the prefix length for the source IPv6 address, in the range of 1 to 127. If you do not specify a mask length, the specified source IPv6 address is a host address.
Usage guidelines
This command specifies the traffic to be measured by UFA. You must configure a traffic matching rule on all measurement nodes before each measurement.
The specified source and destination IP addresses cannot be broadcast or multicast addresses.
Only one traffic matching rule is supported in a UFA instance. If you execute this command multiple times in the same UFA interface, the most recent configuration takes effect.
Examples
# Configure a traffic matching rule for a UFA instance.
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] flow ipv4 source-ip 10.10.10.1 24 destination-ip 10.10.10.2 24
flow-type
Use flow-type to specify a flow type for a UFA instance.
Use undo flow-type to restore the default.
Syntax
flow-type { dynamic [ ip-pair ] | static }
undo flow-type
Default
The flow type in a UFA instance is dynamic flow.
Views
UFA instance view
Predefined user roles
network-admin
Parameters
dynamic: Specifies the dynamic flow type.
ip-pair: Specifies the IP pair-based dynamic flow type.
static: Specifies the static flow type.
Usage guidelines
Application scenarios
The dynamic flow type is suitable for scenarios requiring precise statistics on each individual flow, while the static flow type is suitable for scenarios needing aggregated statistics on traffic within a specific network segment.
Operating mechanism
After you create a UFA instance, you can specify a flow type:
· Dynamic flow: The device will generate a flow entry for each flow that meets the filters configured by the flow command. For example, if you specify a network segment in a traffic matching rule, the device generates a flow entry for each flow of that network segment.
· Static flow: The device will generate only one flow entry for traffic that meets the filters configured by the flow command. For example, if you specify a network segment in a traffic matching rule, the device generates only one flow entry for all flows of that network segment.
Examples
# Specify the static flow type for a UFA instance.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1] flow-type static
Related commands
flow
hardware-flow aging-time
Use hardware-flow aging-time to set the aging time for the hardware flow table.
Use undo hardware-flow aging-time to restore the default.
Syntax
hardware-flow aging-time time-value
undo hardware-flow aging-time
Default
The aging time for the hardware flow table is 5000 milliseconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
Usage guidelines
When the device detects a flow that meets the requirements, it logs the flow information to the hardware flow table. If the flow is idle for the specified aging time, the flow information will be deleted from the hardware flow table .
If you execute this command multiple times, the most recent configuration takes effect.
The aging time for the hardware flow table must be shorter than the aging time for the software flow table configured by using the aging-time command and the IFIT measurement period configured by using the ifit period command.
Examples
# Set the aging time for the hardware flow table is 2000 milliseconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] hardware-flow aging-time 2000
hardware-flow delay-threshold
Use hardware-flow delay-threshold to set the delay threshold for the hardware flow table.
Use undo hardware-flow delay-threshold to restore the default.
Syntax
hardware-flow delay-threshold threshold-value
undo hardware-flow delay-threshold
Default
The delay threshold for the hardware flow table is 1000 nanoseconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
Usage guidelines
The device will collect statistics on the flows that meet the requirements and generate hardware flow table entries. If the device detects that the delay of a flow exceeds the specified threshold, it will immediately upload the hardware flow table data to the software flow table and notify the analyzer for traffic analysis.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the delay threshold for the hardware flow table to 500 nanoseconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] hardware-flow delay-threshold 500
hardware-flow export-interval
Use hardware-flow export-interval to set the export interval for the hardware flow table.
Use undo hardware-flow export-interval to restore the default.
Syntax
hardware-flow export-interval interval
undo hardware-flow export-interval
Default
The export interval for the hardware flow table is 1000 milliseconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
Usage guidelines
After NetAnalysis is configured, the device will monitor the flows that meet the requirements and generate hardware flow table entries. The device will send hardware flow table entries to the hardware flow table at the specified export interval. The data of the software flow table will be sent to the analyzer periodically for further analysis.
The export interval for the hardware flow table must be shorter than the export interval for the software flow table configured by using the export-interval command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the export interval for the hardware flow table to 100 milliseconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] hardware-flow export-interval 100
Related commands
export-interval
ifit period
ifit color-flag tos-bit
Use ifit color-flag tos-bit to configure the iFIT coloring bit.
Use undo ifit color-flag tos-bit to restore the default.
Syntax
ifit color-flag tos-bit tos-bit
undo ifit color-flag tos-bit
Default
No iFIT coloring bit is configured.
Views
UFA view
Predefined user roles
network-admin
Parameters
tos-bit: Specifies a bit in the ToS field as the coloring bit, in the range of 0 to 7.
Usage guidelines
iFIT uses bits 0-7 of the Type of Service (ToS) field in the IPv4 header as coloring bits. By alternately setting these coloring bits to 1 and 0 in cycles, it distinguishes the target flow from regular service traffic. In an IPv6 environment, iFIT uses the bits 0-7 bits the Traffic Class field in the IPv6 packet as coloring bits.
The ToS field consists of 8 bits, where bits 0-5 are DSCP bits used to provide differential services, and bits 6 and 7 are reserved bits. If you use bit 5 as the coloring bit, do not to use it for DSCP to provide differential services. If you use it for DSCP, packet drop statistics will be inaccurate.
When this command is executed together with other commands that can change DSCP values (such as qos priority, priority-flow-control dscp-mapping, remark dscp, and so on), the iFIT configuration takes the highest priority and will override modifications to the DSCP values made by other configurations.
Examples
# Configure an iFIT coloring bit.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] ifit color-flag tos-bit 3
ifit period
Use ifit period to set the IFIT measurement period.
Use undo ifit period to restore the default.
Syntax
ifit period period-time
undo ifit period
Default
The IFIT measurement period is 30 seconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
period-time: Specifies the IFIT measurement period in seconds. Valid values are 10, 30, 60, and 300.
Usage guidelines
IFIT collects performance statistics based on the measurement period:
· The sender records the sending time of the first IFIT packet in each sending interval, and counts the number of the IFIT packets sent from an interface in each sending interval. Sending interval = IFIT measurement period.
· The receiver records the receiving time of the first IFIT packet in each receiving interval, and counts the number of the IFIT packets received by an interface in each receiving interval. To reduce the impact of network delay and disorder on statistics, the receiving interval equals to (1+1/3) measurement period.
If network delay between the ingress and egress nodes is greater than 1/3 measurement period, the accuracy of IFIT packet loss statistics might be affected. This is because IFIT considers packets received beyond the receiving interval as packet loss. For example, the measurement period is 1 second and the network delay greater than 1/3 seconds (333 milliseconds), the accuracy of IFIT packet loss statistics might be affected. In this case, set the measurement period to a greater value.
The IFIT measurement period must be longer than the aging time for the hardware flow table configured by using the hardware-flow aging-time command.
Examples
# Set the IFIT measurement period to 10 seconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] ifit period 10
instance
Use instance to create a UFA instance and enter its view, or enter the view of an existing UFA instance.
Use undo instance to delete a UFA instance.
Syntax
instance instance-id name instance-name
undo instance instance-id
Default
No UFA instance exists.
Views
UFA view
Predefined user roles
network-admin
Parameters
instance-id: Specifies an instance ID, in the range of 1 to 2048. A smaller ID indicates a higher priority.
name instance-name: Specifies a UFA instance name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
UFA is a network traffic monitoring and analysis technology designed for comprehensive traffic across the network. It is suitable for in-depth analysis of entire network traffic, helping users quickly detect and accurately locate network failures, thereby improving network operation efficiency. UFA can be used to measure latency and packet loss in a network, and you need to create instances on the nodes of the measurement network. You can configure only one traffic matching rule for a UFA instance. To configure multiple traffic matching rules, create multiple UFA instances.
Examples
# Create a UFA instance numbered 1 and name abc and enter its view.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] instance 1 name abc
[Sysname-netanalysis-instance-1]
isdf-detect drop-threshold
Use isdf-detect drop-threshold to set the packet loss threshold for fault detection in percentage.
Use undo isdf-detect drop-threshold to restore the default.
Syntax
isdf-detect drop-threshold percent
undo isdf-detect drop-threshold
Default
The packet loss threshold for fault detection in percentage is 30.
Views
UFA view
Predefined user roles
network-admin
Parameters
percent: Specifies packet loss threshold for fault detection in percentage, in the range of 1 to 100.
Usage guidelines
The device collect statistics on traffic that matches the filters and generates a hardware flow table. If the device detects that the packet loss threshold of the flow exceeds the packet loss threshold configured by this command, it immediately triggers a silent failure event and notifies the ISDF module. Upon receiving the notification, the ISDF module takes corresponding measures to achieve silent failure detection and recovery.
Examples
# Set the packet loss threshold for fault detection in percentage to 50.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] isdf-detect drop-threshold 50
isdf-detect period
Use isdf-detect period to set the measurement period for fault detection.
Use undo isdf-detect period to restore the default.
Syntax
isdf-detect period period-time
undo isdf-detect period
Default
The measurement period for fault detection is 3000 milliseconds.
Views
UFA view
Predefined user roles
network-admin
Parameters
period-time: Specifies the measurement period for fault detection in milliseconds, in the range of 1000 to 300000.
Usage guidelines
After you configure this feature, the device will detect traffic based on the specified measurement period. You can set the measurement period as needed.
Examples
# Set the measurement period for fault detection to 2000 milliseconds.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] isdf-detect period 2000
report-loss-reason enable
Use report-loss-reason enable to enable packet drop reason reporting.
Use undo report-loss-reason enable to disable packet drop reason reporting.
Syntax
report-loss-reason enable
undo report-loss-reason enable
Default
Packet drop reason reporting is enabled.
Views
UFA view
Predefined user roles
network-admin
Usage guidelines
You can disable packet drop reason reporting if the analyzer does not require packet drop reasons. After you disable packet drop reason, the device does not report the number of dropped packets, the number of dropped bytes, and the packet drop reasons. In the display netanalysis unified-flow command output, all the three fields displays 0.
Examples
# Disable packet drop reason reporting.
<Sysname> system-view
[Sysname] netanalysis unified-flow
[Sysname-netanalysis-unified-flow] undo report-loss-reason enable
reset netanalysis unified-flow
Use reset netanalysis unified-flow to clear UFA flow table information.
Syntax
reset netanalysis unified-flow { ipv4 | ipv6 } [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Examples
# Clear the IPv4 UFA flow table information.
<Sysname> reset netanalysis unified-flow ipv4 slot 1
uad enable (interface view)
Use uad enable to enable unauthorized access detection on an interface.
Use undo uad enable to disable unauthorized access detection on an interface.
Syntax
uad enable
undo uad enable
Default
Unauthorized access detection is enabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After you execute this command in interface view, the corresponding interface is enabled with unauthorized access detection.
When unauthorized access detection is enabled globally, you can execute the undo uad enable command in interface view to disable unauthorized access detection on the corresponding interface. If you execute the undo uad enable command in system view, the uad enable command executed in interface view does not take effect.
Examples
# Enable unauthorized access detection on an interface.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet 1/0/1] uad enable
Related commands
display uad detection-result
uad enable (system view)
uad enable (system view)
Use uad enable to enable unauthorized access detection globally.
Use undo uad enable to disable unauthorized access detection globally.
Syntax
uad enable { unauthorized-hub | unauthorized-router }
undo uad enable { unauthorized-hub | unauthorized-router }
Default
Unauthorized access detection is disabled globally.
Views
System view
Predefined user roles
network-admin
Parameters
unauthorized-hub: Detects unauthorized hubs.
unauthorized-router: Detects unauthorized routers.
Usage guidelines
After you execute this command in system view, all interfaces on the device are enabled with unauthorized access detection. If the device detects unauthorized hubs or routers, it notifies the controller. The controller takes an action on them.
The mechanisms for detecting unauthorized hubs and routers are different.
· Detecting unauthorized hub—The device detects unauthorized hubs by identifying whether multiple IP addresses and MAC addresses exist on an interface. Typically, an interface corresponds to only one IP address and one MAC address. If the device detects multiple IP addresses and MAC addresses exist on an interface, it determines that unauthorized hubs are connected.
· Detecting unauthorized router—The device detects unauthorized routers by examining the TTL value. The initial TTL value is typically 128, 64, 255, 32, or 1. After a packet passes through a router, the TTL value decreases by 1. If the device detects that the TTL value of a packet is not the initial value, it determines that unauthorized routers are connected.
Examples
# Enable detection of unauthorized hubs globally.
<Sysname> system-view
[Sysname] uad enable unauthorized-hub
Related commands
dis uad detection-results