Collecting Statistics About IPv4 Original Flows
Before collecting statistics about IPv4 original flows, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration.
Usage Scenario
On the network shown in Figure 1, a carrier enables NetStream on the router functioning as a NetStream Data Exporter (NDE) to obtain detailed network application information. The carrier can use the information to monitor abnormal network traffic, analyze users' operation modes, and plan networks between ASs.
Statistics about original flows are collected based on the 7-tuple information. The NDE samples IPv4 flows passing through it, collects statistics about sampled flows, encapsulates the aging NetStream original flows into UDP packets, and sends the packets to the NetStream Collector (NSC) for processing. Unlike collecting statistics about aggregated flows, collecting statistics about original flows imposes less impact on NDE performance. Original flows consume more storage space and network bandwidth resources because the volume of original flows is greater than that of aggregated flows.
Pre-configuration Tasks
Before collecting the statistics about IPv4 original flows, configure static routes or enable an IGP to implement network connectivity.
- Specifying a NetStream Service Processing Mode
- After sampling packets, each NetStream-enabled interface board sends sampled packets to the NetStream service processing board for aggregation and output. If the NetEngine 8000 F has more than one NetStream service processing board, these NetStream services boards work in redundancy mode to back up each other and balance traffic, which improves system reliability.
- Outputting Original Flows
- To ensure that original flows can be correctly output to the NMS, configure the aging time, output format, and source and destination addresses for original flows.
- (Optional) Configuring NetStream Monitoring Services
- NetStream monitoring services can be configured on the NetStream Data Exporter (NDE), which enables carriers to implement more delicate traffic statistics and management over IPv4 original flows.
- (Optional) Adjusting the AS Field Mode and Interface Index Type
- Before the NetStream Collector (NSC) can properly receive and parse NetStream packets output by the NetStream Data Exporter (NDE), the AS field modes and interface index types configured on the NDE must be the same as those on the NSC.
- (Optional) Enabling Statistics Collection of TCP Flags
- There are six flag bits (URG, ACK, PSH, RST, SYN, and FIN) in a TCP packet header. The flag bits, together with the destination IP address, source IP address, destination port number, and source port number of a TCP packet, identify the function and status of the TCP packet on a TCP connection. TCP flags can be extracted from packets. Their statistics can be collected and sent to the NMS. The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets.
- (Optional) Configuring NetStream Interface Option Packets and Setting Option Template Refreshing Parameters
- This section describes how to configure NetStream interface option packets and set option template refreshing parameters.
- Sampling IPv4 Flows
- You can enable NetStream to sample and analyze the incoming or outgoing flows on an interface.
- Verifying the Configuration of Statistics Collection of IPv4 Original Flows
- In routine maintenance or after NetStream configurations are complete, you can run the display commands in any view to view the running status of NetStream functions.