- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
39-MSR系列路由器NetStream典型配置举例
本章节下载: 39-MSR系列路由器NetStream典型配置举例 (2.18 MB)
MSR系列路由器NetStream典型配置举例
|
Copyright © 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
|
目 录
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解NetStream特性。
(1) 需求分析
在路由器Router A上配置NetStream,配置IPv4的版本5报文输出和聚合的报文输出。版本5的普通流UDP报文输出到NSC 3.1.1.2/16的5000端口,版本8的聚合报文分别输出到该NSC的8001~8011端口,版本9支持服务类型-BGP下一跳聚合的报文输出到该NSC的8012端口。
在路由器Router A的接口GE0/0上配置采样器。入方向引用采样器s1,固定采样,采样率为3;出方向引用采样器s2,随机采样,采样率为4。固定采样(也叫规则采样)是每组报文中的第一个报文被选中,随机采样是每组报文中任意一个报文都有可能被选中,可根据实际需求选择采样方式。
在路由器Router A的接口GE0/0上配置过滤器。入方向引用ACL规则2008,只统计源地址为4.1.0.0/16的报文;出方向引用ACL规则2009,只统计源地址为1.1.0.0/16的报文。
(2) 网络规划
根据需求,设计如图1所示网络拓扑图。
· 为配置NetStream,首先配置接口地址和BGP路由,实现网络层互通;
· 为使能NetStream,配置采样器、IPv4 NetStream等参数;
· 根据实际需要,配置IPv4 NetStream支持的12种聚合模式,以及聚合流统计输出的UDP报文目的IP地址、目的端口、源接口。
本举例是在Release 2207P14版本上进行配置和验证的。
· NetStream流信息中会记录流的源IP地址及其对应的自治系统号、目的IP地址及其对应的自治系统号。设备会根据用户实际配置的自治系统参数来确定记录的自治系统号。
· 只有在版本号为9时,才可以配置BGP下一跳的输出。服务类型-BGP下一跳(tos-bgp-nexthop)聚合必须配置版本9输出才可上报统计信息。
· 活跃流的老化时间和不活跃流的老化时间只对普通流生效。
· 活跃流的老化时间和不活跃流的老化时间可以同时配置,满足任一个老化时间就会对流进行老化,时间精度为10秒钟。
(1) 配置接口地址的IP地址、路由等基本配置
# 配置接口的IP地址
<RouterA>system-view
[RouterA]interface GigabitEthernet0/0
[RouterA-GigabitEthernet0/0]ip address 4.1.1.1 255.255.0.0
[RouterA-GigabitEthernet0/0]quit
[RouterA]interface GigabitEthernet0/1
[RouterA-GigabitEthernet0/1]ip address 1.1.1.1 255.255.0.0
[RouterA-GigabitEthernet0/1]quit
# 配置BGP
[RouterA]router id 1.1.1.1
[RouterA]bgp 100
[RouterA-bgp]network 1.1.0.0 255.255.0.0
[RouterA-bgp]network 4.1.0.0 255.255.0.0
[RouterA-bgp]peer 1.1.1.2 as-number 150
[RouterA-bgp]quit
(2) 配置IPv4 NetStream相关参数
# 配置采样器,配置采样器s1为固定采样,采样率为3(2的3次方即8个报文中采样1个报文);配置采样器s2为随机采样,采样率为4(2的4次方即16个报文中采样1个报文)
[RouterA]sampler s1 mode fixed packet-interval 3
[RouterA]sampler s2 mode random packet-interval 4
# 配置ACL规则,用于报文过滤
[RouterA]acl number 2008
[RouterA-acl-basic-2008]rule 0 permit source 4.1.0.0 0.0.255.255
[RouterA-acl-basic-2008]quit
[RouterA]acl number 2009
[RouterA-acl-basic-2009]rule 0 permit source 1.1.0.0 0.0.255.255
[RouterA-acl-basic-2009]quit
#在接口GE0/0上出、入方向启动NetStream统计,用引用采样器和ACL过滤
[RouterA]interface GigabitEthernet0/0
[RouterA-GigabitEthernet0/0]ip netstream inbound
[RouterA-GigabitEthernet0/0]ip netstream outbound
[RouterA-GigabitEthernet0/0]ip netstream sampler s1 inbound
[RouterA-GigabitEthernet0/0]ip netstream sampler s2 outbound
[RouterA-GigabitEthernet0/0]ip netstream filter acl 2008 inbound
[RouterA-GigabitEthernet0/0]ip netstream filter acl 2009 outbound
[RouterA-GigabitEthernet0/0]quit
# 配置NetStream输出版本号5(缺省也为版本5)
[RouterA]ip netstream export version 5
# 配置NetStream最大流数(缺省是达到最大数目后强制老化)、活跃流和不活跃流的老化时间
[RouterA]ip netstream max-entry 5000
[RouterA]ip netstream timeout active 60
[RouterA]ip netstream timeout inactive 600
# 配置版本5普通流统计输出的 UDP报文目的IP地址、目的端口、输出源接口、输出速率
[RouterA]ip netstream export host 3.1.1.2 5000
[RouterA]ip netstream export source interface GigabitEthernet0/0
[RouterA]ip netstream export rate 10
(3) 配置IPv4 NetStream支持的12种聚合方式
# 配置自治系统聚合模式,以及该模式下聚合流统计输出的UDP报文目的IP地址、目的端口、源接口
[RouterA]ip netstream aggregation as
[RouterA-ns-aggregation-as]enable
[RouterA-ns-aggregation-as]ip netstream export host 3.1.1.2 8001
[RouterA-ns-aggregation-as]ip netstream export source interface GigabitEthernet0/1
[RouterA-ns-aggregation-as]quit
# 配置服务类型-BGP下一跳聚合模式,以及该模式下聚合流统计输出的UDP报文目的IP地址、目的端口、源接口
[RouterA]ip netstream aggregation tos-bgp-nexthop
[RouterA-ns-aggregation-tosbgpnexthop]enable
[RouterA-ns-aggregation-tosbgpnexthop]ip netstream export host 3.1.1.2 8012
[RouterA-ns-aggregation-tosbgpnexthop]ip netstream export source interface GigabitEthernet0/1
[RouterA-ns-aggregation-tosbgpnexthop]quit
# 配置各接口IP地址
<RouterB>system-view
[RouterB]interface GigabitEthernet0/0
[RouterB-GigabitEthernet0/0]port link-mode route
[RouterB-GigabitEthernet0/0]ip address 1.1.1.2 255.255.0.0
[RouterB-GigabitEthernet0/0]quit
[RouterB]interface GigabitEthernet0/1
[RouterB-GigabitEthernet0/1]port link-mode route
[RouterB-GigabitEthernet0/1]ip address 2.1.1.1 255.255.0.0
[RouterB-GigabitEthernet0/1]quit
# 配置BGP
[RouterB]router id 2.1.1.1
[RouterB]bgp 150
[RouterB-bgp]network 1.1.0.0 255.255.0.0
[RouterB-bgp]network 2.1.0.0 255.255.0.0
[RouterB-bgp]peer 1.1.1.1 as-number 100
[RouterB-bgp]peer 2.1.1.2 as-number 200
[RouterB-bgp]quit
#配置各接口IP地址
<RouterC>system-view
[RouterC]interface GigabitEthernet0/0
[RouterC-GigabitEthernet0/0]port link-mode route
[RouterC-GigabitEthernet0/0]ip address 2.1.1.2 255.255.0.0
[RouterC-GigabitEthernet0/0]quit
[RouterC]interface GigabitEthernet0/1
[RouterC-GigabitEthernet0/1]port link-mode route
[RouterC-GigabitEthernet0/1]ip address 3.1.1.1 255.255.0.0
[RouterC-GigabitEthernet0/1]quit
# 配置BGP
[RouterC]router id 3.1.1.1
[RouterC]bgp 200
[RouterC-bgp]network 2.1.0.0 255.255.0.0
[RouterC-bgp]network 3.1.0.0 255.255.0.0
[RouterC-bgp]peer 2.1.1.1 as-number 150
[RouterC-bgp]quit
配置完后,为方便产生NetStream表项,可以从Router A的GE0/0、RouterC的GE0/1接口使用测试仪器打入各种协议报文、源和目的端口变化、源和目的IP变化的双向流量,同时可以从Router C的GE0/1抓取NetStream统计输出报文。
(1) 在各链路状态都正常的情况下,可以查看到各路由器的BGP路由
[RouterA]display bgp peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.2 150 6799 6478 0 3 0120h30m Established
[RouterA] display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 Direct 0 0 1.1.1.1 GE0/1
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.1.0.0/16 BGP 255 0 1.1.1.2 GE0/1
3.1.0.0/16 BGP 255 0 1.1.1.2 GE0/1
4.1.0.0/16 Direct 0 0 4.1.1.1 GE0/0
4.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterA]
[RouterB] display bgp peer
BGP local router ID : 2.1.1.1
Local AS number : 150
Total number of peers : 2 Peers in established state : 2
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 6478 6800 0 2 0120h31m Established
2.1.1.2 200 3107 2890 0 2 0056h54m Established
[RouterB]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 Direct 0 0 1.1.1.2 GE0/0
1.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
2.1.0.0/16 Direct 0 0 2.1.1.1 GE0/1
2.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
3.1.0.0/16 BGP 255 0 2.1.1.2 GE0/1
4.1.0.0/16 BGP 255 0 1.1.1.1 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterB]
[RouterC] display bgp peer
BGP local router ID : 3.1.1.1
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.1.1.1 150 2889 3108 0 3 0056h54m Established
[RouterC] display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 BGP 255 0 2.1.1.1 GE0/0
2.1.0.0/16 Direct 0 0 2.1.1.2 GE0/0
2.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
3.1.0.0/16 Direct 0 0 3.1.1.1 GE0/1
3.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
4.1.0.0/16 BGP 255 0 2.1.1.1 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterC]
(2) 在打入流量后,可以查看到Router A产生了NetStream表项
[RouterA] display ip netstream cache
IP netstream cache information:
Stream active timeout (in minutes) : 60
Stream inactive timeout (in seconds): 600
Stream max entry number : 5000
IP active stream entry number : 2544
MPLS active stream entry number : 0
L2 active stream entry number : 0
IPL2 active stream entry number : 0
IP stream entry been counted : 256578651
MPLS stream entry been counted : 0
L2 stream entry been counted : 0
IPL2 stream entry been counted : 0
Last statistics reset time : 09/03/2011, 15:46:23
IP packet size distribution (256581400 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .048 .208 .194 .234 .194 .000 .003 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.011 .000 .000 .025 .078 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Stream Packets Active(sec) Idle(sec)
Streams /Sec /Sec /stream /stream /stream
---------------------------------------------------------------------------
UDP-other 45179 0 0 1 0 3
TCP-other 256414563 606 606 1 0 2
ICMP 7 0 0 1 0 87
UDP-Echo 13 0 0 1 0 2
UDP-Biff 3 0 0 1 0 1
UDP-Who 5 0 0 1 0 1
UDP-SysLog 1 0 0 1 0 1
TCP-Echo 4415 0 0 1 0 2
TCP-Daytime 4131 0 0 1 0 2
TCP-CHARgen 4225 0 0 1 0 2
TCP-FTP-data 4135 0 0 1 0 2
TCP-FTP 4034 0 0 1 0 2
TCP-Telnet 4071 0 0 1 0 2
TCP-SMTP 4067 0 0 1 0 2
TCP-Time 3919 0 0 1 0 2
TCP-WHOIS 3871 0 0 1 0 2
TCP-TACACS 3861 0 0 1 0 2
TCP-DNS 3799 0 0 1 0 2
TCP-Gopher 3651 0 0 1 0 2
TCP-Finger 3791 0 0 1 0 2
TCP-HTTP 3803 0 0 1 0 2
TCP-Hostname 3699 0 0 1 0 2
TCP-POP2 4059 0 0 1 0 2
TCP-POP3 3841 0 0 1 0 2
TCP-SunRPC 3851 0 0 1 0 2
TCP-Ident 4008 0 0 1 0 2
TCP-NNTP 3799 0 0 1 0 2
TCP-BGP 3726 0 0 1 4 3
TCP-IRC 4024 0 0 1 0 2
TCP-RshExec 3932 0 0 1 0 2
TCP-RLogin 3919 0 0 1 0 2
TCP-RCMD 3957 0 0 1 0 2
TCP-LPD 4006 0 0 1 0 2
TCP-Talk 4143 0 0 1 0 2
TCP-UUCP 3986 0 0 1 0 2
TCP-KLogin 4055 0 0 1 0 2
TCP-KShell 4102 0 0 1 0 2
Type DstIP(Port) SrcIP(Port) Pro ToS If(Direc) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 3.1.1.1(9656) 4.1.1.122(9656) 6 0 GE0/0(I) 1
IP 3.1.1.1(9643) 4.1.1.122(9643) 6 0 GE0/0(I) 1
IP 3.1.1.1(9640) 4.1.1.126(9640) 6 0 GE0/0(I) 1
。。。(省略下面的显示内容)。。。
(3) 清除表项(通过reset ip netstream statistics命令)、或者达到最大表项数时,表项就会被强制老化,NetStream就会向NSC发送统计输出报文;或者表项超时老化,也会向NSC发送统计输出报文。以下是抓取到的统计输出报文(以普通流、自治系统聚合模式和服务类型-BGP下一跳聚合模式为例):
图2 版本5普通流统计输出到NSC的统计报文(目的端口5000)
图3 自治系统聚合流统计输出到NSC的统计报文(目的端口8001)
图4 服务类型-BGP下一跳聚合流统计输出到NSC的统计报文(目的端口8012)
· Router A
#
sysname RouterA
#
sampler s1 mode fixed packet-interval 3
sampler s2 mode random packet-interval 4
#
router id 1.1.1.1
#
acl number 2008
rule 0 permit source 4.1.0.0 0.0.255.255
acl number 2009
rule 0 permit source 1.1.0.0 0.0.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 4.1.1.1 255.255.0.0
ip netstream inbound
ip netstream outbound
ip netstream sampler s1 inbound
ip netstream sampler s2 outbound
ip netstream filter acl 2008 inbound
ip netstream filter acl 2009 outbound
#
interface GigabitEthernet0/1
port link-mode route
ip address 1.1.1.1 255.255.0.0
#
bgp 100
network 1.1.0.0 255.255.0.0
network 4.1.0.0 255.255.0.0
undo synchronization
peer 1.1.1.2 as-number 150
#
ip netstream max-entry 5000
ip netstream timeout active 60
ip netstream timeout inactive 600
ip netstream export host 3.1.1.2 5000
ip netstream export version 9 bgp-nexthop
ip netstream export source interface GigabitEthernet0/0
ip netstream export rate 10
#
load xml-configuration
#
load tr069-configuration
#
ip netstream aggregation as
enable
ip netstream export host 3.1.1.2 8001
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation destination-prefix
enable
ip netstream export host 3.1.1.2 8003
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation prefix
enable
ip netstream export host 3.1.1.2 8002
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation prefix-port
enable
ip netstream export host 3.1.1.2 8004
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation protocol-port
enable
ip netstream export host 3.1.1.2 8005
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation source-prefix
enable
ip netstream export host 3.1.1.2 8006
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-as
enable
ip netstream export host 3.1.1.2 8007
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-bgp-nexthop
enable
ip netstream export host 3.1.1.2 8012
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-destination-prefix
enable
ip netstream export host 3.1.1.2 8008
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-prefix
enable
ip netstream export host 3.1.1.2 8009
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-protocol-port
enable
ip netstream export host 3.1.1.2 8010
ip netstream export source interface GigabitEthernet0/1
#
ip netstream aggregation tos-source-prefix
enable
ip netstream export host 3.1.1.2 8011
ip netstream export source interface GigabitEthernet0/1
#
· Router B
#
sysname RouterB
#
router id 2.1.1.1
#
interface GigabitEthernet0/0
port link-mode route
ip address 1.1.1.2 255.255.0.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 2.1.1.1 255.255.0.0
#
bgp 150
network 1.1.0.0 255.255.0.0
network 2.1.0.0 255.255.0.0
undo synchronization
peer 1.1.1.1 as-number 100
peer 2.1.1.2 as-number 200
#
· Router C
#
sysname RouterC
#
router id 3.1.1.1
#
interface GigabitEthernet0/0
port link-mode route
ip address 2.1.1.2 255.255.0.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 3.1.1.1 255.255.0.0
#
bgp 200
network 2.1.0.0 255.255.0.0
network 3.1.0.0 255.255.0.0
undo synchronization
peer 2.1.1.1 as-number 150
#
(1) 需求分析
在路由器Router A上配置IPv6 NetStream,普通流统计输出报文使用版本9格式输出到NSC 3.1.1.2/16的6000端口,IPv6 NetStream聚合流统计输出报文使用版本9格式分别输出到该NSC的6001~6006端口。
所有路由器均运行IPv4 BGP和IPv6 BGP路由协议。Router A、Router B和Router C之间建立了EBGP邻居关系。
(2) 网络规划
根据需求,设计如图5所示网络拓扑图。
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Router A |
GE0/0 |
4.1.1.1/16 10::1/64 |
Router C |
GE0/0 |
2.1.1.2/16 20::2/64 |
|
|
GE0/1 |
1.1.1.1/16 15::1/64 |
|
GE0/1 |
3.1.1.1/16 30::1/64 |
|
Router B |
GE0/0 |
1.1.1.2/16 15::2/64 |
NSC |
网口 |
3.1.1.2/16 30::2/64 |
|
|
GE0/1 |
2.1.1.1/16 20::1/64 |
|
|
|
· 为配置NetStream,首先配置接口地址和BGP路由,实现网络层互通;
· 为使能NetStream,配置IPv6 NetStream等参数;
· 根据实际需要,配置IPv6 NetStream的聚合模式,以及输出的UDP报文目的IP地址、目的端口、源接口。
本举例是在Release 2207P14版本上进行配置和验证的。
· NetStream流信息中会记录流的源IP地址及其对应的自治系统号、目的IP地址及其对应的自治系统号。设备会根据用户实际配置的自治系统参数来确定记录的自治系统号。
· 只有在版本号为9时,才可以配置BGP下一跳的输出。服务类型-BGP下一跳(tos-bgp-nexthop)聚合必须配置版本9输出才可上报统计信息。
· 活跃流的老化时间和不活跃流的老化时间只对普通流生效。
· 活跃流的老化时间和不活跃流的老化时间可以同时配置,满足任一个老化时间就会对流进行老化,时间精度为10秒钟。
(1) 配置接口地址、路由等基本配置
# 配置接口的IPv4、IPv6地址,并使能IPv6转发
<RouterA>system-view
[RouterA]ipv6
[RouterA]interface GigabitEthernet0/0
[RouterA-GigabitEthernet0/0]ipv6 address 10::1/64
[RouterA-GigabitEthernet0/0]ip address 4.1.1.1 255.255.0.0
[RouterA-GigabitEthernet0/0]quit
[RouterA]interface GigabitEthernet0/1
[RouterA-GigabitEthernet0/1]ipv6 address 15::1/64
[RouterA-GigabitEthernet0/1]ip address 1.1.1.1 255.255.0.0
[RouterA-GigabitEthernet0/1]quit
# 配置BGP、BGP4+(BGP支持IPv6扩展)路由
[RouterA]bgp 100
[RouterA-bgp]router-id 1.1.1.1
[RouterA-bgp]network 1.1.0.0 255.255.0.0
[RouterA-bgp]network 4.1.0.0 255.255.0.0
[RouterA-bgp]peer 1.1.1.2 as-number 150
[RouterA-bgp]ipv6-family
[RouterA-bgp-af-ipv6]network 10:: 64
[RouterA-bgp-af-ipv6]network 15:: 64
[RouterA-bgp-af-ipv6]peer 15::2 as-number 150
[RouterA-bgp-af-ipv6]quit
[RouterA-bgp]quit
(2) 配置IPv6 NetStream相关参数
# 配置IPv6 NetStream输出版本号9(IPv6 NetStream缺省为9,也只能是9)
[RouterA] ipv6 netstream export version 9
# 配置NetStream最大流数(缺省是达到最大数目后强制老化)
[RouterA] ipv6 netstream max-entry 5000
# 配置版本9普通流统计输出的 UDP报文目的IP地址、目的端口、输出源接口、输出速率
[RouterA]ip netstream export host 3.1.1.2 6000
[RouterA]ipv6 netstream export source interface GigabitEthernet0/0
[RouterA]ipv6 netstream export rate 10
#在接口GE0/0上出、入方向启动IPv6 NetStream统计
[RouterA]interface GigabitEthernet 0/0
[RouterA-GigabitEthernet0/0]ipv6 netstream inbound
[RouterA-GigabitEthernet0/0]ipv6 netstream outbound
[RouterA-GigabitEthernet0/0]quit
(3) 配置IPv6 NetStream支持的6种聚合方式
# 配置自治系统聚合模式,以及该模式下聚合流统计输出的UDP报文目的IP地址、目的端口、源接口
[RouterA]ipv6 netstream aggregation as
[RouterA-ns6-aggregation-as]enable
[RouterA-ns6-aggregation-as]ipv6 netstream export host 3.1.1.2 6001
[RouterA-ns6-aggregation-as]ipv6 netstream export source interface GigabitEthern
et0/1
[RouterA-ns6-aggregation-as]quit
# 配置源前缀聚合模式,以及该模式下聚合流统计输出的UDP报文目的IP地址、目的端口、源接口
[RouterA]ipv6 netstream aggregation source-prefix
[RouterA-ns6-aggregation-srcpre]enable
[RouterA-ns6-aggregation-srcpre]ipv6 netstream export host 3.1.1.2 6006
[RouterA-ns6-aggregation-srcpre]ipv6 netstream export source interface GigabitEt
hernet0/1
[RouterA-ns6-aggregation-srcpre]quit
# 配置接口的IPv4、IPv6地址,并使能IPv6转发
<RouterB>system-view
[RouterB]ipv6
[RouterB]interface GigabitEthernet0/0
[RouterB-GigabitEthernet0/0]ipv6 address 15::2/64
[RouterB-GigabitEthernet0/0]ip address 1.1.1.2 255.255.0.0
[RouterB-GigabitEthernet0/0]quit
[RouterB]interface GigabitEthernet0/1
[RouterB-GigabitEthernet0/1]ipv6 address 20::1/64
[RouterB-GigabitEthernet0/1]ip address 2.1.1.1 255.255.0.0
[RouterB-GigabitEthernet0/1]quit
# 配置BGP、BGP4+(BGP支持IPv6扩展)路由
[RouterB]bgp 150
[RouterB-bgp]router-id 2.1.1.1
[RouterB-bgp]network 1.1.0.0 255.255.0.0
[RouterB-bgp]network 2.1.0.0 255.255.0.0
[RouterB-bgp]peer 1.1.1.1 as-number 100
[RouterB-bgp]peer 2.1.1.2 as-number 200
[RouterB-bgp]ipv6-family
[RouterB-bgp-af-ipv6]network 15:: 64
[RouterB-bgp-af-ipv6]network 20:: 64
[RouterB-bgp-af-ipv6]peer 15::2 as-number 100
[RouterB-bgp-af-ipv6]peer 20::2 as-number 200
[RouterB-bgp-af-ipv6]quit
# 配置接口的IPv4、IPv6地址,并使能IPv6转发
<RouterC>system-view
[RouterC]ipv6
[RouterC]interface GigabitEthernet0/0
[RouterC-GigabitEthernet0/0]ipv6 address 20::2/64
[RouterC-GigabitEthernet0/0]ip address 2.1.1.2 255.255.0.0
[RouterC-GigabitEthernet0/0]quit
[RouterC]interface GigabitEthernet0/1
[RouterC-GigabitEthernet0/1]ipv6 address 30::1/64
[RouterC-GigabitEthernet0/1]ip address 3.1.1.1 255.255.0.0
[RouterC-GigabitEthernet0/1]quit
# 配置BGP、BGP4+(BGP支持IPv6扩展)路由
[RouterC]bgp 100
[RouterC-bgp]router-id 1.1.1.1
[RouterC-bgp]network 1.1.0.0 255.255.0.0
[RouterC-bgp]network 4.1.0.0 255.255.0.0
[RouterC-bgp]peer 1.1.1.2 as-number 150
[RouterC-bgp]ipv6-family
[RouterC-bgp-af-ipv6]network 10:: 64
[RouterC-bgp-af-ipv6]network 15:: 64
[RouterC-bgp-af-ipv6]peer 15::2 as-number 150
[RouterC-bgp-af-ipv6]quit
[RouterC-bgp]quit
按照4.5 中的步骤配置完后,为方便产生IPv6 NetStream表项,可以从Router A的GE0/0、Router C的GE0/1接口使用测试仪器打入各种协议报文、源和目的端口变化、源和目的IPv6变化的双向流量,同时可以从Router C的GE0/1抓取NetStream统计输出报文。
(1) 在各链路状态都正常的情况下,可以查看到各路由器的BGP、BGP4+路由
[RouterA]display bgp peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.2 150 156 156 0 3 03:01:56 Established
[RouterA]display bgp ipv6 peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
15::2 150 168 157 0 3 02:54:28 Established
[RouterA]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 Direct 0 0 1.1.1.1 GE0/1
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.1.0.0/16 BGP 255 0 1.1.1.2 GE0/1
3.1.0.0/16 BGP 255 0 1.1.1.2 GE0/1
4.1.0.0/16 Direct 0 0 4.1.1.1 GE0/0
4.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterA]display ipv6 routing-table
Routing Table :
Destinations : 8 Routes : 8
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 10::/64 Protocol : Direct
NextHop : 10::1 Preference: 0
Interface : GE0/0 Cost : 0
Destination: 10::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 15::/64 Protocol : Direct
NextHop : 15::1 Preference: 0
Interface : GE0/1 Cost : 0
Destination: 15::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 20::/64 Protocol : BGP4+
NextHop : 15::2 Preference: 255
Interface : GE0/1 Cost : 0
Destination: 30::/64 Protocol : BGP4+
NextHop : 15::2 Preference: 255
Interface : GE0/1 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[RouterA]
[RouterB]display bgp peer
BGP local router ID : 2.1.1.1
Local AS number : 150
Total number of peers : 2 Peers in established state : 2
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 158 158 0 2 03:03:59 Established
2.1.1.2 200 178 152 0 2 02:57:35 Established
[RouterB]display bgp ipv6 peer
BGP local router ID : 2.1.1.1
Local AS number : 150
Total number of peers : 2 Peers in established state : 2
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
15::1 100 159 170 0 2 02:56:33 Established
20::2 200 152 181 0 2 02:56:17 Established
[RouterB]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 Direct 0 0 1.1.1.2 GE0/0
1.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
2.1.0.0/16 Direct 0 0 2.1.1.1 GE0/1
2.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
3.1.0.0/16 BGP 255 0 2.1.1.2 GE0/1
4.1.0.0/16 BGP 255 0 1.1.1.1 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterB]display ipv6 routing-table
Routing Table :
Destinations : 8 Routes : 8
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 10::/64 Protocol : BGP4+
NextHop : 15::1 Preference: 255
Interface : GE0/0 Cost : 0
Destination: 15::/64 Protocol : Direct
NextHop : 15::2 Preference: 0
Interface : GE0/0 Cost : 0
Destination: 15::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 20::/64 Protocol : Direct
NextHop : 20::1 Preference: 0
Interface : GE0/1 Cost : 0
Destination: 20::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 30::/64 Protocol : BGP4+
NextHop : 20::2 Preference: 255
Interface : GE0/1 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[RouterB]
[RouterC]display bgp peer
BGP local router ID : 3.1.1.1
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.1.1.1 150 152 178 0 3 02:57:32 Established
[RouterC]display bgp ipv6 peer
BGP local router ID : 3.1.1.1
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
20::1 150 181 153 0 3 02:56:15 Established
[RouterC]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.0.0/16 BGP 255 0 2.1.1.1 GE0/0
2.1.0.0/16 Direct 0 0 2.1.1.2 GE0/0
2.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
3.1.0.0/16 Direct 0 0 3.1.1.1 GE0/1
3.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
4.1.0.0/16 BGP 255 0 2.1.1.1 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[RouterC]display ipv6 routing-table
Routing Table :
Destinations : 8 Routes : 8
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 10::/64 Protocol : BGP4+
NextHop : 20::1 Preference: 255
Interface : GE0/0 Cost : 0
Destination: 15::/64 Protocol : BGP4+
NextHop : 20::1 Preference: 255
Interface : GE0/0 Cost : 0
Destination: 20::/64 Protocol : Direct
NextHop : 20::2 Preference: 0
Interface : GE0/0 Cost : 0
Destination: 20::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 30::/64 Protocol : Direct
NextHop : 30::1 Preference: 0
Interface : GE0/1 Cost : 0
Destination: 30::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[RouterC]
(2) 在打入流量后,可以查看到Router A产生了IPv6 NetStream表项
[RouterA]display ipv6 netstream cache
IPv6 netstream cache information:
Stream active timeout (in minutes) : 30
Stream inactive timeout (in seconds): 30
Stream max entry number : 5000
IPv6 active stream entry number : 4756
MPLS active stream entry number : 0
IPL2 active stream entry number : 0
IPv6 stream entry been counted : 50100
MPLS stream entry been counted : 0
IPL2 stream entry been counted : 0
Last statistics reset time : 09/08/2011, 18:04:13
IPv6 packet size distribution (136530 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .046 .165 .207 .364 .098 .048 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.008 .000 .000 .015 .044 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Stream Packets Active(sec) Idle(sec)
Streams /Sec /Sec /stream /stream /stream
---------------------------------------------------------------------------
UDP-other 47660 6 6 1 0 1
TCP-other 1978 10 0 41 0 1
ICMP 462 0 0 3 3 1
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl If(Direc) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK)Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 10::56(1025) 30::3233:3233(102- 17 0 0x0 GE0/0(O) 1
4)
IP 10::5D(1025) 30::3233:3233(102- 17 0 0x0 GE0/0(O) 1
4)
。。。(省略下面的显示内容)。。。
(3) 清除表项(通过reset ipv6 netstream statistics命令)、或者达到最大表项数时,表项就会被强制老化,NetStream就会向NSC发送统计输出报文;或者表项超时老化,也会向NSC发送统计输出报文。以下是抓取到的统计输出报文(以普通IPv6、自治系统聚合模式和 源前缀聚合模式流统计输出为例):
图6 版本9普通IPv6流统计输出到NSC的统计报文(目的端口6000)
图7 自治系统聚合流统计输出到NSC的统计报文(目的端口6001)
图8 源前缀聚合流统计输出到NSC的统计报文(目的端口6006)
· Router A
#
sysname RouterA
#
ipv6
#
interface GigabitEthernet0/0
port link-mode route
ipv6 address 10::1/64
ip address 4.1.1.1 255.255.0.0
ipv6 netstream inbound
ipv6 netstream outbound
#
interface GigabitEthernet0/1
port link-mode route
ipv6 address 15::1/64
ip address 1.1.1.1 255.255.0.0
#
interface GigabitEthernet8/0
port link-mode route
#
bgp 100
router-id 1.1.1.1
network 1.1.0.0 255.255.0.0
network 4.1.0.0 255.255.0.0
undo synchronization
peer 1.1.1.2 as-number 150
#
ipv6-family
network 10:: 64
network 15:: 64
undo synchronization
peer 15::2 as-number 150
#
ipv6 netstream max-entry 5000
ipv6 netstream export host 3.1.1.2 6000
ipv6 netstream export source interface GigabitEthernet0/0
ipv6 netstream export rate 10
#
ipv6 netstream aggregation as
enable
ipv6 netstream export host 3.1.1.2 6001
ipv6 netstream export source interface GigabitEthernet0/1
#
ipv6 netstream aggregation bgp-nexthop
enable
ipv6 netstream export host 3.1.1.2 6002
ipv6 netstream export source interface GigabitEthernet0/1
#
ipv6 netstream aggregation destination-prefix
enable
ipv6 netstream export host 3.1.1.2 6003
ipv6 netstream export source interface GigabitEthernet0/1
#
ipv6 netstream aggregation prefix
enable
ipv6 netstream export host 3.1.1.2 6004
ipv6 netstream export source interface GigabitEthernet0/1
#
ipv6 netstream aggregation protocol-port
enable
ipv6 netstream export host 3.1.1.2 6005
ipv6 netstream export source interface GigabitEthernet0/1
#
ipv6 netstream aggregation source-prefix
enable
ipv6 netstream export host 3.1.1.2 6006
ipv6 netstream export source interface GigabitEthernet0/1
#
· Router B
#
sysname RouterB
#
ipv6
#
interface GigabitEthernet0/0
port link-mode route
ipv6 address 15::2/64
ip address 1.1.1.2 255.255.0.0
#
interface GigabitEthernet0/1
port link-mode route
ipv6 address 20::1/64
ip address 2.1.1.1 255.255.0.0
#
interface Encrypt11/0
#
bgp 150
router-id 2.1.1.1
network 1.1.0.0 255.255.0.0
network 2.1.0.0 255.255.0.0
undo synchronization
peer 1.1.1.1 as-number 100
peer 2.1.1.2 as-number 200
#
ipv6-family
network 15:: 64
network 20:: 64
undo synchronization
peer 15::1 as-number 100
peer 20::2 as-number 200
#
· Router C
#
sysname RouterC
#
ipv6
#
interface GigabitEthernet0/0
port link-mode route
ipv6 address 20::2/64
ip address 2.1.1.2 255.255.0.0
#
interface GigabitEthernet0/1
port link-mode route
ipv6 address 30::1/64
ip address 3.1.1.1 255.255.0.0
#
bgp 200
network 2.1.0.0 255.255.0.0
network 3.1.0.0 255.255.0.0
undo synchronization
peer 2.1.1.1 as-number 150
#
ipv6-family
network 20:: 64
network 30:: 64
undo synchronization
peer 20::1 as-number 150
#
(1) 需求分析
PE1,P,PE2均支持NetStream功能,NSC运行Xlog等网络流量收集分析软件,UDP端口号为5000、6000、7000。CE 1与CE 2属于VPN 1,CE与PE之间配置EBGP交换VPN路由信息。PE与P之间配置OSPF实现PE内部的互通,配置MP-IBGP交换VPN路由信息。PE1出方向的MPLS报文被NetStream统计,输出到NSC的5000端口,P入/出方向的MPLS报文被NetStream统计,输出到NSC的6000端口,PE2入方向的MPLS报文被NetStream统计,输出到NSC的7000端口。
(2) 网络规划
根据需求,设计如图9所示网络拓扑图。
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
PE1 |
GE0/0 |
10.1.1.1/24 |
PE2 |
GE0/0 |
172.2.1.2/24 |
|
|
GE0/1 |
172.1.1.1/24 |
|
GE0/1 |
10.2.1.1/24 |
|
|
Loop 0 |
1.1.1.9/32 |
|
Loop 0 |
3.3.3.9/32 |
|
|
Eth6/0 |
168.32.67.136/16 |
CE1 |
Eth0/0 |
4.1.1.1/16 |
|
P |
GE0/0 |
172.1.1.2/24 |
|
Eth0/1 |
10.1.1.2/24 |
|
|
GE0/1 |
172.2.1.1/24 |
CE2 |
Eth0/0 |
3.1.1.1/16 |
|
|
Loop 0 |
2.2.2.9/32 |
|
Eth0/1 |
10.2.1.2/24 |
|
NSC |
网口 |
168.32.67.11/16 |
|
|
|
· 为配置NetStream,首先配置接口地址、BGP 和MPLS L3VPN,实现网络层互通;
· 为实现流量统计,配置 NetStream等参数。
本举例是在Release 2207P14版本上进行配置和验证的。
· 使能MPLS的NetStream统计,会同时使能IPv4和IPv6的NetStream对MPLS报文的统计。
· 如果在设备上同时配置过滤和采样,设备会先过滤后采样报文。需要注意的是,过滤功能对MPLS报文无效。
· 活跃流的老化时间和不活跃流的老化时间只对普通流生效。
· 活跃流的老化时间和不活跃流的老化时间可以同时配置,满足任一个老化时间就会对流进行老化,时间精度为10秒钟。
(1) 配置接口地址、路由、MPLS L3VPN等基本配置
# 配置各接口的IP地址
<PE1>system-view
[PE1]interface LoopBack0
[PE1-LoopBack0]ip address 1.1.1.9 255.255.255.255
[PE1-LoopBack0]quit
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]route-distinguisher 100:1
[PE1-vpn-instance-vpn1]vpn-target 111:1
[PE1-vpn-instance-vpn1]quit
[PE1]interface GigabitEthernet0/0
[PE1-GigabitEthernet0/0]ip binding vpn-instance vpn1
[PE1-GigabitEthernet0/0]ip address 10.1.1.1 255.255.255.0
[PE1-GigabitEthernet0/0]quit
[PE1]interface GigabitEthernet0/1
[PE1-GigabitEthernet0/1]ip address 172.1.1.1 255.255.255.0
[PE1-GigabitEthernet0/1]quit
[PE1]interface Ethernet6/0
[PE1-Ethernet6/0]ip address 168.32.67.136 255.255.0.0
[PE1-Ethernet6/0]quit
# 配置路由、MPLS L3VPN
[PE1]ospf 1
[PE1-ospf-1]area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network 168.32.0.0 0.0.255.255
[PE1-ospf-1-area-0.0.0.0]quit
[PE1-ospf-1]quit
[PE1]mpls lsr-id 1.1.1.9
[PE1]mpls
[PE1-mpls]quit
[PE1]mpls ldp
[PE1-mpls-ldp]quit
[PE1]interface GigabitEthernet0/1
[PE1-GigabitEthernet0/1]mpls
[PE1-GigabitEthernet0/1]mpls ldp
[PE1-GigabitEthernet0/1]quit
[PE1]bgp 100
[PE1-bgp]peer 3.3.3.9 as-number 100
[PE1-bgp]peer 3.3.3.9 connect-interface LoopBack0
[PE1-bgp]ipv4-family vpn-instance vpn1
[PE1-bgp-ipv4-vpn1]peer 10.1.1.2 as-number 65410
[PE1-bgp-ipv4-vpn1]import-route direct
[PE1-bgp-ipv4-vpn1]quit
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4]quit
[PE1-bgp]quit
(2) 配置MPLS NetStream相关参数
# 接口GE0/1出方向启动NetStream统计
[PE1]interface GigabitEthernet0/1
[PE1-GigabitEthernet0/1]ip netstream outbound
[PE1-GigabitEthernet0/1]quit
# 配置NetStream最大流数(缺省是达到最大数目后强制老化)
[PE1] ip netstream max-entry 5000
#使能MPLS的NetStream统计,不带IP选项,设置3层标签;配置流统计输出的 UDP报文目的IP地址、目的端口、输出源接口
[PE1]ip netstream mpls label-positions 1 2 3 no-ip-fields
[PE1]ip netstream export host 168.32.67.11 5000
[PE1]ip netstream export source interface LoopBack0
(1) 配置接口地址、路由、MPLS L3VPN等基本配置
# 配置各接口的IP地址
<P>system-view
[P]interface LoopBack0
[P-LoopBack0]ip address 2.2.2.9 255.255.255.255
[P-LoopBack0]quit
[P]interface GigabitEthernet0/0
[P-GigabitEthernet0/0]ip address 172.1.1.2 255.255.255.0
[P-GigabitEthernet0/0]quit
[P]interface GigabitEthernet0/1
[P-GigabitEthernet0/1]ip address 172.2.1.1 255.255.255.0
[P-GigabitEthernet0/1]quit
# 配置路由、MPLS L3VPN
[P]ospf 1
[P-ospf-1]area 0.0.0.0
[P-ospf-1-area-0.0.0.0]network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0]quit
[P-ospf-1]quit
[P]mpls lsr-id 2.2.2.9
[P]mpls
[P-mpls]quit
[P]mpls ldp
[P-mpls-ldp]quit
[P]interface GigabitEthernet0/0
[P-GigabitEthernet0/0]mpls
[P-GigabitEthernet0/0]mpls ldp
[P-GigabitEthernet0/0]quit
[P]interface GigabitEthernet0/1
[P-GigabitEthernet0/1]mpls
[P-GigabitEthernet0/1]mpls ldp
[P-GigabitEthernet0/1]quit
(2) 配置MPLS NetStream相关参数
# 接口GE0/0入方向、GE0/1出方向启动NetStream统计
[P]interface GigabitEthernet0/0
[P-GigabitEthernet0/0]ip netstream inbound
[P-GigabitEthernet0/0]quit
[P]interface GigabitEthernet0/1
[P-GigabitEthernet0/1]ip netstream outbound
[P-GigabitEthernet0/1]quit
# 配置NetStream最大流数(缺省是达到最大数目后强制老化)
[P] ip netstream max-entry 5000
#使能MPLS的NetStream统计,不带IP选项,设置3层标签;配置流统计输出的 UDP报文目的IP地址、目的端口、输出源接口
[P]ip netstream mpls label-positions 1 2 3 no-ip-fields
[P]ip netstream export host 168.32.67.11 6000
[P]ip netstream export source interface LoopBack0
(1) 配置接口地址、路由、MPLS L3VPN等基本配置
# 配置各接口的IP地址
<PE2>system-view
[PE2]interface LoopBack0
[PE2-LoopBack0]ip address 3.3.3.9 255.255.255.255
[PE2-LoopBack0]quit
[PE2]interface GigabitEthernet0/0
[PE2-GigabitEthernet0/0]ip address 172.2.1.2 255.255.255.0
[PE2-GigabitEthernet0/0]quit
[PE2]interface GigabitEthernet0/1
[PE2-GigabitEthernet0/1]ip binding vpn-instance vpn1
[PE2-GigabitEthernet0/1]ip address 10.2.1.1 255.255.255.0
[PE2-GigabitEthernet0/1]quit
# 配置路由、MPLS L3VPN
[PE2]ospf 1
[PE2-ospf-1]area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]quit
[PE2-ospf-1]quit
[PE2]mpls lsr-id 3.3.3.9
[PE2]mpls
[PE2-mpls]quit
[PE2]mpls ldp
[PE2-mpls-ldp]quit
[PE2]interface GigabitEthernet0/0
[PE2-GigabitEthernet0/0]mpls
[PE2-GigabitEthernet0/0]mpls ldp
[PE2-GigabitEthernet0/0]quit
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]route-distinguisher 200:1
[PE2-vpn-instance-vpn1]vpn-target 111:1
[PE2-vpn-instance-vpn1]quit
[PE2]bgp 100
[PE2-bgp]peer 1.1.1.9 as-number 100
[PE2-bgp]peer 1.1.1.9 connect-interface LoopBack0
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-ipv4-vpn1]peer 10.2.1.2 as-number 65420
[PE2-bgp-ipv4-vpn1]import-route direct
[PE2-bgp-ipv4-vpn1]quit
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4]quit
[PE2-bgp]quit
(2) 配置MPLS NetStream相关参数
# 接口GE0/0入方向启动NetStream统计
[PE2]interface GigabitEthernet0/0
[PE2-GigabitEthernet0/0]ip netstream inbound
[PE2-GigabitEthernet0/0]quit
# 配置NetStream最大流数(缺省是达到最大数目后强制老化)
[PE2] ip netstream max-entry 5000
#使能MPLS的NetStream统计,不带IP选项,设置3层标签;配置流统计输出的 UDP报文目的IP地址、目的端口、输出源接口
[PE2]ip netstream mpls label-positions 1 2 3 no-ip-fields
[PE2]ip netstream export host 168.32.67.11 7000
[PE2]ip netstream export source interface LoopBack0
# 配置各接口的IP地址
<CE1>system-view
[CE1]interface Ethernet0/0
[CE1-Ethernet0/0]ip address 4.1.1.1 255.255.0.0
[CE1-Ethernet0/0]quit
[CE1]interface Ethernet0/1
[CE1-Ethernet0/1]ip address 10.1.1.2 255.255.255.0
[CE1-Ethernet0/1]quit
# 配置BGP路由
[CE1]bgp 65410
[CE1-bgp]import-route direct
[CE1-bgp]undo synchronization
[CE1-bgp]peer 10.1.1.1 as-number 100
[CE1-bgp]quit
# 配置各接口的IP地址
<CE2>system-view
[CE2]interface Ethernet0/0
[CE2-Ethernet0/0]ip address 3.1.1.1 255.255.0.0
[CE2-Ethernet0/0]quit
[CE2]interface Ethernet0/1
[CE2-Ethernet0/1]ip address 10.2.1.2 255.255.255.0
[CE2-Ethernet0/1]quit
# 配置BGP路由
[CE2]bgp 65420
[CE2-bgp]import-route direct
[CE2-bgp]peer 10.2.1.1 as-number 100
[CE2-bgp]quit
按照步骤配置完后,为方便产生NetStream表项,可以使用测试仪从CE1的Eth0/0接口打入流量到CE2的Eth0/0接口,同时可以从NSC抓取NetStream统计输出报文。
在各链路状态都正常的情况下,验证以下步骤:
(1) PE 1、P、PE2之间建立OSPF邻居、LDP会话、BGP对等体关系,以及PE与CE之间BGP对等体关系建立、VPN路由生成等情况的验证,为节省篇幅,不再赘述
(2) CE1和CE2均可学到BGP路由,CE1可以ping通CE2
[CE1]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
3.1.0.0/16 BGP 255 0 10.1.1.1 Eth0/1
4.1.0.0/16 Direct 0 0 4.1.1.1 Eth0/0
4.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Direct 0 0 10.1.1.2 Eth0/1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 BGP 255 0 10.1.1.1 Eth0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[CE2]display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
3.1.0.0/16 Direct 0 0 3.1.1.1 Eth0/0
3.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
4.1.0.0/16 BGP 255 0 10.2.1.1 Eth0/1
10.1.1.0/24 BGP 255 0 10.2.1.1 Eth0/1
10.2.1.0/24 Direct 0 0 10.2.1.2 Eth0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[CE1]ping 3.1.1.1
PING 3.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=253 time=2 ms
Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms
Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=253 time=2 ms
Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms
Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms
--- 3.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
(3) 在打入流量后,可以查看到PE1、P、PE2产生了MPLS NetStream表项
[PE1]display ip netstream cache
IP netstream cache information:
Stream active timeout (in minutes) : 30
Stream inactive timeout (in seconds): 30
Stream max entry number : 5000
IP active stream entry number : 4
MPLS active stream entry number : 3
L2 active stream entry number : 0
IPL2 active stream entry number : 0
IP stream entry been counted : 20
MPLS stream entry been counted : 12
L2 stream entry been counted : 0
IPL2 stream entry been counted : 0
Last statistics reset time : 09/09/2011, 14:20:33
IP packet size distribution (1158808 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .002 .210 .251 .252 .243 .000 .007 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.007 .000 .000 .007 .016 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Stream Packets Active(sec) Idle(sec)
Streams /Sec /Sec /stream /stream /stream
---------------------------------------------------------------------------
MPLS 12 21 0 16717 1506 5
UDP-other 5 0 0 361 1800 1
TCP-other 5 0 0 241 1808 1
ICMP 5 0 0 70 1815 1
OSPF 5 0 0 185 1800 1
Type DstIP(Port) SrcIP(Port) Pro ToS If(Direc) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 224.0.0.5(0) 172.1.1.1(0) 89 192 GE0/1(O) 38
IP 2.2.2.9(3940) 1.1.1.9(646) 6 192 GE0/1(O) 49
IP 224.0.0.2(646) 172.1.1.1(646) 17 192 GE0/1(O) 81
IP 2.2.2.9(771) 168.32.67.11(0) 1 0 GE0/1(O) 9
MPLS UNKNOWN(0.0.0.0/0) 1:1024-6-1 GE0/1(O) 25
2:0-0-0
3:0-0-0
MPLS UNKNOWN(0.0.0.0/0) 1:1024-0-1 GE0/1(O) 33
2:0-0-0
3:0-0-0
MPLS UNKNOWN(0.0.0.0/0) 1:1024-0-0 GE0/1(O) 975664
2:1025-0-1
3:0-0-0
[P]display ip netstream cache
IP netstream cache information:
Stream active timeout (in minutes) : 30
Stream inactive timeout (in seconds): 30
Stream max entry number : 5000
IP active stream entry number : 10
MPLS active stream entry number : 4
L2 active stream entry number : 0
IPL2 active stream entry number : 0
IP stream entry been counted : 379
MPLS stream entry been counted : 14
L2 stream entry been counted : 0
IPL2 stream entry been counted : 0
Last statistics reset time : 09/09/2011, 14:17:27
IP packet size distribution (3447964 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .005 .221 .251 .252 .228 .000 .007 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.007 .000 .000 .007 .016 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Stream Packets Active(sec) Idle(sec)
Streams /Sec /Sec /stream /stream /stream
---------------------------------------------------------------------------
MPLS 14 71 0 48247 1295 9
UDP-other 10 0 0 361 1800 1
TCP-other 10 0 0 241 1801 0
ICMP 300 0 0 2 32 30
OSPF 10 0 0 185 1801 0
TCP-BGP 49 0 0 25 346 27
Type DstIP(Port) SrcIP(Port) Pro ToS If(Direc) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 224.0.0.5(0) 172.1.1.1(0) 89 192 GE0/0(I) 44
IP 224.0.0.5(0) 172.2.1.1(0) 89 192 GE0/1(O) 43
IP 2.2.2.9(3940) 1.1.1.9(646) 6 192 GE0/0(I) 58
IP 224.0.0.2(646) 172.2.1.1(646) 17 192 GE0/1(O) 92
IP 224.0.0.2(646) 172.1.1.1(646) 17 192 GE0/0(I) 92
IP 3.3.3.9(1068) 2.2.2.9(646) 6 192 GE0/1(O) 60
IP 3.3.3.9(179) 1.1.1.9(4070) 6 192 GE0/1(O) 30
IP 2.2.2.9(771) 168.32.67.11(0) 1 0 GE0/0(I) 2
IP 3.3.3.9(179) 1.1.1.9(4070) 6 0 GE0/1(O) 1
IP 3.3.3.9(771) 168.32.67.11(0) 1 0 GE0/1(O) 3
MPLS UNKNOWN(0.0.0.0/0) 1:1025-0-1 GE0/1(O) 1401302
2:0-0-0
3:0-0-0
MPLS LDP(3.3.3.9/32) 1:1024-6-1 GE0/0(I) 30
2:0-0-0
3:0-0-0
MPLS LDP(3.3.3.9/32) 1:1024-0-1 GE0/0(I) 37
2:0-0-0
3:0-0-0
MPLS LDP(3.3.3.9/32) 1:1024-0-0 GE0/0(I) 1401302
2:1025-0-1
3:0-0-0
[PE2]display ip netstream cache
IP netstream cache information:
Stream active timeout (in minutes) : 30
Stream inactive timeout (in seconds): 30
Stream max entry number : 5000
IP active stream entry number : 6
MPLS active stream entry number : 1
L2 active stream entry number : 0
IPL2 active stream entry number : 0
IP stream entry been counted : 353
MPLS stream entry been counted : 2
L2 stream entry been counted : 0
IPL2 stream entry been counted : 0
Last statistics reset time : 09/09/2011, 14:17:52
IP packet size distribution (1717318 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .009 .233 .251 .253 .212 .000 .007 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.007 .000 .000 .007 .016 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Stream Packets Active(sec) Idle(sec)
Streams /Sec /Sec /stream /stream /stream
---------------------------------------------------------------------------
MPLS 2 11 0 53953 5 30
UDP-other 5 0 0 362 1803 0
TCP-other 5 0 0 241 1809 0
ICMP 289 0 0 1 2 30
OSPF 5 0 0 186 1808 0
TCP-BGP 49 0 0 25 345 27
Type DstIP(Port) SrcIP(Port) Pro ToS If(Direc) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
---------------------------------------------------------------------------
IP 224.0.0.5(0) 172.2.1.1(0) 89 192 GE0/0(I) 39
IP 224.0.0.2(646) 172.2.1.1(646) 17 192 GE0/0(I) 87
IP 3.3.3.9(1068) 2.2.2.9(646) 6 192 GE0/0(I) 55
IP 3.3.3.9(179) 1.1.1.9(4070) 6 192 GE0/0(I) 30
IP 3.3.3.9(179) 1.1.1.9(4070) 6 0 GE0/0(I) 2
IP 3.3.3.9(771) 168.32.67.11(0) 1 0 GE0/0(I) 1
MPLS BGP(10.2.1.2/32) 1:1025-0-1 GE0/0(I) 1624749
2:0-0-0
3:0-0-0
(4) 清除表项(通过reset ip netstream statistics命令)、或者达到最大表项数时,表项就会被强制老化,NetStream就会向NSC发送统计输出报文;或者表项超时老化,也会向NSC发送统计输出报文。以下是抓取到的统计输出报文:
#以P设备为例,打开P设备NetStream的debug信息,可以看到发送了统计输出报文
<P>debugging ip netstream packet
*Sep 9 14:19:20:239 2011 P NS/7/NS_PACKET:
Send succeed!
Packet Type: Normal IP Version No: 5 Records: 1
SrcIP(Port): 2.2.2.9(40000) DstIP(Port): 168.32.67.11(6000) VrfID: 0
*Sep 9 14:19:50:219 2011 P NS/7/NS_PACKET:
Send succeed!
Packet Type: Normal IP Version No: 5 Records: 1
SrcIP(Port): 2.2.2.9(40000) DstIP(Port): 168.32.67.11(6000) VrfID: 0
图10 P设备MPLS NetStream流统计输出到NSC的统计报文(目的端口6000)
图11 PE1设备MPLS NetStream流统计输出到NSC的统计报文(目的端口5000)
图12 PE2设备MPLS NetStream流统计输出到NSC的统计报文(目的端口7000)
· PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls
#
mpls ldp
#
interface Ethernet6/0
port link-mode route
ip address 168.32.67.136 255.255.0.0
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
ip netstream outbound
#
bgp 100
undo synchronization
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
ipv4-family vpn-instance vpn1
peer 10.1.1.2 as-number 65410
import-route direct
#
ipv4-family vpnv4
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
network 168.32.0.0 0.0.255.255
#
ip netstream mpls label-positions 1 2 3 no-ip-fields
ip netstream max-entry 5000
ip netstream export host 168.32.67.11 5000
ip netstream export source interface LoopBack0
#
· P
#
sysname P
#
mpls lsr-id 2.2.2.9
#
mpls
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
ip netstream inbound
#
interface GigabitEthernet0/1
port link-mode route
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
ip netstream outbound
#
interface Encrypt11/0
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
ip netstream mpls label-positions 1 2 3 no-ip-fields
ip netstream max-entry 5000
ip netstream export host 168.32.67.11 6000
ip netstream export source interface LoopBack0
#
· PE2
#
sysname PE2
#
mpls lsr-id 3.3.3.9
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
ip netstream inbound
#
interface GigabitEthernet0/1
port link-mode route
ip binding vpn-instance vpn1
ip address 10.2.1.1 255.255.255.0
#
bgp 100
undo synchronization
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
ipv4-family vpn-instance vpn1
peer 10.2.1.2 as-number 65420
import-route direct
#
ipv4-family vpnv4
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
ip netstream mpls label-positions 1 2 3 no-ip-fields
ip netstream max-entry 5000
ip netstream export host 168.32.67.11 7000
ip netstream export source interface LoopBack0
#
· CE1
#
sysname CE1
#
interface Ethernet0/0
port link-mode route
ip address 4.1.1.1 255.255.0.0
#
interface Ethernet0/1
port link-mode route
ip address 10.1.1.2 255.255.255.0
#
bgp 65410
import-route direct
undo synchronization
peer 10.1.1.1 as-number 100
#
· CE2
#
sysname CE2
#
interface Ethernet0/0
port link-mode route
ip address 3.1.1.1 255.255.0.0
#
interface Ethernet0/1
port link-mode route
ip address 10.2.1.2 255.255.255.0
#
bgp 65420
import-route direct
undo synchronization
peer 10.2.1.1 as-number 100
#
· H3C MSR 系列路由器 命令参考(V5)-R2311
· H3C MSR 系列路由器 配置指导(V5)-R2311
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
