一、华三设备做流量统计
如下组网图所示,PC1的IP地址为1.1.1.1,它连接在高端设备的g9/1/1端口上,实现与其他设备的互连。高端设备对源IP为1.1.1.1的报文进行统计。
配置举例:
主要配置
定义基本ACL 2000,对源IP地址为1.1.1.1的报文进行分类。
[H3C] acl number 2000
[H3C-acl-basic-2000] rule permit source 1.1.1.1 0
// 参考配置
背景:从南京主机10.32.40.27 访问苏州资源池10.209.148.140的服务器(主机)10007端口,现在在苏州侧网络设备上做流量统计
acl advanced 3001
rule 5 permit tcp -instance JSDCN_DCI source 10.32.40.27 0 destination 10.209.148.140 0 destination-port eq 10007
rule 10 permit tcp -instance JSDCN_DCI source 10.209.148.140 0 destination 10.32.40.27 0 source-port eq 10007*
//
定义类Liutong,匹配基本ACL 2000。
[H3C] traffic classifier Liutong
[H3C-classifier-Liutong] if-match acl 2000
[H3C-classifier-Liutong] quit
定义流行为Liutong,动作为流量统计报文数或者字节数。
[H3C] traffic behavior Liutong
[H3C-behavior-Liutong] accounting packet
定义策略Liutong,为类Liutong指定流行为Liutong。
[H3C] qos policy Liutong
[H3C-qospolicy-Liutong] classifier Liutong behavior Liutong
将策略Liutong应用到端口GigabitEthernet9/1/1的入方向和出方向上。
[H3C] interface GigabitEthernet 9/1/1
[H3C-GigabitEthernet3/1/1] qos apply policy Liutong inbound
[H3C-GigabitEthernet3/1/1] qos apply policy Liutong outbound
***若使用聚合口,那么物理口和聚合口都要做
查看配置后流量统计的情况,只统计了报文数。
[H3C]dis qos policy interface GigabitEthernet 9/1/1 inbound
Interface: GigabitEthernet9/1/1
Direction: Inbound
Liutong: liutong
Classifier: liutong
Operator: AND
Rule(s) : If-match acl 3000
Behavior: liutong
Accounting Enable:
5 (Packets)
可以通过下面的方法来清除流量统计计数:
.在用户视图下reset counters interface命令清除流量统计信息。
<H3C>reset counters interface GigabitEthernet 9/1/1
[H3C]dis qos Liutong interface GigabitEthernet 3/1/1 inbound
Interface: GigabitEthernet3/1/1
Direction: Inbound
Liutong: liutong
Classifier: liutong
Operator: AND
Rule(s) : If-match acl 3000
Behavior: liutong
Accounting Enable:
0 (Packets)
注意事项
**1.在用户视图下reset counters interface命令清除流量统计信息。
2.基于VLAN应用的QoS策略不能应用在动态VLAN上。例如,在运行GVRP协议的情况下,设备可能会动态创建VLAN,QoS策略不能应用在该动态VLAN上。因此不能在动态vlan下进行基于VLAN的流量统计。**
二 、华为设备流量统计配置
华为9303配置流量统计的方法
【配置举例】
acl number 3000
rule 0 permit icmp source 1.1.1.1 0 destination 2.2.2.2 0 //其中1.1.1.1和2.2.2.2替换为ping测试时的源目的IP地址
rule 5 permit icmp source 2.2.2.2 0 destination 1.1.1.1 0
traffic classifier huawei
if-match acl 3000
traffic behavior huawei
statistic enable
traffic policy huawei
classifier huawei behavior huawei
interface Eth-Trunk8 //在Eth-trunk5接口下同时配置如下两条命令。
traffic-policy huawei inbound
traffic-policy huawei outbound
#查看流量统计结果命令
display traffic policy statistics interface Eth-Trunk8 inbound verbose rule-based class huawei
display traffic policy statistics interface Eth-Trunk8 outbound verbose rule-based class huawei
#清空流量统计结果命令
reset traffic policy statistics interface Eth-Trunk8 inbound
reset traffic policy statistics interface Eth-Trunk8 outbound
三、 锐捷设备流量统计配置
分别做进方向和出方向两条ACL,然后在接口下调用,最后查看acl便知道匹配多少数据包数目。
#
!
ip access-list extended JSDCN-IN
10 permit ip host 10.32.40.27 host 10.209.148.140
100 permit ip any any
!
ip access-list extended JSDCN-OUT
10 permit ip host 10.209.148.140 host 10.32.40.27
100 permit ip any any
!
interface AggregatePort 2
no switchport
description uT:SUZDC-P-PUB-DCI-H3C-CR16010F-01-ITC11(RAGG11)1*100G
carrier-delay up 2 down 0
ip access-group JSDCN-IN in
ip access-group JSDCN-OUT out
!
#