A, netstream
“NetStream
NetStream application background of rapid development of Internet technology to provide users with higher bandwidth to support the growing number of services and applications, the traditional traffic statistics such as SNMP, port mirroring, due to the inflexible way traffic statistics need to invest in dedicated servers or because of higher costs , the network can not meet the more detailed management, a new technology to better support network traffic statistics.
NetStream technology is a technique based on statistical network flow information, statistics and analysis can be performed on the traffic situation in the network. On the network access layer, convergence layer, the core layer, can be deployed by NetStream.
NetStream technology application are the following.
l billing: NetStream provides fine-based resource data (e.g., lines, bandwidth, time, etc.) charging occupancy. Internet service providers can use this information to implement flexible billing strategy, such as time-based, bandwidth, applications, quality of service and so on. Enterprise customers can use the department chargeback or cost allocation information for the effective use of resources.
l network planning: NetStream network management tools can provide key information, such as network traffic among the various AS, for optimizing network design and planning, network operations to achieve with minimal cost to achieve the best network performance and reliability.
l network monitoring: for connection to the Internet network interface for real-time traffic monitoring by deploying NetStream in exports, the situation can be analyzed a variety of business and bandwidth utilization. Administrators can understand the operation of the information to determine the network, early detection irrational structure or network performance bottlenecks in the network, network management personnel to facilitate planning and allocation of network resources.
l User Monitoring and analysis: enables network managers NetStream data provides easy access to detailed information about network resources and applications, and then used to efficiently plan and allocate network resources and to guarantee safe operation of the network.
NetStream Introduction
NetStream flow definition
NetStream provides the packet is a statistical technique based on the "flow." NetStream supports Layer 2 packets, IP packet (UDP, TCP, ICMP packets) and MPLS packet statistics.
l for IPv4 packets, IPv4 the NetStream based on the destination IP address of the IPv4 packet, the source IP address, destination port number, source port number, protocol number, ToS (Type of Service, service type), an input interface or an output interface to define stream, the same 7-tuple identified as the same flow.
l For IPv6 packets, IPv6 the NetStream based on the destination IP address of the IPv6 packet, source IP address, destination port number, source port number, protocol number, traffic class, flow label, an input interface or an output interface to define the flow, the same 7-tuple identified as the same flow.
l for MPLS packets, statistics can (the case of 6PE) IPv4 / IPv6 in MPLS packets. If the IP statistics information at this time will determine a common flow based on the MPLS label stack and IP information. "
The NetStream
NetStream provides the packet is a statistical technique based on the "flow", NetStream stream is an IP packet (UDP, TCP, ICMP packets).
- For IPv4 packets, IPv4 the NetStream based on the destination IP address of the IPv4 packet, the source IP address, destination port number, source port number, protocol number, type of service ToS (Type of Service), an input interface or an output interface to define the flow, the same 7-tuple identified as the same flow.
Reprinted from: http: //www.h3c.com/CN/D_200905/634610_30003_0.htm#_Toc245285341
Two, sFlow
See the Network Management and Monitoring Configuration Guide - Throughout this manual "sFlow section.
SFlow brief Baidu Encyclopedia
1. Definition:
Sampled Flow sFlow is an abbreviation proposed by Inmon, monitoring data on a network switch or router technique for forwarding condition.
The system includes a plurality of sFlow sFlow - Agent (embedded in a switch or router forwarding devices) and a core sFlow Collector. sFlow Agent technology acquired through a specific sampling device forwards traffic on the network statistics in real time and sent to the Collector for Collector by analyzing sFlow data packets, view or by generating traffic report form to help network administrators to more effectively manage the entire site (usually the enterprise-level site) network traffic.
2, the principle:
Figure 8-1 sFlow packet format
The two sampling sFlow
sFlow Agent provides two ways for the user to analyze the sample network traffic conditions from different angles, respectively, and sampling Flow Counter samples.
Flow sampling
Flow sampling device is sFlow Agent ratio of sampling and analysis of the packets in a particular direction and a sampling port on the specified sample, and the results of the analysis process to Collector devices packets via sFlow. Main Flow sampling information packets as shown in Table 8-2.
Flow sampling method for sampling is the interface of the packets by the packet sampling mainly by two ways: fixed sampling mode and random sampling method. When a fixed sampling counter mode is enabled on the device, the sampling ratio of 1 / N, when the early counter value N, each of the interface processing a packet count, count by a counter, when the counter reaches 0, the current sampling packet, resets the counter count is N, the foregoing process is repeated; refers to a randomly sampled manner for each of the packet interface processing to a random value (assuming random numbers in the range of 0 ~ N), set a threshold value n (n ∈ [0, N]), when the packet is smaller than this threshold value is random, the packet sampling, such actual sampling ratio of n / (N + 1). From a statistical point of view, the random sampling method to collect more samples to reflect the entire sample space, thus sampling methods currently used mainly for random sampling method.
Table 8-2 Flow sampling main message field information Description (switch supports)
| Field Contents |
Explanation |
|---|---|
| Raw packet |
Intercept all or a portion of the original packet header (particularly long length, taken on configuration), this part of the original packet encapsulated Collector sFlow packet is sent to. |
| Ethernet Frame Data |
For Ethernet packet, parses the packet header information of the Ethernet, the encapsulated data to parse sFlow packet transmitted to the Collector. |
| IPV4 Data |
For IPV4 packet, parses the packet header information IPV4, parses the encapsulated data to the sFlow packet transmitted to the Collector. |
| IPV6 Data |
For IPV6 packet, parses the packet header information of the IPV6, parses the encapsulated data packet to send to the sFlow Collector. |
| Extended Switch Data |
Layer for forwarding Ethernet packets, packets recorded vlan vlan priority conversion, and the conversion, the package information is forwarded to the Collector sFlow packet is sent to. vlan vlan Id indicates an invalid is 0. |
Counter sampling
Counter - Agent sFlow sampling device is periodically acquires traffic statistics on the interface, and these statistics process by Collector sFlow packet to the device. Counter samples as shown in Table 8-3 main information packets.
Table 8-3 Counter sampling main message field information Description
| Field Contents |
Explanation |
|---|---|
| Generic Interface Counters |
Common interface statistics, including basic information about the interface, common interface traffic statistics. |
| Ethernet Interface Counters |
For in Ethernet interface for Ethernet statistics related to traffic statistics. |
| Token Ring Counters |
For token ring, token ring network-related statistics for traffic statistics. |
| 100 Base VG Interface Counters |
Used in IEEE 802.12 interface for the traffic statistics statistics class interface. |
| Vlan Counters |
According to statistics for vlan traffic statistics Device Ethernet. |
| Processor Information |
Statistics for CPU usage, memory usage. |
3, the role of
Typical applications sFlow
Shown in Figure 1-1, sFlow system comprises a device embedded in the distal end and the sFlow Agent sFlow Collector. Wherein, an interface for acquiring sFlow - Agent statistics and data on this device, encapsulates the information into sFlow packet, when the sFlow packet buffer overflows or buffer time in the sFlow packet (buffer time is 1 second) time-out , sFlow Agent will sFlow packets to the specified sFlow Collector. sFlow Collector to analyze sFlow packets and displays the results.
8-2 sFlow system diagram of FIG.
4, one of the statistical techniques of network traffic, compared to netstream, more light-weight.
Reference links:
https://blog.csdn.net/a_lber_t/article/details/89526519
Original link; https: //blog.csdn.net/a3192048/article/details/86475878