1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. NetEngine5000E
  6. Configuration manual

Huawei NetEngine5000E Configuration Manual

Core router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HUAWEI NetEngine5000E Core Router
V800R002C01
Configuration Guide - System
Management
Issue
01
Date
2011-10-15
HUAWEI TECHNOLOGIES CO., LTD.

Advertisement

Table of Contents
loading

Related Manuals for Huawei NetEngine5000E

Summary of Contents for Huawei NetEngine5000E

  • Page 1 HUAWEI NetEngine5000E Core Router V800R002C01 Configuration Guide - System Management Issue Date 2011-10-15 HUAWEI TECHNOLOGIES CO., LTD.
  • Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.

  • Page 3: About This Document

    Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 4 Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues. Changes in Issue 01 (2011-10-15) The initial commercial release. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 5: Table Of Contents

    2.3.2 Configuring the Unicast Server/Client Mode..................20 2.3.3 Configuring the Peer Mode........................21 2.3.4 Configuring the Broadcast Mode......................22 2.3.5 Configuring the Multicast Mode......................23 2.3.6 Disabling the Interface From Receiving NTP Packets................25 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 6 3.5.1 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv1....86 3.5.2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c....89 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 7 6.3.1 Specifying a NetStream Service Processing Mode................130 6.3.2 Outputting Original Flows........................132 6.3.3 (Optional) Adjusting the AS Field Mode and Interface Index Type.............133 6.3.4 (Optional) Enabling Statistics Collection of TCP Flags................134 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 8 6.11.2 Example for Collecting Statistics About IPv4 Flows Aggregated Based on the AS Number....181 6.11.3 Example for Collecting Statistics About MPLS Original Flows............185 6.11.4 Example for Deploying NetStream on the BGP/MPLS IP VPN Network..........189 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 9: Device Management

    1.5 Configuring a Cleaning Cycle for the Air Filter This section describes the procedure for configuring a cleaning cycle for the air filter. 1.6 Configuration Examples This section provides several examples for maintaining the router. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 10: Device Management Overview

    NE5000E can be restarted through command lines. Board reset When a board on the device malfunctions and cannot automatically recover, it is recommended that the board be reset. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 11: Powering Off The Board

    Preparing a slave board if the board needs to be replaced Procedure Powering off the MPU Run the system-view command to enter the system view. (Optional)Run the slave switchover command to perform the master/slave switchover. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 12 Present Registered Normal OTHER Present Registered Normal OTHER Master Present Registered Normal OTHER Slave Present Registered Normal OTHER Present Registered Normal OTHER Present Registered Normal OTHER --------------------------------------------------------------------------- Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 13: Managing Online Devices

    (for example, power module or fan module) in a certain slot. Procedure Step 1 Run the display device [ pic-status | slot-id ] command to view basic information about the router. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 14: Checking Memory Usage

    In practice, you can run the display temperature command in any view to view the current working temperatures of the router. The temperature information includes the following contents: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 15: Checking Device Voltages

    Slot ID of the power module l Whether the power module is in position l Working mode of the power module l Status of the cable for the power module ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 16: Checking The Fan Module

    The system then prompts you to confirm whether to save the current configuration in the configuration file to be activated next time. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 17: Resetting A Board

    CPU being powered on. If a slave MPU exists, this command performs the master-slave MPU switchover. l If the board is still abnormal after being reset, contact Huawei technical support personnel. ----End 1.5 Configuring a Cleaning Cycle for the Air Filter This section describes the procedure for configuring a cleaning cycle for the air filter.

  • Page 18: Remonitoring The Cleaning Cycle Of The Air Filter

    (referring to the time on the router), how many days the router had been run since the previous cleaning, and how long the alarm about cleaning the air filter exists. For example: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 19: Configuration Examples

    To complete the configuration, you need the following data: Slot number of the master MPU Procedure Step 1 Perform a master/slave switchover on the router. <HUAWEI> system-view [~HUAWEI] slave switchover Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 20 Master 0/24 Present Registered Normal OTHER Slave 0/25 Present Registered Normal OTHER 0/27 Present Registered Normal OTHER 0/28 Present Registered Normal OTHER --------------------------------------------------------------------------- ----End Configuration Files None. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 21: Ntp Configuration

    This section describes how to maintain NTP. Maintaining NTP helps you to monitor the NTP operating status. 2.7 Configuration Examples This section provides several configuration examples of NTP. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 22: Ntp Overview

    Stratum: measures clock precision. The higher the stratum level, the lower the clock precision. For example, clocks have 15 stratums and the stratum-1 clock has the highest precision; Stratum 16 indicates that the relevant clock is not synchronized. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 23 11: 00:01 am (T When the NTP packet leaves Router B, Router B adds its transmitting timestamp to the NTP packet, which is 11:00:02 am (T Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 24: Working Principle

    4. The value 4 indicates the server mode. 3. After receiving the response packet, the client performs clock filtering and selection, and finally, is synchronized with the optimal server. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 25 4. The client then works in broadcast client mode, and continues to sense the incoming broadcast packets to synchronize the local clock. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 26: Configuring Basic Ntp Functions

    Configuring the link layer protocol for the interface Configuring an IP address and a routing protocol for the interface to ensure that NTP packets can reach destinations Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 27: Configuring The Ntp Primary Clock

    Otherwise, the clock on the client cannot synchronize with the master clock on the server. Do as follows on the Server. Procedure Step 1 Run: system-view Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 28: Configuring The Unicast Server/Client Mode

    NTP packets sent from the server and clock synchronization fails. Step 2 is optional. If source-interface is specified in both Step 2 and Step 3, use the source interface specified in Step 3 preferentially. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 29: Configuring The Peer Mode

    Run: ntp-service unicast-peer ip-address [ version number | authentication- keyid key-id | source-interface interface-type interface-number | vpn- instance vpn-instance-name | preference ] The NTP peer is configured. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 30: Configuring The Broadcast Mode

    This part describes how to configure the NTP broadcast mode on the LAN to synchronize clocks on the LAN. Procedure Configuring an NTP Broadcast Server Run: system-view The system view is displayed. Run: interface interface-type interface-number Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 31: Configuring The Multicast Mode

    The configurations are committed. ----End 2.3.5 Configuring the Multicast Mode This part describes how to configure the NTP multicast mode to synchronize clocks in a multicast domain. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 32 After the configurations, the local router senses the multicast NTP packets sent from the server and synchronizes the local clock. Run: commit The configurations are committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 33: Disabling The Interface From Receiving Ntp Packets

    Run the display ntp-service bd-status command to view the status of each board on a router. ----End Example Run the display ntp-service sessions command to view the details about the configured and the dynamic NTP sessions. <HUAWEI>display ntp-service sessions Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 34: Configuring Ntp Security Mechanisms

    The first matched authority level takes effect. The matching order is as follows: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 35 Configuring the link layer protocol on the interface. Configuring the link layer protocol and routing protocol to make the server and client reachable. Configuring ACL rules if the access authority is configured. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 36: Configuration Procedure

    Mandatory procedure Optional procedure Related Tasks 2.7.1 Example for Configuring NTP Authentication in Unicast Server and Client Mode 2.7.3 Example for Configuring NTP Authentication in Broadcast Mode Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 37: Setting Ntp Access Authorities

    Synchronizing the client with NTP multicast client the server NTP broadcast mode Synchronizing the client with NTP broadcast client the server Step 3 Run: commit The configurations are committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 38: Enabling Ntp Authentication

    NTP client, you can apply NTP authentication in client/server mode. Do as follows on the NTP unicast client. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 39: Configuring Ntp Authentication In Peer Mode

    Do as follows on the NTP broadcast server. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The interface view is displayed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 40: Configuring Ntp Authentication In Multicast Mode

    Run the display ntp-service status command to view the status of the NTP service. Run the display ntp-service sessions verbose command to view the status of NTP sessions. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 41: Configuring The System Clock

    In the application environment where absolute time is strictly required, the current date and clock of the router must be set. Pre-configuration Tasks None Procedure Step 1 Run: clock datetime time date The current time is set. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 42: Maintaining Ntp

    By running the display command, you can monitor the operation of NTP. Context In routine maintenance, you can run the following commands in any view to monitor the NTP running status. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 43: Configuration Examples

    Router B functions as a unicast NTP client. Its clock needs to synchronize with the clock on Router A. Router C and Router D function as NTP clients of Router B. Enable NTP authentication on all the Routers. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 44 # On Router A, set its local clock as a primary NTP clock with stratum being 2. <RouterA> system-view [~RouterA] ntp-service refclock-master 2 # Enable NTP authentication, configure the authentication key, and declare the key to be reliable. [~RouterA] ntp-service authentication enable Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 45 Display the NTP status on Router C and find that the clock is synchronized. The stratum of the clock is 4, one stratum lower than that on Router B. [~RouterC] display ntp-service status Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 46 2 ntp-service authentication enable interface GigabitEthernet1/0/0 undo shutdown ip address 2.2.2.2 255.255.255.0 ospf 1 area 0.0.0.0 network 2.2.2.0 0.0.0.255 return Configuration file of Router B Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 47: Example For Configuring Ntp Peer Mode

    2.4 Configuring NTP Security Mechanisms 2.7.2 Example for Configuring NTP Peer Mode In NTP peer mode, both peers can be synchronized to the clock of each other. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 48 Router D. Finally, the clocks on Router C, Router D and Router E can be synchronized. Data Preparation To complete the configuration, you need the following data: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 49 "synchronized". That is, clock synchronization completes. You can also find that the stratum of the clock on Router E is 4, one stratum lower than that on Router D. [~RouterE] display ntp-service status clock status: synchronized Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 50: Example For Configuring Ntp Authentication In Broadcast Mode

    Mode On a LAN, the device with high clock precision functions as the NTP server, and other devices are synchronized to the clock of the NTP server. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 51 Configure Router A and Router D as the NTP broadcast clients. Configure NTP authentication on Router A, Router C, and Router D. Data Preparation To complete the configuration, you need the following data: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 52 [~RouterA] ntp-service reliable authentication-keyid 16 # Configure Router A to be the NTP broadcast client. Router A senses the NTP broadcast packets on GE 1/0/0. [~RouterA] interface gigabitethernet 1/0/0 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 53 16 authentication-mode md5 %@ENC;8HX \#Q=^Q`MAF4<1!! ntp-service reliable authentication-keyid 16 ntp-service refclock-master 3 ntp-service authentication enable interface GigabitEthernet1/0/0 undo shutdown ip address 3.0.1.31 255.255.255.0 ntp-service broadcast-server authentication-keyid 16 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 54: Example For Configuring Multicast Mode

    On an NE5000E cluster, the interface is numbered in the format of chassis ID/slot number/card number/interface number. This requires the chassis ID to be specified along with the slot number. As shown in Figure 2-7, Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 55 [~RouterC] ntp-service refclock-master 2 # Configure Router C to be an NTP multicast server. NTP multicast packets are sent from GE 1/0/0. [~RouterC] interface gigabitethernet 1/0/0 [~RouterC-GigabitEthernet1/0/0] ntp-service multicast-server Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 56 17:03:32.022 UTC Apr 25 2005(C61734FD.800303C0) ----End Configuration Files Configuration file of Router A sysname RouterA interface GigabitEthernet1/0/0 undo shutdown ip address 1.0.1.11 255.255.255.0 ntp-service multicast-client return Configuration file of Router C Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 57 Configuration file of Router D sysname RouterD interface GigabitEthernet1/0/0 undo shutdown ip address 3.0.1.32 255.255.255.0 ntp-service multicast-client return Related Tasks 2.3 Configuring Basic NTP Functions Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 58: Snmp Configuration

    This section provides several configuration examples of SNMP. The configuration roadmap in the examples helps you understand the configuration procedures. Each configuration example provides information about the networking requirements, configuration notes, and configuration roadmap. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 59: Introduction To Snmp

    Managed device: is managed by an NM station and generates and reports alarms to the NM station. Figure 3-1 shows the relationship between the NM station and agent. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 60 SNMP uses Get and Set operations to replace a complex command set. The operations used for device management include GetRequest, GetNextRequest, GetResponse, GetBulk, SetRequest, and notification from the agent to the NM station. The operations described in Figure 3-3 implement all functions. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 61: Snmp Features Supported By The Ne5000E

    The NE5000E supports SNMPv1, SNMPv2c, and SNMPv3. Table 3-2 lists the features supported by SNMP, and Table 3-3 shows the support of different SNMP versions for the Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 62 Store the inform in the memory, which consumes lot of system resources. l Generate the log information. NOTE If the NM station restarts, it can learn the informs sent during the restart process. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 63 This version is applicable to small-scale networks whose networking is simple and security requirements are low or whose security and stability are good, such as campus networks and small enterprise networks. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 64: Configuring A Device To Communicate With An Nm Station By Running Snmpv1

    Before configuring a device to communicate with an NM station by running SNMPv1, configure a routing protocol to ensure that at least one route exist between router and NM station. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 65: Configuring Basic Snmpv1 Functions

    By default, the SNMP agent function is disabled. By executing the snmp-agent command with any parameters can enable the SNMP agent function. Step 3 Run: snmp-agent sys-info version v1 The SNMP version is set. By default, SNMPv3 is enabled. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 66 The maximum size of an SNMP packet that the device can receive or send is set. By default, the maximum size of an SNMP packet that the device can receive or send is 1500 bytes. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 67: Optional) Controlling The Nm Station's Access To The Device

    If some of the NM stations need to manage specified objects on the device, perform all the following steps. Procedure Step 1 Run: system-view The system view is displayed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 68 If some of the NM stations that use the community name need to manage specified objects on the device, both mib-view and acl need to be configured in the command. Step 8 Run: commit The configuration is committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 69: Optional) Configuring The Trap Function

    The source interface specified on the router for trap messages must be consistent with that specified on the NM station; otherwise, the NM station does not accept the trap messages sent from the router. Step 5 Run: commit Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 70: Checking The Configuration

    SNMP version running in the system: SNMPv1 SNMPv3 Run the display acl acl-number command. You can view the rules in the specified ACL. <HUAWEI> display acl 2000 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 71 Run the display current-configuration | include max-size command. You can view the allowable maximum size of an SNMP packet. <HUAWEI> display current-configuration | include max-size snmp-agent packet max-size 1800 Run the display current-configuration | include trap command. You can view trap configuration.

  • Page 72: Configuring A Device To Communicate With An Nm Station By Running Snmpv2C

    Before configuring a device to communicate with an NM station by running SNMPv2c, configure a routing protocol to ensure that at least one route exist between router and NM station. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 73: Configuring Basic Snmpv2C Functions

    The SNMP agent function is enabled. By default, the SNMP agent function is disabled. By executing the snmp-agent command with any parameters can enable the SNMP agent function. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 74 – udp-port: The default destination UDP port number is 162. In some special cases (for example, port mirroring is configured to prevent a well-known port from being attacked), Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 75 The managed device sends alarms generated by the modules that are open by default to the NM station. If finer device management is required, follow directions below to configure the managed device: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 76: Optional) Controlling The Nm Station's Access To The Device

    A rule is added to the ACL. Step 4 Run: commit The configuration is committed. Step 5 Run: quit Return to the system view. Step 6 Run: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 77: Optional) Configuring The Trap Function

    This section describes how to specify the alarms to be sent to the NM station, which help you to locate important problems. After relevant parameters are set, the security of alarm sending can be improved. Procedure Step 1 Run: system-view Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 78: Optional) Configuring The Informs Function

    NMS (Informs are resent until a reply is received). Informs are more reliable than traps. Procedure Step 1 Run: system-view The system view is displayed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 79: Checking The Configuration

    Run the display snmp-agent sys-info version command to check the enabled SNMP version. Run the display acl acl-number command to check the rules in the specified ACL. Run the display snmp-agent mib-view command to check the MIB view. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 80 View Type:included View status:active View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 81 Run the display current-configuration | include max-size command. You can view the allowable maximum size of an SNMP packet. <HUAWEI> display current-configuration | include max-size snmp-agent packet max-size 1800 Run the display current-configuration | include trap command. You can view trap configuration.

  • Page 82: Configuring A Device To Communicate With An Nm Station By Running Snmpv3

    Before configuring a device to communicate with an NM station by running SNMPv3, configure a routing protocol to ensure that at least one route exist between router and NM station. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 83: Configuring Basic Snmpv3 Functions

    SNMP communication can be established between the NM station and managed device. Procedure Step 1 Run: system-view The system view is displayed. Step 2 (Optional) Run: snmp-agent Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 84 DES uses a 56-bit key to encrypt a 64-bit plain text block. Step 6 Choose one of the following commands as needed to configure the destination IP address for the alarms and error codes sent from the device. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 85 After the steps, basic communication is established between the NM station and managed device. Access control allows any NM station in the configured SNMPv3 user group to monitor and manage all the objects on the managed device. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 86: Optional) Controlling The Nm Station's Access To The Device

    [ rule-id ] { deny | permit } source { source-ip-address source-wildcard | any } A rule is added to the ACL. Step 4 Run: commit The configuration is committed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 87 After the access rights are configured, especially after the IP address of the NM station is specified, if the IP address changes (for example, the NM station changes its location, or IP Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 88: Configuring Snmpv3 Authentication And Privacy

    [ rule-id ] { deny | permit } source { source-ip-address source-wildcard | any } A rule is added to the ACL. Run: snmp-agent usm-user v3 user-name group-name acl acl-number Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 89: Optional) Configuring The Trap Function

    To disable one trap function of a module, you need to run the undo snmp-agent trap enable feature- name command. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 90: Optional) Configuring The Informs Function

    If the network is unstable, you need to increase the timeout period. At the same time, you need to increase the number of times to resend informs and the maximum count of pending informs. Step 4 Run: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 91: Checking The Configuration

    Run the display snmp-agent vacmgroup command to check all the configured View- based Access Control Model (VACM) groups. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 92 The physical location of this node: Beijing China Run the display current-configuration | include max-size command. You can view the allowable maximum size of an SNMP packet. <HUAWEI> display current-configuration | include max-size snmp-agent packet max-size 1800 Issue 01 (2011-10-15) Huawei Proprietary and Confidential...
  • Page 93 3 SNMP Configuration Run the display current-configuration | include trap command. You can view trap configuration. <HUAWEI> display current-configuration | include trap snmp-agent trap source Ethernet 3/0/7 snmp-agent target-host host-name targetHost_1_25846 trap ipv6 address udp-domain 1:1::1:1 udp-port 111 params securityname htipl snmp-agent target-host host-name targetHost_2_51321 trap address udp-domain 1.1.

  • Page 94: Snmp Configuration Examples

    NMS administrator to contact the equipment administrator if a fault occurs. Figure 3-7 Networking diagram for configuring a device to communicate with an NM station by using SNMPv1 NMS1 GE1/0/0 1.1.1.1/24 IP Network 1.1.2.1/24 Router NMS2 1.1.1.2/24 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 95 Step 4 Configure the NM stations access rights. # Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the router. [~HUAWEI] acl 2001 [~HUAWEI-acl-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0 [~HUAWEI-acl-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0 [~HUAWEI-acl-basic-2001] commit [~HUAWEI-acl-basic-2001] quit # Configure a MIB view and allow NMS2 to manage every MIB object except HGMP on the router.
  • Page 96 HUAWEI NetEngine5000E Core Router Configuration Guide - System Management 3 SNMP Configuration [~HUAWEI] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001 [~HUAWEI] commit Step 5 Configure the trap function. [~HUAWEI] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname 1.1.3.1 [~HUAWEI] snmp-agent trap enable [~HUAWEI] commit Step 6 Configure the contact information of the equipment administrator.

  • Page 97: Example For Configuring A Device To Communicate With An Nm Station By Using Snmpv2C

    In the multi-chassis scenario, an interface is numbered in the format of chassis ID/slot number/card number/interface number. This requires the chassis ID to be specified along with the slot number. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 98 To complete the configuration, you need the following data: SNMP version Community name ACL number IP address of the NM station Contact information of the equipment administrator Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 99 [~HUAWEI] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7 [~HUAWEI] commit # Configure a community name to allow NMS2 to manage the objects in the MIB view. [~HUAWEI] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001 [~HUAWEI] commit Step 5 Configure the trap function.
  • Page 100 Basic ACL 2001, 2 rules Acl's step is 5 rule 5 permit source 1.1.1.2 0.0.0.0 rule 6 deny source 1.1.1.1 0.0.0.0 # Check the MIB view. <HUAWEI> display snmp-agent mib-view viewname allexthgmp View name:allexthgmp MIB Subtree:huaweiUtility.7 Subtree mask: Storage-type: nonVolatile...

  • Page 101: Example For Configuring A Device To Communicate With An Nm Station By Using Snmpv3

    Contact information of the equipment administrator needs to be configured on the router. This helps the NMS administrator to contact the equipment administrator if a fault occurs. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 102 Step 1 Configure available routes between the router and the NM stations. Details for the configuration procedure are not provided here. Step 2 Configure the SNMP agent. <HUAWEI> system-view [~HUAWEI] snmp-agent Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 103 NMS administrator and privacy for the data transmitted between the router and NMS2. [~HUAWEI] snmp-agent usm-user v3 nms2-admin admin authentication-mode md5 87654321 privacy-mode des56 87654321 [~HUAWEI] snmp-agent group v3 admin privacy write-view allexthgmp acl 2001 [~HUAWEI] commit Step 5 Configure the trap function.
  • Page 104 Basic ACL 2001, 2 rules Acl's step is 5 rule 5 permit source 1.1.1.2 0.0.0.0 rule 6 deny source 1.1.1.1 0.0.0.0 # Check the MIB view. <HUAWEI> display snmp-agent mib-view viewname allexthgmp View name:allexthgmp MIB Subtree:huaweiUtility.7 Subtree mask: Storage-type: nonVolatile...
  • Page 105 1.1.1.2 params securityname 1.1.3.1 snmp-agent mib-view excluded allexthgmp hwHgmp snmp-agent usm-user v3 nms2-admin admin authentication-mode md5 `,+VK;'MYJF=,/ <97^aP^1!! privacy-mode des56 `,+VK;'MYJF=,/<97^aP^1!! return Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 106: Log Management

    The system generates logs or traps and send them to the information buffer for user query. To delete information in the information buffer, run the following commands: 4.9 Configuration Examples This section provides examples for implementing log management. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 107: Log Management Overview

    This section describes log management features that the NE5000E supports. Logs can be recorded and queried. The Syslog protocol defined in RFC 3164 is supported, and a Huawei device can send logs to a maximum of eight log hosts at the same time.

  • Page 108: Log Format

    Log Format Figure 4-1 shows the format in which logs are output. Figure 4-1 Log format <Int_16>TIMESTAMP HOSTNAME %%ddAAA/B/CCC(l):VR=X-CID=ZZZ; YYYY Table 4-3 describes the fields in a log. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 109: Optional) Filtering Logs

    HOSTNAME Host name By default, it is HUAWEI. Huawei identifier Indicates that the log is output by a Huawei product. Version number Indicates the version of the log format. Module name Indicates the name of the module that outputs the log to the information center.

  • Page 110: Setting The Maximum Number Of Logs To Be Displayed

    <HUAWEI> display logbuffer size 5 1 2011 19:20:32 HUAWEI %%01ftpc/7/FTPC_SMPOI_USER_LOGIN(l):VR=0- CID=2157193000;FTPC Component received new user login notification. 1 2011 19:20:32 HUAWEI %%01ftpc/7/FTPC_MSG_RCVD_TYPE(l):VR=0- CID=2157193000;FTPC Component received a message (type Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 111: Setting The Maximum Number Of Traps To Be Displayed

    Allowed max buffer size : 1024 Actual buffer size : 512 Dropped messages : 0 Overwritten messages : 0 Current messages : 187 1 2011 19:20:32 HUAWEI %%01STANDARD/6/linkup:VR=0-CID=0x807a271c-OID=1.3.6. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 112: Saving Logs To A Local Log File

    2010-08-13 07:05:47 HUAWEI %%01cli/5/CLI_CMD_RECORD_NO_RESULT(l):VR=0- CID=2160731923;Record command information. (Task=Common, AccessMode=CONSOLE, User=root, Command="dis logfile cfcard:/oper_6301458_20100813_0.log level 6".) Related Tasks 4.9.1 Example for Saving Logs to a Local Log File Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 113: Configuring Logs To Be Output To A Log Host

    The system outputs system information to a log host only after the information center is enabled. If the system needs to classify and output large volumes of information, system performance will be affected. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 114: Optional) Specifying A Source Interface For Sending Logs To A Log Host

    After configuring logs to be output to a specified log host, you can view logs saved on the log host to assist in understanding the operation status of the device. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 115: Checking The Configuration

    Run the display this command. The command output shows the configuration for outputting logs to a specified log host. <HUAWEI> system view [~HUAWEI] display this info-center loghost source GigabitEthernet1/0/1 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 116: Maintenance

    FTP server. Maintenance personnel query and maintain logs saved on the FTP server to understand the operation status of Router A and locate faults in Router A. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 117 331 Password required for huawei Password: 230 User logged in. # Upload the log file in binary mode to the FTP server. [ftp] binary [ftp] put log_17_20110504041811.log.zip [ftp] quit Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 118: Example For Configuring Logs To Be Output To A Log Host

    Figure 4-4 Networking diagram of configuring logs to be output to a log host 10.1.1.1/24 Server1 POS1/0/0 172.168.0.1/24 Router Server 2 10.2.1.1/24 Configuration Roadmap The configuration roadmap is as follows: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 119 [~HUAWEI] interface loopback 0 [~HUAWEI-loopback0] ip address 1.1.1.1 255.255.255.255 [~HUAWEI-loopback0] quit [~HUAWEI] info-center loghost source loopback 0 Step 5 Run the commit command to commit the configuration. Step 6 Configure the log host. The log host is a host running the UNIX or LINUX operating system or a log software.
  • Page 120 If the host runs a third party's log software, the log software can be configured to collect log information. For details about log configurations on Huawei iManager U2000, see the iManager U2000 Operation Guide for Common Features. Step 7 Verify the configuration.

  • Page 121: Fault Management

    You can use maintenance commands to collect statistics about faults and clear them after further analysis. 5.5 Configuration Examples This section provides an example for configuring FM. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 122: Fault Management Overview

    Installing the router and powering it on properly Completing the alarm definition on the NE5000E Configuration Procedures Choose one or more configuration tasks (excluding "Checking the Configuration") as needed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 123: Setting The Alarm Severity

    The alarm management view is displayed. Step 3 Run: suppression name alarm-name { cause-period cause-seconds | clear-period clear- seconds } A suppression period is configured for an alarm. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 124: Configuring Alarm Suppression

    The alarm management view is displayed. Step 3 Run: suppression enable Alarm suppression is enabled. To disable alarm suppression, you can run the undo suppression enable command. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 125: Filtering Out All Alarms

    Filtering out alarms that are generated for a specific service, such as alarms for the MPLS service Filtering out alarms with specific names, such as an LDP session alarm Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 126: Saving Alarms To A Log File

    Step 7 Run: commit The configuration is committed. ----End 5.3.6 Saving Alarms to a Log File This section describes how to save alarms to a log file. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 127: Checking The Configuration

    Run the display alarm information [ name alarm-name ] [ brief ] command to verify the validity of the alarm suppression parameters. ----End Example Display the basic information about an alarm named PmThresholdAlarm. <HUAWEI> display alarm information name pmthresholdalarm brief feature : PMSERVER alarmName : PmThresholdAlarm...

  • Page 128: Maintenance

    You can run the following commands in any view to understand the alarm status on the current device. Procedure Run: display alarm information [ name alarm-name ] [ brief ] Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 129: Configuration Examples

    Figure 5-1 Networking diagram for configuring FM Router User Network When a fault occurs on a network, FM can be configured to help users rapidly locate the fault and rectify the fault. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 130 Step 2 Configure the severity and suppression period of the alarm named hwOpticalInvalid. # Set the severity of the alarm named hwOpticalInvalid to Critical. [~HUAWEI-alarm] alarm name hwbfdSessReachLimit severity critical # Set the generation period to 5s and clearing period to 15s for the alarm named hwOpticalInvalid in alarm suppression.
  • Page 131 # Configure the NMS host named target-host1 to use the alarm filtering table named mask1. [~HUAWEI-alarm-mask1] quit [~HUAWEI-alarm] snmp target-host target-host1 mask name mask1 [~HUAWEI-alarm] commit # After the configuration is complete, run the display this command in the alarm management view to verify the configuration.

  • Page 132: Netstream Configuration

    This will help you complete the configuration task quickly and accurately. 6.7 Collecting Statistics About MPLS IPv4 Packets Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 133 Collecting traffic statistics on BGP/MPLS VPN networks helps users to monitor the BGP/MPLS VPN network condition. 6.10 Maintaining NetStream This section describes how to maintain NetStream. 6.11 Configuration Examples This section provides NetStream configuration examples in different scenarios. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 134: Netstream Overview

    The NE5000E is used as an NDE to sample packets, aggregate flows, and output flows. The following figure shows the relationship among the NDE, NSC, and NDA. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 135: Netstream Features Supported By The Ne5000E

    In this mode, one packet is sampled every fix-packets-number packets. For example, if the value specified by fix-packets-number is N, every Nth packet that passes through the NetStream-enabled interface will be sampled. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 136: Collecting Statistics About Ipv4 Original Flows

    Before collecting statistics about IPv4 original flows, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and accurately. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 137 Configuring the static route or enabling an IGP to ensure that IP routes between nodes are reachable Configuration Procedures To collect the statistics about IPv4 original flows, perform the procedures as shown in the following flowchart. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 138: Specifying A Netstream Service Processing Mode

    If it is required to configure both of them, ensure that sampling modes and sampling ratios configured by the ip netstream sampler and ipv6 netstream sampler commands are identical. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 139 LPUs that are dual homed to different NetStream service processing boards can back up each other. Run: commit The configuration is committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 140: Outputting Original Flows

    The destination IP address and UDP port number of the peer NSC are configured for NetStream original flows to be output. l In the slot view: Run: slot slot-id Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 141: Optional) Adjusting The As Field Mode And Interface Index Type

    32 bits. If different AS field modes exist on a network, you need to convert the AS field mode when configuring NetStream. Otherwise, NetStream cannot sample inter-AS traffic. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 142: Optional) Enabling Statistics Collection Of Tcp Flags

    NMS. The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets. Procedure Step 1 Run: system-view Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 143: Sampling Ipv4 Flows

    By default, NetStream is disabled from packet sampling. Step 3 Run: interface interface-type interface-number The interface view is displayed. Step 4 (Optional) Run: ip netstream sampler fix-packets fix-packets-number { inbound | outbound } Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 144: Checking The Configuration

    IP packets cached in the NetStream buffer on the router. <HUAWEI> display ip netstream cache origin slot 3 Show information of IP and MPLS cache of slot 3 is starting. get show cache user data success.
  • Page 145 58.1.1.2 55.67.121.72 0.0.0.0 0.0.0.0 Run the display ip netstream statistics slot slot-id command, and you can view statistics about NetStream flows. [~HUAWEI] display ip netstream statistics slot 1 Netstream statistic information on slot 1: -------------------------------------------------------------------------------- length of packets Number Protocol...

  • Page 146: Collecting Statistics About Ipv4 Aggregated Flows

    NetStream original flows collects statistics about sampled packets. The data volume generated by aggregated flow statistics collection is therefore greater than that generated by original flow statistics collection. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 147 Configuring the static route or enabling an IGP to ensure that IP routes between nodes are reachable Enabling statistics collection of NetStream original flows Configuration Procedures To collect statistics about IPv4 aggregated flows, perform the procedures as described in the following flowchart. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 148: Specifying A Netstream Service Processing Mode

    If it is required to configure both of them, ensure that sampling modes and sampling ratios configured by the ip netstream sampler and ipv6 netstream sampler commands are identical. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 149 LPUs that are dual homed to different NetStream service processing boards can back up each other. Run: commit The configuration is committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 150: Configuring An Aggregation Mode For Ipv4 Flows

    NetStream flows with the same destination AS number, destination mask length, destination prefix, ToS, and outbound interface index are aggregated as one flow and one aggregation record is generated. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 151 FIB table for flow aggregation. NOTE The aggregate mask takes effect only for aggregation modes of destination-prefix, destination-prefix-tos, prefix, prefix-tos, source-prefix, and source-prefix-tos. Step 5 Run: commit Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 152: Outputting Aggregated Flows

    By default, the output template of aggregated flows is refreshed every 30 minutes. Step 6 Run: ip netstream export source ip-address The source IP address is configured for aggregated flows. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 153: Optional) Adjusting The As Field Mode And Interface Index Type

    32 bits. If different AS field modes exist on a network, you need to convert the AS field mode when configuring NetStream. Otherwise, NetStream cannot sample inter-AS traffic. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 154: Sampling Ipv4 Flows

    By default, NetStream enabled on an interface can sample and collect the statistics about the following packets: Unicast packets Multicast packets Packets discarded by the uRPF/RPF check Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 155: Checking The Configuration

    In routine maintenance or after pertaining configurations of NetStream are complete, you can run the following commands in any view to check whether NetStream is enabled on the device. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 156 AS numbers, masks, and prefixes of IP or MPLS packets in the NetStream flow buffer. <HUAWEI> display ip netstream cache destination-prefix slot 3 Show information of IP and MPLS cache of slot 1 is starting.

  • Page 157: Collecting Statistics About Ipv6 Original Flows

    NetStream original flows into UDP packets and sends the packets to the NSC for subsequent processing. Unlike collecting the statistics about aggregated flows, collecting the statistics about original flows has less impact on the NDE performance. Original Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 158 Configuring the static route or enabling an IGP to ensure that IP routes between nodes are reachable Configuration Procedures To collect the statistics about IPv6 original flows, perform the procedures as shown in the following flowchart. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 159: Specifying A Netstream Service Processing Mode

    If it is required to configure both of them, ensure that sampling modes and sampling ratios configured by the ip netstream sampler and ipv6 netstream sampler commands are identical. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 160 LPUs that are dual homed to different NetStream service processing boards can back up each other. Run: commit The configuration is committed. ----End Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 161: Outputting Original Flows

    The destination IP address and UDP port number of the peer NSC are configured for NetStream original flows to be output. Run: quit The system view is displayed. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 162: Optional) Adjusting The As Field Mode And Interface Index Type

    NMS. For example, if the NMS can parse a 32-bit interface index, the interface index carried in the NetStream packet must be a 32-bit value. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 163: Optional) Enabling Statistics Collection Of Tcp Flags In Original Flows

    Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ipv6 netstream tcp-flag enable Statistics collection of TCP flags in original flows is enabled. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 164: Sampling Ipv6 Flows

    The sampling mode and sampling ratio are configured for the interface. By default, NetStream is disabled from packet sampling. Instead, it collects the statistics about each packet. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 165: Checking The Configuration

    Run the display ipv6 netstream cache origin slot 3 command. If NetStream is successfully configured, you can view various statistics about IP packets cached in the NetStream buffer on the router. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 166 HUAWEI NetEngine5000E Core Router Configuration Guide - System Management 6 NetStream Configuration <HUAWEI> display ipv6 netstream cache origin slot 3 Show information of IP and MPLS cache of slot 3 is starting. get show cache user data success. DstIf DstIP...

  • Page 167: Collecting Statistics About Ipv6 Aggregated Flows

    Before collecting statistics about IPv6 aggregated flows, complete the following tasks: Configuring parameters of the link layer protocol and IP addresses for interfaces to ensure that the link layer protocol on the interfaces is Up Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 168: Specifying A Netstream Service Processing Mode

    In this mode, the LPU only samples packets and sends sampled packets to the NetStream service processing board. Flow aggregation and flow output are performed on the NetStream service processing board. If the data volume collected by the router is beyond Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 169 NetStream service processing board is specified. If there are several NetStream service processing boards, you can specify a master service processing board and a backup service processing board as needed. For the Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 170: Configuring An Aggregation Mode For Ipv6 Flows

    NetStream flows with the same destination AS number, source AS number, BGP next hop, inbound interface index, and outbound interface index are aggregated as one flow and one aggregation record is generated. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 171 Statistics collection of flows aggregated in a specified aggregation mode is enabled. Step 4 (Optional) Run: mask { source | destination } minimum mask-length The length of the aggregate mask is set. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 172: Outputting Aggregated Flows

    By default, the output template of aggregated flows is refreshed every 30 minutes. Step 5 Run: ipv6 netstream export source ip-address The source IP address is configured for aggregated flows. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 173: Optional) Adjusting The As Field Mode And Interface Index Type

    32 bits. If different AS field modes exist on a network, you need to convert the AS field mode when configuring NetStream. Otherwise, NetStream cannot sample inter-AS traffic. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 174: Sampling Ipv6 Flows

    By default, NetStream enabled on an interface can sample and collect the statistics about the following packets: Unicast packets Multicast packets Packets discarded by the uRPF/RPF check Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 175 NetStream is enabled on the interface. Statistics about packets' BGP next-hop information can also be collected. Original flows output in V5 format, however, cannot carry the BGP next-hop information. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 176: Checking The Configuration

    IP addresses, AS numbers, masks, and prefixes of IP or MPLS packets in the buffer on the router. <HUAWEI> display ipv6 netstream cache destination-prefix slot 3 Show information of IP and MPLS cache of slot 3 is starting.

  • Page 177: Collecting Statistics About Mpls Ipv4 Packets

    ASs. If statistics about MPLS packets are collected on the P, the P sends statistics to inform the NSC of the MPLS label-specific traffic volume. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 178 – To sample only inner IP packets, not MPLS labels, configure ip-only. – To sample both MPLS labels and inner IP packets, configure label-and-ip. For other configurations, see 6.3 Collecting Statistics About IPv4 Original Flows. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 179 Run the display ip netstream cache origin slot slot-id command to view information about the NetStream buffer. <HUAWEI> display ip netstream cache origin slot 6 Show information of IP and MPLS cache of slot 6 is starting. get show cache user data success.
  • Page 180 9 enable ip netstream export source 1.1.1.2 ip netstream export host 3.3.3.3 555 ip netstream export host 1.1.1.2 55 slot 8 GigabitEthernet8/0/3 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 181: Collecting Statistics About Mpls Ipv6 Packets

    Before collecting statistics about MPLS IPv6 packets, complete the following task: Enabling MPLS on the device and interfaces, and configuring the MPLS network Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 182 MPLS packets cached in the NetStream buffer on the router. <HUAWEI> display ipv6 netstream cache origin slot 3 Show information of IP and MPLS cache of slot 3 is starting. get show cache user data success.

  • Page 183: Collecting Statistics About Bgp/Mpls Vpn Flows

    IPv4 Packets 6.8 Collecting Statistics About MPLS IPv6 Packets as needed. Enable the output of TAL options on the PE. Run: ip netstream export template option application-label Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 184: Maintaining Netstream

    After packet statistics collection and output of NetStream flows are configured, run the display ip netstream export option command in any view. You can view information about the output option template. <HUAWEI> display ip netstream export option ------------------------------------------------------ Option Data...

  • Page 185: Monitoring The Netstream Operating Status

    Statistics about NetStream flows are displayed. Run: display netstream { all | global | interface interface-type interface-number } NetStream configurations in different views are displayed. Run: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 186: Configuration Examples

    NetStream allows users to rapidly identify the virus type and locate the IP address of abnormal traffic. Based on other characteristics of NetStream flows, uses can take proper actions to filter out virus-infected traffic and prevent it from spreading on the network. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 187 [~PE] slot 1 [~PE-slot-1] ip netstream sampler to slot 4 [~PE-slot-1]quit # Enable the statistics collection of TCP flags in original flows. [~PE] ip netstream tcp-flag enable Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 188 Label1 Exp1 Bottom1 Label2 Exp2 Bottom2 Label3 Exp3 Bottom3 TopLabelIpAddress VlanId -------------------------------------------------------------------------- Unknown PO2/0/0 0.0.0.0 58.1.1.2 55.67.121.72 0.0.0.0 0.0.0.0 Unknown PO1/0/0 0.0.0.0 58.1.1.2 55.67.121.70 0.0.0.0 0.0.0.0 PO2/0/0 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 189: Example For Collecting Statistics About Ipv4 Flows Aggregated Based On The As Number

    On the NE5000E cluster, an interface is numbered in the format of chassis ID/slot number/card number/interface number. If the slot number is specified, the chassis ID of the slot must also be specified. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 190 Enable NetStream on the inbound interface of the ingress router. Data Preparation To complete the configuration, you need the following data: IP address of each interface IP address of the NSC Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 191 # View information about flows in the NetStream flow buffer on the router. [~RouterD] display ip netstream cache as slot 4 Show information of IP and MPLS cache of slot 4 is starting. get show cache user data success. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 192 172.1.1.2 255.255.255.0 interface GigabitEthernet2/0/0 ip address 1.1.1.1 255.255.255.0 ip netstream inbound ip netstream sampler fix-packets 1000 inbound interface GigabitEthernet2/0/1 ip address 3.3.3.1 255.255.255.0 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 193: Example For Collecting Statistics About Mpls Original Flows

    Loopback1 1.1.1.9/32 3.3.3.9/32 2.2.2.9/32 192.168.1.2/24 POS1/0/0 POS2/0/0 GE1/0/0 10.1.1.1/24 10.1.2.1/24 192.168.1.1/24 POS1/0/0 POS1/0/0 RouterC 10.1.1.2/24 RouterA RouterB 10.1.2.2/24 NSC&NDA Configuration Roadmap The configuration roadmap is as follows: Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 194 For configurations of the static MPLS TE tunnel, see the chapter "MPLS Basic Configurations" in the HUAWEI NetEngine5000E Core Router Configuration Guide - MPLS. Step 3 Enable NetStream on POS 1/0/0 of Router B. # Configure the NetStream service processing mode on an LPU.
  • Page 195 0.0.0.0 1011 1.1.1.9 Unknown PO1/0/0 0.0.0.0 58.1.1.2 55.67.121.70 0.0.0.0 1001 10.1.1.9 PO2/0/0 PO1/0/0 0.0.0.0 58.1.1.2 55.67.121.68 0.0.0.0 1021 20.1.1.9 ----End Configuration Files Configuration file of Router A Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 196 Pos2/0/0 undo shutdown link-protocol ppp ip address 20.1.1.1 255.255.255.0 mpls mpls ldp interface LoopBack1 ip address 2.2.2.9 255.255.255.255 ospf 1 area 0.0.0.0 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 197: Example For Deploying Netstream On The Bgp/Mpls Ip Vpn Network

    Service Level Agreements (SLAs). Deploying NetStream on the BGP/MPLS IP VPN network allows users to analyze the LSP traffic between PEs and adjust the network accordingly to better meet service requirements. Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 198 Enable NetStream to collect statistics about incoming and outgoing packets with specified application labels. Data Preparation To complete the configuration, you need the following data: Output format for NetStream flows and the sampling interval Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 199 6-16. Details for the configuration procedure are not provided here. Step 2 Configure the BGP/MPLS IP VPN. For configuration details, see the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI NetEngine5000E Core Router Configuration Guide - VPN. Step 3 Enable NetStream to sample packets with specified application labels on PE2.
  • Page 200 55.67.121.72 0.0.0.0 1011 1.1.1.9 Unknown PO1/0/0 0.0.0.0 58.1.1.2 55.67.121.70 0.0.0.0 1001 10.1.1.9 PO2/0/0 PO1/0/0 0.0.0.0 58.1.1.2 55.67.121.68 0.0.0.0 1021 20.1.1.9 ----End Configuration Files Configuration file of PE1 Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 201 10000 outbound ip netstream export source 172.3.1.1 ip netstream export host 172.3.1.2 9001 mpls lsr-id 2.2.2.9 mpls lsp-trigger all mpls ldp interface Pos1/0/0 link-protocol ppp Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 202 172.2.1.2 255.255.255.0 mpls mpls ldp interface LoopBack1 ip address 3.3.3.9 255.255.255.255 bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 ipv4-family unicast undo synchronization Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 203 Configuration file of CE4 sysname CE4 interface GigabitEthernet1/0/0 ip address 10.4.1.1 255.255.255.0 bgp 65440 peer 10.4.1.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.4.1.2 enable return Issue 01 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

Table of Contents