示例:M、MX 和 T Series 路由器上的采样和丢弃计费配置
丢弃核算允许您对流量进行采样,将其发送到流服务器进行分析,然后丢弃所有数据包,而不将其转发到其预期目的地。丢弃计费是通过层次[edit firewall family inet filter filter-name term term-name then]结构级别防火墙过滤器中的discard accounting group-name 语句启用的。然后,在层次结构级别将过滤器应用于带有filter语句[edit interfaces interface-name unit unit-number family inet]的接口,并在层次结构级别使用output语句[edit forwarding-options accounting group-name]进行处理。
图 1:主动流监控 — 采样和丢弃记帐拓扑图
在 图 1 中,来自路由器 1 的流量到达监控路由器的千兆以太网 ge-2/3/0 接口。通向流服务器的导出接口为 fe-1/0/0 ,没有出口接口。
在此示例中,TCP 流量将发送到一个计费组,而所有其他流量将转移到第二个组。对这两种类型的流量进行采样和计数后,将由采样和计费过程处理。这些进程创建流记录,并将这些记录发送到版本 8 流服务器进行分析。由于将多种类型的流量发送到同一服务器,我们建议您在计费和抽样层次结构中手动配置 engine-id、 engine-type 和 source-address statement。这样,当流量类型到达流服务器时,您可以区分它们。
[edit]
interfaces {
sp-2/0/0 { # This adaptive services interface creates the flow records.
unit 0 {
family inet {
address 10.5.5.1/32 {
destination 10.5.5.2;
}
}
}
}
fe-1/0/0 { # This is the interface where records are sent to the flow server.
unit 0 {
family inet {
address 10.60.2.2/30;
}
}
}
ge-2/3/0 { # This is the input interface where traffic enters the router.
unit 0 {
family inet {
filter {
input catch_all;
}
address 10.11.1.1/30;
}
}
}
}
forwarding-options {
sampling { # The router samples the traffic.
input {
rate 100; # One out of every 100 packets is sampled.
}
}
family inet {
output { # The sampling process creates and exports flow records.
flow-server 10.60.2.1 { # You can configure a variety of settings.
port 2055;
version 8;
aggregation { # Aggregation is unique to flow version 8.
protocol-port;
source-destination-prefix;
}
}
aggregate-export-interval 90;
flow-inactive-timeout 60;
flow-active-timeout 60;
interface sp-2/0/0 { # This statement enables PIC-based sampling.
engine-id 5; # Engine statements are dynamic, but can be configured.
engine-type 55;
source-address 10.60.2.2; # You must configure this statement.
}
}
}
accounting counter1 { # This discard accounting process handles default traffic.
output { # This process creates and exports flow records.
flow-inactive-timeout 65;
flow-active-timeout 65;
flow-server 10.60.2.1 { # You can configure a variety of settings.
port 2055;
version 8;
aggregation { # Aggregation is unique to version 8.
protocol-port;
source-destination-prefix;
}
}
interface sp-2/0/0 { # This statement enables PIC-based discard accounting.
engine-id 1; # Engine statements are dynamic, but can be configured.
engine-type 11;
source-address 10.60.2.3; # You must configure this statement.
}
}
}
accounting t2 { # The second discard accounting process handles the TCP traffic.
output { # This process creates and exports flow records.
aggregate-export-interval 90;
flow-inactive-timeout 65;
flow-active-timeout 65;
flow-server 10.60.2.1 { # You can configure a variety of settings for the server.
port 2055;
version 8;
aggregation { # Aggregation is unique to version 8.
protocol-port;
source-destination-prefix;
}
}
interface sp-2/0/0 { # This statement enables PIC-based discard accounting.
engine-id 2; # Engine statements are dynamic, but can be configured.
engine-type 22;
source-address 10.60.2.4;# You must configure this statement.
}
}
}
}
firewall {
family inet {
filter catch_all { # Apply the firewall filter on the input interface.
term t2 { # This places TCP traffic into one group for sampling and
from { # discard accounting.
protocol tcp;
}
then {
count c2;# The count action counts traffic as it enters the router.
sample; # The sample action sends the traffic to the sampling process.
discard accounting t2; # The discard accounting discards traffic.
}
}
term default { # Performs sampling and discard accounting on all other traffic.
then {
count counter; # The count action counts traffic as it enters the router.
sample# The sample action sends the traffic to the sampling process.
discard accounting counter1; # This activates discard accounting.
}
}
}
}
}
验证您的工作
要验证您的配置是否正确,请在为主动流监控配置的监控站上使用以下命令:
-
show services accounting aggregation(仅适用于版本 8 流) -
show services accounting errors -
show services accounting (flow | flow-detail) -
show services accounting memory -
show services accounting packet-size-distribution -
show services accounting status -
show services accounting usage
下面显示了与配置示例一起使用的命令的 show 输出:
user@host> show services accounting flow name t2
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: t2
Flow information
Flow packets: 56130820, Flow bytes: 3592372480
Flow packets 10-second rate: 13024, Flow bytes 10-second rate: 833573
Active flows: 600, Total flows: 600
Flows exported: 28848, Flows packets exported: 960
Flows inactive timed out: 0, Flows active timed out: 35400
user@host> show services accounting
Service Name:
(default sampling)
counter1
t2
user@host> show services accounting aggregation protocol-port detail name t2
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: t2
Protocol: 6, Source port: 20, Destination port: 20
Start time: 442794, End time: 6436260
Flow count: 1, Packet count: 4294693925, Byte count: 4277471552
user@host> show services accounting aggregation source-destination-prefix name
t2 limit 10 order packets
Service Accounting interface: sp-2/0/0, Local interface index: 542
Service name: t2
Source Destination Input SNMP Output SNMP Flow Packet Byte
Prefix Prefix Index Index count count count
10.1.1.2/20 10.225.0.1/0 24 26 0 13 9650
10.1.1.2/20 10.143.80.1/0 24 26 0 13 10061
10.1.1.2/20 10.59.176.1/0 24 26 0 13 10426
10.1.1.2/20 10.5.32.1/0 24 26 0 13 12225
10.1.1.2/20 10.36.16.1/0 24 26 0 13 9116
10.1.1.2/20 10.1.96.1/0 24 26 0 12 11050
10.1.1.2/20 10.14.48.1/0 24 26 0 13 10812
10.1.1.2/20 10.31.192.1/0 24 26 0 13 11473
10.1.1.2/20 10.129.144.1/0 24 26 0 13 7647
10.1.1.2/20 10.188.160.1/0 24 26 0 13 10056
user@host> show services accounting aggregation source-destination-prefix name
t2 extensive limit 3
Service Accounting interface: sp-2/0/0, Local interface index: 542
Service name: t2
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.200.176.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5340
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.243.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5490
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.162.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 4079