Exemple : Configuration de l’échantillonnage et de la comptabilisation des rejets sur les routeurs M, MX et T Series
La comptabilisation des rejets vous permet d’échantillonner le trafic, de l’envoyer à un serveur de flux pour analyse et de rejeter tous les paquets sans les transférer à leur destination prévue. La comptabilisation des rejets est activée avec l’instruction dans un discard accounting group-name filtre de pare-feu au niveau de la [edit firewall family inet filter filter-name term term-name then] hiérarchie. Ensuite, le filtre est appliqué à une interface avec l’instruction filter au niveau de la [edit interfaces interface-name unit unit-number family inet] hiérarchie et traité avec l’instruction output au niveau de la [edit forwarding-options accounting group-name] hiérarchie.
Sur la Figure 1, le trafic du routeur 1 arrive sur l’interface Gigabit Ethernet ge-2/3/0 du routeur de surveillance. L’interface d’exportation menant au serveur de flux est fe-1/0/0 et il n’y a pas d’interface de sortie.
Dans cet exemple, le trafic TCP est envoyé vers un groupe comptable et tout le reste est redirigé vers un deuxième groupe. Après avoir été échantillonnés et comptés, les deux types de trafic sont traités par les processus d’échantillonnage et de comptabilité. Ces processus créent des enregistrements de flux et les envoient au serveur de flux version 8 pour analyse. Étant donné que plusieurs types de trafic sont envoyés au même serveur, nous vous recommandons de configurer manuellement l’ID moteur, le type de moteur et source-address les instructions dans vos hiérarchies de comptabilité et d’échantillonnage. De cette façon, vous pouvez différencier les types de trafic lorsqu’ils arrivent au serveur de flux.
[edit]
interfaces {
sp-2/0/0 { # This adaptive services interface creates the flow records.
unit 0 {
family inet {
address 10.5.5.1/32 {
destination 10.5.5.2;
}
}
}
}
fe-1/0/0 { # This is the interface where records are sent to the flow server.
unit 0 {
family inet {
address 10.60.2.2/30;
}
}
}
ge-2/3/0 { # This is the input interface where traffic enters the router.
unit 0 {
family inet {
filter {
input catch_all;
}
address 10.11.1.1/30;
}
}
}
}
forwarding-options {
sampling { # The router samples the traffic.
input {
rate 100; # One out of every 100 packets is sampled.
}
}
family inet {
output { # The sampling process creates and exports flow records.
flow-server 10.60.2.1 { # You can configure a variety of settings.
port 2055;
version 8;
aggregation { # Aggregation is unique to flow version 8.
protocol-port;
source-destination-prefix;
}
}
aggregate-export-interval 90;
flow-inactive-timeout 60;
flow-active-timeout 60;
interface sp-2/0/0 { # This statement enables PIC-based sampling.
engine-id 5; # Engine statements are dynamic, but can be configured.
engine-type 55;
source-address 10.60.2.2; # You must configure this statement.
}
}
}
accounting counter1 { # This discard accounting process handles default traffic.
output { # This process creates and exports flow records.
flow-inactive-timeout 65;
flow-active-timeout 65;
flow-server 10.60.2.1 { # You can configure a variety of settings.
port 2055;
version 8;
aggregation { # Aggregation is unique to version 8.
protocol-port;
source-destination-prefix;
}
}
interface sp-2/0/0 { # This statement enables PIC-based discard accounting.
engine-id 1; # Engine statements are dynamic, but can be configured.
engine-type 11;
source-address 10.60.2.3; # You must configure this statement.
}
}
}
accounting t2 { # The second discard accounting process handles the TCP traffic.
output { # This process creates and exports flow records.
aggregate-export-interval 90;
flow-inactive-timeout 65;
flow-active-timeout 65;
flow-server 10.60.2.1 { # You can configure a variety of settings for the server.
port 2055;
version 8;
aggregation { # Aggregation is unique to version 8.
protocol-port;
source-destination-prefix;
}
}
interface sp-2/0/0 { # This statement enables PIC-based discard accounting.
engine-id 2; # Engine statements are dynamic, but can be configured.
engine-type 22;
source-address 10.60.2.4;# You must configure this statement.
}
}
}
}
firewall {
family inet {
filter catch_all { # Apply the firewall filter on the input interface.
term t2 { # This places TCP traffic into one group for sampling and
from { # discard accounting.
protocol tcp;
}
then {
count c2;# The count action counts traffic as it enters the router.
sample; # The sample action sends the traffic to the sampling process.
discard accounting t2; # The discard accounting discards traffic.
}
}
term default { # Performs sampling and discard accounting on all other traffic.
then {
count counter; # The count action counts traffic as it enters the router.
sample# The sample action sends the traffic to the sampling process.
discard accounting counter1; # This activates discard accounting.
}
}
}
}
}
Vérification de votre travail
Pour vérifier que votre configuration est correcte, utilisez les commandes suivantes sur la station de surveillance configurée pour la surveillance active des flux :
-
show services accounting aggregation(pour les flux de la version 8 uniquement) -
show services accounting errors -
show services accounting (flow | flow-detail) -
show services accounting memory -
show services accounting packet-size-distribution -
show services accounting status -
show services accounting usage
Ce qui suit montre la sortie des commandes utilisées avec l’exemple de show configuration :
user@host> show services accounting flow name t2
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: t2
Flow information
Flow packets: 56130820, Flow bytes: 3592372480
Flow packets 10-second rate: 13024, Flow bytes 10-second rate: 833573
Active flows: 600, Total flows: 600
Flows exported: 28848, Flows packets exported: 960
Flows inactive timed out: 0, Flows active timed out: 35400
user@host> show services accounting
Service Name:
(default sampling)
counter1
t2
user@host> show services accounting aggregation protocol-port detail name t2
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: t2
Protocol: 6, Source port: 20, Destination port: 20
Start time: 442794, End time: 6436260
Flow count: 1, Packet count: 4294693925, Byte count: 4277471552
user@host> show services accounting aggregation source-destination-prefix name
t2 limit 10 order packets
Service Accounting interface: sp-2/0/0, Local interface index: 542
Service name: t2
Source Destination Input SNMP Output SNMP Flow Packet Byte
Prefix Prefix Index Index count count count
10.1.1.2/20 10.225.0.1/0 24 26 0 13 9650
10.1.1.2/20 10.143.80.1/0 24 26 0 13 10061
10.1.1.2/20 10.59.176.1/0 24 26 0 13 10426
10.1.1.2/20 10.5.32.1/0 24 26 0 13 12225
10.1.1.2/20 10.36.16.1/0 24 26 0 13 9116
10.1.1.2/20 10.1.96.1/0 24 26 0 12 11050
10.1.1.2/20 10.14.48.1/0 24 26 0 13 10812
10.1.1.2/20 10.31.192.1/0 24 26 0 13 11473
10.1.1.2/20 10.129.144.1/0 24 26 0 13 7647
10.1.1.2/20 10.188.160.1/0 24 26 0 13 10056
user@host> show services accounting aggregation source-destination-prefix name
t2 extensive limit 3
Service Accounting interface: sp-2/0/0, Local interface index: 542
Service name: t2
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.200.176.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5340
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.243.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5490
Source address: 10.1.1.2, Source prefix length: 20
Destination address: 10.162.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 4079