Example for Collecting Statistics on Aggregated Traffic Flows

The FW connects to two carrier networks at the same time, aggregates the data packets passing the interface based on AS IDs, and sends them to the NSA.

Networking Requirements

As shown in Figure 1, enabling NetStream on FW_B helps collect the statistics on the traffic flows from the user network to both ISP networks. The collected statistics provides a reference for network accounting.

Figure 1 Networking diagram of collecting the statistics on aggregated traffic flows

Configuration Roadmap

The configuration roadmap is as follows:

Configure reachable routes between the user network and access network.
Configure reachable routes between the access network and ISP1 and between the access network and ISP2.
Enable NetStream on FW_B.

Procedure

Set IP addresses.

# Set IP addresses for FW_A.

<FW_A> system-view
[FW_A] interface GigabitEthernet 0/0/4
[FW_A-GigabitEthernet0/0/4] ip address 10.1.1.1 24
[FW_A-GigabitEthernet0/0/4] quit

# Set IP addresses for FW_B.

<FW_B> system-view
[FW_B] interface GigabitEthernet 0/0/4
[FW_B-GigabitEthernet0/0/4] ip address 10.2.1.1 24
[FW_B-GigabitEthernet0/0/4] quit
[FW_B] interface GigabitEthernet 0/0/1
[FW_B-GigabitEthernet0/0/1] ip address 10.1.1.2 24
[FW_B-GigabitEthernet0/0/1] quit
[FW_B] interface GigabitEthernet 0/0/2
[FW_B-GigabitEthernet0/0/2] ip address 10.3.1.1 24
[FW_B-GigabitEthernet0/0/2] quit
[FW_B] interface GigabitEthernet 0/0/3
[FW_B-GigabitEthernet0/0/3] ip address 10.4.1.1 24
[FW_B-GigabitEthernet0/0/3] quit

# Set IP addresses for FW_C.

<FW_C> system-view
[FW_C] interface GigabitEthernet 0/0/4
[FW_C-GigabitEthernet0/0/4] ip address 10.2.1.2 24
[FW_C-GigabitEthernet0/0/4] quit

# Set IP addresses for FW_D.

<FW_D> system-view
[FW_D] interface GigabitEthernet 0/0/4
[FW_D-GigabitEthernet0/0/4] ip address 10.3.1.2 24
[FW_D-GigabitEthernet0/0/4] quit

Configure IGP routes between FW_A and FW_B.

Configure dynamic routes on FW_A.

[FW] sysname FW_A
[FW_A] ospf router-id 1.1.1.1
[FW_A-ospf-1]area 0
[FW_A-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

Configure dynamic routes on FW_B.

[FW_B] ospf router-id 2.2.2.2
[FW_B-ospf-1]area 0
[FW_B-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255
[FW_B-ospf-1-area-0.0.0.0] network 10.2.1.1 0.0.0.255
[FW_B-ospf-1-area-0.0.0.0] network 10.3.1.1 0.0.0.255

Establish BGP neighbors between FW_B and FW_C and between FW_B and FW_D.

Establish dynamic BGP neighbors between FW_B and FW_C.

[FW_B] bgp 65001
[FW_B-bgp] router-id 2.2.2.2
[FW_B-bgp] peer 10.2.1.2 as-number 65002
[FW_B-bgp] ipv4-family unicast
[FW_B-bgp-af-ipv4] import-route ospf 1
[FW_C] bgp 65002
[FW_C-bgp] router-id 3.3.3.3
[FW_C-bgp] peer 10.2.1.1 as-number 65001

Establish dynamic BGP neighbors between FW_B and FW_D.

[FW_B] bgp 65001
[FW_B-bgp] router-id 2.2.2.2
[FW_B-bgp] peer 10.3.1.2 as-number 65003
[FW_D] bgp 65003
[FW_D-bgp] router-id 4.4.4.4
[FW_D-bgp] peer 10.3.1.1 as-number 65001

Enable NetStream on FW_B.

Configure the output of aggregated traffic flows.

[FW_B] ip netstream aggregation as
[FW_B-aggregation-as] enable
[FW_B-aggregation-as] export version 9
[FW_B-aggregation-as] ip netstream export host 10.4.1.2 6000 
[FW_B-aggregation-as] ip netstream export source 10.4.1.1

Enable NetStream for inbound traffic passing the interface.

[FW_B] interface GigabitEthernet 0/0/1
[FW_B-GigabitEthernet0/0/1] ip netstream inbound
[FW_B-GigabitEthernet0/0/1] quit

Result

After the configuration is complete, run the display ip netstream cache command in the user view to display the statistics on the cached traffic flows.

<FW_B> display ip netstream cache
 IP netstream cache information                                                 
  Stream active timeout(minute)  : 30                                           
  Stream inactive timeout(second): 1                                            
  Stream entry been created      : 0                                            
  Last clearing of statistics    : never                                        
                                                                                
 IP packet number of different size                                             
 1-80        81-552      553-576     577-612     613-1480    1481-1500   1501-  
 0           0           0           0           0           0           0      
                                                                                
                                                                                
 Protocol           Total  Packets   Stream   Packets Active(sec)   Idle(sec)   
                  Streams     /Sec     /Sec   /stream     /stream     /stream   
 ----------------------------------------------------------------------------   
 Total                  0        0         0        0           0           0   
                                                                                
                                                                                
 DstIf            DstIP           SrcIP           Pro Tos Flgs Pkts             
 SrcIf            DstP  Msk AS    SrcP  Msk AS    NextHop                       
 BGP: BGP NextHop                                                               
 --------------------------------------------------------------------------

After the configuration is complete, run the display ip netstream export command in the user view to display the information about the output of the traffic.

<FW_B> display ip netstream export
Version 9 AS aggregation information  
  Exported stream number: 129
  Exported UDP datagram number: 122     failed number:0