13.11.2009 - Router s NetFlow v pozicii exportera
- Testovacia topologia:
NetFlow verzia 5:
Konfiguracia routra: -test1: Nechal som defaultne nastavenia active timeout a inactive timeout. Pre active timeout je to 30 minut a pre inactive timeout 15 sekund. -test2: Zmenil som active timeout a inactive timeout na minimalne hodnoty. Pre active timeout je to 1 minuta, pre inactive timeout 10 sekund.BM#sh run Building configuration... Current configuration : 1286 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BM ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef ! ! multilink bundle-name authenticated ! ! ! archive log config hidekeys ! ! ! ! ! interface FastEthernet0/0 ip address 147.232.22.237 255.255.255.192 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Serial0/1/0 no ip address shutdown clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! ip forward-protocol nd ! ip flow-cache timeout inactive 10 ip flow-cache timeout active 1 ip flow-export source FastEthernet0/1 ip flow-export version 5 ip flow-export destination 192.168.1.100 9996 ! ip http server ip nat pool TEST1 147.232.22.193 147.232.22.254 netmask 255.255.255.192 ip nat inside source list 10 interface FastEthernet0/0 overload ! access-list 10 permit 192.168.1.0 0.0.0.255 ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 ! endVerifying Router Configuration: show ip flow export:
BM#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.1.1 (FastEthernet0/1)
Destination(1) 192.168.1.100 (9996)
Version 5 flow records
2218 flows exported in 441 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
show ip cache flow:
BM#sh ip cache flow
IP packet size distribution (3202129 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .543 .016 .024 .007 .000 .000 .005 .000 .000 .000 .000 .033 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .369 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
4 active, 4092 inactive, 2729 added
57615 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 10 seconds
IP Sub Flow Cache, 25800 bytes
4 active, 1020 inactive, 2721 added, 2721 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-WWW 2252 0.1 6 266 0.9 2.0 9.0
TCP-other 23 0.0 137643 599 222.4 255.3 5.5
UDP-DNS 187 0.0 1 62 0.0 0.0 15.3
UDP-other 189 0.0 19 297 0.2 87.4 14.3
ICMP 74 0.0 3 188 0.0 8.5 14.9
Total: 2725 0.1 1168 597 223.7 10.1 10.0
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0 74.125.87.18 Fa0/1 147.232.22.237 06 0050 0818 1
Fa0/1 0.0.0.0 Null 255.255.255.255 11 0044 0043 1
Fa0/1 192.168.1.200 Fa0/0 147.232.48.148 06 05F5 0016 17K
Fa0/1 192.168.1.200 Fa0/0 74.125.87.18 06 0818 0050 1
Fa0/0 147.232.48.148 Fa0/1 147.232.22.237 06 0016 05F5 9197
NetFlow verzia 9:
Konfiguracia routra: -test 3: To iste ako test 1, ale vo verzii NetFlow 9 -test 4: To iste ako test 2, ale vo verzii NetFlow 9:BM#sh run Building configuration... Current configuration : 1372 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname BM ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef ! ! multilink bundle-name authenticated ! ! ! archive log config hidekeys ! ! ! ! ! interface FastEthernet0/0 ip address 147.232.22.237 255.255.255.192 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Serial0/1/0 no ip address shutdown clock rate 125000 ! interface Serial0/1/1 no ip address shutdown clock rate 125000 ! ip forward-protocol nd ! ip flow-cache timeout inactive 10 ip flow-cache timeout active 1 ip flow-export source FastEthernet0/1 ip flow-export version 9 ip flow-export destination 192.168.1.100 9996 ! ip http server ip nat pool TEST1 147.232.22.193 147.232.22.254 netmask 255.255.255.192 ip nat inside source list 10 interface FastEthernet0/0 overload ! access-list 10 permit 192.168.1.0 0.0.0.255 ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 ! endVerifying Router Configuration: show ip flow export:
BM#sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.1.1 (FastEthernet0/1)
Destination(1) 192.168.1.100 (9996)
Version 9 flow records
3736 flows exported in 638 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
show ip cache flow:
BM#sh ip cache flow
IP packet size distribution (4605087 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .481 .015 .022 .005 .000 .000 .004 .000 .000 .000 .000 .038 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .430 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
7 active, 4089 inactive, 3961 added
70372 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 10 seconds
IP Sub Flow Cache, 25800 bytes
7 active, 1017 inactive, 3953 added, 3953 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-WWW 3150 0.1 5 277 1.0 1.6 7.9
TCP-other 77 0.0 58983 686 285.2 118.5 1.8
UDP-DNS 225 0.0 1 62 0.0 0.0 14.5
UDP-other 380 0.0 11 307 0.2 45.1 12.4
ICMP 122 0.0 2 237 0.0 5.2 13.0
Total: 3954 0.2 1154 684 286.6 8.1 8.7
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/1 0.0.0.0 Null 255.255.255.255 11 0044 0043 3
Fa0/1 192.168.1.200 Fa0/0 147.232.48.148 06 05F5 0016 12K
Fa0/0 147.232.48.148 Fa0/1 147.232.22.237 06 0016 05F5 4410
Konfiguracia JXColl2:
Pocas vsetkych testov bola konfiguracia JXColl2 rovnaka.# Possible logging: ALL (default) DEBUG INFO WARN TRACE ERROR FATAL OFF loglevel=ALL # Listen Port for incoming flows, default 9996 lport=9996 #lport=4739 # Listen Protocol (TCP, UDP, UDP_DP-default) lprotocol=UDP # Direct Connect setup : port (default 2138) , login (default none), password (default none) dcport=2138 #dcport=2139 dclogin=bm dcpassword=bm #Netflow 9 template timeout in seconds (default 5 minutes=300 seconds) N/A todo ;) template_timeout=300 #Postgresql database export (yes,true ; no,false (default) ) exportpg=no #Postgresql host (default localhost) pgdbHost=localhost #Postgresql port (default 5432) #pgdbPort=5432 #Postgresql database name (default bm) pgdbName=bm #Postgresql database name (default none) pgdbLogin=bm #Postgresql database name (default none) pgdbPassword=bm #Mysql database export (yes,true ; no,false (default) ) exportmysql=no #Mysql host (default localhost) mysqldbHost=localhost #Mysql port (default 3306) #mysqldbPort=3306 #Mysql database name (default bm) mysqldbName=bm #Mysql database name (default none) mysqldbLogin=bm #Mysql database name (default none) mysqldbPassword=bm #Accounting accRecordExportInterval=120 #Tieto polozky este nie su implementovane accStrongHoursStart=8 accWeakHoursStart=16 accModuleActive=true
JXColl2 skrateny output:
version 5:Exception in thread "Net Parser" java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at sk.tuke.cnl.bm.JXColl.export.DCServer.processData(DCServer.java:96) at sk.tuke.cnl.bm.JXColl.NetXMLParser.parseNF9(NetXMLParser.java:379) at sk.tuke.cnl.bm.JXColl.NetXMLParser.run(NetXMLParser.java:111)version 9:
140684 [Net Parser] INFO sk.tuke.cnl.bm.JXColl.NetXMLParser - Processing data from: /192.168.1.1 NF version: 9 Flow count: 1 140684 [Net Parser] INFO sk.tuke.cnl.bm.JXColl.NetXMLParser - This packet was sent at : 2009-11-13 12:03:47+0100 with seq ID : 46 140684 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - The netflow exporter is online for : 6237 seconds (103 minutes) + sourceID is: 0 140684 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - TLV: 52 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - FlowsetID: 256 TLV-4: 48 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - DATA ind:24 dlzka flowu: 48 140685 [Net Parser] WARN sk.tuke.cnl.bm.JXColl.NetXMLParser - Pre dany flow nemam template, flow zahadzujem (TODO) ! came from:/192.168.1.1 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - END Cycle no. : 0 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - TLV: 0 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - FlowsetID: 0 TLV-4: -4 140685 [Net Parser] ERROR sk.tuke.cnl.bm.JXColl.NetXMLParser - SKIP INDEX 76 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - END Cycle no. : 1 140685 [Net Parser] DEBUG sk.tuke.cnl.bm.JXColl.NetXMLParser - END INDEX: 76 ... ... ... Exception in thread "Net Parser" java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at sk.tuke.cnl.bm.JXColl.export.DCServer.processData(DCServer.java:96) at sk.tuke.cnl.bm.JXColl.NetXMLParser.parseNF9(NetXMLParser.java:379) at sk.tuke.cnl.bm.JXColl.NetXMLParser.run(NetXMLParser.java:111)Pri vsetkych testoch bola situacia rovnaka: kolekor nepridal do databazy ziaden zaznam. V prilohach su balicky obsahujuce kompletny JXColl2 output, subory spustitelne vo wireshark-u obsahujuce vsetko co wireshark zachytil na Laptope (resp. co router exportoval), konfiguraciu JXColl2 a konfiguraciu routra. -- RastislavKudla - 17 Nov 2009
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 tar |
NFv5.tar | manage | 176.0 K | 17 Nov 2009 - 17:00 | UnknownUser | test NetFlow5 |
| tar |
NFv9.tar | manage | 127.0 K | 17 Nov 2009 - 17:01 | UnknownUser | test NetFlow9 |
 png |
topology.png | manage | 20.5 K | 17 Nov 2009 - 15:55 | UnknownUser | NFTopologia |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r2 - 19 Mar 2010 - 17:39:16 - RastislavKudla
Sandbox Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
DocumentCisco
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback