madeline@ntu.edu.tw - PowerPoint PPT Presentation

About This Presentation
Title:

madeline@ntu.edu.tw

Description:

madeline_at_ntu.edu.tw Network Traffic Accounting - NetFlow MRTG Part I ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 59
Provided by: Yumei
Category:
Tags: cisco | edu | madeline | netflow | ntu

less

Transcript and Presenter's Notes

Title: madeline@ntu.edu.tw


1
?????????
  • ????????
  • ???
  • madeline_at_ntu.edu.tw

2
??
  • ????
  • Network Traffic Accounting - NetFlow
  • MRTG

3
Part I
  • ????

4
????
  • OSI????
  • SNMP??

5
OSI????(Open System Interconnection)
  • ???(Application Layer)
  • ???(Presentation Layer)
  • ???(Session Layer)
  • ???(Transport Layer)
  • ???(Network Layer)
  • ?????(Datalink Layer)
  • ???(Physical Layer)

6
(No Transcript)
7
(No Transcript)
8
SNMP
  • ????????(Simple Network Management Protocol)
  • ???/?????GET,SET
  • ????TCP/IP??????
  • ??????????????????
  • ?UDP???
  • Port 161 sending and receiving requests
  • Port 162 receiving traps from managed devices

9
SNMP????
  • SNMP Manager?Agent???????
  • Get-request
  • Get-next-request
  • Set-request
  • Get-response
  • Trap

10
SNMP Manager a server running some kind of
software system that can handle management tasks
for a network SNMP Agent a piece of software
that runs on the network devices you are
managing SNMP community a logical relationship
between an SNMP agent and one or more SNMP
managers.
11
MIB Management Information Base
  • ???????????????
  • Name (OID)
  • Type and syntax
  • encoding
  • MIB-II
  • ??????????MIB??
  • ????????proprietary MIB
  • ??MIB standards
  • ATM MIB (RFC 2515)
  • Frame Relay DTE Interface Type MIB (RFC 2115)
  • BGP Version 4 MIB (RFC 1657)
  • RADIUS Authentication Server MIB (RFC 2619)
  • Mail Monitoring MIB (RFC 2249)
  • DNS Server MIB (RFC 1611)

12
OID .iso.org.dod.internet.mgmt.mib-2.interface.i
fNumber.0 .1.3.6.1.2.1.2.1.0
13
SNMP MIB ????
  • MRTG (Multi Router Traffic Grapher)
  • Getif window-based MIB browser
  • net-snmp????
  • snmpget (get)
  • snmpwalk (get-next)
  • snmpset (set)
  • snmptrap (trap)

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
su-2.05 snmpget -Cf -c public 140.112.1.1
sysDescr.0 SNMPv2-MIBsysDescr.0 STRING
Hardware x86 Family 6 Model 5 Stepping 2 AT/AT
COMPATIBLE - Software Windows 2000 Version 5.0
(Build 2195 Uniprocessor Free) su-2.05 snmpwalk
-c public 140.112.1.1 SNMPv2-MIBsysDescr.0
STRING Hardware x86 Family 6 Model 5 Stepping 2
AT/AT COMPATIBLE - Software Windows 2000
Version 5.0 (Build 2195 Uniprocessor
Free) SNMPv2-MIBsysObjectID.0 OID
SNMPv2-SMIenterprises.311.1.1.3.1.2 SNMPv2-MIB
sysUpTime.0 Timeticks (2306518)
62425.18 SNMPv2-MIBsysContact.0 STRING
SNMPv2-MIBsysName.0 STRING
NTUCC-MADELINE SNMPv2-MIBsysLocation.0
STRING SNMPv2-MIBsysServices.0 INTEGER
76 IF-MIBifNumber.0 INTEGER
3 IF-MIBifIndex.1 INTEGER 1 IF-MIBifIndex.2
INTEGER 2 IF-MIBifIndex.3 INTEGER
3 IF-MIBifDescr.1 STRING MS TCP Loopback
interface IF-MIBifDescr.2 STRING 3Com
EtherLink PCI
18
????
  • ????
  • ????????
  • ??????
  • ?????????
  • ????
  • ??????
  • ???????MIB??,????,??,????
  • ?????,????
  • ????
  • ??????????

19
Part II
  • Network Traffic Accounting

20
Network Traffic Accounting
  • NetFlow??
  • ??NetFlow
  • NetFlow??????

21
Network Traffic Accounting
  • The needs
  • To characterize the traffic and account for how
    and where it flows
  • Usage-based billing
  • Traffic engineering
  • Products
  • Cisco NetFlow
  • Provides L3 network traffic flow information
  • Foundry sFlow
  • RFC 3176Statistically sampling technology
  • Provides L2-L4 network-wide traffic flow
    information
  • Juniper
  • Class-based accounting filter-based, MPLS-based,
    Destination class uage accounting

22
Cisco - NetFlow
  • Captures data from each incoming packet
  • NetFlow flow
  • a unidirectional stream of IP packet with the
    following common fields
  • Source and destination IP addresses
  • Source and destination port numbers
  • Layer 3 protocol type
  • Type of service (ToS) byte
  • Input interface (ifIndex)
  • Exported in UDP datagrams in one of four formats
  • v1, v5, v7, v8

23
NetFlow
  • NetFlow is a three-part solution
  • Exporter
  • Mediation devices
  • Cisco NetFlow FlowCollector
  • Public-domain tools flow-tool
  • Traffic Analysis Tools
  • Cisco Network Data Analyzer
  • ?????? netflow.pl

24
??NetFlow
  • ?????
  • ??????
  • ?????????????flow data
  • ??????flow data,?????

25
??NetFlow ?????
  • ??
  • Global
  • ip flow-export destination ltIPgt ltportgt
  • Interface
  • Ip route-cache flow
  • Router(config) ip flow-export destination
    140.112.1.1 9991
  • Router(config) int fa1/1/0
  • Router(config-if) ip route-cache flow

26
?????flow data
  • flow-tool????
  • Collection of programs to post-process Cisco
    netflow compatible flows
  • Written in C, designed to be fast
  • Installation
  • configuremakemake install
  • on most platforms (FreeBSD,Linux, Solaris, BSDi,
    NetBSD)
  • ????
  • http//www.splintered.net/sw/flow-tools/

27
  • Flow-tool????(?Linux????)
  • ???zcat flow-tools-0.58.tar.gz tar xvf
  • ?????????
  • zlib
  • gnu make
  • ??
  • ./configure
  • gmake
  • gmake install

28
flow-tool
  • flow-capture
  • Collect NetFlow exports and stores to disk.
  • Built in compression.
  • Manages disk space by expiring older flow files
    at configurable limits.
  • Detects lost flows by missing sequence numbers.

29
  • flow-capture z Z n N e E p P w W
  • Z????
  • N??????
  • E?????????
  • P??
  • W????
  • Ex flow-capture z 6 n 143 e 1500 p 9991 w
    /netflow

30
  • ??
  • flow-receive 0/0/9991 flow-print
  • tcpdump n udp port 9991
  • tcpdump listening on fxp0
  • 141739.491510 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.492820 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.493786 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.495057 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.496298 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.496863 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.496967 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497068 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497176 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497279 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497381 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497486 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497589 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168
  • 141739.497694 140.112.3.76.1024 gt
    140.112.3.88.9991 udp 1168

31
Newflow????flow-print f0 lt logfile Sif
SrcIPaddress Dif DstIPaddress Pr SrcP
DstP Pkts Octets 0000 195.254.117.168
0000 140.131.7.3 01 0 0 9
504 0000 205.188.248.89 0000 163.28.16.2
06 50 fdb6 5 589 0000
61.229.48.83 0000 192.192.120.18 06 454
17 12 493 0000 207.218.223.162
0000 192.83.193.2 11 35 8000 1
156 0000 207.159.149.84 0000
140.131.1.188 01 0 0 10 560
0000 202.178.164.169 0000 203.64.48.107
06 71 9e6 1 40 0000
168.95.1.1 0000 203.71.92.1 11 35
a82c 1 187 0000 210.224.163.3
0000 210.71.107.3 11 3bce 35 1
71 0000 66.207.130.76 0000 163.28.16.2
06 50 fdde 6 782 0000
168.95.1.1 0000 203.71.92.1 11 35
a809 1 60 0000 64.12.24.30
0000 163.28.16.9 06 1bb 76b5 3
120 0000 163.31.102.156 0000
192.192.122.144 06 b3c 50 5 212
0000 163.31.102.156 0000 192.192.122.144
06 1283 50 3 156 0000
211.141.113.77 0000 203.71.88.240 11 fbf
fa4 1 295 0000 140.117.11.100
0000 203.72.39.34 06 c38 e25d 7
3893 0000 61.139.8.11 0000 163.28.16.2
06 50 bb03 1 41 0000
140.117.11.100 0000 203.72.39.34 06 c38
e256 6 1229 0000 210.85.124.196
0000 203.64.48.107 06 28da 17 1
43 0000 140.117.11.100 0000
203.72.39.34 06 c38 e261 13 4909

32
??????
  • ?????????netflow????????????
  • ????????
  • http//netflow.nctu.edu.tw/netflow.html
  • ?perl??
  • netflow.pl
  • daily.pl
  • ???????????/???IP???????TOP??
  • ??NetFlow????

33
daily.pl Modify the following to meet your
configuration. dir is where you put your
program and config files rawdir is where the
raw log files kept outputdir is where the
output files should be dir
"/usr/NetFlow/analysis" rawdir
"/usr/NetFlow/raw" flowprint
"/usr/NetFlow/bin/flow-print" outputdir
"/usr/local/www/data/netflow/daily" htmldir
sprintf ("s/html/02d02d02d", outputdir,
year, mon, mday) rawoutput sprintf
("s/raw", outputdir) TopN 100 _at_NET
("NTUProxy", "NTUGeneral") protfile
"dir/protocols" servfile "dir/services" in
tranet "dir/intranet" DEBUG 0 debug
info flag SLEEP_TIME 0
debug COUNT_THRESHOLD 50 debug
34
Part III
  • MRTG

35
MRTG
  • MRTG??
  • MRTG????
  • ??MRTG????????

36
Multi Router Traffic Grapher
  • ???????????????
  • ????
  • ??SNMP????????????????
  • ???????????,?????
  • ????,????,????,????12?????
  • ?????????????,??????

37
MRTG????
  • ????
  • http//people.ee.ethz.ch/oetiker/webtools/mrtg/pu
    b
  • ??????mrtg-2.9.18
  • ??MRTG??
  • ??MRTG???
  • ??MRTG???
  • ??MRTG??
  • ????MRTG??

38
Compile MRTG
  • ????????????
  • gd
  • libpng
  • zlib
  • ????
  • gunzip c mrtg-2.9.18.tar.gz tar xvf
  • cd mrtg-2.9.18
  • ./configure prefix/usr/local/mrtg-2
  • make
  • make install

39
??MRTG???
  • ????????
  • ??????????IP???
  • ????????
  • ???????????
  • ????????????
  • cfgmaker --global WorkDir /home/httpd/mrtg \
  • --global Options_
    bits,growright \
  • --output /home/mrtg/cfg/mrtg.cfg
    \
  • community_at_router.ntu.edu.tw

40
MRTG?????
  • Global
  • WorkDir
  • HtmlDir
  • ImageDir
  • LogDir
  • Refresh
  • Interval
  • LoadMIBs

41
MRTG?????
  • Target ??????????
  • targetname portcommunity_at_router.domain.name
  • targetname oid_1oid_2community_at_router.domain.
    name
  • targetname snmp_name1snmp_name2community_at_rout
    er
  • targetname 1community_at_routerA2community_at_rout
    erA
  • targetname /usr/local/ping-probe/mrtg-ping-pro
    be www.above.net
  • ?????
  • ?????
  • ??uptime
  • ??Target?????

42
MRTG?????
  • Target??
  • MaxBytes The maximum value either of the two
    variables monitored are allowed to reach
  • MaxBytes1 maxbytes for variable 1
  • MaxBytes2 maxbytes for variable 2
  • Title title for the HTML page which gets
    generated for the graph
  • PageTop Things to add to the top of the
    generated HTML page

43
MRTG?????
  • Options
  • growright
  • bits
  • gauge
  • absolute
  • nopercent
  • Special target name
  • Target
  • Target
  • Target_

44
? ???? mrtg.cfg WorkDir /usr/tardis/pub/www/stats
/mrtg Targetr1 2public_at_myrouter.somplace.edu
MaxBytesr1 8000 Titler1 Traffic Analysis
ISDN PageTopr1 ltH1gtStats for our ISDN
Linelt/H1gt
45
? ????router?mrtg.cfg WorkDir /usr/tardis/pub/www
/stats/mrtg Title Traffic Analysis for
PageTop ltH1gtStats for PageTop Contact
The Chief if you notice anybodyltHRgt MaxBytes_
8000 Options_ growright Titleisdn our
ISDN Line PageTopisdn our ISDN Linelt/H1gt
Targetisdn 2public_at_router.somplace.edu
Titlebackb our Campus Backbone
PageTopbackb our Campus Backbonelt/H1gt
Targetbackb 1public_at_router.somplace.edu
MaxBytesbackb 1250000 the following line
removes the default prepend value defined
above Title Titleisdn2 Traffic for the
Backup ISDN Line PageTopisdn2 our ISDN
Linelt/H1gt Targetisdn2 3public_at_router.somplace
.edu
46
????MRTG??
  • ??MRTG??????
  • ?MRTG?????????
  • ?crontab?????
  • crontab e
  • 0,5,10,15,20,25,30,35,40,45,50,55
    /mrtg/bin/mrtg /mrtg/conf/mrtg.cfg

47
??MRTG??????
  • MRTG??????
  • ??SNMP???????????
  • ??????????
  • ????
  • ?Target?????????????

48
???? round-trip time packet loss
  • mrtg-ping-probe
  • monitor the round-trip time and packet loss to
    another networked host
  • ?????
  • ftp//ftp.pwo.de/pub/pwo/mrtg/mrtg-ping-probe/
  • mrtg-ping-probe??
  • mrtg-ping-probe -hsvV -d deadtime -k count
    -l length -o ping_options
  • -p factor minmaxavglossinteger /
    factorminmaxavglossinteger
  • -r rshuser_at_hostosname -t timeout
    host
  • Targetyahoo.com /usr/local/mrtg/mrtg-ping-prob
    e www.yahoo.com
  • Targetyahoo.com /usr/local/mrtg/mrtg-ping-prob
    e p lost/lost www.yahoo.com

49
root_at_scorpio533pmlt//usr/local/ping-probe/mrtg-
ping-probe www.above.net 190 189 root_at_scorpio5
35pmlt/f/usr/local/ping-probe/mrtg-ping-probe -t
42 -p loss/loss www.above.net 0 0
50
??CPU Load
  • Sysstat
  • ????CPU utilization data
  • http//perso.wanadoo.fr/sebastien.godard/
  • ????
  • ?crontab???????Unix???sa1??,?????????????/var/adm/
    sa/sadd (dd??????)
  • ??perl??????sadd??????????,????MRTG???????

51
crontab 0,10,20,30,40,50
/usr/lib/sa/sa1 mrtg.cfg Targetserver_cpu
/usr/local/bin/system-load.sh
!
/usr/local/bin/perl _at_line sar tail -3 head
-1 sed 's/\ \ / /g' _at_data split(/ /,
_at_line0) if (_at_data2 eq "") printf
"0\n" else printf ("3.0f\n", _at_data1
0.5) printf ("3.0f\n", (_at_data1)(_at_data2))
uptime /usr/bin/uptime sed 's/\ \ /
/g' _at_uptime split(/,/, uptime) _at_uptime
split(/up/, _at_uptime0) server /bin/uname
-n printf "_at_uptime1\n" printf server
52
root_at_aquarius527pmltsystem-load.sh SunOS
aquarius 5.7 Generic_106541-18 sun4u
07/07/02 000000 usr sys wio
idle 001000 12 4 1
83 002000 3 4 1
92 003000 12 4 1
84 004000 3 4 0
93 005000 12 4 1
84 010001 3 4 1
92 011000 12 4 0
84 012000 3 4 0
93 013000 12 4 1
84 014000 3 4 1
92 .. 155000 12 4 0
84 160000 3 4 1
93 161000 12 4 0
84 162000 3 4 1
92 163000 12 4 1
84 164000 3 4 0
93 165000 12 4 0
84 170000 4 4 1
92 171000 12 4 1
84 172000 3 4 0
93 Average 7 3 1 89
53
root_at_aquarius527pmltsystem-load.sh 4 7
82 day(s) aquarius
54
DNS statistics
  • mrtg/stat/stat.pl
  • ??dns server???????????,????dns server?????
  • ????
  • ?dns server????named.stats?
  • stat.pl??named.stats??????????
  • ??stat.pl
  • HOSTNAME domain name
  • LOG the path of named.stats
  • RUN the path of working directory
  • Targetdns_stats /usr/local/mrtg/stat.pl

55
Statistics Dump (1026035100) Sun Jul 7
174500 2002 4082015 time since boot
(secs) 525288 time since reset (secs) 493244
Unknown query types 174015036 A
queries 82881 NS queries 36 MD queries 5
MF queries 35361 CNAME queries 1731371 SOA
queries 1 MB queries 5 MG queries 0
MR queries 3 NULL queries 0 WKS
queries 67734278 PTR queries 5 HINFO
queries 0 MINFO queries 5874154 MX
queries 35475 TXT queries 2 RP queries 0
AFSDB queries 18 X25 queries 0
ISDN queries 0 RT queries 2 NSAP
queries 0 NSAP_PTR queries 0 SIG
queries 0 KEY queries 0 PX queries 0
GPOS queries 2793085 AAAA queries 152
LOC queries 0 NXT queries 0 EID
queries 8 NIMLOC queries 1638871 SRV
queries 0 ATMA queries 0 NAPTR
queries 0 KX queries 0 CERT queries
56
!/usr/local/bin/perl -w D_STAT( RR gt 0,
RNXD gt 1, RFwdR gt 2, RDupR gt 3,
RFail gt 4, RFErr gt 5, RErr gt 6,
RAXFR gt 7, RLame gt 8, ROpts gt 9,
SSysQ gt 10, SAns gt 11, SFwdQ gt 12,
SDupQ gt 13, SErr gt 14, RQ gt 15,
RIQ gt 16, RFwdQ gt 17, RDupQ gt 18,
RTCP gt 19, RFwsR gt 20, SFail gt 21,
SFErr gt 22, SNaAns gt 23, SNXD gt 24,
RUQ gt 25, RURQ gt 26, RUXFR gt 27,
RUUpd gt 28, ) my HOSTNAME
"dns\.ntu\.edu\.tw" my LOG
"/users/www/mrtg/dnsstat/named.stats" my RUN
"/users/www/mrtg/dnsstat" my INCOMING
D_STAT"RQ" my OUTGOING D_STAT"RFail" m
y OUTGOING D_STAT"SAns"
57
root_at_scorpio829pmlt/gtusers/www/mrtg/stat.pl 5061
6 41332 534888 dns.ntu.edu.tw
58
????
  • flow-tool
  • http//www.splintered.net/sw/flow-tools/
  • getif
  • http//www.wtcs.org/snmp4tpc/getif.htm
  • MRTG
  • http//people.ee.ethz.ch/oetiker/webtools/mrtg/
  • net-snmp package
  • http//net-snmp.sourceforge.net/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "madeline@ntu.edu.tw" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!