Netflow 校验
show ip flow interface
show ip flow export
show ip cache flow
show ip cache verbose flow
clear ip flow stats
debug ip flow export
Show ip cache flow
| Router# show ip cache flow 当前cache下的 不同尺寸包所占的百分比 IP packet size distribution (12718M total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .554 .042 .017 .015 .009 .009 .009 .013 .030 .006 .007 .005 .004 .004 可见64字节的包占的比率非常大,将近55.4% 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .003 .007 .139 .019 .098 .000 .000 .000 .000 .000 .000
显然都是IP包,到1536为止了 |
| IP Flow Switching Cache, 4456448 bytes (flow cache ,4.45M字节) 这个数是死的,即4M cache -size
65509 active, 27 inactive, 820628747 added 6万个活动flow,27个非活动的 955454490 ager polls, 0 flow alloc failures Exporting flows to 1.1.15.1 (2057) 820563238 flows exported in 34485239 udp datagrams, 0 failed last clearing of statistics 00:00:03 |
|
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 2656855 4.3 86 78 372.3 49.6 27.6 TCP-FTP 5900082 9.5 9 71 86.8 11.4 33.1 TCP-FTPD 3200453 5.1 193 461 1006.3 45.8 33.4 TCP-WWW 546778274 887.3 12 325 11170.8 8.0 32.3 TCP-SMTP 25536863 41.4 21 283 876.5 10.9 31.3 TCP-X 116391 0.1 231 269 43.8 68.2 27.3 TCP-BGP 24520 0.0 28 216 1.1 26.2 39.0 TCP-Frag 56847 0.0 24 952 2.2 13.1 33.2 TCP-other 49148540 79.7 47 338 3752.6 30.7 32.2 TCP-other,就是除knowning port以外的其他port, UDP-DNS 117240379 190.2 3 112 570.8 7.5 34.7 UDP-NTP 9378269 15.2 1 76 16.2 2.2 38.7 UDP-TFTP 8077 0.0 3 62 0.0 9.7 33.2 UDP-Frag 51161 0.0 14 322 1.2 11.0 39.4 UDP-other 45502422 73.8 30 174 2272.7 8.5 37.8 ICMP 14837957 24.0 5 224 125.8 12.1 34.3 IGMP 40916 0.0 170 207 11.3 197.3 13.5 IPINIP 3988 0.0 48713 393 315.2 644.2 19.6 GRE 3838 0.0 79 101 0.4 47.3 25.9 IP-other 77406 0.1 47 259 5.9 52.4 27.0
Total: 820563238 1331.7 15 304 20633.0 9.8 33.0 这是所有流的flow/sec, bytes/pkt
按应用类型(tcp/udp端口号)summary flow/sec : 每个协议的流速,flow/s packets/flow:每个协议的每流平均包数 bytes/pkt: 每个协议的包平均大小(size) packet/sec: 每个协议的pps Active(Sec)/FLOW: 每个协议的每流active 时长 Idle(Sec)/Flow:每个协议的每流idel 时长
|
| SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts B/Pk Active Fd0/0 80.0.0.3 Hs1/0 200.1.9.1 06 0621 0052 7 87 5.9 Fd0/0 80.0.0.3 Hs1/0 200.1.8.1 06 0620 0052 7 87 1.8 Hs1/0 200.0.0.3 Fd0/0 80.1.10.1 06 0052 0621 6 58 1.8 Hs1/0 200.0.0.3 Fd0/0 80.1.1.1 06 0052 0620 5 62 5.9 Fd0/0 80.0.0.3 Hs1/0 200.1.3.1 06 0723 0052 16 68 0.3 HS1/0 200.0.0.3 Fd0/0 80.1.2.1 06 0052 0726 6 58 11.8 Fd0/0 80.0.0.3 Hs1/0 200.1.5.1 06 0726 0052 6 96 0.3 Hs1/0 200.0.0.3 Fd0/0 80.1.4.1 06 0052 0442 3 76 0.3 Hs1/0 200.0.0.3 Fd0/0 80.1.7.1 06 0052 D381 11 1171 0.6
当前cache中的active flow 源接口 源地址 目的接口 目的地址 协议号 源端口 目的端口 包数 每包平均大小 active时长 |
show ip cache verbose flow
Show ip cache flow 与show ip cache verbose flow唯一的不同,就是active flow多了几个域:
| SrcIF SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts |
clear ip flow stat-----------清除neflow cache,使show ip cache flow里的各项累计值清0
| ptr#clear ip flow stat |
| ptr#sh ip cache flow |
debug ip flow export
Router# debug ip flow export
IP Flow export mechanism debugging is on
*Mar 6 22:56:21.627:IPFLOW:Sending export pak to 2001::FFFE/64 port 9999
*Mar 6 22:56:21.627:IPFLOW:Error sending export packet:Adjacency failure
转载于:https://blog.51cto.com/kwsnh/482374
扫一扫
4591
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
