Network Monitoring Configuration Guide

traffic mirroring configuration traffic mirroring configuration introduction introduction port mirroring allows users to use the data monitoring device to analyze the copied messages for network monitoring and troubleshooting by copying messages from a specified port to a port connected to the data monitoring device mirror source is the object being monitored, i e , the port that receives and sends the messages that need to be monitored, called the source port the mirroring destination is the destination to which the mirroring message is destined, i e , the port connected to the data monitoring device, called the destination port mirror direction refers to which direction messages can be copied on the mirror source inbound direction is to copy only copy the messages received by the mirror source outbound direction is to copy only the messages sent by the mirror source bidirectional is to copy both the received and outgoing messages of the mirror source configuration example configuration example network requirements device a and another device on the network communication abnormalities, the need to mirror the device connected to the external network interface ethernet8 to analyze the sending and receiving of messages, mirroring the destination port is connected to the server ethernet9 port procedure \# create a mirror group, specify the mirror source as ethernet8, the mirror destination as ethernet9, and the mirror direction as bidirectional sonic(config)# mirror session 1 span direction both dst ethernet 9 src ethernet 8 verify configuration 1 view configuration sonic# show mirror session + + + + + + \| session name | destination port | source port | type | direction | +================+==================+=============+========+============+ \| 1 | ethernet9 | ethernet8 | span | both | + + + + + + 2 capture packets on the server to view, and so on to capture all the messages sent and received on ethernet port 8 ipfix configuration ipfix configuration introduction introduction ipfix (ip flow information export) is a standard protocol for collecting and exporting network traffic information, designed to provide a universal, scalable way to describe and transmit network traffic information with ipfix, network administrators can collect detailed information about network traffic, such as source ip address, destination ip address, port number, traffic byte count, connection duration, etc , for use in network monitoring, billing, traffic engineering, security analysis, and other scenarios ipfix configuration ipfix configuration configure ipfix exporter configure ipfix exporter operation command description enter the system configuration view configure terminal create and enter the ipfix exporter view ipfix exporter \<name> configure destination ip of the ipfix packet dip \<a b c d> configure domain id of ipfix packets domain id \<id> configure the destination port of ipfix packets dport \<value> configure mtu of ipfix packets path mtu \<value> configure the source ip of ipfix packets sip \<a b c d> configure the source port of ipfix packets sport \<value> configure the transmission interval for ipfix template packets template interval \<value> configure the vrf of ipfix packet output port vrf \<name> configure ipfix monitor map configure ipfix monitor map operation command description enter the system configuration view configure terminal create and enter the ipfix monitor map view ipfix monitor map \<name> bind exporter to monitor exporter \<name> set the depth of analyzed messages record {l2|l3|l4|all} set the active time of a session stream timeout active \<value> set the timeout for session flow timeout passive \<value> configure monitor interface configure monitor interface operation command description enter the system configuration view configure terminal enter the interface configuration view interface ethernet \<id> set the monitor interface ipfix monitor \<name> {ip4|ip6|l2} {both|rx|tx} display and maintenance display and maintenance operation command description display ipfix exporter configuration show ipfix exporter display ipfix monitor map configuration show ipfix monitor display ipfix port map configuration show ipfix port map ipfix configuration example ipfix configuration example network requirements users collect traffic sent and received from ethernet port 5 via ethernet port 16 procedure sonic(config)# interface ethernet 16 sonic(config if 16)# ip address 192 85 3 1/24 sonic(config)# ipfix exporter test sonic(config ipfix exporter test)# dip 192 85 3 100 sonic(config ipfix exporter test)# domain id 10 sonic(config ipfix exporter test)# path mtu 1000 sonic(config ipfix exporter test)# sip 1 1 1 1 sonic(config ipfix exporter test)# template interval 60 sonic(config)# ipfix monitor map test1 sonic(config ipfix monitor map test)# exporter test sonic(config ipfix monitor map test)# record all sonic(config ipfix monitor map test)# timeout active 60 sonic(config ipfix monitor map test)# timeout passive 120 sonic(config)# interface ethernet 5 sonic(config if 5)# ip address 80 0 0 1/24 sonic(config if 5)# ipfix monitor test l2 both