一、ip accounting
1、配置方法
router(config)#int
s 0/0
router(config-if)#ip
accounting output-packets
router#sh
ip accounting output-packets
Source
Destination Packets Bytes
192.1.1.110
192.1.1.97 5 500
172.17.246.
128 192.1.1.110 8 704
Accounting
data age is 2d23h
或者
router(config)#int
s 0/0
router(config-if)#ip
accounting access-violations
router#sh
ip accounting [checkpoint] access-violations
Source
Destination Packets Bytes ACL
192.1.1.110
224.0.0.5 46 3128 19
Accounting
data age is 7
2、说明
●
基于地址对的字节数量及数据包数量统计
●
通常只支持outbound的数据包,及被ACL拒绝的数据包(支持IN 和 OUT方向的ACL)
●
只统计穿越路由器的流量,源或目的是该路由器的数据包不做统计
●
支持所有的switching path,除了Autonomous Switching
●
可以通过SNMP来访问统计值,MIB是OLD-CISCO-IP-MIB, lipAccountingTable
●
ip accounting还支持其他的监测方式,如基于tos,mac-address等
二、netflow
1、配置方法
router
(config-if)#ip route-cache flow
router
(config)#ip flow-export destination 172.17.246.225 9996
router
(config)#ip flow-export version 5
Optional
configuration
router
(config)#ip flow-export source loopback 0
router
(config)#ip flow-cache entries <1024-524288>
router
(config)#ip flow-cache timeout
sh
ip cache flow
IP
packet size distribution (132429191 total packets):
1-32
64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000
.191 .024 .009 .010 .006 .005 .008 .003 .005 .003 .003 .002 .001 .001
512
544 576 1024 1536 2048 2560 3072 3584 4096 4608
.001
.002 .107 .032 .578 .000 .000 .000 .000 .000 .000
IP
Flow Switching Cache, 278544 bytes
33
active, 4063 inactive, 7975259 added
104834714
ager polls, 0 flow alloc failures
Active
flows timeout in 30 minutes
Inactive
flows timeout in 15 seconds
last
clearing of statistics never
Protocol
Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
--------
Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet
25378 0.0 12 652 0.0 22.9 15.2
TCP-FTP
432435 0.1 4 59 0.4 1.2 2.7
TCP-FTPD
28670 0.0 212 1397 1.4 8.2 1.6
TCP-WWW
4682530 1.0 15 927 16.4 2.4 4.6
2、说明
●
统计基于流(包括地址对、端口号、协议类型等)的数据量
●
只支持inbound的流量
●
只支持单播
●
只能在主端口配置
●
需要和cef或fast switching一起使用
●
对路由器性能有影响
10,000
active flows: < 4% of additional CPU utilization
45,000
active flows: <12% of additional CPU utilization
65,000
active flows: <16% of additional CPU utilization
三、NBAR
1、配置方法
router(config)#
interface FastEthernet 0/1
router(config-if)#
ip nbar protocol discovery
router#
show ip nbar protocol -discovery interface FastEthernet 6/0
FastEthernet6/0
Input
Output
Protocol
Packet Count Packet Count
Byte
Count Byte Count
5
minute bit rate (bps) 5 minute bit rate (bps)
------------------------
------------------------ ------------------------
http
316773 0
26340105
0
3000
0
pop3
4437 7367
2301891
339213
3000
0
snmp
279538 14644
319106191
673624
0
0
…
Total
17203819 151684936
19161397327
50967034611
4179000
6620000
2、说明
●
NBAR识别从4层到7层的协议信息
●可以基于端口统计input
和output 的bit rate (bps), packet counts, byte counts
●
只能在cef或dcef的基础上运行
●
不象netflow,没有流的概念。主要是统计目前网络中有那一些应用
四、access-list log
1、配置方法
router(config)#
access-list 118 permit ip any any log
router(config)#
interface FastEthernet 0/1
router(config-if)#
ip access-group 118 out
router#
show log
router>sh
log
Syslog
logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
0
overruns)
Console
logging: level debugging, 79 messages logged
Monitor
logging: level debugging, 0 messages logged
Buffer
logging: level debugging, 79 messages logged
Logging
Exception size (4096 bytes)
Trap
logging: level informational, 83 message lines logged
Log
Buffer (4096 bytes):
*May
25 05:27:50: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) ->
10.0.29.3(0), 1 packet
*May
25 05:28:59: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) ->
10.0.28.128(0), 1 packet
*May
25 05:29:19: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) ->
10.0.29.3(0), 56 packets
2、说明
●
可以使用于任何端口的input 或者output
●
可以看到目前端口上跑的应用
●
没有统计信息,只能看到有那一些地址,看不到应用统计
|