使用路由器作流量检测的几个手段
口号、协议类型等)的数据量
● 只支持inbound的流量
● 只支持单播
● 只能在主端口配置
● 需要和cef或fast switching一起使用
● 对路由器性能有影响
10,000 active flows: < 4% of additional CPU utilization
45,000 active flows: <12% of additional CPU utilization
65,000 active flows: <16% of additional CPU utilization
三、NBAR
1、配置方法
router(config)# interface FastEthernet 0/1
router(config-if)# ip nbar protocol discovery
router# show ip nbar protocol -discovery interface FastEthernet 6/0
FastEthernet6/0
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
http 316773 0
26340105 0
3000 0
pop3 4437 7367
2301891 339213
3000 0
snmp 279538 14644
319106191 673624
0 0
…
Total 17203819 151684936
19161397327 50967034611
4179000 6620000
2、说明
● NBAR识别从4层到7层的协议信息
●可以基于端口统计input 和output 的bit rate (bps), packet counts, byte counts
● 只能在cef或dcef的基础上运行
● 不象netflow,没有流的概念。主要是统计目前网络中有那一些应用
四、access-list log
1、配置方法
router(config)# access-list 118 permit ip any any log
router(config)# interface FastEthernet 0/1
router(config-if)# ip access-group 118 out
router# show log
router>sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
0 overruns)
Console logging: level debugging, 79 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 79 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 83 message lines logged
Log Buffer (4096 bytes):
*May 25 05:27:50: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 1 packet
*May 25 05:28:59: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.28.128(0), 1 packet
*May 25 05:29:19: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 56 packets
2、说明
● 可以使用于任何端口的input 或者output
● 可以
● 只支持inbound的流量
● 只支持单播
● 只能在主端口配置
● 需要和cef或fast switching一起使用
● 对路由器性能有影响
10,000 active flows: < 4% of additional CPU utilization
45,000 active flows: <12% of additional CPU utilization
65,000 active flows: <16% of additional CPU utilization
三、NBAR
1、配置方法
router(config)# interface FastEthernet 0/1
router(config-if)# ip nbar protocol discovery
router# show ip nbar protocol -discovery interface FastEthernet 6/0
FastEthernet6/0
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
http 316773 0
26340105 0
3000 0
pop3 4437 7367
2301891 339213
3000 0
snmp 279538 14644
319106191 673624
0 0
…
Total 17203819 151684936
19161397327 50967034611
4179000 6620000
2、说明
● NBAR识别从4层到7层的协议信息
●可以基于端口统计input 和output 的bit rate (bps), packet counts, byte counts
● 只能在cef或dcef的基础上运行
● 不象netflow,没有流的概念。主要是统计目前网络中有那一些应用
四、access-list log
1、配置方法
router(config)# access-list 118 permit ip any any log
router(config)# interface FastEthernet 0/1
router(config-if)# ip access-group 118 out
router# show log
router>sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
0 overruns)
Console logging: level debugging, 79 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 79 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 83 message lines logged
Log Buffer (4096 bytes):
*May 25 05:27:50: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 1 packet
*May 25 05:28:59: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.28.128(0), 1 packet
*May 25 05:29:19: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 56 packets
2、说明
● 可以使用于任何端口的input 或者output
● 可以
天下网吧·网吧天下
闽公网安备35010202000238号