NetStream技术白皮书
目录 1.1 NetStream产生背景····························································································································· 11.2 NetStream应用场景····························································································································· 1 2.1 NetStream系统组成····························································································································· 12.2 NetStream工作机制····························································································································· 22.3 NetStream采样···································································································································· 32.4 NetStream流建立································································································································ 32.5 NetStream流老化································································································································ 42.6 NetStream流输出································································································································ 42.6.1普通流输出································································································································· 42.6.2聚合流输出································································································································· 52.6.3 NetStream输出报文版本··········································································································· 62.7 NetStream输出报文格式······················································································································ 62.7.2 V5报文格式······························································································································· 62.7.3 V8报文格式······························································································································· 72.7.4 V9报文格式······························································································································· 82.7.5 V10报文格式··························································································································· 112.7.6输出报文格式比较···················································································································· 112.8 NetStream镜像功能··························································································································· 122.9 NetStream过滤功能··························································································································· 13 3.2 NetStream应用于网络规划场景········································································································· 13 1 NetStream概述 1.1 NetStream产生背景 Internet高速发展,使得网络带宽不断增加,网络支持的业务和应用也日渐增多。传统的流量统计技术(如SNMP、端口镜像等),由于统计流量方式不灵活或是需要投资专用服务器成本高等原因,无法满足对网络进行更细致的管理的要求。因此,亟需一种新技术来更好的支持网络流量统计。 为了应对企业网络管理中的这些问题,NetStream应运而生。NetStream是一种基于网络流信息的统计技术,定义了用于设备输出网络流量统计数据的方法,设备对通过其的数据进行统计和分析,并上报给网络流量分析器,经合并处理后存入数据库,并进行进一步的分析处理。 NetStream技术可利用网络数据流创造价值,并可在最大限度减小对NetStream性能影响的前提下提供详细的数据流统计信息。在网络的接入层、汇聚层、核心层上,都可以部署NetStream,以帮助网络管理人员了解企业内部网络的运行状况,及时发现并解决网络中的性能瓶颈问题、网络异常现象,也能作为用户进行网络优化、网络设备投资、网络带宽优化等的参考。 1.2 NetStream应用场景 NetStream技术的应用场景有以下几种: •计费:基于线路、带宽、时段等资源的占用情况,NetStream可提供精细的计费数据支持。Internet服务提供商可以利用这些信息来实行灵活的计费策略,如基于时间、带宽、应用、服务质量等。企业客户可以使用这些信息计算部门费用或分配成本,以便有效利用资源。•网络规划:NetStream可以为网络管理工具提供关键信息,比如各个AS域之间的网络流量情况,以便优化网络设计和规划,实现以最小的网络运营成本达到最佳的网络性能和可靠性。•网络监控:通过在出口部署NetStream,可实时监控连接Internet网络的接口流量,从而分析不同业务对出口带宽的占用情况。网管人员可以根据这些信息判断网络的运行情况,尽早发现不合理的网络结构或是网络中的性能瓶颈,方便网管人员规划和分配网络资源。•用户监控和分析:通过NetStream技术可以使网络管理者轻松获取用户使用网络和应用资源的详细情况,进而用于高效地规划以及分配网络资源,并保障网络的安全运行。 2 NetStream技术实现 NetStream是一项基于“流”来统计报文的技术,可以对网络中的业务流量进行统计和分析。它将具有相同特征的报文作为一条流,对各个流进行统计,记录流的统计信息并输出。也可以把多个具有某些相同特征的流聚合成一条聚合流,记录聚合流的统计信息并输出。 2.1 NetStream系统组成 一个典型的NetStream系统由NDE(NetStream Data Exporter,网络流数据输出者)、NSC(NetStream Collector,网络流数据收集者)和NDA(NetStream Data Analyzer,网络流数据分析者)三部分组成。 •NDE NDE负责对网络流进行分类,提取符合条件的流进行统计,并将统计信息上报给NSC设备。输出前也可对数据进行一些处理,比如聚合。配置了NetStream功能的设备在NetStream系统中担当NDE角色。 •NSC NSC通常为运行于某种操作系统上的一个应用程序,负责解析来自NDE的报文,把统计数据收集到数据库中,可供NDA进行解析。NSC可以采集多个NDE设备输出的数据。 •NDA NDA是一个网络流量分析工具,它从NSC中提取统计数据,进行进一步的加工处理,生成报表,为各种业务提供依据(比如流量计费、网络规划,攻击监测)。NDA可以提取多个NSC中的数据。通常,NDA具有图形化用户界面,可以使用户方便地获取、显示和分析收集到的数据。 NSC和NDA可以集成在一台NetStream服务器上。 2.2 NetStream工作机制 NetStream的工作机制如下: (1)NDE把采集到的关于流的详细统计信息定期发送给NSC。(2)NSC将统计信息收集到数据库后发送给NDA。(3)NDA对数据进行分析,用于计费、网络规划等应用。设备作为NDE的NetStream处理过程如图2所示,主要分为以下几个步骤:(4)设备按照配置的采样方式对业务流量进行NetStream采样。(5)设备根据关键值对采样报文进行NetStream流建立。(6)设备按照老化方式对NetStream流进行流老化。(7)设备按照输出方式进行NetStream流输出。 2.3 NetStream采样 NetStream可以与Sampler(采样器)配合使用。通过设定适当的采样间隔,只针对样本报文进行流信息统计分析。收集到的统计信息可以基本正确地反映整个网络流的状况,同时也能降低NetStream功能对设备性能的影响。 NetStream采样有以下两种方式: •随机报文间隔采样:在设置的数量间隔内随机采样报文。比如,将报文采样的数量间隔设置为100,则每100个报文中随机采样1个报文。•固定报文间隔采样:在设置的数量间隔内周期采样报文。比如,将报文采样的数量间隔设置为100,如果第3个报文被采样,则每隔100个报文都会再次采样,即第
