Imixholo fihla
1 ADVANTECH Router App Net Flow Pfix
2 Ulwazi lweMveliso
3 Imiyalelo yokusebenzisa
4 Iisimboli ezisetyenzisiweyo
5 Changelog
6 Inkcazo yemodyuli
7 Uqwalaselo
8 Ulwazi
9 Imiyalelo yokusebenzisa
10 Ukusebenzisana kwesazisi seNjini
11 Amaxwebhu anxulumeneyo
12 Amaxwebhu / Izibonelelo
12.1 Iimbekiselo
13 Izithuba eziyeleleneyo

ADVANTECH-LOGO

ADVANTECH Router App Net Flow Pfix

I-ADVANTECH-Router-App-NetFlow-Pfix-PRODUCT

Ulwazi lweMveliso

Iinkcukacha

  • Umenzi: Advantech Czech sro
  • Idilesi: Sokolska 71, 562 04 Usti nad Orlici, Czech Republic
  • Uxwebhu No.: APP-0085-EN
  • Uhlaziyo Umhla: 19 Okthobha, 2023

Inkcazo yeModyuli

  • Imodyuli ye-NetFlow/IPFIX lusetyenziso lwe-router oluphuhliswe yi-Advantech Czech s.r.o. Ayifakwanga kwi-firmware ye-router esemgangathweni kwaye kufuneka ilayishwe ngokwahlukileyo.
  • Imodyuli yenzelwe ukujonga itrafikhi yenethiwekhi. Isebenza ngokuqokelela ulwazi lwetrafikhi ye-IP usebenzisa i-probe efakwe kwii-router ze-NetFlow-enabled.
  • Olu lwazi luthunyelwa kumqokeleli we-NetFlow kunye nomhlalutyi ukuze ahlalutye ngakumbi.

Web Ujongano

Nje ukuba imodyuli ifakiwe, unokufikelela kuyo web ujongano ngokucofa igama lemodyuli kwiphepha le-Router ye-router yakho web ujongano. I web ujongano luqulathe imenyu enamacandelo awohlukeneyo:

Uqwalaselo

Icandelo loqwalaselo likuvumela ukuba uqwalasele izicwangciso ezahlukeneyo ze-NetFlow/IPFIX ye-router app. Ukufikelela kuseto loqwalaselo, cofa kwinto ethi "Global" kwimenyu ephambili yemodyuli web ujongano. Izinto eziqwalaselweyo ziquka:

  • Vula iProbe: Olu khetho luqala ngokungenisa ulwazi lweNetFlow kumqokeleli okude (ukuba kuchaziwe) okanye kumqokeleli wendawo (ukuba yenziwe).
  • Inkqubo: Olu khetho likuvumela ukuba ukhethe iprothokholi ezakusetyenziswa kuthumelo lolwazi lweNetFlow. Unokukhetha kwi-NetFlow v5, i-NetFlow v9, okanye i-IPFIX (i-NetFlow v10).
  • I-ID ye-injini: Olu khetho likuvumela ukuba usete i-ID yeNdawo yokuQaphela (ye-IPFIX), i-ID yoMthombo (ye-NetFlow v9), okanye i-ID ye-Engine (ye-NetFlow v5). Oku kunceda umqokeleli ukuba ahlule phakathi kwabathumela ngaphandle abaninzi. Ngolwazi oluthe vetshe, jonga kwicandelo le-Engine ID Interoperability.

Ulwazi

Icandelo loLwazi libonelela ngeenkcukacha malunga nemodyuli kunye neelayisensi zayo. Ungafikelela kweli candelo ngokucofa into ethi "Ulwazi" kwimenyu ephambili yemodyuli web ujongano.

Imiyalelo yokusebenzisa

Ulwazi oluqokelelweyo

  • Imodyuli yeNetFlow / IPFIX iqokelela ulwazi lwetrafikhi ye-IP kwiprobe ye-router. Oku kuquka iinkcukacha ezinje ngomthombo kunye needilesi ze-IP zendawo ekuyiwa kuyo, ukubalwa kwepakethi, ukubalwa kwe-byte, kunye nolwazi lweprothokholi.

Ukufunyanwa koLwazi olugciniweyo

  • Ukufumana kwakhona ulwazi olugciniweyo, kufuneka ufikelele kumqokeleli weNetFlow kunye nohlalutyi apho imodyuli ingenisa idatha. Umqokeleli kunye nomhlalutyi uya kubonelela ngezixhobo kunye neengxelo zokuhlalutya kunye nokubona ulwazi oluqokelelweyo.

Ukusebenzisana kwesazisi seNjini

  • Isicwangciso se-ID ye-ID kuqwalaselo sikuvumela ukuba uchaze isichongi esisodwa somthumeli ngaphandle. Oku kuluncedo xa unabaninzi abathumela ngaphandle idatha kumqokeleli omnye.
  • Ngokumisela ii-ID ze-Injini ezahlukeneyo, umqokeleli unokwahlula phakathi kwedatha efunyenwe kubathengisi abahlukeneyo.

Ixesha lokuvala iTrafikhi

  • Imodyuli ayinikezeli ngolwazi oluthe ngqo malunga nokuphela kwexesha letrafikhi. Nceda ubhekisele kumaxwebhu anxulumeneyo okanye uqhagamshelane ne-Advantech Czech s.r.o. iinkcukacha ezithe vetshe.

Amaxwebhu anxulumeneyo

  • Ngolwazi oluthe vetshe kunye nemiyalelo eneenkcukacha, nceda ujonge kula maxwebhu alandelayo:
  • Incwadi yoqwalaselo
  • Amanye amaxwebhu anxulumeneyo anikezelwe yi-Advantech Czech s.r.o.

FAQ

Umbuzo: Ngubani umenzi weNetFlow/IPFIX?

  • A: Umvelisi we-NetFlow/IPFIX yi-Advantech Czech s.r.o.

Umbuzo: Yintoni injongo yeNetFlow/IPFIX?

  • A: I-NetFlow / IPFIX yenzelwe ukubeka iliso kwi-traffic yenethiwekhi ngokuqokelela ulwazi lwe-IP ye-traffic ukusuka kwi-NetFlow-enabled routers kwaye uyithumele kumqokeleli we-NetFlow kunye nomhlalutyi.

Q: Ndingafikelela njani kwimimiselo yoqwalaselo lwemodyuli?

  • A: Ukufikelela kuseto loqwalaselo, cofa kwinto ethi "Global" kwimenyu ephambili yemodyuli web ujongano.

Q: Yintoni i-ID ye-ID yolungiselelo esetyenziselwa ntoni?

  • A: Isicwangciso se-ID ye-ID sikuvumela ukuba uchaze into eyodwa yokuchonga umthumeli ngaphandle, ukunceda umqokeleli ukuba ahlule phakathi kwabathumeli ngaphandle abaninzi.
  • © 2023 Advantech Czech sro Akukho nxalenye yolu papasho inokuphinda iveliswe okanye isasazwe ngayo nayiphi na indlela okanye ngayo nayiphi na indlela, i-elektroniki okanye ngomatshini, kubandakanywa ukufota, ukurekhoda, okanye naluphi na ulwazi olugciniweyo kunye nenkqubo yokubuyisela ngaphandle kwemvume ebhaliweyo.
  • Ulwazi olukule ncwadana lunokutshintsha ngaphandle kwesaziso, kwaye alubonisi ukuzibophelela kwicala le-Advantech.
  • I-Advantech Czech sro ayisayi kuba noxanduva lomonakalo ongalindelekanga okanye ngenxa yesiphumo sokubonelelwa, ukusebenza, okanye ukusetyenziswa kwale ncwadana.
  • Onke amagama eebhrendi asetyenziswe kule ncwadana ziimpawu zorhwebo ezibhalisiweyo zabanini bazo. Ukusetyenziswa kweempawu zokuthengisa okanye ezinye izibizo kolu papasho lwenzelwa iinjongo zereferensi kuphela kwaye azibandakanyi uqinisekiso lomnini weempawu.

Iisimboli ezisetyenzisiweyo

  • ADVANTECH-Router-App-NetFlow-Pfix-FIG-1Ingozi - Ulwazi malunga nokhuseleko lomsebenzisi okanye umonakalo onokwenzeka kwi-router.
  • ADVANTECH-Router-App-NetFlow-Pfix-FIG-2Ingqalelo – Iingxaki ezinokuvela kwiimeko ezithile.
  • ADVANTECH-Router-App-NetFlow-Pfix-FIG-3Ulwazi -Iingcebiso eziluncedo okanye ulwazi olunomdla okhethekileyo.
  • ADVANTECH-Router-App-NetFlow-Pfix-FIG-4Example – Eksample yomsebenzi, umyalelo okanye iskripthi.

Changelog

NetFlow/IPFIX Changelog

  • v1.0.0 (2020-04-15)
    • Ukukhutshwa kokuqala.
  • v1.1.0 (2020-10-01)
    • I-CSS ehlaziyiweyo kunye nekhowudi ye-HTML ukuze itshatise i-firmware 6.2.0+.

Inkcazo yemodyuli

  • I-router app NetFlow/IPFIX ayiqukwanga kwi-firmware yerotha eqhelekileyo. Ukulayishwa kwale app ye-router kuchazwe kwincwadana yoLungiselelo (jonga iSahluko esiNxulumene naMaxwebhu).
  • Usetyenziso lwerouter iNetFlow/IPFIX imiselwe ukujonga itrafikhi yothungelwano. Ii-router ezinikwe amandla ze-NetFlow zine-probe eqokelela ulwazi lwe-traffic ye-IP kwaye ithumele kumqokeleli we-NetFlow kunye nomhlalutyi.

Le app yerouter iqulethe:

  • I-NetFlow probe enokungenisa ulwazi kumqokeleli weNethiwekhi ehambelanayo kunye nomhlalutyi, o. g. i https://www.paessler.com/prtg.
  • Umqokeleli weNetFlow ogcina ulwazi oluqokelelweyo ku file. Isenokufumana kwaye igcine itrafikhi yeNetFlow kwezinye izixhobo.ADVANTECH-Router-App-NetFlow-Pfix-FIG-5

Web Ujongano

  • Nje ukuba ukufakwa kwemodyuli kugqityiwe, i-GUI yemodyuli inokucelwa ngokunqakraza igama lemodyuli kwiphepha le-Router apps ye-router. web ujongano.
  • Indawo yasekhohlo yale GUI iqulathe imenyu enecandelo lemenyu yoqwalaselo kunye necandelo lemenyu yoLwazi.
  • Icandelo lemenyu yokwenza ngokwezifiso iqulethe kuphela into yoBuyisela, etshintsha umva ukusuka kwimodyuli web iphepha kwi-router web amaphepha oqwalaselo. Imenyu engundoqo ye-GUI yemodyuli iboniswe kuMfanekiso 2.ADVANTECH-Router-App-NetFlow-Pfix-FIG-6

Uqwalaselo

Ehlabathini lonke

  • Zonke iisetingi ze-router ye-NetFlow/IPFIX zinokuqwalaselwa ngokucofa into yeGlobal kwimenyu ephambili yemodyuli. web ujongano. Uphelileview yezinto eziqwalaselweyo zinikwe ngezantsi.ADVANTECH-Router-App-NetFlow-Pfix-FIG-7
Into Inkcazo
Yenza iProbe isebenze Qalisa ukuthumela ulwazi lweNetFlow kuMqokeleli oKude (xa kuchaziwe), okanye kuMqokeleli weNgingqi (xa yenziwe).
Umgaqo-nkqubo Umgaqo oza kusetyenziswa: I-NetFlow v5, I-Netflow v9, IPFIX (I-Net- Flow v10)
I-ID ye-injini I-ID ye-Observation Domain (kwi-IPFIX, i-Source Id kwi-NetFlow v9, okanye i-Id Id kwi-NetFlow v5) ixabiso. Oku kunokunceda umqokeleli wakho ukuba ahlule phakathi kwabathumeli ngaphandle abaninzi. Jonga kwakhona icandelo kwi-Injini ID Interoperability.
Into Inkcazo
Sampler (ayinanto): ngenisa konke ukuhamba okujongiweyo; deterministic: ngenisa i-N-th nganye flow ejongiweyo; random: khetha ngokungakhethiyo enye ku-N uqukuqela; hash: khetha i-hash-ngokungakhethiyo enye ngaphandle kokuhamba kwe-N.
Sampleer Ireyithi Ixabiso le-N.
Ixesha lokuvala iTrafikhi engasebenziyo Ngenisa ukuhamba emva kokuba ingasebenzi imizuzwana eyi-15. Ixabiso elimiselweyo yi-15.
Ixesha lokuvala iTrafikhi Ngenisa ukuhamba kwayo emva kokuba isebenze imizuzwana eyi-1800 (imizuzu engama-30). Ixabiso elimiselweyo yi-1800. Jonga kwakhona icandelo malunga nokuphela kwexesha lendlela.
Umqokeleli okude Idilesi ye-IP yomqokeleli we-NetFlow okanye umhlalutyi, apho kufuneka ungenise khona ulwazi oluqokelelweyo lwetrafikhi yeNetFlow. Isibuko siyakhethwa, asigqibekanga 2055. Indawo yokufikela inokuqulatha uluhlu olwahlulwe ngekoma lweedilesi ezininzi zeIP (kunye namazibuko) ukubonisa iNetFlow kubaqokeleli/abahlalutyi ababini nangaphezulu.
Nika amandla uMqokeleli wasekuhlaleni Qala ukufumana ulwazi lwe-NetFlow oluvela kwiProbe yendawo (xa yenziwe) okanye ukusuka kwiprobe ekude.
Isithuba sokuGcina Ixela isithuba sexesha kwimizuzwana ukujikeleza files. Ixabiso elimiselweyo yi-300s (5min).
Ukuphela kwexesha lokuGcina Iseta elona xesha liphezulu lobomi files kuluhlu. Ixabiso elingu-0 livala ubuninzi bomda wobomi.
Gcina iinombolo zeSNMP zeNdibaniselwano Khangela ukugcina isalathiso seSNMP yegalelo/ujongano lwemveliso (% ngaphakathi, % ngaphandle) ukongeza kwiseti esemgangathweni yolwazi, bona ngezantsi.
Gcina idilesi ye-IP elandelayo Jonga ukugcina idilesi ye-IP ye-hop elandelayo yetrafikhi ephumayo (%nh).
Idilesi ye-IP ethunyelwa ngaphandle Khangela ukugcina idilesi ye-IP yendlela ethumela ngaphandle (%ra).
I-ID yeNjini yokuThumela ngaphandle Khangela ukugcina I-ID ye-Injini yendlela ethumela ngaphandle (%eng).
Gcina Ixesha loKwamkelwa koMqukuqelo Jonga amaxesha okugcinaamp xa ulwazi lokuhamba lufunyenwe (%tr).

Itheyibhile 1: Inkcazo yezinto zoqwalaselo

Ulwazi

iilayisensi Ishwankathela iilayisensi zeSoftwe yoMthombo oVulekileyo (OSS) asetyenziswe yile modyuliADVANTECH-Router-App-NetFlow-Pfix-FIG-8

Imiyalelo yokusebenzisa

Idatha ye-NetFlow akufanele ithunyelwe nge-WAN, ngaphandle kokuba i-VPN isetyenziswe. Idatha ayibhalwanga ngokwendalo okanye ayifihlwanga, ngoko ke umntu ongagunyaziswanga unokuthintela kwaye view ulwazi.

Ulwazi oluqokelelweyo

Olu lwazi lusemgangathweni lulandelayo luhlala luthunyelwa yi-probe kwaye lugcinwe ngumqokeleli:

  • Ixeshaamp xa itrafikhi iqale yabonwa (%ts) kwaye yagqityelwa ukubonwa (%te), kusetyenziswa iwotshi yovavanyo
  • Inani leebhayithi (%byt) kunye neepakethi (%pkt)
  • Umgaqo osetyenziswayo (%pr)
  • I-TOS (%tos)
  • Iiflegi ze-TCP (% flg)
  • Idilesi ye-IP yomthombo (%sa, %sap) kunye nezibuko (%sp)
  • Indawo yokufikela idilesi ye-IP (%da, %dap) kunye nezibuko (%dp)
  • Uhlobo lwe-ICMP (% it)

Oku kulandelayo kukwathunyelwe, kodwa kugcinwe kuphela xa kuceliwe (bona uqwalaselo olungentla):

  • Isalathiso se-SNMP sojongano lwegalelo/imveliso (% ngaphakathi, % ngaphandle)
  • Idilesi ye-IP ye-hop elandelayo yetrafikhi ephumayo (%nh)
  • Idilesi ye-IP (%ra) kunye ne-ID ye-Engine (%eng) yendlela yokuthumela ngaphandle (probe)
  • Ixeshaamp xa ulwazi lokuhamba lufunyenwe (%tr), kusetyenziswa iwotshi yomqokeleli
  • Ixabiso kwizibiyeli (%xx) libonisa umlungiseleli oza kusetyenziswa nge-nfdump ukubonisa eli xabiso (bona isahluko esilandelayo).

Ukufunyanwa koLwazi olugciniweyo

  • Idatha igcinwe kwi /tmp/netflow/nfcapd.yyyymmddHHMM, apho yyyymmddHHMM lixesha lokudala. Uluhlu lukwaquka i-.nfstat file, esetyenziselwa ukujonga ixesha lokuphelelwa yisikhathi.
  • Musa ukuyitshintsha le nto file. Ukuqwalasela ukuphela sebenzisa i-GUI yolawulo.
  • I files inokufundwa kusetyenziswa umyalelo we-nfdump. nfdump [iinketho] [filtha]

Bonisa iipakethi ze-UDP ezithunyelwe ngu-192.168.88.100:

  • nfdump -r nfcapd.202006011625 ‘proto udp kunye ne-src ip 192.168.88.100’
    • Bonisa konke ukuqukuqela phakathi kwe-16:25 kunye ne-17:25, udityaniso lokuqukuqela kweendlela ezimbini (-B):
  • nfdump -R /tmp/netflow/nfcapd.202006011625:nfcapd.202006011725 -B
    • Bonisa Uhlobo lweNjini/Isazisi, idilesi yomthombo+izibuko kunye nedilesi yendawo yokuya+ipor yazo zonke izinto ezihambayo:
  • nfdump -r /tmp/netflow/nfcapd.202006011625 -o “fmt:%eng %sap %dap”

Ukusebenzisana kwesazisi seNjini

  • I-Netflow v5 ichaza izichongi ezimbini ze-8-bit: Uhlobo lwe-Injini kunye ne-ID ye-Injini. Iprobe kwi-Advantech routers ithumela kuphela i-ID ye-Engine (0..255). Uhlobo lweNjini luya kuhlala lunoziro (0). Ngenxa yoko, ukuhamba okuthunyelwe nge-ID ye-Engine = 513 (0x201) kuya kufunyanwa njengeNjini yeNjini / i-ID = 0/1.ADVANTECH-Router-App-NetFlow-Pfix-FIG-9
  • I-Netflow v9 ichaza isichongi esinye se-32-bit. I-Probe kwi-Advantech routers ingathumela naliphi na inani le-32-bit, njani-ke abanye abavelisi (umzekelo, i-Cisco) yahlula isichongi kwii-bytes ezimbini ezigciniweyo, zilandelwa yiNjini yeNjini kunye ne-ID yeNjini. Umamkeli ulandela indlela efanayo.
  • Ngenxa yoko, ukuhamba okuthunyelwe nge-ID ye-Engine = 513 (0x201) kuya kufunyanwa njengoNxibelelwano lweNjini / i-ID = 2/1.ADVANTECH-Router-App-NetFlow-Pfix-FIG-10
  • IPFIX ichaza isichongi esinye se32-bit. Iprobe kwii-router ze-Advantech zinokuthumela nayiphi na inombolo ye-32-bit, kodwa umqokeleli wendawo akagcini eli xabiso okwangoku. Yiyo loo nto nakuphi na ukuhamba kuya kufunyanwa njengoNxibelelo lweNjini/ID = 0/0.ADVANTECH-Router-App-NetFlow-Pfix-FIG-11
  • Ingcebiso: Ukuba ufuna ukugcina i-ID ye-Injini kumqokeleli wendawo, khangela i-ID ye-Injini yokuThumela ngaphandle kwi-ID kwi-configuration, sebenzisa i-ID ye-Engine <256 kwaye ugweme ukusebenzisa i-IPFIX protocol.
  • Ixesha lokuvala iTrafikhi
  • Iprobe ithumela ngaphandle ngokupheleleyo, o.t. zonke iipakethi ezidityanisiweyo. Ukuba akukho zipakethi zijongwayo kangangexesha elithile (Ixesha lokuphuma kweTrafikhi engasebenziyo), ukuhambahamba kuthathwa njengokugqibelele kwaye uphando luthumela ulwazi lwendlela kumqokeleli.
  • Ulwazi malunga a file ukudluliselwa kuya kubonakala kumqokeleli emva kokuba udluliselo lugqityiwe, olunokuthi luthathe ixesha elibalulekileyo. Ukuba uthumelo lusebenza ixesha elide kakhulu (iXesha lokuPhuma kweTrafikhi eSebenzayo) iya kubonakala njengokuqukuqela okuphindaphindiweyo okuphindaphindiweyo.
  • UmzekeloampI-le, kunye ne-30 imizuzu esebenzayo ye-traffic timeout, i-45 imizuzu yokunxibelelana iya kubonisa njengokuhamba ezimbini: enye i-30 min kunye ne-15 min.

Ixesha lokuvala iTrafikhi

  • Iprobe ithumela ngaphandle ngokupheleleyo, o.t. zonke iipakethi ezidityanisiweyo. Ukuba akukho zipakethi zijongwayo kangangexesha elithile (Ixesha lokuphuma kweTrafikhi engasebenziyo), ukuhambahamba kuthathwa njengokugqibelele kwaye uphando luthumela ulwazi lwendlela kumqokeleli.
  • Ulwazi malunga a file ukudluliselwa kuya kubonakala kumqokeleli emva kokuba udluliselo lugqityiwe, olunokuthi luthathe ixesha elibalulekileyo. Ukuba uthumelo lusebenza ixesha elide kakhulu (iXesha lokuPhuma kweTrafikhi eSebenzayo) iya kubonakala njengokuqukuqela okuphindaphindiweyo okuphindaphindiweyo. UmzekeloampI-le, kunye ne-30 imizuzu esebenzayo ye-traffic timeout, i-45 imizuzu yokunxibelelana iya kubonisa njengokuhamba ezimbini: enye i-30 min kunye ne-15 min.ADVANTECH-Router-App-NetFlow-Pfix-FIG-12

Amaxwebhu anxulumeneyo

  • Ungafumana amaxwebhu anxulumene nemveliso kwiPortal yobuNjineli kwidilesi icr.advantech.cz.
  • Ukufumana isiKhokelo sokuQala esiKhawulezayo serouter yakho, iManuwali yoMsebenzisi, iManuwali yoLungiselelo, okanye iFirmware yiya kwiphepha leMifuziselo yeRouter, fumana imodeli efunekayo, kwaye utshintshele kwiiManuals okanye iFirmware tab, ngokulandelanayo.
  • Iiphakheji zokufakela ii-Router Apps kunye neencwadana ziyafumaneka kwiphepha le-Router Apps.
  • Ukufumana amaXwebhu oPhuhliso, yiya kwiphepha le-DevZone.

Amaxwebhu / Izibonelelo

ADVANTECH Router App Net Flow Pfix [pdf] Isikhokelo somsebenzisi
I-Router App Net Flow Pfix, i-App Net Flow Pfix, i-Net Flow Pfix, Flow Pfix, Pfix

Iimbekiselo

Izithuba eziyeleleneyo

Shiya uluvo

Idilesi yakho ye-imeyile ayizupapashwa. Iindawo ezifunekayo ziphawulwe *