Huawei NetEngine5000E Configuration Manual Download Page 88 | Manualshive

Page: 88 / 203

Huawei NetEngine5000E Configuration Manual Download Page 88

addresses are reallocated due to network adjustment), you need to change the IP address of the
NM station in the ACL. Otherwise, the NM station cannot access the device.

3.4.3 Configuring SNMPv3 Authentication and Privacy

This section describes how to configure authentication and privacy to implement security
features of SNMPv3.

Procedure

Step 1

Run:

system-view

The system view is displayed.

Step 2

Run:

snmp-agent group

v3

group-name

An SNMPv3 user group is configured.

Step 3

(Optional) Configure an ACL, add an ACL rule and to apply an ACL to SNMPv3 user group.
1.

Run:

acl

acl-number

A basic ACL is created.

2.

Run:

rule

[

rule-id

] {

deny

|

permit

}

source

{

source-ip-address

source-wildcard

|

any

}

A rule is added to the ACL.

3.

Run:

snmp-agent group

v3

group-name

acl

acl-number

The ACL is applied.

Step 4

Add an SNMPv3 user to a user group.

Run:

snmp-agent usm-user

v3

user-name

group-name

A specific user is added to a specified SNMPv3 user group.

By mapping SNMPv3 users in different user groups into different views, you can configure
different access rights for SNMPv3 users in different user groups.

Step 5

(Optional) Configure an ACL for an SNMPv3 user.
1.

Run:

acl

acl-number

A basic ACL is created.

2.

Run:

rule

[

rule-id

] {

deny

|

permit

}

source

{

source-ip-address

source-wildcard

|

any

}

A rule is added to the ACL.

3.

Run:

snmp-agent usm-user

v3

user-name

group-name

acl

acl-number

HUAWEI NetEngine5000E Core Router
Configuration Guide - System Management

3 SNMP Configuration

Issue 01 (2011-10-15)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

80

«
...
86
87
88
89
90
...
»

Summary of Contents for NetEngine5000E

Page 1: ...HUAWEI NetEngine5000E Core Router V800R002C01 Configuration Guide System Management Issue 01 Date 2011 10 15 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ...ions Optional The following table lists the product versions related to this document Product Name Version HUAWEI NetEngine5000E Core Router V800R002C01 Symbol Conventions The symbols that may be found in this document are defined as follows Symbol Description Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury Indicates a hazard with a medium o...

Page 4: ...ne item is selected x y Optional items are grouped in brackets and separated by vertical bars One item is selected or no item is selected x y Optional items are grouped in braces and separated by vertical bars A minimum of one item or a maximum of all items can be selected x y Optional items are grouped in brackets and separated by vertical bars Several items or no item can be selected 1 n The par...

Page 5: ... 5 1 Configuring a Cleaning Cycle for the Air Filter 9 1 5 2 Remonitoring the Cleaning Cycle of the Air Filter 10 1 5 3 Checking the Configuration 10 1 6 Configuration Examples 11 1 6 1 Example for Powering Off the MPU 11 2 NTP Configuration 13 2 1 NTP Overview 14 2 2 NTP Features Supported by the NE5000E 14 2 3 Configuring Basic NTP Functions 18 2 3 1 Configuring the NTP Primary Clock 19 2 3 2 Co...

Page 6: ...7 3 2 2 Optional Controlling the NM Station s Access to the Device 59 3 2 3 Optional Configuring the Trap Function 61 3 2 4 Checking the Configuration 62 3 3 Configuring a Device to Communicate with an NM Station by Running SNMPv2c 64 3 3 1 Configuring Basic SNMPv2c Functions 65 3 3 2 Optional Controlling the NM Station s Access to the Device 68 3 3 3 Optional Configuring the Trap Function 69 3 3 ...

Page 7: ... FM Supported by the NE5000E 114 5 3 Configuring FM 114 5 3 1 Setting the Alarm Severity 115 5 3 2 Configuring a Suppression Period for an Alarm 115 5 3 3 Configuring Alarm Suppression 116 5 3 4 Filtering Out All Alarms 117 5 3 5 Configuring an Alarm Filtering Table to Filter Out Alarms 117 5 3 6 Saving Alarms to a Log File 118 5 3 7 Checking the Configuration 119 5 4 Maintenance 120 5 4 1 Clearin...

Page 8: ... Processing Mode 160 6 6 2 Configuring an Aggregation Mode for IPv6 Flows 162 6 6 3 Outputting Aggregated Flows 164 6 6 4 Optional Adjusting the AS Field Mode and Interface Index Type 165 6 6 5 Sampling IPv6 Flows 166 6 6 6 Checking the Configuration 168 6 7 Collecting Statistics About MPLS IPv4 Packets 169 6 8 Collecting Statistics About MPLS IPv6 Packets 173 6 9 Collecting Statistics About BGP M...

Page 9: ... operation master slave switchover device monitoring device restart and board reset 1 3 Powering Off the Board When a board fails or needs maintenance or a hardware upgrade you need to power off the board Then you can remove the board 1 4 Managing Online Devices You need to manage online devices to ensure that the network works normally This section describes common operations of managing online d...

Page 10: ...nitoring device restart and board reset l Power off operation You can power on or power off a board through command lines to perform hot swapping without interrupting services on the router l Mster slave switchover The NE5000E supports the backup technology The main control boards work in 1 1 backup mode which is the precondition of the master slave switchover in the system l Device monitoring In ...

Page 11: ...e the slave MPU immediately l Power off the SFU During normal operation of the device four SFUs work in 3 1 load balancing mode You need to remove an SFU in any of the following situations The SFU needs maintenance for example dust cleaning The SFU fails and needs to be repaired or replaced l Power off the LPU You need to power off the LPU in any of the following situations The LPU needs maintenan...

Page 12: ...PU by pressing the OFL button The OFL button is in the upper part of the panel of the LPU Press and hold the button for six seconds If the OFL indicator lights it indicates that the LPU is powered off End Checking the Configuration After the power off operation run the display device command If the slave MPU is in the abnormal state it means that the operation succeeds For example HUAWEI display d...

Page 13: ... the display version slot slot id command to view versions of the router You can run the display version slot slot id command in any view to view versions of the router Versions of the router include l System software version l Hardware and software versions of the MPUs l Hardware and software versions of the SFUs l Hardware and software versions of the LPUs l Hardware and software versions of fan...

Page 14: ... 1 Run the display cpu usage configuration slave slot slot id command to check the CPU usage of an MPU or an LPU NOTE To set the threshold of the CPU usage of the MPU you can run the set cpu usage threshold threshold value restore restore threshold value slave slot slot id command End 1 4 5 Checking Device Temperatures By checking device temperatures you can view the current temperature status tem...

Page 15: ...rds l Working status of voltage sensors for the boards l Alarm threshold of the board voltage l Actual board voltage l Normal working temperature of the voltage sensors End 1 4 7 Checking the Power Module By checking information about the current power module of the device you can view the slot ID of the power module whether the power module is in position the working mode of the power module and ...

Page 16: ...gurations Context CAUTION Be cautious to use the reboot command because it can break down the entire network for a short period In addition check whether configuration files need be saved before restarting the device Procedure Step 1 Run reboot The device is immediately restarted After the reboot command is run the system checks whether the current configuration is consistent with the configuratio...

Page 17: ...sts this command performs the master slave MPU switchover l If the board is still abnormal after being reset contact Huawei technical support personnel End 1 5 Configuring a Cleaning Cycle for the Air Filter This section describes the procedure for configuring a cleaning cycle for the air filter Applicable Environment When the air filter has been running for a period of a cleaning cycle time the s...

Page 18: ...ear the alarm and remonitor the cleaning cycle of the air filter Do as follows on the router Procedure Step 1 Run reset dustproof run time The alarm is cleared The cleaning cycle of the air filter is monitored End 1 5 3 Checking the Configuration Procedure Step 1 Run display dustproof Information about the air filter is displayed End Example Run the display dustproof command You can view informati...

Page 19: ...ssis scenario interfaces are numbered in the format of chassis ID slot number card number interface number This requires the chassis ID to be specified along with the slot number The NE5000E cannot work with a single MPU for a long time If the MPU fails the whole system is broken down After the slave MPU is powered off you must finish required operations and restore the MPU immediately Configurati...

Page 20: ...d Primary 0 2 LPU Present Registered Normal LC 0 NA 0 9 LPU Present Registered Normal LC 0 NA 0 11 LPU Present Registered Normal LC 0 NA 0 16 LPU Present Registered Normal LC 0 NA 0 17 MPU Present Registered Normal MMB 0 Master 0 18 MPU Present Unregistered Abnormal MMB 0 Slave 0 19 SFU Present Registered Normal OTHER 0 NA 0 20 SFU Present Registered Normal OTHER 0 NA 0 21 SFU Present Registered N...

Page 21: ...4 Configuring NTP Security Mechanisms This section describes how to ensure the security of NTP sessions through NTP security mechanisms 2 5 Configuring the System Clock You need to correctly set the system clock to ensure synchronization with other devices 2 6 Maintaining NTP This section describes how to maintain NTP Maintaining NTP helps you to monitor the NTP operating status 2 7 Configuration ...

Page 22: ...ame clock for reference to ensure a proper sequence of implementation l Incremental backup between the backup server and clients Clocks on the backup server and clients should be synchronized When all the devices on a network need to be synchronized it is almost impossible for an administrator to manually change the system clock by executing commands This is because the work load is heavy and cloc...

Page 23: ...outerA 10 00 00 am NTP Packet received at 10 00 03 am RouterA RouterA RouterA RouterB RouterB RouterB Step1 Step2 Step3 Step4 Network RouterB NTP packet NTP packet 11 00 01 am 10 00 00 am NTP packet 11 00 01 am 10 00 00 am 11 00 02 am Network Network Network The process of synchronizing system clocks is as follows 1 Router A sends an NTP packet to Router B The packet carries the originating timest...

Page 24: ...des as listed in Table 2 1 Table 2 1 NTP working mode Working Mode Location and Synchronization Direction Working Principle Unicast Server Client Mode In this mode you need to configure only on the client The server needs to be configured with only one NTP primary clock The client can be synchronized with the server but the server cannot be synchronized with the client 1 The client sends a synchro...

Page 25: ...passive mode Symmetric passive also forms a dynamic session with symmetric active Broadcast Mode In this mode you need to configure both the server and the client The client can be synchronized with the server but the server cannot be synchronized with the client 1 The server periodically sends clock synchronization packets to the broadcast address 255 255 255 255 2 The client senses broadcast pac...

Page 26: ...ulticast packets to synchronize the local clock 2 3 Configuring Basic NTP Functions This section describes how to configure basic NTP functions Applicable Environment NTP has four operation modes Select a proper mode based on the networking topology to meet various clock synchronization requirements In unicast server client mode and peer mode NTP packets can have the same source IP address Pre con...

Page 27: ... for Configuring Multicast Mode 2 3 1 Configuring the NTP Primary Clock This section describes how to configure the NTP primary clock The stratum configured for the master clock on the server must be lesser than that for the clock on the client Otherwise the clock on the client cannot synchronize with the master clock on the server Do as follows on the Server Procedure Step 1 Run system view HUAWE...

Page 28: ...d 2 Optional Run ntp service source interface interface type interface number vpn instance vpn instance name The specified source interface IP address is used as the source IP address to send NTP packets irrespective of the out going interface 3 Run ntp service unicast server ip address version number authentication keyid key id source interface interface type interface number vpn instance vpn ins...

Page 29: ...om the server and clock synchronization fails 3 Run commit The configurations are committed End 2 3 3 Configuring the Peer Mode This section describes how to configure the NTP peer mode In this mode clocks on the two peers synchronize with each other Each side can send the clock synchronization request message to the peer and reply the clock synchronization request message from the peer Procedure ...

Page 30: ...monly specify the IP address of the NTP symmetric passive on the symmetric active The symmetric active and symmetric passive can then exchange NTP packets using this IP address If the source interface to send NTP packets is specified on the symmetric passive end the IP address of the NTP peer configured on the symmetric active end should be the same otherwise the active end cannot process NTP pack...

Page 31: ...g the ntp service max dynamic sessions command does not affect the setup of NTP sessions When the number of the sessions reaches or exceeds the maximum the new session cannot be set up further 3 Run interface interface type interface number The view of the interface receiving NTP broadcast messages is displayed 4 Run ntp service broadcast client The local router is configured as an NTP broadcast c...

Page 32: ... local sessions allowed to be set up dynamically is set By default up to 100 NTP sessions can be set up dynamically Running the ntp service max dynamic sessions command does not affect the setup of NTP sessions When the number of the sessions reaches or exceeds the maximum the new session cannot be set up further 3 Run interface interface type interface number The view of the interface receiving N...

Page 33: ...ssions the status of the NTP service and so on Prerequisite All configurations of basic NTP functions are complete Procedure l Run the display ntp service sessions command to view the details about the configured and the dynamic NTP sessions l Run the display ntp service status command to view the status of the NTP service l Run the display ntp service trace command to trace the path of reference ...

Page 34: ...27 127 1 0 Run the display ntp service bd status command to view the status of each board on a router HUAWEI display ntp service bd status Board ID 17 Sync Source 127 127 1 0 NTP Server Configured No Clock Status synchronized Offset 0 7 ms Clock Precision 2 17 Poll 8 Reference Time 17 04 55 236 UTC Sep 11 2009 CE5501B7 3C8D4BAD Current Time 17 05 39 359 UTC Sep 11 2009 CE5501E3 5C0DB270 2 4 Config...

Page 35: ...server During the configuration of NTP authentication pay attention to the following rules Configure NTP authentication on both the client and the server otherwise the authentication does not take effect If NTP authentication is enabled a reliable key needs to be configured at the same time The authentication key configured on the server and that on the client should be consistent In NTP peer mode...

Page 36: ...cation in broadcast mode Enable NTP authentication Configure NTP authentication reliable key Mandatory procedure Optional procedure Related Tasks 2 7 1 Example for Configuring NTP Authentication in Unicast Server and Client Mode 2 7 3 Example for Configuring NTP Authentication in Broadcast Mode HUAWEI NetEngine5000E Core Router Configuration Guide System Management 2 NTP Configuration Issue 01 201...

Page 37: ...d NTP access authorities Table 2 2 Description of the NTP access authorities NTP Operation Mode Limited NTP Query Supported Devices Unicast NTP server client mode Synchronizing the client with the server Client Unicast NTP server client mode Clock synchronization request from the client Server NTP peer mode Clock synchronization with each other Symmetric active end NTP peer mode Clock synchronizat...

Page 38: ...id authentication mode md5 password The NTP authentication key is configured Step 4 Run ntp service reliable authentication keyid key id The authentication key is declared to be reliable Step 5 Run commit The configurations are committed End 2 4 3 Configuring NTP Authentication in Unicast Server Client Mode By configuring the authentication key ID used in the synchronization with the specific NTP ...

Page 39: ... key id source interface interface type interface number vpn instance vpn instance name preference The authentication key ID for the synchronization of the symmetric active and symmetric passive clocks is configured Step 3 Run commit The configurations are committed End 2 4 5 Configuring NTP Authentication in Broadcast Mode After NTP authentication is enabled you can configure the authentication k...

Page 40: ...p service multicast server ip address authentication keyid key id ttl ttl number version number The authentication key ID used by the NTP multicast server is configured Step 4 Run commit The configurations are committed End 2 4 7 Checking the Configuration After the NTP security mechanisms are configured you can view the details about the status of the NTP service and the status of NTP sessions Pr...

Page 41: ...rsion 3 peer interface wildcard reftime 10 01 38 546 UTC Sep 5 2005 C6C69602 8C00DA1A orgtime 10 01 43 463 UTC Sep 5 2005 C6C69607 76ACC921 rcvtime 10 01 43 480 UTC Sep 5 2005 C6C69607 7AF4ADBC xmttime 10 01 43 452 UTC Sep 5 2005 C6C69607 73F1E8E6 filter delay 0 03 0 02 0 03 0 02 0 02 0 02 0 04 0 02 filter offset 0 00 0 01 0 00 0 01 0 00 0 00 0 00 0 00 filter disper 0 03 0 02 0 00 0 11 0 09 0 08 0...

Page 42: ... second third fourth last weekday month end date offset start year end year The daylight saving time is set End Checking the Configuration Run the display clock command to display the system time HUAWEI display clock 2010 07 20 10 04 21 Tuesday Time Zone Default Zone Name add 00 00 00 2 6 Maintaining NTP This section describes how to maintain NTP Maintaining NTP helps you to monitor the NTP operat...

Page 43: ... take place In general for successful NTP authentication you must completely configure the NTP client and server Networking Requirements CAUTION On a single NE5000E an interface is numbered in the format of slot number card number interface number On an NE5000E cluster the interface is numbered in the format of chassis ID slot number card number interface number This requires the chassis ID to be ...

Page 44: ...nize its clock with the clock of Router A 3 Configure Router C and Router D to synchronize their clocks with the clock of Router B 4 Enable NTP authentication on all the Routers Data Preparation To complete the configuration you need the following data l IP address of the reference clock l Stratum of the primary NTP clock l Authentication key and its ID Procedure Step 1 Configure the IP addresses ...

Page 45: ... server of Router D RouterD system view RouterD ntp service authentication enable RouterD ntp service authentication keyid 42 authentication mode md5 Hello RouterC ntp service reliable authentication keyid 42 RouterD ntp service unicast server 10 0 0 1 authentication keyid 42 RouterD commit Step 6 Verify the configuration After the configurations the clock on Router B can be synchronized with the ...

Page 46: ...189 Display NTP status on Router A RouterA display ntp service status clock status synchronized clock stratum 2 reference clock ID LOCAL 0 nominal frequency 60 0002 Hz actual frequency 60 0002 Hz clock precision 2 18 clock offset 0 0000 ms root delay 0 00 ms root dispersion 26 50 ms peer dispersion 10 00 ms reference time 12 01 48 377 UTC Mar 2 2006 C7B15D2C 60A15981 End Configuration Files l Conf...

Page 47: ...ver 10 0 0 1 authentication keyid 42 ntp service authentication enable interface GigabitEthernet1 0 0 undo shutdown ip address 10 0 0 2 255 255 255 0 return l Configuration file of Router D sysname RouterD ntp service authentication keyid 42 authentication mode md5 ENC 8HX Q Q MAF4 1 ntp service reliable authentication keyid 42 ntp service unicast server 10 0 0 1 authentication keyid 42 ntp servic...

Page 48: ...orking diagram of the NTP peer mode RouterC RouterD RouterE GE1 0 0 3 0 1 31 24 GE1 0 0 3 0 1 32 24 GE1 0 0 3 0 1 33 24 Configuration Notes Before configuring a peer mode ensure the peer is reachable from host side Configuration Roadmap The configuration roadmap is as follows 1 Configure the clock on Router C to be the NTP primary clock The clock on Router D should be synchronized to the clock on ...

Page 49: ...vice status clock status synchronized clock stratum 3 reference clock ID 3 0 1 31 nominal frequency 64 0029 Hz actual frequency 64 0029 Hz clock precision 2 7 clock offset 0 0000 ms root delay 62 50 ms root dispersion 0 20 ms peer dispersion 7 81 ms reference time 06 52 33 465 UTC Mar 7 2006 C7B7AC31 773E89A8 Step 3 Configure the unicast NTP peer mode On Router E configure Router D to be the symme...

Page 50: ...e unicast server 3 0 1 31 interface GigabitEthernet1 0 0 undo shutdown ip address 3 0 1 32 255 255 255 0 return l Configuration file of Router E sysname RouterE ntp service unicast peer 3 0 1 32 interface GigabitEthernet1 0 0 undo shutdown ip address 3 0 1 33 255 255 255 0 return Related Tasks 2 3 Configuring Basic NTP Functions 2 7 3 Example for Configuring NTP Authentication in Broadcast Mode On...

Page 51: ... respectively from GE 1 0 0 of them l Enable NTP authentication on Router A Router C and Router D Figure 2 6 Networking diagram of the NTP broadcast mode GE1 0 0 1 0 1 11 24 Router A Router F Router C Router D GE1 0 0 1 0 1 2 24 GE2 0 0 3 0 1 2 24 GE1 0 0 3 0 1 31 24 GE1 0 0 3 0 1 32 24 Configuration Notes Before configuring key at the client and server side ensure the key already exists Configura...

Page 52: ...ter D on the same network segment as that of the NTP server Enable NTP authentication RouterD system view RouterD ntp service authentication enable RouterD ntp service authentication keyid 16 authentication mode md5 Hello RouterD ntp service reliable authentication keyid 16 Configure Router D to be the NTP broadcast client Router D senses the broadcast packets on GE 1 0 0 RouterD interface gigabit...

Page 53: ... 0 00 ms root dispersion 0 42 ms peer dispersion 0 00 ms reference time 12 17 21 773 UTC Mar 7 2006 C7B7F851 C5EAF25B End Configuration Files l Configuration file of Router A sysname RouterA ntp service authentication keyid 16 authentication mode md5 ENC 8HX Q Q MAF4 1 ntp service reliable authentication keyid 16 ntp service authentication enable interface GigabitEthernet1 0 0 undo shutdown ip add...

Page 54: ...0 0 255 return Related Tasks 2 4 Configuring NTP Security Mechanisms 2 7 4 Example for Configuring Multicast Mode In a multicast domain the device with high clock precision functions as the NTP server and other devices are synchronized to the clock of the NTP server Networking Requirements CAUTION On a single NE5000E an interface is numbered in the format of slot number card number interface numbe...

Page 55: ...outer D as NTP multicast clients Data Preparation To complete the configuration you need the following data l IP addresses of Router A Router C Router D and Router F l Stratum of the NTP primary clock Procedure Step 1 Configure an IP address for each Router Configure IP addresses based on Figure 2 7 The detailed procedures are not mentioned here Step 2 Configure an NTP multicast server Set the loc...

Page 56: ...wever fails to be synchronized because Router A and Router C are in different network segments and Router A cannot sense the multicast packets sent from Router C Check the NTP status on Router D and you can find that the clock status is synchronized That is clock synchronization completes The stratum of the clock on Router D is 3 one stratum lower than that on Router C RouterD display ntp service ...

Page 57: ...e of Router D sysname RouterD interface GigabitEthernet1 0 0 undo shutdown ip address 3 0 1 32 255 255 255 0 ntp service multicast client return Related Tasks 2 3 Configuring Basic NTP Functions HUAWEI NetEngine5000E Core Router Configuration Guide System Management 2 NTP Configuration Issue 01 2011 10 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 49 ...

Page 58: ...a Device to Communicate with an NM Station by Running SNMPv2c After SNMPv2c is configured a managed device and an NM station can run SNMPv2c to communicate with each other To ensure communication you need to configure the agent and NM station This section describes the configuration on a managed device the agent side For details about configuration on an NM station see the pertaining NMS operation...

Page 59: ... information between the NM station and devices SNMP defines several device management operations that can be performed by the NM station and allow devices to notify the NM station of device faults by sending alarms SNMP Components An SNMP managed network consists of the following three components l NM station sends various packets to query managed devices and receives alarms from these devices l ...

Page 60: ...to describe the hierarchy of data in a MIB that collects the definitions of variables on the managed devices A user can use a standard MIB or define a MIB based on certain standards Using a standard MIB can reduce the costs on proxy deployment and therefore reduce the costs on the entire network management system SNMP Operations SNMP uses Get and Set operations to replace a complex command set The...

Page 61: ...ack and is processed by SNMP agent GetBulk Is an NMS to agent request equaling continuous GetNext operations SetRequest Sets the value of a variable The NM station sends the request to a managed device to adjust the status of an object on the device Trap Reports an event to the NM station Inform Reports an event to the NM station and require acknowledgement from the NM station 3 1 2 SNMP Features ...

Page 62: ...ending security Error code Error codes help the administrator to identify and rectify faults It is easy for the administrator to manage the device if the error codes are more with variety Trap Traps are sent from managed devices to the NM station Traps help administrator to know device faults The managed devices do not require the acknowledgement from the NM station after sending traps Inform Info...

Page 63: ...e as follows Authentication mode l MD5 l SHA Privacy mode DES56 Error code 6 error codes supported 16 error codes supported 16 error codes supported Trap Supported Supported Supported Inform Not supported Supported Supported GetBulk Not supported Supported Supported Table 3 4 Usage scenarios of different SNMP versions Version Usage Scenario SNMPv1 This version is applicable to small scale networks...

Page 64: ... Configuring a Device to Communicate with an NM Station by Running SNMPv1 After SNMPv1 is configured a managed device and an NM station can run SNMPv1 to communicate with each other To ensure communication you need to configure the agent and NM station This section describes the configuration on a managed device the agent side For details about configuration on an NM station see the pertaining NM ...

Page 65: ...on is complete basic SNMP communication can be established between the NM station and managed device Procedure Step 1 Run system view The system view is displayed Step 2 Optional Run snmp agent The SNMP agent function is enabled By default the SNMP agent function is disabled By executing the snmp agent command with any parameters can enable the SNMP agent function Step 3 Run snmp agent sys info ve...

Page 66: ... number params securityname security name v1 The descriptions of the command parameters are as follows l udp port The default UDP port number is 162 In some special cases for example port mirroring is configured to prevent a well known port from being attacked the parameter udp port can be used to specify a non well known UDP port number This ensures communication between the NM station and manage...

Page 67: ... described in Configuring the Trap Function 3 2 2 Optional Controlling the NM Station s Access to the Device This section describes how to specify an NM station and manageable MIB objects for SNMP based communication between the NM station and managed device to improve communication security Context If a device is managed by multiple NM stations that use the same community name note the following ...

Page 68: ...te community name cipher community name1 acl acl number mib view view name The NM station s access rights are specified l read NM station administrator configures the read parameter to provide read access to the low level administrator for a specified view l write NM station administrator configures the write parameter to provide read and write access to the low level administrator for a specified...

Page 69: ...agent trap enable feature name command is run to enable three or more trap functions of a module note the following points l To disable the trap functions of all modules you need to run the snmp agent trap disable command l To restore the trap functions of all modules to the default status you need to run the undo snmp agent trap enable or undo snmp agent trap disable command l To disable one trap...

Page 70: ...he display current configuration include trap command to check trap configuration l Run the display snmp agent vacmgroup command to check all the configured View based Access Control Model VACM groups l Run the display snmp agent target host command to check information about the target host End Example When the configuration is complete run the display snmp agent community command You can view th...

Page 71: ...fo location command You can view the location of the device HUAWEI display snmp agent sys info location The physical location of this node Beijing China Run the display current configuration include max size command You can view the allowable maximum size of an SNMP packet HUAWEI display current configuration include max size snmp agent packet max size 1800 Run the display current configuration in...

Page 72: ...agent and NM station This section describes the configuration on a managed device the agent side For details about configuration on an NM station see the pertaining NMS operation guide Applicable Environment SNMP has to be deployed in a network to allow the NMS to manage network devices If your network is of a large scale with many devices and its security requirements are not strict or the networ...

Page 73: ...figuration of basic SNMP functions After the configuration is complete basic SNMP communication can be established between the NM station and managed device Procedure Step 1 Run system view The system view is displayed Step 2 Optional Run snmp agent The SNMP agent function is enabled By default the SNMP agent function is disabled By executing the snmp agent command with any parameters can enable t...

Page 74: ...ed time period the managed device resends the inform until the number of retransmissions reaches the maximum When the managed device sends an inform it records the inform in the log If the NM station and link between the NM station and managed device recovers from a fault the NM station can still learn the inform sent during the fault occurrence and rectification In this regard informs are more re...

Page 75: ...he NMS administrator to view contact information and locations of the equipment administrator when the NM station manages many devices This helps the NMS administrator to contact the equipment administrators for fault location and rectification Step 7 Optional Run snmp agent packet max size byte count The maximum size of an SNMP packet that the device can receive or send is set By default the maxi...

Page 76: ... to have rights to access the objects in the Viewdefault view skip the following steps l If some of the NM stations need to have rights to access the objects in the Viewdefault view skip Step 5 l If all the NM stations need to manage specified objects on the device skip Steps 2 Steps 3 and Steps 4 l If some of the NM stations need to manage specified objects on the device perform all the following...

Page 77: ... have rights to access the objects in the Viewdefault view mib view view name does not need to be configured in the command l acl If all the NM stations that use the community name need to manage specified objects on the device acl acl number does not need to be configured in the command If some of the NM stations that use the community name need to manage specified objects on the device both mib ...

Page 78: ...urce interface for trap messages is specified After the source interface is specified its IP address becomes the source IP address of trap messages Configuring the IP address of the local loopback interface as the source interface is recommended which can ensure device security The source interface specified on the router for trap messages must be consistent with that specified on the NM station o...

Page 79: ...p agent inform timeout seconds resend times times host name host name address udp domain ip address vpn instance vpn instance name params securityname security name The timeout period for waiting for inform Ack messages and the number of times to resend informs are set By default the timeout period for waiting for inform Ack messages is 15 seconds and the number of times to resend informs is 3 Ste...

Page 80: ...age type nonVolatile Community name private Group name private Storage type nonVolatile Run the display snmp agent sys info version command You can view the SNMP version running on the agent HUAWEI display snmp agent sys info version SNMP version running in the system SNMPv1 SNMPv3 Run the display acl acl number command You can view the rules in the specified ACL HUAWEI display acl 2000 Basic ACL ...

Page 81: ...rap snmp agent trap source Ethernet 3 0 7 snmp agent target host host name targetHost_1_25846 trap ipv6 address udp domain 1 1 1 1 udp port 111 params securityname htipl snmp agent target host host name targetHost_2_51321 trap address udp domain 1 1 1 1 params securityname htipl snmp agent trap enable Run the display snmp agent target host command You can view information about the target host HUA...

Page 82: ...tion you need to configure the agent and NM station This section describes the configuration on a managed device the agent side For details about configurations on an NM station see the NMS operation guide Applicable Environment The NM station manages a device by the following ways l Sends requests to the managed device to perform the GetRequest GetNextRequest GetResponse GetBulk or SetRequest ope...

Page 83: ...device can send alarms to the NM station Context Steps 4 5 and 6 are mandatory to configure of basic SNMP functions After the configuration is complete basic SNMP communication can be established between the NM station and managed device Procedure Step 1 Run system view The system view is displayed Step 2 Optional Run snmp agent HUAWEI NetEngine5000E Core Router Configuration Guide System Manageme...

Page 84: ...licable to insecure networks managed by many administrators who may frequently perform operations on the same device In this mode only the authenticated administrators can access the managed device and transmitted data is encrypted to guard against interception and data leaking Step 5 Run snmp agent usm user v3 user name group name authentication mode md5 sha password privacy mode des56 password A...

Page 85: ...cally generate an engine ID for a device The engine ID consists of the enterprise number and the device information Step 8 Optional Run snmp agent sys info contact contact location location The equipment administrators contact information or location is configured This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NM st...

Page 86: ...s managed by multiple NM stations that are in the same SNMPv3 user group note the following points l If all the NM stations need to have rights to access the objects in the Viewdefault view skip the following steps l If some of the NM stations need to have rights to access the objects in the Viewdefault view skip Step 5 l If all the NM stations need to manage specified objects on the device skip S...

Page 87: ...to be configured in the command if you want to filter out irrelevant alarms and configure the managed device to send only the alarms of specified MIB objects to the NM station If the parameter is configured only the alarms of the MIB objects specified by notify view is sent to the NM station l authentication or privacy can be configured in the command to improve security If authentication is confi...

Page 88: ...ildcard any A rule is added to the ACL 3 Run snmp agent group v3 group name acl acl number The ACL is applied Step 4 Add an SNMPv3 user to a user group Run snmp agent usm user v3 user name group name A specific user is added to a specified SNMPv3 user group By mapping SNMPv3 users in different user groups into different views you can configure different access rights for SNMPv3 users in different ...

Page 89: ... agent trap enable Alarm sending is enabled Step 3 Run snmp agent trap enable feature name feature name trap name trap name A trap function of a feature module is enabled This means that an alarm of a specified feature can be sent to the NM station NOTE If the snmp agent trap enable command is run to enable the trap functions of all modules or the snmp agent trap enable feature name command is run...

Page 90: ... Step 1 Run system view The system view is displayed Step 2 Run snmp agent target host host name host name inform address udp domain ip address udp port port number vpn instance vpn instance name params securityname security name v2c v3 authentication privacy The target host that receives informs is configured NOTE The IP address of the target host in this command must be an IPv4 address Step 3 Op...

Page 91: ...un the display snmp agent mib view command to check the MIB view l Run the display snmp agent sys info contact command to check the equipment administrator s contact information l Run the display snmp agent sys info location command to check the location of the router l Run the display current configuration include max size command to check the allowable maximum size of an SNMP packet l Run the di...

Page 92: ...e nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpVacmMIB Subtree mask Storage type nonVolatile View Type excluded View status active View name ViewDefault MIB Subtree snmpCommunityMIB Subtree mask Storage type nonVolatile View Type excluded View status active Run the display snmp agent sys info contact command You can view the equipment administrator s cont...

Page 93: ...184 VPN instance Security name private Port 162 Type trap Version v3 Level No authentication and privacy NMS type HW NMS Run the display snmp agent inform command You can view the configuration of inform notifications HUAWEI display snmp agent inform Global config resend times 3 timeout 15s pending 39 Global status current notification count 0 Target host ID Host name VPN instance IP Address Secur...

Page 94: ...nterface number This requires the chassis ID to be specified along with the slot number As shown in Figure 3 7 two NM stations NMS1 and NMS2 and the router are connected across a public network According to the network planning NMS2 can manage every MIB object except HGMP on the router and NMS1 does not manage the router On the router only the modules that are enabled by default are allowed to sen...

Page 95: ...Step 2 Enable the SNMP agent HUAWEI system view HUAWEI snmp agent HUAWEI commit Step 3 Configure the router to run SNMPv1 HUAWEI snmp agent sys info version v1 HUAWEI commit Step 4 Configure the NM stations access rights Configure an ACL to allow NMS2 to manage and disallow NMS1 from managing the router HUAWEI acl 2001 HUAWEI acl basic 2001 rule 5 permit source 1 1 1 2 0 0 0 0 HUAWEI acl basic 200...

Page 96: ... SNMPv1 SNMPv3 Check information about the SNMP community name HUAWEI display snmp agent community Community name adminnms2 Group name adminnms2 Acl 2001 Storage type nonVolatile Check the configured ACL HUAWEI display acl 2001 Basic ACL 2001 2 rules Acl s step is 5 rule 5 permit source 1 1 1 2 0 0 0 0 rule 6 deny source 1 1 1 1 0 0 0 0 Check the MIB view HUAWEI display snmp agent mib view viewnam...

Page 97: ...arget host trap address udp domain 1 1 1 2 params securityname 1 1 3 1 snmp agent mib view excluded allexthgmp hwCluster snmp agent trap enable return 3 5 2 Example for Configuring a Device to Communicate with an NM Station by Using SNMPv2c This section provides an example to describe how to configure a device to communicate with an NM station by using SNMPv2c and how to specify the MIB objects th...

Page 98: ... if a fault occurs Figure 3 8 Networking diagram for configuring a device to communicate with an NM station by using SNMPv2c 1 1 2 1 24 GE1 0 0 Router 1 1 1 1 24 1 1 1 2 24 NMS2 IP Network NMS1 Configuration Roadmap The configuration roadmap is as follows 1 Enable the SNMP agent 2 Configure the router to run SNMPv2c 3 Configure an ACL to allow NMS2 to manage every MIB object except HGMP on the rou...

Page 99: ...figure a community name to allow NMS2 to manage the objects in the MIB view HUAWEI snmp agent community write adminnms2 mib view allexthgmp acl 2001 HUAWEI commit Step 5 Configure the trap function HUAWEI snmp agent target host inform address udp domain 1 1 1 2 params securityname 1 1 2 1 HUAWEI snmp agent inform timeout 5 resend times 6 pending 7 HUAWEI commit Step 6 Configure the contact informa...

Page 100: ...46 IP address 1 1 1 2 VPN instance Security name 1 1 2 1 Port 162 Type trap Version v1 Level No authentication and privacy NMS type NMS Check the contact information of the equipment administrator HUAWEI display snmp agent sys info contact The contact person for this managed node call Operator at 010 12345678 End Configuration Files Configuration file of the router acl number 2001 rule 5 permit so...

Page 101: ...mber card number interface number This requires the chassis ID to be specified along with the slot number As shown in Figure 3 9 two NM stations NMS1 and NMS2 and the router are connected across a public network According to the network planning NMS2 can manage every MIB object except HGMP on the router and NMS1 does not manage the router On the router only the modules that are enabled by default ...

Page 102: ...n of the equipment administrator 6 Configure NMS2 Data Preparation To complete the configuration you need the following data l SNMP version l User group name l User name and password l Authentication and privacy algorithms l ACL number l IP address of the NM station l Contact information of the equipment administrator Procedure Step 1 Configure available routes between the router and the NM statio...

Page 103: ...min privacy write view allexthgmp acl 2001 HUAWEI commit Step 5 Configure the trap function HUAWEI snmp agent target host trap address udp domain 1 1 1 2 params securityname 1 1 3 1 v3 HUAWEI snmp agent trap enable Warning All switches of SNMP trap notification will be open Continue Y N Y HUAWEI commit Step 6 Configure the contact information of the equipment administrator HUAWEI snmp agent sys in...

Page 104: ...ve Check the target host HUAWEI display snmp agent target host Target host NO 1 Host name targetHost_1_25846 IP address 1 1 1 2 VPN instance Security name 1 1 3 1 Port 162 Type trap Version v3 Level No authentication and privacy NMS type NMS Check the contact information of the equipment administrator HUAWEI display snmp agent sys info contact The contact person for this managed node call Operator...

Page 105: ... v3 admin privacy write view allexthgmp acl 2001 snmp agent target host trap address udp domain 1 1 1 2 params securityname 1 1 3 1 v3 snmp agent mib view excluded allexthgmp hwHgmp snmp agent usm user v3 nms2 admin admin authentication mode md5 VK MYJF 97 aP 1 privacy mode des56 VK MYJF 97 aP 1 return HUAWEI NetEngine5000E Core Router Configuration Guide System Management 3 SNMP Configuration Iss...

Page 106: ... of logs to be displayed 4 5 Setting the Maximum Number of Traps to Be Displayed This section describes how to set the number of trap messages to be displayed 4 6 Saving Logs to a Local Log File This section describes how to save logs to a local log file 4 7 Configuring Logs to Be Output to a Log Host This section describes how to configure logs to be output to a specified log host 4 8 Maintenance...

Page 107: ... 4 1 logs are divided into the following types Table 4 1 Log naming Naming Method Description currentDevLog l og Single diagnostic log file of the system log log Single log file of the system Dev_SlotID_tim e log zip Log file in Dev_SlotID_time log zip format When a single log file is a larger than 8 MB it will be compressed as a Dev_SlotID_time log zip file SlotID indicates a slot ID time indicat...

Page 108: ...vice a wrong command or a wrong password 4 Warning Warning conditions An exception occurs such as disabling of a routing process packet loss detected by BFD or receipt of a wrong protocol packet 5 Notice Normal but significant conditions A key operation is performed to keep a device run properly such as running the shutdown command neighbor discovery or status change of the protocol state machine ...

Page 109: ...he module that outputs the log to the information center B Log severity level Indicates the log severity value CCC Description Describes the log type l Information type Identifies a user log VR X CID ZZZ Virtual router information X virtual router ID ZZZ component ID YYYY Descriptor Indicates the log contents that are output to the information center by each module The descriptor is filled in by e...

Page 110: ...ng sure that the device is powered on l Ensuring that the device self check succeeds Procedure Step 1 Run system view The system view is displayed Step 2 Run info center logbuffer size buffersize The maximum number of logs to be displayed is set By default a maximum of 512 logs are displayed End Checking the Configuration Run the display logbuffer starttime starttime value endtime endtime value le...

Page 111: ...etting the number of trap messages to be displayed complete the following tasks l Confirming that the device is powered on correctly and the self test is successful Procedure Step 1 Run system view The system view is displayed Step 2 Run info center trapbuffer Display of traps is enabled By default display of traps is enabled Step 3 Run info center trapbuffer size buffersize The number of trap mes...

Page 112: ...0504041811 log zip 2010 08 13 07 05 14 HUAWEI 01cli 5 CLI_USER_LOGIN l VR 0 CID 2160731923 Common username root login from CONSOLE channelid 32768 result Login success 2010 08 13 07 05 16 HUAWEI 01cli 5 CLI_CMD_RECORD_NO_RESULT l VR 0 CID 2160731923 Record command information Task Common AccessMode CONSOLE User root Command sy 2010 08 13 07 05 17 HUAWEI 01cli 5 CLI_CMD_RECORD_NO_RESULT l VR 0 CID ...

Page 113: ...4 2 Flowchart for configuring logs to be output to a log host Enable the information center Mandatory procedure Optional procedure Specify a source interface for sending logs to a log host Configure logs to be output to a specified log host Related Tasks 4 9 2 Example for Configuring Logs to Be Output to a Log Host 4 7 1 Enabling the Information Center The information center is enabled by default ...

Page 114: ...he source interface for sending logs to the log host After the source interface is specified if the router sends logs to the log host the logs carry the IP address of this interface as the source address This helps the log host locate the router from which the logs come facilitating log search By default the source interface is the interface that sends out logs Step 3 Run commit The configuration ...

Page 115: ... log level By default the device does not output logs to any log host The system can output logs to a maximum of eight log hosts at the same time This allows backup among log hosts Step 3 Run commit The configuration is committed End 4 7 4 Checking the Configuration After configuring logs to be output to a specified log host you can view the configuration Prerequisite The configurations of outputt...

Page 116: ...scribes how to save logs to a local log file Networking Requirements CAUTION On a single NE5000E an interface is numbered in the following format slot number card number interface number On an NE5000E cluster an interface is numbered in the format of chassis ID slot number card number interface number and a slot is numbered in the format of chassis ID slot number On the network shown in Figure 4 3...

Page 117: ...user name and password used on the FTP server The configuration details are not provided here Step 3 Save logs to a log file RouterA save logfile Step 4 Upload the log file to the FTP server Switch to the path of the log file RouterA cd cfcard logfile Log in to the FTP server RouterA ftp 10 1 1 1 Trying to connect Press CTRL K to abort Connected to the server 220 FTP service ready User ftp 10 1 1 ...

Page 118: ...assis ID slot number The router can generate a large number of logs which may exceed limited storage space of the router To address this problem a log host can be configured to store all logs On the network shown in Figure 4 4 the router is required to send logs to the log host Server 1 Server 2 is required to serve as a backup host for Server 1 The configurations need to be performed on both the ...

Page 119: ...st source loopback 0 Step 5 Run the commit command to commit the configuration Step 6 Configure the log host The log host is a host running the UNIX or LINUX operating system or a log software l If the host runs the UNIX or LINUX operating system enable Syslog in the system to record and collect log information The following part uses a host running the UNIX operating system as an example Create a...

Page 120: ...nagement system The configuration details are not provided here End Configuration Files info center loghost source Loopback0 info center loghost 10 1 1 1 info center loghost 10 1 1 2 sysname HUAWEI interface Loopback0 ip address 1 1 1 1 255 255 255 0 return Related Tasks 4 7 Configuring Logs to Be Output to a Log Host HUAWEI NetEngine5000E Core Router Configuration Guide System Management 4 Log Ma...

Page 121: ...alarm simulation functions which help users rapidly and accurately complete the configuration 5 3 Configuring FM Users can configure FM on a device to use the alarm filtering alarm delivery and alarm suppression functions 5 4 Maintenance You can use maintenance commands to collect statistics about faults and clear them after further analysis 5 5 Configuration Examples This section provides an exam...

Page 122: ...out cannot be displayed which hinders network management FM is used to dynamically manage and report alarms generated on devices in a centralized manner The NE5000E currently supports the following FM functions l Filtering out repeated alarms service intermittency alarms and flapping alarms l Filtering out the alarms that users are not concerned about l Displaying alarm configurations active alarm...

Page 123: ... only these types of alarms to the NMS Step 4 Run commit The configuration is committed End 5 3 2 Configuring a Suppression Period for an Alarm Users can configure a suppression period for an alarm to prevent the alarm from being reported frequently Procedure Step 1 Run system view The system view is displayed Step 2 Run alarm The alarm management view is displayed Step 3 Run suppression name alar...

Page 124: ...rm Suppression The system suppresses repeated alarms persistent alarms and service intermittency alarms by default Users can disable alarm suppression for alarms that they are concerned about hardware alarms and ambient alarms Context The impacts of alarm suppression on the system are as follows l When alarm suppression is enabled alarm suppression takes effect and you can configure an alarm suppr...

Page 125: ...ll alarms End 5 3 5 Configuring an Alarm Filtering Table to Filter Out Alarms This section describes how to edit and apply an alarm filtering table An alarm filtering table can be used by different terminal users to filter out the alarms that they are not concern about Context Terminal users include command line users and NMS users Different users are concerned about different types of alarms Term...

Page 126: ...ature name command to cancel the configuration l Run the mask severity severity command to filter out an alarm with specific severity The severity of an alarm can be Critical Major Minor or Warning To filter out multiple alarms with specific levels of severity you need to run this command multiple times Run the undo mask severity severity command to cancel the configuration Step 5 Run quit Return ...

Page 127: ...ChassisId 0 BoardId 1 osNodeId 1 2010 03 11 11 55 42 HUAWEI 01haf 5 hwCpuOverload t VR 0 CID 2147615743 Cpu utilization exceeded the prealarm threshold ChassisId 0 BoardId 3 osNodeId 3 5 3 7 Checking the Configuration After configuring FM you can view information about the feature for which the alarm is generated alarm name alarm ID alarm severity and alarm suppression period Prerequisite The FM c...

Page 128: ...w is displayed Step 2 Run alarm The alarm management view is displayed Step 3 Run reset statistics name alarm name Alarm statistics are cleared The reset statistics command is used to clear all alarm statistics and the reset statistics name alarm name command is used to clear statistics about specific alarms End 5 4 2 Monitoring the Alarm Status You can run the following commands in any view to un...

Page 129: ...d 5 5 Configuration Examples This section provides an example for configuring FM 5 5 1 Example for Configuring FM This section describes how to configure FM Networking Requirements CAUTION On a single NE5000E an interface is numbered in the format of slot number card number interface number In the multi chassis scenario an interface is numbered in the format of chassis ID slot number card number i...

Page 130: ...WEI alarm suppression name hwBfdSessReachLimit cause period 5 HUAWEI alarm suppression name hwBfdSessReachLimit clear period 15 HUAWEI alarm commit After the configuration is complete run the display alarm information name hwBfdSessReachLimit command to verify the configuration HUAWEI alarm display alarm information name hwBfdSessReachLimit alarmDictionaryQuery feature BFD alarmName hwBfdSessReach...

Page 131: ...lete run the display this command in the alarm management view to verify the configuration HUAWEI alarm display this snmp target host target host1 mask name mask1 End Example sysname HUAWEI alarm suppression name hwBfdSessReachLimit cause period 5 suppression name hwBfdSessReachLimit clear period 15 alarm name hwBfdSessReachLimit severity Critical snmp target host target host1 mask name mask1 mask...

Page 132: ...plete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately 6 4 Collecting Statistics About IPv4 Aggregated Flows Before collecting statistics about IPv4 aggregated flows familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the con...

Page 133: ...llecting traffic statistics on BGP MPLS VPN networks helps users to monitor the BGP MPLS VPN network condition 6 10 Maintaining NetStream This section describes how to maintain NetStream 6 11 Configuration Examples This section provides NetStream configuration examples in different scenarios HUAWEI NetEngine5000E Core Router Configuration Guide System Management 6 NetStream Configuration Issue 01 ...

Page 134: ...single router and all routers on the network and provides functions such as proactive fault detection effective fault rectification and rapid problem solution l Application monitoring and analysis NetStream provides detailed network application information For example it allows the network administrator to view the proportion of each application such as Web the File Transfer Protocol FTP Telnet an...

Page 135: ...carded by the uRPF RPF check and fragmented packets Statistics about original IPv6 flows include the 7 tuple information source AS number destination AS number VPN ID TCP flag and BGP next hop Sampling and Statistics Collection of MPLS Flows The NE5000E supports the sampling and statistics collection of MPLS Multi Protocol Label Switching flows including the third layer label and IP header of MPLS...

Page 136: ...based aging The active time refers to the time period from when the first packet is cached on the LPU to the current time If the duration of flows in the buffer is longer than the active time these flows will be aged when new flows need to be cached l TCP disconnection based aging After a packet carrying the FIN or RST flag is transmitted over a TCP connection the TCP connection is torn down When ...

Page 137: ...ics about original flows has less impact on the NDE performance Original flows consume more storage space and network bandwidth resources because the data volume of original flows is far greater than that of aggregated flows Figure 6 2 Networking diagram of IPv4 flow statistics collection Traffic NDE NDE NSC NDA NSC NDA Pre configuration Tasks Before collecting the statistics about IPv4 original f...

Page 138: ...perform NetStream functions independently including packet sampling flow aggregation and flow output l Integrated mode In this mode the LPU only samples packets and sends sampled packets to the NetStream service processing board Flow aggregation and flow output are performed on the NetStream service processing board If the data volume collected by the router is beyond the processing capability of ...

Page 139: ...view of the slot where the LPU for NetStream sampling resides is displayed 3 Run ip netstream sampler to slot slot id1 The integrated NetStream service processing mode is configured and the NetStream service processing board is specified 4 Optional Run ip netstream sampler to slot slot id2 backup The integrated NetStream service processing mode is configured and the backup NetStream service proces...

Page 140: ...carry BGP next hop information l Interface indexes carried in the output NetStream original flows need to be extended from 16 bits to 32 bits By default NetStream original flows are output in V5 format Step 3 Optional Run ip netstream export template timeout rate timeout interval The interval at which the template for outputting original flows in V9 format is refreshed By default the output templa...

Page 141: ...ctive interval The inactive aging time is configured for NetStream original flows The default inactive aging time of NetStream original flows is 30 seconds Step 7 Run commit The configuration is committed End 6 3 3 Optional Adjusting the AS Field Mode and Interface Index Type To enable the NSC to normally receive and parse NetStream packets output from the NDE ensure that the AS field modes and in...

Page 142: ... carried in the NetStream packet output from the router is configured By default the interface index carried in the NetStream packet output from the router is of 16 bits Before converting an interface index from 16 bits to 32 bits ensure that the following conditions are met l Original flows are output in V9 format l The NetStream packet format for all aggregated flows is V9 End 6 3 4 Optional Ena...

Page 143: ...ckets l Packets discarded by the uRPF RPF check l Fragmented packets only the first fragment of each packet will be sampled NOTE If a NetStream enabled interface is bound to a VPN instance all packets in the VPN instance will be sampled Procedure Step 1 Run system view The system view is displayed Step 2 Optional Run ip netstream sampler fix packets fix packets number inbound outbound The sampling...

Page 144: ... of NetStream functions Procedure l Run the display ip netstream cache origin slot slot id command to check information about the NetStream buffer l Run the display ip netstream statistics slot slot id command to view statistics about NetStream flows l Run the display netstream all global interface interface type interface number command to check NetStream configurations in different views End Exa...

Page 145: ... Created Streams Exported Packets Exported Streams origin 510246 97773954 98284200 3986446 67875459 as 2 34 36 25 27 as tos 2 34 36 25 27 protport 2 34 36 23 26 protporttos 2 34 36 26 29 srcprefix 60772 840324 901096 19736 787346 srcpretos 60786 825402 886188 19461 776353 dstprefix 2 33 35 24 26 dstpretos 2 32 34 24 26 prefix 60602 818776 879378 25830 773607 prefix tos 60536 812587 873123 25589 76...

Page 146: ...gregated flows familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment As shown in Figure 6 4 carriers can enable NetStream on the router to obtain detailed network application information Such information can guide ca...

Page 147: ...n IGP to ensure that IP routes between nodes are reachable l Enabling statistics collection of NetStream original flows Configuration Procedures To collect statistics about IPv4 aggregated flows perform the procedures as described in the following flowchart HUAWEI NetEngine5000E Core Router Configuration Guide System Management 6 NetStream Configuration Issue 01 2011 10 15 Huawei Proprietary and C...

Page 148: ...perform NetStream functions independently including packet sampling flow aggregation and flow output l Integrated mode In this mode the LPU only samples packets and sends sampled packets to the NetStream service processing board Flow aggregation and flow output are performed on the NetStream service processing board If the data volume collected by the router is beyond the processing capability of ...

Page 149: ...view of the slot where the LPU for NetStream sampling resides is displayed 3 Run ip netstream sampler to slot slot id1 The integrated NetStream service processing mode is configured and the NetStream service processing board is specified 4 Optional Run ip netstream sampler to slot slot id2 backup The integrated NetStream service processing mode is configured and the backup NetStream service proces...

Page 150: ...and characteristics Aggregation mode Description as NetStream flows with the same source AS number destination AS number inbound interface index and outbound interface index are aggregated as one flow and one aggregation record is generated as tos NetStream flows with the same source AS number destination AS number inbound interface index outbound interface index and ToS are aggregated as one flow...

Page 151: ...interface index are aggregated as one flow and one aggregation record is generated source prefix NetStream flows with the same source AS number source mask length source prefix and inbound interface index are aggregated as one flow and one aggregation record is generated source prefix tos NetStream flows with the same source AS number source mask length source prefix ToS and inbound interface inde...

Page 152: ...export version 8 9 The output format is configured for the aggregated flows Flows aggregated in as as tos destination prefix destination prefix tos prefix prefix tos protocol port protocol port tos source prefix or source prefix tos mode are output in V8 format by default You can specify the output format for aggregated flows as needed NOTE The export version command does not make sense for flows ...

Page 153: ...me is configured for NetStream aggregated flows The default inactive aging time of NetStream aggregated flows is 300 seconds Step 9 Run commit The configuration is committed End 6 4 4 Optional Adjusting the AS Field Mode and Interface Index Type To enable the NSC to normally receive and parse NetStream packets output from the NDE ensure that the AS field modes and interface index types on the NDE ...

Page 154: ... router By default the AS field mode on the router is 16 bits Step 3 Run ip netstream export index switch 16 32 The type of the interface index carried in the NetStream packet output from the router is configured By default the interface index carried in the NetStream packet output from the router is of 16 bits Before converting an interface index from 16 bits to 32 bits ensure that the following ...

Page 155: ...nd sampling ratio configured in the system view are applicable to all interfaces on the device The sampling mode and sampling ratio configured in the interface view takes precedence over those configured in the system view Step 5 Run ip netstream inbound outbound NetStream is enabled on the interface Statistics about packets BGP next hop information can also be collected Original flows output in V...

Page 156: ... cache destination prefix slot 3 Show information of IP and MPLS cache of slot 1 is starting get show cache user data success DstIf DstAs Streams Packets Direction SrcIf SrcAs PO4 2 0 0 1 5462 in GI3 0 9 0 Run the display ip netstream statistics slot slot id command and you can view statistics about NetStream flows HUAWEI display ip netstream statistics slot 1 Netstream statistic information on sl...

Page 157: ...lot Slot 8 ip netstream sampler to slot 1 6 5 Collecting Statistics About IPv6 Original Flows Before collecting statistics about IPv6 original flows familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment As shown in F...

Page 158: ...ring parameters of the link layer protocol and IP addresses for interfaces to ensure that the link layer protocol on the interfaces is Up l Configuring the static route or enabling an IGP to ensure that IP routes between nodes are reachable Configuration Procedures To collect the statistics about IPv6 original flows perform the procedures as shown in the following flowchart HUAWEI NetEngine5000E C...

Page 159: ...perform NetStream functions independently including packet sampling flow aggregation and flow output l Integrated mode In this mode the LPU only samples packets and sends sampled packets to the NetStream service processing board Flow aggregation and flow output are performed on the NetStream service processing board If the data volume collected by the router is beyond the processing capability of ...

Page 160: ...iew of the slot where the LPU for NetStream sampling resides is displayed 3 Run ipv6 netstream sampler to slot slot id1 The integrated NetStream service processing mode is configured and the NetStream service processing board is specified 4 Optional Run ipv6 netstream sampler to slot slot id2 backup The integrated NetStream service processing mode is configured and the backup NetStream service pro...

Page 161: ... export source ip address The source IP address is configured for aggregated flows Step 5 Configure the destination IP address and UDP port number of the peer NSC for NetStream original flows in the system or slot view l In the system view Run ipv6 netstream export host ip address port The destination IP address and UDP port number of the peer NSC are configured for NetStream original flows to be ...

Page 162: ...d modes and interface index types on the NDE and NSC are the same l AS field mode As defined in the pertaining protocol the length of the AS field in IP packets is 16 bits On networks in some areas however the length of the AS field in IP packets is 32 bits If different AS field modes exist on a network you need to convert the AS field mode when configuring NetStream Otherwise NetStream cannot sam...

Page 163: ...dress source IP address destination port number and source port number of a TCP packet identifies the function and status of the TCP packet on a TCP connection By enabling statistics collection of TCP flags you can extract the TCP flag information from network packets and send it to the NMS The NMS checks the traffic volume of each flag and determines whether the network is attacked by TCP packets...

Page 164: ...system view is displayed Step 2 Optional Run ipv6 netstream sampler fix packets fix packets number inbound outbound The sampling mode and sampling ratio are configured globally By default NetStream is disabled from packet sampling Instead it collects the statistics about each packet Step 3 Run interface interface type interface number The interface view is displayed Step 4 Optional Run ipv6 netstr...

Page 165: ... packets BGP next hop information can also be collected Original flows output in V5 format however cannot carry the BGP next hop information By default NetStream is disabled from collecting the statistics about incoming and outgoing unicast flows Step 6 Run commit The configuration is committed End 6 5 6 Checking the Configuration In routine maintenance or after NetStream configurations are comple...

Page 166: ...m statistics slot 1 Netstream statistic information on slot 1 length of packets Number Protocol Number 1 64 0 IPV4 11214946 65 128 544123 IPV6 0 129 256 0 MPLS 0 257 512 10670823 L2 0 513 1024 0 Total 11214946 1025 1500 0 longer than 1500 0 Aggregation Current Streams Aged Streams Created Streams Exported Packets Exported Streams origin 0 0 0 0 0 as 0 0 0 0 0 as tos 0 0 0 0 0 protport 0 0 0 0 0 pr...

Page 167: ...traffic analyzing users operation mode and planning the network between ASs Statistics collection of NetStream aggregated flows collects statistics about original flows with the same attributes whereas statistics collection of NetStream original flows collects statistics about sampled packets The data volume generated by aggregated flow statistics collection is therefore greater than that generate...

Page 168: ...ed LPU sends sampled packets to the NetStream service processing board for aggregation and output If the NE5000E has more than one NetStream service processing board these NetStream services boards work in redundancy mode for service backup and load balancing which improves system reliability Context NetStream services can be processed in either of the following modes l Distributed mode In this mo...

Page 169: ...ew of the slot where the LPU for NetStream sampling resides is displayed 3 Run ipv6 netstream sampler to slot self The distributed NetStream service processing mode is configured 4 Run commit The configuration is committed l Configure the integrated NetStream service processing mode 1 Run system view The system view is displayed 2 Run slot slot id The view of the slot where the LPU for NetStream s...

Page 170: ...e consumption of network bandwidths CPU resources and storage space Characteristics based on which flows are aggregated vary according to aggregation modes The mapping relationship between characteristics and aggregation modes is described in the following table Table 6 2 Mapping relationship between aggregation modes and characteristics Aggregation mode Description as NetStream flows with the sam...

Page 171: ...ce index and outbound interface index are aggregated as one flow and one aggregation record is generated protocol port NetStream flows with the same protocol number source port and destination port are aggregated as one flow and one aggregation record is generated protocol port tos NetStream flows with the same protocol number source port destination port ToS inbound interface index and outbound i...

Page 172: ...address port The destination IP address is configured for aggregated flows The destination IP address configured in the system view takes precedence over that configured in the NetStream aggregation view Step 3 Run ipv6 netstream aggregation as as tos destination prefix destination prefix tos prefix prefix tos protocol port protocol port tos source prefix source prefix tos The IPv6 NetStream aggre...

Page 173: ...d flows The default active aging time of NetStream aggregated flows is 30 minutes and the default inactive aging time is 300 seconds Step 8 Run commit The configuration is committed End 6 6 4 Optional Adjusting the AS Field Mode and Interface Index Type To enable the NSC to normally receive and parse NetStream packets output from the NDE ensure that the AS field modes and interface index types on ...

Page 174: ...ed on the router By default the AS field mode on the router is 16 bits Step 3 Run ipv6 netstream export index switch 16 32 The type of the interface index carried in the NetStream packet output from the router is configured By default the interface index carried in the NetStream packet output from the router is of 16 bits Before converting an interface index from 16 bits to 32 bits ensure that the...

Page 175: ...io configured in the interface view takes precedence over those configured in the system view The ip netstream sampler command has the same function as the ipv6 netstream sampler command l The execution of either command takes effect on all packets and there is no need to configure both of them If it is required to configure both of them ensure that sampling modes and sampling ratios configured by...

Page 176: ... Run the display ipv6 netstream cache destination prefix slot 3 command If the destination IP address and prefix aggregation mode have been successfully configured you can view statistics about destination IP addresses AS numbers masks and prefixes of IP or MPLS packets in the buffer on the router HUAWEI display ipv6 netstream cache destination prefix slot 3 Show information of IP and MPLS cache o...

Page 177: ...s protport protocol port protporttos protocol port tos all aggre all aggregation streams means that the current board is not supported 6 7 Collecting Statistics About MPLS IPv4 Packets Collecting packet statistics on MPLS networks helps you to monitor MPLS network conditions Applicable Environment As shown in Figure 6 10 carriers can enable NetStream on the router to obtain detailed network applic...

Page 178: ...mat l Statistics about original flows 1 Run ip netstream mpls aware label only ip only label and ip Statistics collection of MPLS packets is enabled When sampling MPLS packets choose one of the following sampling modes as needed To sample only MPLS labels not inner IP packets configure label only To sample only inner IP packets not MPLS labels configure ip only To sample both MPLS labels and inner...

Page 179: ... Msk Pro Tos Flags Packets SrcIf SrcP Msk NextHop Direction DstIP DstAs SrcIP SrcAs BGP BGP NextHop TopLabelType Label1 Exp1 Bottom1 Label2 Exp2 Bottom2 Label3 Exp3 Bottom3 TopLabelIpAddress VlanId Unknown 200 0 6 16 0 1253 GI6 0 0 100 0 0 0 0 0 in 193 1 1 2 0 193 1 1 59 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GI6 0 0 200 0 6 16 0 1272 Unknown 100 0 0 0 0 0 out 193 1 1 2 0 193 1 1 28 0 0 0 0 0 0 0...

Page 180: ... l Run the display netstream all global interface interface type interface number command to check NetStream configurations in different views HUAWEI display netstream all system ip netstream timeout active 50 ip netstream timeout inactive 10 ip netstream export version 9 origin as ip netstream export source 10 1 1 1 ip netstream export host 100 1 1 3 10000 ip netstream aggregation as export versi...

Page 181: ... network between ASs If statistics about MPLS packets are collected on the P NDE the P sends statistics to inform the NSC of the MPLS label specific traffic volume Figure 6 11 Networking diagram of MPLS flow statistics collection Traffic NDE NDE NSC NDA NSC NDA Context Before collecting statistics about MPLS IPv6 packets complete the following task l Enabling MPLS on the device and interfaces and ...

Page 182: ...check the previous configuration Run the display ipv6 netstream cache origin slot 3 command If NetStream is successfully configured you can view various statistics about MPLS packets cached in the NetStream buffer on the router HUAWEI display ipv6 netstream cache origin slot 3 Show information of IP and MPLS cache of slot 3 is starting get show cache user data success DstIf DstP Msk Pro Tos Flags ...

Page 183: ... Networking diagram of collecting statistics about BGP VPLS VPN flows BGP MPLS VPN PE1 PE2 P MPLS statistics Out label 400 In label 1024 PE address 10 1 1 1 TAL information Router id 1 1 1 1 Label 1024 NSC NSA Context Before collecting statistics about BGP VPLS VPN flows complete the following task l Deploying the BGP MPLS VPN network Procedure l Enable statistics collection of MPLS flows on the P...

Page 184: ...val timeout rate timeout interval indicates that the TAL option template is refreshed at the fixed time interval By default the TAL option template is refreshed at intervals of 20 packets and 30 minutes End Checking the Configuration Run the following commands to check the previous configuration After packet statistics collection and output of NetStream flows are configured run the display ip nets...

Page 185: ...splayed l Run reset ip netstream cache slot slot id IPv4 original flows in the buffer are forcibly aged l Run reset ipv6 netstream cache slot slot id IPv6 original flows in the buffer are forcibly aged End 6 10 2 Monitoring the NetStream Operating Status In routine maintenance you can run the following command in any view to check the NetStream operating status Procedure l Run display ip netstream...

Page 186: ...eam traffic statistics collection function helps analyze the type and location of abnormal traffic rapidly Networking Requirements CAUTION On a single NE5000E an interface is numbered in the format of slot number card number interface number On the NE5000E cluster an interface is numbered in the format of chassis ID slot number card number interface number If the slot number is specified the chass...

Page 187: ...be output l Number of the slot where the NetStream service processing board resides In this example the NetStream service processing board is in slot 4 Procedure Step 1 Configure PEs and CEs to communicate with each other over the network between them Configure the IP address and mask of each interface as described in Figure 6 13 Details for the configuration procedure are not provided here Step 2...

Page 188: ...e origin slot 4 command in the user view You can view information about various original flows in the NetStream flow buffer PE display ip netstream cache origin slot 4 Show information of IP and MPLS cache of slot 4 is starting get show cache user data success DstIf DstP Msk Pro Tos Flags Packets SrcIf SrcP Msk NextHop Direction DstIP DstAs SrcIP SrcAs BGP BGP NextHop TopLabelType Label1 Exp1 Bott...

Page 189: ... 192 168 1 1 255 255 255 0 ip netstream inbound ip netstream outbound return 6 11 2 Example for Collecting Statistics About IPv4 Flows Aggregated Based on the AS Number NetStream allows flows to be aggregated based on the AS number which makes accounting or management easier Networking Requirements CAUTION On a single NE5000E an interface is numbered in the format of slot number card number interf...

Page 190: ...en the egress router of the LAN and the WAN 2 Configure reachable routes between the ingress router of the LAN and the NSC 3 Configure the ingress router of the LAN to sent traffic statistics to the specified NSC 4 Configure the ingress router of the LAN to sent traffic statistics to the inbound interface on the NSC 5 Aggregate sampled flows to reduce the data volume sent to the NSC 6 Enable NetSt...

Page 191: ...ess NetStream services in integrated mode RouterD system view RouterD slot 1 RouterD slot 1 ip netstream sampler to slot 4 RouterD slot 1 return Enable the NetStream statistics function RouterD interface gigabitethernet 1 0 0 RouterD GigabitEthernet1 0 0 ip netstream inbound Output aggregated flows in V9 format RouterD ip netstream aggregation as RouterD aggregation as enable RouterD aggregation a...

Page 192: ...rC interface Pos1 0 0 link protocol ppp ip address 3 3 3 2 255 255 0 0 return l Configuration file of Router D slot 2 ip netstream sampler to slot 4 sysname RouterD interface Pos1 0 0 link protocol ppp ip address 172 168 0 2 255 255 255 0 interface Pos1 0 1 link protocol ppp ip address 172 1 1 2 255 255 255 0 interface GigabitEthernet2 0 0 ip address 1 1 1 1 255 255 255 0 ip netstream inbound ip n...

Page 193: ...and Router C support MPLS and use OSPF as the IGP protocol on the MPLS backbone network Local LDP sessions are established between Router A and Router B and between Router B and Router C A remote LDP session is established between Router A and Router C NetStream is enabled on Router B to collect statistics about MPLS flows Figure 6 15 Networking diagram of collecting statistics about MPLS original...

Page 194: ...of the specified LSR ID and of the network segments to which interfaces on the router are connected Enable basic MPLS functions on each router and its interfaces For configurations of the static MPLS TE tunnel see the chapter MPLS Basic Configurations in the HUAWEI NetEngine5000E Core Router Configuration Guide MPLS Step 3 Enable NetStream on POS 1 0 0 of Router B Configure the NetStream service p...

Page 195: ... Packets SrcIf SrcP Msk NextHop Direction DstIP DstAs SrcIP SrcAs BGP BGP NextHop TopLabelType Label1 Exp1 Bottom1 Label2 Exp2 Bottom2 Label3 Exp3 Bottom3 TopLabelIpAddress VlanId Unknown 20 0 6 0 0 1 PO2 0 0 10 0 0 0 0 0 in 58 1 1 2 0 55 67 121 72 0 0 0 0 0 0 1011 2 1 0 0 0 0 0 0 1 1 1 9 0 Unknown 20 0 6 0 0 1 PO1 0 0 10 0 0 0 0 0 in 58 1 1 2 0 55 67 121 70 0 0 0 0 0 0 1001 2 1 0 0 0 0 0 0 10 1 1...

Page 196: ... netstream sampler fix packets 10000 outbound ip netstream export source 10 1 2 1 ip netstream export host 192 168 1 2 9001 mpls lsr id 2 2 2 9 mpls lsp trigger all mpls ldp interface Pos1 0 0 undo shutdown link protocol ppp ip address 10 1 1 2 255 255 255 0 ip netstream inbound ip netstream outbound mpls mpls ldp interface Pos2 0 0 undo shutdown link protocol ppp ip address 20 1 1 1 255 255 255 0...

Page 197: ...ION On a single NE5000E an interface is numbered in the format of slot number card number interface number On the NE5000E cluster an interface is numbered in the format of chassis ID slot number card number interface number If the slot number is specified the chassis ID of the slot must also be specified With the development of L3VPN services users and carriers increasingly demand higher Quality o...

Page 198: ... Loopback1 3 3 3 9 32 GE1 0 0 10 4 1 1 24 GE1 0 0 10 2 1 1 24 GE2 0 0 10 4 1 2 24 GE1 0 0 10 2 1 2 24 POS1 0 0 172 1 1 2 24 POS3 0 0 172 2 1 2 24 MPLS backbone Loopback1 2 2 2 9 32 POS3 0 0 172 3 1 1 24 172 3 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure an IP address for each interface 2 Configure the BGP MPLS IP VPN 3 Enable NetStream to sample packets with spe...

Page 199: ...ation port number and source address for NetStream flows output in V9 format PE2 ip netstream export version 9 PE2 ip netstream export host 192 168 2 2 9000 PE2 ip netstream export source 192 168 2 1 Step 4 Enable NetStream to collect statistics about incoming and outgoing packets with specified application labels on the P Configure the LPU on the P to process NetStream services in integrated mode...

Page 200: ...op Direction DstIP DstAs SrcIP SrcAs BGP BGP NextHop TopLabelType Label1 Exp1 Bottom1 Label2 Exp2 Bottom2 Label3 Exp3 Bottom3 TopLabelIpAddress VlanId Unknown 20 0 6 0 0 1 PO2 0 0 10 0 0 0 0 0 in 58 1 1 2 0 55 67 121 72 0 0 0 0 0 0 1011 2 1 0 0 0 0 0 0 1 1 1 9 0 Unknown 20 0 6 0 0 1 PO1 0 0 10 0 0 0 0 0 in 58 1 1 2 0 55 67 121 70 0 0 0 0 0 0 1001 2 1 0 0 0 0 0 0 10 1 1 9 0 PO2 0 0 20 0 6 0 0 1 PO1...

Page 201: ... 3 3 3 9 enable ipv4 family vpn instance vpna import route direct peer 10 1 1 1 as number 65440 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 172 1 1 0 0 0 0 255 return l Configuration file of the P slot 2 ip netstream sampler to slot 4 sysname P ip netstream mpls aware label and ip ip netstream export version 9 ip netstream sampler fix packets 10000 inbound ip netstream sampler fix packets ...

Page 202: ...92 168 2 2 9000 ip netstream export template option application label ip vpn instance vpna route distinguisher 200 1 vpn target 100 1 export extcommunity vpn target 100 1 import extcommunity mpls lsr id 3 3 3 9 mpls lsp trigger all mpls ldp interface GigabitEthernet1 0 0 ip binding vpn instance vpna ip address 10 3 1 2 255 255 255 0 interface Pos3 0 0 link protocol ppp ip address 172 2 1 2 255 255...

Page 203: ...420 peer 10 2 1 2 as number 100 ipv4 family unicast undo synchronization import route direct peer 10 2 1 2 enable return l Configuration file of CE4 sysname CE4 interface GigabitEthernet1 0 0 ip address 10 4 1 1 255 255 255 0 bgp 65440 peer 10 4 1 2 as number 100 ipv4 family unicast undo synchronization import route direct peer 10 4 1 2 enable return HUAWEI NetEngine5000E Core Router Configuration...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands