Legacy Netflow中使用show ip cache flow可以看到以下資訊:
CC6509#show ip cache flow
-------------------------------------------------------------------------------
MSFC:
IP packet size distribution (2562M total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.004 .982 .005 .000 .003 .000 .000 .000 .000 .000 .000 .000 .000 .001 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
6 active, 65530 inactive, 98905147 added
1786040762 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 270664 bytes
6 active, 16378 inactive, 194430814 added, 98905147 added to flow
0 alloc failures, 133224 force free
1 chunk, 113 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 20522857 4.7 6 47 30.0 5.8 15.4
TCP-FTP 593365 0.1 1 44 0.1 0.6 15.3
TCP-FTPD 6766 0.0 1 42 0.0 0.0 17.1
TCP-WWW 8095942 1.8 1 48 2.3 1.0 14.7
TCP-SMTP 439001 0.1 1 43 0.1 0.1 15.4
TCP-X 4197700 0.9 1 40 0.9 0.0 15.6
TCP-BGP 23777 0.0 1 40 0.0 0.0 16.0
TCP-NNTP 32306 0.0 1 40 0.0 0.0 16.0
TCP-Frag 2338 0.0 1 86 0.0 0.0 5.8
TCP-other 35616655 8.2 66 40 550.8 0.8 16.0
UDP-DNS 1801203 0.4 1 65 0.4 0.0 15.5
UDP-NTP 5469491 1.2 1 78 1.2 0.0 15.5
UDP-TFTP 24794 0.0 1 43 0.0 0.0 15.5
UDP-Frag 1523 0.0 417 1497 0.1 1.0 15.4
UDP-other 15663208 3.6 2 138 8.3 2.0 15.5
ICMP 6414014 1.4 1 71 1.8 1.3 15.4
GRE 20 0.0 1 490 0.0 0.0 15.5
IP-other 177 0.0 1 248 0.0 3.3 15.4
Total: 98905137 23.0 25 42 596.6 2.0 15.6
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl900 0.0.0.0 Null 255.255.255.255 11 0044 0043 1
Vl900 172.16.0.113 Local 172.16.0.254 11 007B 007B 1
Vl900 172.16.0.42 Local 172.16.0.254 11 007B 007B 1
Vl900 172.16.0.226 Local 172.16.0.254 11 007B 007B 1
Vl900 172.16.0.223 Null 239.255.255.250 11 076C 076C 1
Vl900 172.16.0.250 Null 140.127.198.12 11 007B 007B 1
Vl900 172.16.0.250 Null 140.127.198.11 11 007B 007B 1
-------------------------------------------------------------------------------
PFC:
Displaying Hardware entries in Module 2
SrcIf SrcIPaddress DstIPaddress Pr SrcP DstP Pkts
Vl249 140.117.195.154 10.0.0.138 udp 9775 28622 0
Vl200 10.0.143.215 54.250.232.2 tcp 50420 443 15
Vl249 52.193.251.190 10.0.86.114 tcp www 55411 1
Vl249 140.127.206.254 140.127.198.61 icmp 0 0 7
Vl249 64.233.189.189 10.0.20.106 udp 443 51188 10
Vl249 172.19.9.197 140.127.198.6 udp 59737 dns 1
Vl200 10.0.120.1 205.251.212.19 tcp 34178 443 12
Vl200 10.0.156.185 213.155.215.185 udp 16768 17181 1
Vl249 10.2.140.98 140.127.198.3 udp 63104 dns 1
Vl249 74.125.194.127 10.0.172.14 udp 19302 59466 2
Vl249 205.251.199.239 140.127.198.6 udp dns 43517 1
Vl249 140.127.212.25 140.127.198.1 udp 51909 dns 1
Vl200 10.0.182.206 17.253.17.208 tcp 58054 www 649
Vl200 140.127.200.249 172.17.0.42 udp 5247 1545 16859
Vl200 1.1.1.1 10.0.227.120 tcp 444 12536 6
Vl249 10.1.213.115 140.127.198.10 udp 137 137 6
...........(以下省略)
那如何在Flexible Netflow上如何顯示類似的資料呢?
可以嘗試以下指令:
LIC_4500X#show flow monitor CM-v4-monitor cache format table
Cache type: Normal
Cache size: 1024
Current entries: 973
High Watermark: 1024
Flows added: 1130251984
Flows aged: 1130251011
- Active timeout ( 1800 secs) 11343
- Inactive timeout ( 15 secs) 99157047
- Event aged 0
- Watermark aged 301513880
- Emergency aged 729568741
IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT INTF INPUT IP PROT bytes pkts time first time last
=============== =============== ============= ============= ==================== ======= ========== ========== ============ ============
130.211.141.52 140.127.223.104 443 49900 Te2/1 6 64 1 17:25:48.983 17:25:48.983
123.187.78.231 140.127.232.208 16001 6999 Te2/1 17 147 1 17:25:48.983 17:25:48.983
203.70.119.117 140.127.233.120 80 49390 Te2/1 6 55138 40 17:25:48.983 17:25:51.983
203.69.105.248 140.127.220.212 80 58305 Te2/1 6 1544 4 17:25:48.983 17:25:48.983
10.1.220.3 203.70.119.117 49428 80 Te1/5 6 9947 24 17:25:48.983 17:25:53.987
104.250.142.226 140.127.233.62 80 55613 Te2/1 6 722 1 17:25:48.983 17:25:48.983
115.79.44.172 140.127.218.30 54747 31999 Te2/1 6 64 1 17:25:48.983 17:25:48.983
88.168.81.160 140.127.205.84 33826 10150 Te2/1 6 64 1 17:25:48.983 17:25:48.983
59.50.158.60 140.127.231.3 16001 7436 Te2/1 17 294 2 17:25:48.983 17:25:48.983
163.28.130.44 140.127.206.35 443 14145 Te2/1 6 69031 93 17:25:48.983 17:25:57.987
111.221.77.162 140.127.233.122 40022 14515 Te2/1 17 67 1 17:25:55.986 17:25:55.986
94.72.2.170 140.127.213.165 19689 6881 Te2/1 17 149 1 17:25:55.986 17:25:55.986
106.10.150.171 140.127.233.192 25 2521 Te2/1 6 463 5 17:25:55.986 17:25:55.986
114.24.176.211 140.127.205.84 8733 7345 Te2/1 17 355 1 17:25:55.986 17:25:55.986
140.127.220.214 72.186.58.131 6881 9862 Te1/5 17 337 1 17:25:55.986 17:25:55.986
10.1.219.44 65.55.162.26 61786 443 Te1/5 6 537 6 17:25:55.986 17:25:55.986
123.193.80.185 140.127.206.239 9669 51413 Te2/1 17 161 1 17:25:55.986 17:25:55.986
114.33.204.253 140.127.206.101 6690 63609 Te2/1 6 326 1 17:25:55.986 17:25:55.986
140.127.219.216 52.26.91.224 6423 443 Te1/5 6 64 1 17:25:59.982 17:25:55.986
114.47.175.31 140.127.205.84 7673 10214 Te2/1 6 128 2 17:25:55.986 17:25:55.986
..........(以下省略)
不過,因為FNF的欄位都是管理者自己定義的,所以無法顯示Legacy Netflow最上方的service port使用排名。(或許可以,不過還要再"菸酒菸酒")
2016年5月5日 星期四
F5的SNAT與NAT觀念
SNAT(Secure NAT或Source NAT)是一種多對少的轉址關係,通常用於從F5流出去的outbound流量,如上圖,10.10.10.1、10.10.10.2、10.10.10.3經由F5出去時會被SNAT成Ext這個VLAN的SelfIP(在Automap的情況下),因為有兩個SelfIP,所以會輪流SNAT成這兩個IP。
SNAT的IP無法被直接存取,也就是60.249.69.36無法initial session到210.96.88.12及198.66.87.35這兩個IP(Secure NAT由此而來),但可以接受由這兩個IP所發起的回應連線。
NAT是一種一對一的轉址關係,是一種雙向的轉址,在這種關係下,VLAN的SelfIP可以直接被存取,例如:60.249.69.36可以直接存取198.66.87.35,存取時其destination IP會被轉成10.10.10.2。而10.10.10.2存取60.249.68.36時,其source address會被轉成198.66.87.35
PaloAlto 7.0版關於Global Protect無法顯示網頁(404 Not Found)問題
更新完PANOS至7.0版後,發現登入https://vpn-ip後會顯示404 Not Found
進入PA系統內的Network->GlobalProtect->Portals->進入設定會看到Appearance下方的Disable login page預設是打勾的
所以解決方式就是把這個勾拿掉
然後
把Custom Login Page改選factory-default就大功告成了
訂閱:
文章 (Atom)