Cisco Japan Blog
Share

「ネットワークで計測」を深掘り


2017年4月26日


本ブログでは何度か、ネットワークの可視化や異常検知について投稿してきました。最終的に得られる効果は「セキュリティ対策」や「投資計画」や「インフラの見直し」などのアクションに繋がり、特にわかりにくいとされるネットワークが「わかりやすく」表現されるのは重要なことです。今回の記事では、それらを支えるネットワーク装置の進化について、深掘りしてみたいと思います。

さまざまなデータ=価値を提供するネットワーク

さて、それらの基盤となるネットワークそのものが、いったいどれだけの内容を計測し、蓄積または出力できるのか、最終的にはそこがキーになります。特に専門的なプローブ(解析専用の箱)や特別な機能を使わずに、コストダウンしながらネットワークが蓄積するデータ種別を増やし、生み出す価値に貢献するか?が技術仕様やメーカーが努力する部分です。

「土管」から「かしこい面」へ

元々は通信事業者向け装置で長年使われてきた NetFlow ですが、この 4~5 年急速に進化を遂げ、LAN/WAN での利用が普及・定着してきました。また、Network-as-a-Sensor(センサーとしてのネットワーク)として、内部セキュリティ強化と直結したソリューションにまで進化し、導入事例が爆発的に増えています。ネットワークが蓄積した全情報を、いわば「ネットワークでのビッグデータ」として捉え、それを解析・処理するアプリケーションも様々誕生しています。「土管」といわれたネットワークが、あらゆる情報を計測・蓄積・出力する「かしこい面」として進化してきたといえるでしょう。

センサーとしてのネットワーク

彦根市様 Network-as-a-Sensor 導入事例より引用

出力手順は標準化、計測メカニズムは日々進化

元々デファクトとして使われてきた NetFlow version5 では、装置での測定(メータリング)と外部への出力(エクスポート)の両方を意味しました。ここには問題があり、メータリングは、装置の機能や能力といった固有の内容であるのに対し、エクスポートは、外部コレクターとやり取りをするための標準手順である(または仕様が公開されている)ことが求められるという点です。したがって、現在主流である NetFlow version9 または、IPFIX (NetFlow version10ともよばれます)では、完全にメータリングとエクスポートを分離し、プロトコルとしてはエクスポート メカニズムに特化することで、デファクトスタンダード、そして完全な標準化に成功しました(RFC7011, 7012, 7013など)。現在は、オープンソースのものや商用製品など、多岐にわたる NetFlow コレクターが存在します。

測定と出力の分離

測定と出力の分離

ブラッシュアップを重ねるメータリング(装置機能)

では、どのくらい「かしこい」のでしょうか?

メータリングに焦点を当ててみましょう。すなわち、装置がどのような内容を計測・出力できるかどうか?シスコの実装では、切り離されたメータリング部分を自由にコンフィグでき、その適用箇所やネットワーク用途によって測定内容をチューニングできる機能を、Flexible NetFlow とよびます。したがって、「Flexible NetFlowでメータリング項目を設定し、NetFlow v9 で送信する。」というのが正しい言い方となります。

さて、「IOS NetFlow が送信できる内容ってどんなのがあるの?何種類くらい?」と聞かれるかもしれません。「30 個くらいですかね?」「うーん、そんな感じですかね」という会話が行われていたら、ちょっと残念です。

NetFlow Export-ID を確認するコマンド

そこで今日は、覚えておくと便利なコマンドを紹介します。

show flow exporter export-ids netflow-v9(または show flow exporter export-ids ipfix でも OK です)というコマンド出力例を文末に掲載しました。NetFlow v9 で送信される各項目と、それを示す ID のマッチングテーブルが出力されます。実に、644 個の値が、NetFlow v9 で送信可能(本バージョンで ID が割り当てられてられていることと、使えるかどうかはまた別の話です)と認識されていることがわかります。

ネットワーク層の情報に加えて、コネクションや音声品質などサービス性能に関する項目など確認できる(抜粋)

art count retransmissions
mos quality
connection delay network client-to-server
connection concurrent-connections
pfr one-way-delay

流量測定からネットワークのあらゆるデータ測定へ進化

古くは、流量を示すカウンターが NetFlow の中心でしたが、他にもアプリケーション性能を示す(こんな内容も測定できるの!?という)項目も確認できると思います。これらは AVC(Application Visibility Control)の号令のもと、拡張されている実装になります。

知らないところで動いている?〜難しさを意識せずに活用

参考までに、これらを全部自分でコンフィグすることもできますが、用途に応じて必要な設定群を Wrap したコマンド(コマンド一発で各種便利項目を設定)がサポートされています(EzPM:Easy Performance Monitor)。

EzPMコマンドでは、監視用途を設定すると細かい設定が自動で行われる

EzPMコマンドでは、監視用途を設定すると細かい設定が自動で行われる

また、別の機能のサブセットとして自動的に内部で活用される(見えないところで動き出す)例もあります。例えば、PfRv3(Performance Routing)利用時の、TCA(Threshold Crossing Alert)や RC(Routing Change)などの通知も、NetFlow v9 で送信されますが、設定は明示的に入れる必要はありません。PfR domain 配下でコレクターの IP アドレスとポート番号を設定するだけ、といった実装になります。便利ですね!

技術的には、コマンドやログを一つ一つ確認していくと理解が進み、また興味深い分野ではありますが、一方でオペレーションはシンプルかつ簡単でなければ使われずに機能が風化してしまいます。自分自身も含めて技術者は、この両面を受け入れて、技術の進歩を学習しながら、積極的にネットワーク基盤の高度化に貢献したいですね。

NetFlow version 9での送信内容と識別番号を表示
※ IPFIXでの送信項目の識別番号Element IDは IANAサイトで確認できる。https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-information-elements

C4331-02#sh ver | i bootflash:/
System image file is "bootflash:/isr4300-universalk9.03.16.01a.S.155-3.S1a-ext.SPA.bi"
C4331-02#
C4331-02#show flow exporter export-ids netflow-v9
Export IDs used by fields in NetFlow-v9 export format:
misc unsupported                           : 37027
datalink source-vlan-id                    :    58
datalink destination-vlan-id               :    59
datalink encap-size                        :   242
datalink ethertype                         :   256
datalink length header                     :   240
datalink length payload                    :   241
datalink section header                    :   315
datalink vlan input                        :    58
datalink dot1q vlan input                  :   243
datalink dot1q vlan output                 :   254
datalink dot1q ce-vlan                     :   245
datalink dot1q priority                    :   244
datalink dot1q ce-priority                 :   246
datalink l2vpn metro vcid                  :   247
datalink l2vpn metro vctype                :   248
datalink mac source-address                :    56
datalink mac destination-address           :    80
datalink mac source address input          :    56
datalink mac source address output         :    81
datalink mac destination address input     :    80
datalink mac destination address output    :    57
ip version                                 :    60
ip tos                                     :     5
ip dscp                                    :   195
ip precedence                              :   196
ip protocol                                :     4
ip ttl                                     :   192
ip ttl minimum                             :    52
ip ttl maximum                             :    53
ip length header                           :   189
ip length payload                          :   204
ip length total                            :   224
ip length total minimum                    :    25
ip length total maximum                    :    26
ip fragmentation flags                     :   197
ip fragmentation offset                    :    88
ip fragmentation id                        :    54
ip section header                          :   313
ip section payload                         :   314
routing source as                          :    16
routing destination as                     :    17
routing source as peer                     :   129
routing destination as peer                :   128
routing source as 4-octet                  :    16
routing destination as 4-octet             :    17
routing source as peer 4-octet             :   129
routing destination as peer 4-octet        :   128
routing source traffic-index               :    92
routing destination traffic-index          :    93
routing forwarding-status                  :    89
routing is-multicast                       :   206
routing multicast replication-factor       :    99
routing vrf input                          :   234
routing vrf name                           :   236
routing next-hop address ipv4              :    15
routing next-hop address ipv4 bgp          :    18
routing next-hop address ipv6              :    62
routing next-hop address ipv6 bgp          :    63
ipv4 header-length                         :   207
ipv4 total-length                          :   190
ipv4 source address                        :     8
ipv4 source prefix                         :    44
ipv4 source mask                           :     9
ipv4 destination address                   :    12
ipv4 destination prefix                    :    45
ipv4 destination mask                      :    13
ipv4 option map                            :   208
ipv6 flow-label                            :    31
ipv6 next-header                           :   193
ipv6 payload-length                        :   191
ipv6 extension map                         :    64
ipv6 source address                        :    27
ipv6 source prefix                         :   170
ipv6 source mask                           :    29
ipv6 destination address                   :    28
ipv6 destination prefix                    :   169
ipv6 destination mask                      :    30
transport source-port                      :     7
transport destination-port                 :    11
transport packets expected counter         : 37014
transport packets expected counter long    : 37014
transport packets expected counter permane : 37015
transport packets lost counter             : 37019
transport packets lost counter long        : 37019
transport packets lost counter permanent   : 37020
transport packets lost rate                : 37021
transport round-trip-time                  : 37016
transport event packet-loss counter        : 37017
transport event packet-loss counter long   : 37017
transport event packet-loss counter perman : 37018
transport rtp jitter mean                  : 37023
transport rtp jitter minimum               : 37024
transport rtp jitter maximum               : 37025
transport rtp ssrc                         : 37022
transport icmp ipv4 type                   :   176
transport icmp ipv4 code                   :   177
transport icmp ipv6 type                   :   178
transport icmp ipv6 code                   :   179
transport igmp type                        :    33
transport tcp source-port                  :   182
transport tcp destination-port             :   183
transport tcp sequence-number              :   184
transport tcp acknowledgement-number       :   185
transport tcp header-length                :   188
transport tcp window-size                  :   186
transport tcp urgent-pointer               :   187
transport tcp flags                        :     6
transport tcp option map                   :   209
transport udp source-port                  :   180
transport udp destination-port             :   181
transport udp message-length               :   205
interface input snmp                       :    10
interface output snmp                      :    14
interface input snmp short                 :    10
interface output snmp short                :    14
interface input physical snmp              :   252
interface output physical snmp             :   253
interface name short                       :    82
interface name long                        :    83
flow direction                             :    61
flow exporter                              :   144
flow sampler                               :    48
flow sampler algorithm export              :    49
flow sampler interval                      :    50
flow sampler name                          :    84
flow class                                 :    51
flow class export                          :    95
flow class name                            :    96
flow class description                     :    94
stats error absolute                       :   320
flow cts source group-tag                  : 34000
flow cts destination group-tag             : 34001
counter flows                              :     3
counter bytes                              :     1
counter bytes long                         :     1
counter packets                            :     2
counter packets long                       :     2
counter bytes replicated                   :    20
counter bytes replicated long              :    20
counter packets replicated                 :    19
counter packets replicated long            :    19
counter bytes squared long                 :   198
counter bytes permanent                    :    85
counter packets permanent                  :    86
counter bytes replicated permanent         :   175
counter packets replicated permanent       :   174
counter bytes squared permanent            :   199
counter bytes exported                     :    40
counter packets exported                   :    41
counter bytes rate                         : 37003
counter packets rate                       : 37002
counter flows exported                     :    42
counter packets dropped                    : 37000
counter packets dropped long               : 37000
counter packets dropped permanent          : 37001
timestamp sys-uptime first                 :    22
timestamp sys-uptime last                  :    21
timestamp interval                         : 37013
timestamp absolute first                   :   152
timestamp absolute last                    :   153
application id                             :    95
application name                           :    96
application description                    :    94
application media bytes counter            : 37004
application media bytes counter long       : 37004
application media bytes counter permanent  : 37005
application media bytes rate               : 37006
application media packets counter          : 37007
application media packets counter long     : 37007
application media packets counter permanen : 37008
application media packets rate             : 37009
application media packets rate variation   : 37010
application media event                    : 37011
monitor event                              : 37012
waas dre input                             : 36000
waas dre output                            : 36001
waas lz input                              : 36002
waas lz output                             : 36003
waas original bytes                        : 36004
waas optimised bytes                       : 36005
waas application                           : 36006
waas class                                 : 36007
waas connection mode                       : 36008
art response time sum                      : 42071
art response time minimum                  : 42073
art response time maximum                  : 42072
art server response time sum               : 42074
art server response time minimum           : 42076
art server response time maximum           : 42075
art network time sum                       : 42081
art network time minimum                   : 42083
art network time maximum                   : 42082
art client network time sum                : 42084
art client network time minimum            : 42086
art client network time maximum            : 42085
art server network time sum                : 42087
art server network time minimum            : 42089
art server network time maximum            : 42088
art total response time sum                : 42077
art total response time minimum            : 42079
art total response time maximum            : 42078
art total transaction time sum             : 42041
art total transaction time minimum         : 42043
art total transaction time maximum         : 42042
art count transactions                     : 42040
art server packets                         :   299
art server bytes                           :   232
art count retransmissions                  : 42036
art client packets                         :   298
art client bytes                           :   231
art count new connections                  : 42050
art count responses                        : 42060
art count late responses                   : 42068
waas bytes input                           : 36009
waas bytes output                          : 36010
waas optimization segment                  : 42020
art count responses histogram bucket1      : 42061
art count responses histogram bucket2      : 42062
art count responses histogram bucket3      : 42063
art count responses histogram bucket4      : 42064
art count responses histogram bucket5      : 42065
art count responses histogram bucket6      : 42066
art count responses histogram bucket7      : 42067
counter server bytes                       :    23
counter server packets                     :    24
datalink event                             : 43000
datalink event extended                    : 43002
flow end-reason                            :   136
connection initiator                       :   239
connection new-connections                 :   278
connection sum-duration                    :   279
connection transaction-id                  :   280
counter bytes rate per-flow                : 37028
counter bytes rate per-flow min            : 37029
counter bytes rate per-flow max            : 37030
counter packets rate per-flow              : 37031
counter packets rate per-flow min          : 37032
counter packets rate per-flow max          : 37033
application media bytes rate per-flow min  : 37035
application media bytes rate per-flow max  : 37036
application media packets rate variation m : 37038
application media packets rate variation m : 37039
transport rtp flow count                   : 37040
transport event packet-loss counter min    : 37044
transport event packet-loss counter max    : 37045
transport packets lost counter min         : 37042
transport packets lost counter max         : 37043
transport tcp flow count                   : 37049
transport round-trip-time min              : 37052
transport round-trip-time max              : 37053
transport round-trip-time sum              : 37050
transport round-trip-time samples          : 37051
application media bytes rate per-flow      : 37034
transport rtp payload-type                 : 37041
transport packets lost rate min            : 37047
transport packets lost rate max            : 37048
flow active timeout                        :    36
flow end                                   :   153
package id                                 : 32775
access string                              : 32789
info string                                : 32790
link id                                    : 32810
mos worst 100                              : 42115
mos quality                                : 42123
mos total count                            : 42124
counter server bytes                       :    23
counter server packets                     :    24
flow class wide                            :    95
counter packets dropped permanent short    : 37001
transport packets lost counter permanent s : 37020
transport round-trip-time sum short        : 37050
transport packet loss                      :    65
transport unreachability                   :    66
tranport latency                           :    67
data points                                :    68
variance                                   :    69
pfr br ipv4 address                        : 39000
pfr status                                 : 39001
reason id                                  : 39002
threshold                                  : 39003
pfr priority                               : 39004
long-term round-trip-time                  : 39006
mos below                                  : 39007
rsvp bw pool                               : 39008
flow left time                             : 39009
bw percentage                              : 39010
bw fee                                     : 39011
transport source-port min                  : 39012
transport source-port max                  : 39013
transport destination-port min             : 39014
transport destination-port max             : 39015
application version                        :   105
application version name                   :   106
application vendor                         :   107
metadata global-session-id                 : 37054
metadata multi-party-session-id            : 37055
metadata clock-rate                        : 37056
capacity                                   : 39016
ingress bw                                 : 39017
ingress bw long                            : 39017
max ingress bw                             : 39018
egress bw                                  : 39019
egress bw long                             : 39019
max egress bw                              : 39020
ingress rollup bw                          : 39021
egress rollup bw                           : 39022
kth rollup bw                              : 39023
link group name                            : 39024
bgp community                              : 39025
bgp prepend                                : 39026
entrance downgrade                         : 39027
discard rollup count                       : 39028
l4r server ipv4 address                    : 44000
l4r server transport port                  : 44001
l4r server ipv6 address                    : 44002
l4r event                                  : 44003
l4r event timestamp                        : 44004
flow id                                    :   148
application category name                  : 45000
application sub category name              : 45001
application group name                     : 45002
p2p technology                             :   288
tunnel technology                          :   289
encrypted technology                       :   290
server response time average               : 37059
refused sessions                           : 37060
client network delay average               : 37061
server network delay average               : 37062
network delay average                      : 37063
application delay average                  : 37064
session time minimum                       : 37065
session time maximum                       : 37066
session time average                       : 37067
transaction time average                   : 37068
closed sessions                            : 37069
retransmitted packets                      : 37070
transport bytes out-of-order               : 37071
client throughput average                  : 37072
unresponsive sessions                      : 37073
transport packets out-of-order             : 37074
IPv4 source observation node               : 37075
IPv4 destination observation node          : 37076
IPv6 source observation node               : 37077
IPv6 destination observation node          : 37078
pfr one-way-delay sum                      : 37079
pfr one-way-delay samples                  : 37080
pfr one-way-delay                          : 37081
packet arrival timestamp                   : 37082
transport tcp window-size minimum          : 37083
transport tcp window-size maximum          : 37084
transport tcp window-size average          : 37085
transport tcp maximum-segment-size         : 37086
sub application tag                        :    97
sub application name                       :   109
sub application description                :   110
datalink vlan output                       :    59
application http uri statistics            : 42125
flow sampler hash digest-value             :   326
c3pl class cce-id                          : 41001
c3pl class name                            : 41002
c3pl class type                            : 41003
c3pl policy cce-id                         : 41004
c3pl policy name                           : 41005
c3pl policy type                           : 41006
mpls label 1 ttl                           :   200
mpls label 1 exp                           :   203
mpls label 1 type                          :    46
mpls label 1 details                       :    70
mpls label 2 details                       :    71
mpls label 3 details                       :    72
mpls label 4 details                       :    73
mpls label 5 details                       :    74
mpls label 6 details                       :    75
template parameter range end               :   111
template identifier                        :   145
template element identifier                :   303
transport tcp window-size sum              : 37091
timestamp absolute monitoring-interval end :   360
transport rtp jitter mean sum              : 37093
application media packets rate variation s : 37094
connection delay response to-server sum    : 42071
connection delay response to-server min    : 42073
connection delay response to-server max    : 42072
connection server counter responses        : 42060
connection delay response to-server histog : 42061
connection delay response to-server histog : 42062
connection delay response to-server histog : 42063
connection delay response to-server histog : 42064
connection delay response to-server histog : 42065
connection delay response to-server histog : 42066
connection delay response to-server histog : 42067
connection delay response to-server histog : 42068
connection delay network to-server sum     : 42087
connection delay network to-server min     : 42089
connection delay network to-server max     : 42088
connection delay network to-client sum     : 42084
connection delay network to-client min     : 42086
connection delay network to-client max     : 42085
connection client counter packets retransm : 42036
connection delay network client-to-server  : 42081
connection delay network client-to-server  : 42083
connection delay network client-to-server  : 42082
connection delay application sum           : 42074
connection delay application min           : 42076
connection delay application max           : 42075
connection delay response client-to-server : 42077
connection delay response client-to-server : 42079
connection delay response client-to-server : 42078
connection transaction duration sum        : 42041
connection transaction duration min        : 42043
connection transaction duration max        : 42042
connection transaction counter complete    : 42040
connection server counter bytes long       :   232
connection server counter packets long     :   299
connection client counter bytes long       :   231
connection client counter packets long     :   298
connection client ipv4 address             : 45004
connection client transport port           : 45008
connection client ipv6 address             : 45006
connection server ipv4 address             : 45005
connection server transport port           : 45009
connection server ipv6 address             : 45007
routing vrf output                         :   235
services waas segment                      : 42020
services waas passthrough-reason           : 42021
policy qos classification hierarchy        : 41000
policy performance-monitor classification  : 41000
template enterprise number                 :   346
policy qos queue index                     : 42128
policy qos queue drops                     : 42129
counter bytes layer2                       :   352
counter bytes layer2 long                  :   352
counter bytes layer2 permanent             :   353
transport tcp option map long              :   209
timestamp absolute monitoring-interval sta :   359
transport tcp window-size average sum      : 37095
flow cts source group-tag name             : 34002
connection id                              : 45010
application video resolution width last    : 37500
application video resolution height last   : 37501
application video frame rate               : 37502
application video payload bitrate average  : 37503
application video payload bitrate fluctuat : 37504
application video frame I counter frames   : 37505
application video frame I counter packets  : 37506
application video frame I counter bytes    : 37507
application video frame STR counter frames : 37508
application video frame STR counter packet : 37509
application video frame STR counter bytes  : 37510
application video frame LTR counter frames : 37511
application video frame LTR counter packet : 37512
application video frame LTR counter bytes  : 37513
application video frame super-P counter fr : 37514
application video frame super-P counter pa : 37515
application video frame super-P counter by : 37516
application video frame NR counter frames  : 37517
application video frame NR counter packets : 37518
application video frame NR counter bytes   : 37519
application video frame I slice-quantizati : 37520
application video frame STR slice-quantiza : 37521
application video frame LTR slice-quantiza : 37522
application video frame super-P slice-quan : 37523
application video frame NR slice-quantizat : 37524
application video eMOS compression bitstre : 37525
application video eMOS compression network : 37526
application video frame I counter packets  : 37527
application video frame STR counter packet : 37528
application video frame LTR counter packet : 37529
application video frame super-P counter pa : 37530
application video frame NR counter packets : 37531
application video frame percentage damaged : 37532
application video eMOS packet-loss bitstre : 37533
application video eMOS packet-loss network : 37534
application video scene-complexity         : 37535
application video level-of-motion          : 37536
transport rtp sequence-number              : 37537
transport rtp sequence-number last         : 37538
services pfr class-tag-id                  : 39029
services pfr mc-id                         : 39030
interface input type                       :   368
interface output type                      :   369
interface input fex-node-id                : 41101
interface output fex-node-id               : 41102
flow username                              :   371
interface power                            : 41103
monitor device-type                        : 41104
transport tcp maximum-segment-size         : 37086
wireless ssid                              :   147
wireless ap mac address                    :   367
wireless client mac address                :   365
wireless client ipv4 address               :   366
ip dscp output                             :    98
pbhk mapped ipv4 address                   : 44005
pbhk mapped transport port                 : 44006
pbhk event                                 : 44007
pbhk event timestamp                       : 44008
transport rtp jitter inter arrival sum     : 37096
transport rtp jitter inter arrival samples : 37097
transport rtp jitter inter arrival mean    : 37098
pfr site source id ipv4                    : 37099
pfr site destination id ipv4               : 37100
transport bytes lost                       : 37101
transport bytes expected                   : 37102
transport bytes lost rate                  : 37103
transport jitter mean                      :   385
transport jitter mean                      :   386
transport jitter mean                      :   387
connection client counter bytes retransmit : 42035
connection server counter bytes retransmit : 42037
connection server counter packets retransm : 42038
counter bytes long aor                     :     1
counter packets long aor                   :     2
timestamp sys-uptime first aor             :    22
application voice number called            : 37200
application voice number calling           : 37201
application voice setup time               : 37202
application voice call duration            : 37203
application voice rx bad-packet            : 37204
application voice rx out-of-sequence       : 37205
application voice codec id                 : 37206
application voice play delay current       : 37207
application voice play delay minimum       : 37208
application voice play delay maximum       : 37209
application voice sip call-id              : 37210
application voice router global-call-id    : 37211
application voice delay round-trip         : 37212
application voice delay end-point          : 37213
application voice r-factor 1               : 37214
application voice r-factor 2               : 37215
application voice mos conversation         : 37216
application voice mos listening            : 37217
application voice concealment-ratio averag : 37218
application voice jitter configured type   : 37219
application voice jitter configured minimu : 37220
application voice jitter configured maximu : 37221
application voice jitter configured initia : 37222
application voice rx early-packet count    : 37223
application voice rx late-packet count     : 37224
application voice jitter buffer-overrun    : 37225
application voice packet conceal-count     : 37226
flow monitor                               :   143
application http uri statistics            : 42125
flow observation point                     :   138
pfr site source id ipv6                    : 37099
pfr site destination id ipv6               : 37100
network delay sum                          : 37104
network delay sample                       : 37105
pfr counter event error traffic-class miti : 37106
pfr counter event error traffic-class miti : 37107
pfr counter event error traffic-class miti : 37108
pfr site source prefix ipv4                : 37109
pfr site destination prefix ipv4           : 37110
pfr site source prefix ipv6                : 37111
pfr site destination prefix ipv6           : 37112
pfr site source prefix mask ipv4           : 37113
pfr site destination prefix mask ipv4      : 37114
pfr site source prefix mask ipv6           : 37115
pfr site destination prefix mask ipv6      : 37116
connection server counter bytes network lo : 41105
connection client counter bytes network lo : 41106
connection server counter bytes transport  :   232
connection client counter bytes transport  :   231
connection concurrent-connections          : 42018
application transaction counter new        : 42019
connection delay network long-lived to-ser : 42022
connection delay network long-lived to-cli : 42023
connection delay network long-lived client : 42024
connection delay network client-to-server  : 42025
connection delay network to-server num-sam : 42026
connection delay network to-client num-sam : 42027
ipv4 source address nat                    :   225
ipv4 destination address nat               :   226
transport source-port nat                  :   227
transport destination-port nat             :   228
policy firewall class name                 :   100
policy firewall event                      :   233
policy firewall event extended             : 35001
policy firewall event extended description : 35010
policy firewall event timestamp            :   323
policy firewall event level                : 33003
policy firewall event level id             : 33004
policy firewall zone-pair id               : 35007
policy firewall zone-pair name             : 35009
policy firewall incomplete count           : 35012
policy firewall incomplete high-watermark  : 35005
policy firewall incomplete rate            : 35006
policy firewall blackout time              : 35004
policy firewall sessions maximum           : 35008
policy firewall configured value           : 33005
flow class                                 :    51
wireless afd drop packets                  : 41107
wireless afd accept packets                : 41108
wireless afd drop bytes                    : 41109
wireless afd accept bytes                  : 41110
audio rtp packets lost                     : 33050
audio rtp packets expected                 : 33051
audio rtp fwd out-of-sequence sum          : 33052
audio rtp seconds ok                       : 33053
audio rtp seconds concealed                : 33054
audio rtp seconds concealed severe         : 33055
audio rtp jitter ticks                     : 33056
audio g107 impairment                      : 33057
audio g107 lossRate                        : 33058
audio g107 codec baseline                  : 33059
audio g107 codec baseline bpl              : 33060
audio g107 impairment one-way-delay        : 33061
audio concealment ratio now                : 33062
audio concealment ratio minimum            : 33063
audio concealment ratio maximum            : 33064
audio concealment time                     : 33065
audio speech time                          : 33066
audio packets ok                           : 33067
audio packets cs                           : 33068
audio packets scs                          : 33069
audio packets rtp                          : 33070
audio packets silence                      : 33071
audio duration receive                     : 33072
audio duration receive voice               : 33073
audio duration early packet                : 33074
audio duration clock adjust                : 33075
audio duration playout increase            : 33076
audio duration playout decrease            : 33077
audio duration late discard                : 33078
audio frame size                           : 33079
audio frames-per-packet                    : 33080
audio frame arriving times difference      : 33081
audio frame arriving times difference vari : 33082
audio noise level current                  : 33083
audio noise level average                  : 33084
audio noise level minimum                  : 33085
audio noise level maximum                  : 33086
audio noise level configured               : 33087
audio snr current                          : 33088
audio snr average                          : 33089
udio snr minimum                          : 33090
audio snr maximum                          : 33091
audio snr configured                       : 33092
pfr service provider tag identifier        : 37117
pfr label identifier                       : 37118
routing pw destination address             :   432
flow cts switch derived-sgt                : 34004
application traffic-class                  : 45011
application business-relevance             : 45012

リファレンス URL:

NetFlow Services Export Version 9
https://www.ietf.org/rfc/rfc3954.txt

IPFIX関連RFC(一部)
https://tools.ietf.org/html/rfc7011
https://tools.ietf.org/html/rfc7012
https://tools.ietf.org/html/rfc7013

IP Flow Information Export (IPFIX) Entities – IANA.org
https://www.iana.org/assignments/ipfix/ipfix.xhtml

Application Visibility and Control – EzPM設定ガイド
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/avc/configuration/xe-3s/avc-xe-3s-book/avc-ezpm.html

彦根市様 導入事例
http://www.cisco.com/c/ja_jp/solutions/security/case-study/1149-hikone.html

Cisco IOS フル活用への道:第2回 Flexible NetFlow
http://www.cisco.com/c/ja_jp/about/technology-commentary/tech-2010/ios-use-case-flexible-netflow.html

ネットワーク内部を可視化し、異常検出を行うフロー コレクター
http://gblogs.cisco.com/jp/2016/07/flowcollector-for-anomaly-detection/

Cisco IOS を活用した “見える化”の階段
http://gblogs.cisco.com/jp/2013/08/cisco-ios-mgmt-step/

 

Tags:
コメントを書く