当前位置:首页 >> 信息与通信 >>

北电Alteon配置实例


Alteon Intelligent Traffic Management Release 3.1.2 User’s Guide

part number: 216392-B, January 2005

4655 Great America Parkway Santa Clara, CA 95054 Phone 1-800-4Nortel

http://www.nortelnetworks.com

2
Copyright ? 2005 Nortel Networks, 4655 Great America Parkway, Santa Clara, California, 95054, USA. All rights reserved. Part Number: 216392-B. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of non-infringement or the implied warranties of merchantability or fitness for a particular purpose. U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR 2.101 (Oct. 1995) and contains “commercial technical data” and “commercial software documentation” as those terms are used in FAR 12.211-12.212 (Oct. 1995). Government End Users are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct. 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov. 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Nortel Networks, Inc. Alteon, Alteon Application Switch, Alteon Intelligent Traffic Management are trademarks of Nortel Networks, Inc. in the United States and certain other countries. Red Hat and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Any other trademarks appearing in this manual are owned by their respective companies. Originated in the USA. Export This product, software and related technology is subject to U.S. export control and may be subject to export or import regulations in other countries. Purchaser must strictly comply with all such laws and regulations. A license to export or reexport may be required by the U.S. Department of Commerce.

216392-B

3

Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Related Technical Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
What is Alteon Intelligent Traffic Management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Performance Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Deploying Alteon ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Basic Elements of Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Static Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Grouping Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Traffic Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Bulk Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Alteon ITM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Alteon EMS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Alteon EMS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Before You Start Managing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Traffic Flow in ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Application Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Alteon Intelligent Traffic Management User’s Guide

4

Contents

Chapter 2: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Starting the Alteon ITM Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Launching Alteon EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Selecting the Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring ITM to Prevent DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Validating SMTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Checking for New Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Selecting Applications to Classify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Notifying Updated Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Conflicting Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Prioritizing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Configuring Bandwidth Management Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Defining Traffic Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Creating Contract Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Configuring Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Applying and Saving Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Deploying ITM Configuration to Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . 58 Checking Current Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Deleting Existing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Configuring from a Remote Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Determining How to Prioritize Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Chapter 3: Viewing Switch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Viewing Denial of Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Viewing Layer 4 Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Viewing Pattern Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Viewing Real Time Bandwidth Management Statistics . . . . . . . . . . . . . . . . . . . . . . . . 68

Chapter 4: Monitoring Switch Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Monitoring the Forwarding Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Monitoring Session Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Monitoring MP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Monitoring SP-Specific Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 216392-B

Contents Monitoring SP Statistics by Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

5

Chapter 5: Advanced Database Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Database Administration Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Backing Up the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Purging the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Removing Obsolete Contract Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Manually Adding Data to the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Advanced SQL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Connecting to the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Listing Available Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Listing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Viewing Table Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Updating a Contract Name in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Manual Data Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Current Record Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 All Data in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Specific Data in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Chapter 6: Generating Traffic Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
The Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Starting the Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Graphing Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Customizing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Understanding the Graph Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Sample Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Generating Reports Across Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Sample Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Sample 1: Selecting Individual Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Graph Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 CSV Format Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Table Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Sample 2: Selecting Traffic Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Sample 3: Aggregating Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Alteon Intelligent Traffic Management User’s Guide

6

Contents Sample 4: Selecting Multiple Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Sample 5: Summarizing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Sample 6: Displaying Data Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Sample 7: Percent of Inbound Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Sample 8: Graphing Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Sample 9: Stacking Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Sample 10: Measuring Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Sample 11: Selecting Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Sample 12: Selecting Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Sample 13: Generating a Typical Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Sample 14: Generating User Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Chapter 7: Working with Signature Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
What is a Signature File? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Types of Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Pattern Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Application Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Nortel Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 How the Alteon ITM Wizard Reads the XML Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Checking Date of Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Updating the Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Modifying Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Creating Custom Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Before Creating Custom Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Generic Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Sample Custom Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Basic Layer 3 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Basic Layer 4 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Basic Layer 7 Rule (matching a single hex pattern) . . . . . . . . . . . . . . . . . . . . . . 148 Basic Layer 7 Rule (matching multiple hex patterns) . . . . . . . . . . . . . . . . . . . . . . 149 Basic Layer 7 Rule (matching optional hex patterns) . . . . . . . . . . . . . . . . . . . . . 151 Basic Hybrid Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

216392-B

Contents

7

Chapter 8: Troubleshooting Alteon ITM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Before You Start Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Not Receiving User Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Cannot Receive SYSLOG Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Traffic Management Wizard Option Missing . . . . . . . . . . . . . . . . . . . . . . . . . 163 BWM Statistics are not Generated in Real-time . . . . . . . . . . . . . . . . . . . . . . 164 Cannot Connect to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Generating Only Default BWM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Generating Only “Other” BWM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Cannot Generate Traffic Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Excessive Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Statistics not Imported into Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Traffic Reports Display Discards When Rate Limit is not Configured . . . . . . 174 SMTP Field Missing in Alteon EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Graphs Display Straight Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Error on Port Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Security Menu Missing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Rate Limit Policy not Working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Overall Upload Traffic Exceeds Download Traffic . . . . . . . . . . . . . . . . . . . . . 180 Timeout Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Reporting Server Cannot Receive Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 182 Error Message When Installing the Reporting Server . . . . . . . . . . . . . . . . . . 183

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Alteon Intelligent Traffic Management User’s Guide

8

Contents

216392-B

9

Figures
Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Alteon Intelligent Traffic Management Solution . . . . . . . . . . . . . . . . . . . . . 29 Selecting the Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Specify SMTP Host and Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Selecting Applications to Classify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Pre-defined Bandwidth Management Contracts and Policies . . . . . . . . . . 49 Creating a New Contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Customizing Rate Limit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Customizing Traffic Shaping Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Customizing User Rate Limit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Configuring Time Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Configuring Action for Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Bulk Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Monitoring DoS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Viewing Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Pattern Match Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Clearing Bandwidth Management Statistics . . . . . . . . . . . . . . . . . . . . . . . 68 Forwarding Database Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Monitoring Session Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Switch Processor Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 SP Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Reporting Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Understanding the Graph Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Selecting Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Graphing Across Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Sample Report in Standard Graph Format . . . . . . . . . . . . . . . . . . . . . . . 107 Top 5 Inbound Traffic Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 All Inbound Traffic Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Traffic Aggregates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Selecting Multiple Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Before Averaging the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Alteon Intelligent Traffic Management User’s Guide

10

Figures Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 After Averaging the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Data Points on Inbound Traffic for Application 3 . . . . . . . . . . . . . . . . . . . 115 Relative Graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Applications Not Stacked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Stacking by Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Stacking Applications with Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Measuring Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Selecting Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Selecting Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 A Typical Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Top User Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Configuring a User Report for a Specific User . . . . . . . . . . . . . . . . . . . . 129 All Inbound Applications for User XYZ . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Working with the XML Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Signature File Dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Default Contract Gets All the Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Default Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Sum of Reserve Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Alteon EMS Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

216392-B

11

Tables
Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Table 15 Table 16 Table 17 Table 18 Table 19 Traffic Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 References to Install Hardware and Software Components . . . . . . . . . . . 22 Traffic Management Policies and Description . . . . . . . . . . . . . . . . . . . . . . 26 Alteon ITM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 DOS Attacks Supported on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Information on the Displayed Applications . . . . . . . . . . . . . . . . . . . . . . . . 45 Defining Policies for BWM Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Inbound and Outbound Action for Time Policies . . . . . . . . . . . . . . . . . . . . 56 Monitoring Alteon ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Session Capacity for Application Switches . . . . . . . . . . . . . . . . . . . . . . . . 72 Reporting Menu Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Graphing Menu Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Graph Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Sample Report in Table Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Elements of a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Rule Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Generic Syntax Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Forcing Switch to Mail Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Alteon Intelligent Traffic Management User’s Guide

12

216392-B

13

Preface
This User’s Guide describes how to use the Alteon Intelligent Traffic Management (ITM) solution to control traffic traversing the Alteon Application Switches. This document describes the features and components of the Alteon ITM solution, how to configure bandwidth management contracts and policies using the Alteon Element Management System (EMS) graphical user interface, and monitor traffic by generating reports.

Alteon Intelligent Traffic Management User’s Guide

14

Preface

Related Technical Manuals
You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortelnetworks.com/documentation URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe Acrobat Reader to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at the www.adobe.com URL to download a free copy of the Adobe Acrobat Reader. Related publications for this manual are listed below: ? ? ? ? ? ? Alteon Intelligent Traffic Management Installation Guide (part number 216391-B) Alteon EMS 3.1.2 Online Help (part number 216514-C) Using Alteon EMS 3.1.2 (part number 216515-C) Alteon Application Switch 22.0.2 Hardware Installation Guide (part number 315396-E) Alteon Application Switch 22.0.2 Application Guide (part number 315394-J) Alteon Application Switch 22.0.2 Command Reference (part number 315393-J)

216392-B

Preface

15

Before You Begin
This guide is intended for network administrators with the following background: ? ? ? ? Basic knowledge of networks, Ethernet bridging, and IP routing Familiarity with networking concepts and terminology Experience with windows and graphical user interfaces Basic knowledge of network topologies

Before using this guide, you must complete the following: 1 2 3 4 Install the application switch (see the installation guide that came with your switch). Connect the switch to the network. Refer to the Alteon ITM Installation Guide and install the Alteon ITM software. Refer to this guide to configure and use Alteon ITM software.

Alteon Intelligent Traffic Management User’s Guide

16

Preface

How to Get Help
If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Nortel Networks service program, contact one of the following Nortel Networks Technical Solutions Centers:

Technical Solutions Center Europe, Middle East, and Africa

Telephone 00800 8008 9009 or +44 (0) 870 907 9009 (800) 4NORTEL or (800) 466-7835 (61) (2) 9927-8800 (800) 810-5000

North America Asia Pacific China

Additional information about the Nortel Networks Technical Solutions Centers is available from the www.nortelnetworks.com/help/contact/global URL. An Express Routing Code (ERC) is available for many Nortel Networks products and services. When you use an ERC, your call is routed to a technical support person who specializes in supporting that product or service. To locate an ERC for your product or service, go to the http://www.nortelnetworks.com/help/contact/ erc/index.html URL.

216392-B

17

Chapter 1 Overview
This section explains the features and components of the Alteon Intelligent Traffic Management solution.

Select a Topic
? ? ? ? ? ? ? ? ? “What is Alteon Intelligent Traffic Management?” on page 18 “Features” on page 19 “Deploying Alteon ITM” on page 20 “Hardware and Software Requirements” on page 22 “Basic Elements of Traffic Management” on page 23 “Before You Start Managing Traffic” on page 32 “Alteon ITM Components” on page 29 “Traffic Flow in ITM” on page 33 “Application Signature” on page 34

Alteon Intelligent Traffic Management User’s Guide

18

Chapter 1: Overview

What is Alteon Intelligent Traffic Management?
Alteon Intelligent Traffic Management (ITM) is a solution to help you control network traffic traversing the Alteon Application Switch. The Alteon Intelligent Traffic Manager is a very robust, reliable and flexible traffic manager that inspects IP traffic at all layers and accurately identifies traffic enabling you to implement policies on the classified traffic. Alteon ITM does much more than allow or deny application traffic. It can detect, rate limit, deny, or shape all application traffic including peer-to-peer applications as well as network-based worms and viruses. Alteon ITM uses the following resources to manage application traffic: ? Flexible deep packet inspection Looking for simple or complex pattern or groups of patterns in variable locations in an IP packet. Tracking sessions Inspecting traffic based on flow Collecting data and generating reports

? ? ?

True synergy for Intelligent Traffic Management is achieved by combining the following attributes—IP flow based inspection, pattern-based recognition, policy enforcement, and reporting into a cohesive system.

Performance Enhancement
This release of Alteon ITM provides significant improvement in performance because only one side of the communication needs to be processed as opposed to the earlier method where both directions were processed. The larger the filter list, the larger the impact on performance. To avoid inspecting traffic in both directions, this feature allows the switch to arbitrarily create the session entry in the opposite direction the traffic was classified on. In this implementation, a “Reverse Contract” association is supplied and the returning traffic is classified into a different contract than configured on the ingress filter, so you can exercise granular control over the application, such as applying different policies for ingress and egress traffic.

216392-B

Chapter 1: Overview

19

Features
Alteon Intelligent Traffic Management provides flexibility and choice for managing all types of traffic: ? ? ? ? ? ? ? ? Allow traffic Deny traffic Rate limit traffic Shape traffic Redirect traffic Generate detailed traffic reports and trends Change Differentiated Services Code Point (DSCP) value Classify non-IP traffic

For example, ITM can combine and enforce the following basic functions, regardless of the layer 4 port the application is running on: ? ? ? ? ? ? ? ? ? ? Automatic Signature updates Allow HTTP Deny peer-to-peer uploads Rate limit peer-to-peer downloads User rate limit traffic (based on source or destination IP address) Share bandwidth among contracts Configure time policies for contracts Allow Instant Messaging chat Deny Instant Messaging file transfers Guarantee Voice over Internet Protocol (VoIP) traffic

Alteon Intelligent Traffic Management User’s Guide

20

Chapter 1: Overview

Deploying Alteon ITM
The following identifies the capabilities of Alteon ITM and how it can be deployed in your network: ? ? ? ? ? ? ? ? Combat high-profile network worms and viruses. Alteon ITM has the ability to stop the worms without stopping valid application traffic. Identify and deny dynamic, port-hopping peer-to-peer applications used in the Enterprise network, or rate limit these applications in provider networks. Prevent Spyware applications from sending critical corporate data back to its recipient. Specify different enforcement policies based on time of day. Create a contract group and share bandwidth among contracts. Shape and prioritize critical business application traffic, so that it is not impacted when a new worm attacks the network. Deploy Alteon ITM configuration to multiple switches simultaneously. Monitor all applications and network traffic to facilitate network and application planning initiatives.

Table 1 shows that Alteon ITM is more than just a peer-to-peer traffic manager.

Table 1 Traffic Management Features
Features Rate Limiting Description Limits bandwidth for a specific traffic class. Rate limiting performs a hard discard of the traffic as soon as the limit is reached. Rate limiting is efficient if you have 25% or less discards in your traffic. Shapes (smooth) traffic for a given traffic class. Traffic shaping should be used when you have more than 25% discards or you have an application that does not respond well to discards. Limits bandwidth for specific users. You can define user rate limit based on source or destination IP address. Generate traffic reports and analyze the captured data. Change the priority of the packet. Allows you to reduce load from firewalls by providing policies for well known DoS attacks (Land, Smurf, Fraggle, Jolt, Blat, and so on)

Traffic Shaping

User Rate Limit Data Capture and Analysis Packet Remarking DoS Mitigation

216392-B

Chapter 1: Overview Table 1 Traffic Management Features
Features Emergency Virus Response Custom Policy Support Custom Application Support Description Deny CODE RED, NIMBDA, MSBlast, and other high profile viruses in real-time. Allows you to configure policy attributes such as buffer limits (hard, soft, and reserved limit) or enable TCP Window Resizing. Allows you to add or remove any detectable application. Not limited to Nortel or industry-defined applications.

21

Alteon Intelligent Traffic Management User’s Guide

22

Chapter 1: Overview

Hardware and Software Requirements
Alteon ITM requires the following hardware and software:
Table 2 Hardware and Software Requirements
Hardware Alteon Application Switch 2208, 2216, 2224, 2424, 2424-SSL, 3408, or 3416 Software Alteon OS 22.0.2 or higher ? ITM License Key1 or ? Bandwidth Management License Key and Security License Key ? ? ? Linux Red Hat 8.0 or 9.0 server with GNUPlot, MYSQL, SMTP, and PERL Alteon Element Management System (EMS) Client Software 3.1.2 or higher3 Alteon EMS Server

Server class workstation with network connectivity and at least 128 MB RAM and 4.0 GB hard disk for basic application reporting.2

1 The part number for the ITM license key is EB1411015. 2 For user reporting, you need at least a 2 GHz or higher processor, 1 GB RAM, and 120 GB hard disk. 3 For this release of Alteon Intelligent Traffic Management, it is recommended to install the Alteon EMS and the Alteon EMS Server on the same Linux server.

Refer to the table below for more information on installing the other components to set up ITM:
Table 3 References to Install Hardware and Software Components
To install the Alteon Application Switch Alteon OS software and for information on bandwidth management contracts and policies Linux Red Hat and Alteon EMS Server software Alteon EMS client software See Alteon Application Switch Hardware Installation Guide Alteon Application Switch 22.0.2 Application Guide Alteon Intelligent Traffic Management Installation Guide Alteon EMS 3.1.2 Install Guide on the Alteon EMS CD

216392-B

Chapter 1: Overview

23

Basic Elements of Traffic Management
The basic physical elements of Alteon ITM are Filters, Contracts, and Traffic Policies. The logical elements—application signatures, rules, patterns, and pattern groups are explained in Chapter 7, “Working with Signature Files,” on page 131.

Filters
The basic unit of traffic classification is the filter. Layer 2 to 7 filters are used to define an application. Filters are used to configure as simple as a well-known Layer 4 port or as complex as a number of hexadecimal patterns. Layer 7 filters (usually needed to detect complex application patterns) make reference to a series of strings or patterns to identify traffic at an application level.

Contracts
A contract is used to group one or more applications. Filters are used to associate an application to a contract. A contract distinctly identifies a particular application (or group of applications). Note: It is also possible to classify traffic and to create contracts without the use of filters, for example, based on physical port, VLAN, and so on. However, this method is not typically used for advanced traffic control, because it does not provide enough application information. A bandwidth management contract is an entity that stores the traffic details for classified traffic. These contracts can be as specific or as broad as you require. For example a single contract can be used to store traffic data from all peer-to-peer applications or each application could get its own contract, so that they can be controlled individually. Applications can be segmented and assigned as many contracts as needed, such as a contract for inbound control traffic, another contract for inbound payload traffic as well as two more contracts for corresponding outbound traffic. This offers the most flexibility as it allows the different traffic types to be treated separately. However, contracts are a limited resource so they should be used wisely.
Alteon Intelligent Traffic Management User’s Guide

24

Chapter 1: Overview

Typically, two contracts are assigned per application or per group of applications to control outbound and inbound traffic. Additional contracts are required if the desired policy is to deny traffic in one direction only. To support this you require a contract for inbound control, inbound data, outbound control and outbound data. For example, when you apply deny to outbound traffic, you would apply it only to outbound data and not outbound control. Denying outbound control would result in denying inbound traffic because any packet acknowledgements heading outbound would be denied.

Static Contracts
Contracts are dynamically created and are dynamically assigned internal identifiers. Some third party applications however, may require fixed identifiers to reliably locate these resources. If this is a requirement for your implementation then you can create a static mapping of Contracts to Identifiers. The dm_ui.properties file under /AlteonEMS/properties folder contains
ITMContractIndexFilename=tm.contractindex

which specifies that static contract indexes may be enforced. To implement static contracts, uncomment the above line and create a contractindex.properties file in the tm directory. The file would contain for example,
OTHER_IN=1

which means contract OTHER_IN has an index 1. This allows the third-party application to use SNMP instances instead of contract names to identify the contract statictics.

216392-B

Chapter 1: Overview

25

Grouping Contracts
Alteon Intelligent Traffic Management in Alteon OS 22.0.2 introduces the concept of multi-tiered contracts. In earlier Alteon Intelligent Traffic Management releases, a single level bandwidth management contract was used to manage bandwidth on an Alteon Application Switch. BWM contract groups can now be configured to aggregate contract resources and share unused bandwidth within the contract group. A group level contract should contain two or more individual contracts. You can configure up to 32 groups (16 IN- and 16 OUT- contract groups) and up to 8 contracts per group. Based on how much traffic is sent in each contract in the group, the hard limits of the contracts is adjusted proportionately to their share in the group. For example, a group level contract is configured with four individual contracts with rate limits of 10, 20 , 30 and 40 Mbps each. Together, the total rate limit of the member contracts is 100 Mbps. If a particular contract is not using its full bandwidth allocation, the switch will re-allocate the bandwidth to the other members of the contract group by polling bandwidth statistics every second, and re-calculating the bandwidth allocation. For more information on grouping contracts, see Alteon OS 22.0.2 Application Guide.

Traffic Policies
Policies are applied to a contract. A policy is a bandwidth management profile defining an action (monitor, deny, prioritize and so on) on the traffic. A policy can be applied to one or more contracts simultaneously. All traffic within the same contract will have the same traffic policy enforced. If this is not the desired result, then multiple contracts are required. Table 4 describes the supported policies in Alteon ITM. When policy enforcement is enabled, the default policy specifies a hard limit of 1000M, soft limit of 1000M, reserved limit of 0K, and user rate limit of 1000M.

Alteon Intelligent Traffic Management User’s Guide

26

Chapter 1: Overview

Table 4 Traffic Management Policies and Description
Policy Monitor Description Monitors a traffic class. This means no policy is enforced. Instead, the switch gathers statistics on the traffic class, allowing you to analyze traffic and generate reports. NOTE: The monitor mode does not apply to user-based policies. To generate monitor statistics per user, enable user limiting and set both the hard limit and user limit to 1000M. Technically this is a policy and it is defined as full speed so no traffic is discarded. Limits available bandwidth for a complete aggregate “traffic class” (as identified by the contract). For each contract, a maximum rate is defined in Kbps or Mbps, called Hard Limit. You can configure rate limit starting at 0 Kbps with a granularity of 1 Kbps. These actions can be applied independently for inbound and outbound traffic. Drops a traffic class. This is achieved by using a rate limit policy (Hard Limit ) of 0 Kbps. Provides more granularity by limiting bandwidth for each user session or flow within a traffic class. This policy allows you to specify the maximum bandwidth for each user and for each application. This is a sub policy that is based on Rate Limit (not traffic shaping). A “User Table” is created for each contract. The switch then creates an entry in the “User Table” for each IP address within the traffic class. The User Rate Limit policy limits each individual session based on source or destination IP address, and traffic class. Guarantees a specified amount of bandwidth reserved for exclusive use of a traffic class. If there is no traffic of this type present, then bandwidth can be used for other traffic classes. Reserve is a sub-policy that can apply to both Rate Limit and Traffic Shaping policies Shapes (smooth) traffic for a given traffic class starting at 64K with 1K increments. The traffic shaping process starts once the target soft limit is reached, so the application has a chance to slow down before Alteon ITM starts discarding packets. Reduces the size of the TCP Window for TCP applications resulting in the applications reducing their traffic rates rather than the switch forcing discards. This is a sub policy that is based on Rate Limit or Traffic Shaping. Marks a traffic class with a particular DCSP code to apply a certain level of QoS to the class. Redirects traffic based on Layer 2 to 4 attributes. Custom rules can be created to redirect traffic based on these attributes.

Rate Limit

Deny User Rate Limit

Reserve

Traffic Shaping

TCP Window Resize

Prioritize Redirect

216392-B

Chapter 1: Overview

27

For your convenience, the most common policies are predefined in Alteon ITM and are referred to as Actions (see Table 8 on page 51). For more information on rate limiting, traffic shaping, and user limits see the Alteon Application Switch Application Guide.

Time Policies
Alteon ITM allows you to configure two time policies for each contract. For example, you can specify Time Policy 1 for time period 8 am to 5 pm and Time Policy 2 for time period 5 pm to 11 pm. In addition to the two configurable time windows, Alteon ITM supports a third default time window (time not covered by the defined time windows) which is always present and enabled. The policy assigned to the default time period is the one assigned to the entire contract. For more information on time policies, see “Configuring Time Policies” on page 55.

Alteon Intelligent Traffic Management User’s Guide

28

Chapter 1: Overview

Bulk Provisioning
Bulk provisioning allows you to deploy ITM configuration to multiple switches simultaneously. Alteon ITM allows you to push down the ITM configuration with identical rule sets. To enable bulk provisioning you must first connect to each switch using ITM Wizard, select the IN and OUT ports, and save the configuration. For more details, refer to “Deploying ITM Configuration to Multiple Switches” on page 58.

216392-B

Chapter 1: Overview

29

Alteon ITM Components
Alteon ITM is comprised of three distinct components as shown in Figure 1— policy module, processing module, and reporting module. The processing module runs on the Alteon Application switch, while the policy and reporting modules run on the Linux based Alteon EMS Server.
Figure 1 Alteon Intelligent Traffic Management Solution

Table 5 describes the task of each component.

Alteon Intelligent Traffic Management User’s Guide

30

Chapter 1: Overview

Table 5 Alteon ITM Components
Components Processing Module Description The Alteon Application Switch is responsible for ? inspecting the application packet or flows ? classifying the application traffic ? enforcing the desired policies This module called Alteon EMS (Element Management System) includes a Traffic Management Wizard to configure traffic classification and bandwidth management policies. To use ITM, it is recommended to run the EMS module on the same server as the Reporting module. This module generates traffic reports by application. It runs on the Linux server.

Management Module

Reporting Module

As shown in Figure 1, the following tasks are performed in this order: 1 2 The management module creates bandwidth management policies using the Traffic Management Wizard in Alteon EMS. The processing module inspects, classifies, and applies polices to application traffic traversing the switch. The processing engine also captures data statistics and sends these statistics to the Reporting module for long-term data collection and reporting. The reporting module graphs the data from the database. It is capable of storing data from multiple switches concurrently.

3

216392-B

Chapter 1: Overview

31

Alteon EMS Client
Alteon Element Management System (EMS) provides a graphical user interface for managing Alteon switches with Simple Network Management Protocol (SNMP). It also allows you to monitor operational values of the switches (both historical and real time) and graph them. Refer to the Using Alteon EMS 3.1.2 document for an overview of how to use Alteon EMS.

Alteon EMS Server
Alteon EMS Server runs on a Linux server hosting the database for Alteon Intelligent Traffic Management. In this release of the Alteon Intelligent Traffic Management, it is recommended to install the Alteon EMS Server and the client on the same Linux server.

Alteon Intelligent Traffic Management User’s Guide

32

Chapter 1: Overview

Before You Start Managing Traffic
Before you start actively managing network traffic, do the following: 1 Run the Traffic Management Wizard to monitor a manageable group of traffic over a period of time. Monitor the environment in groups of 25 applications or less, consisting of Layer 2 to 7 applications to construct a proper baseline. Generating this baseline in an orderly way provides details on the popularity of each classified application. Monitor the unclassified traffic to identify the popular applications on the network. Monitoring applications that rarely occur is inefficient and consume too much processing power. Use the Alteon Traffic Management Reporting tool to graph application traffic. (See Chapter 6, “Generating Traffic Reports,” on page 91.) 2 Analyze the data in your report and determine what action to take on the trouble spots. Determine the traffic you want denied on your network and the traffic that you want rate limited on your network. 3 Start the Traffic Management wizard to classify the traffic as described in the section “Starting the Alteon ITM Wizard” on page 36. Monitor applications that commonly appear and prioritize them appropriately. Prioritizing applications improves efficiency and switching performance. 4 Run the Reporting tool again to verify if the policies are being enforced. It is recommended to constantly run reports as application trends and network traffic change over time (even short periods of time). An application that was very common last month may not be as popular this month and its priority should be maintained accordingly to ensure the most efficient operation of the switch.

216392-B

Chapter 1: Overview

33

Traffic Flow in ITM
In its simplest form, a group of packets (called a flow) traverses the application switch. As these packets within the flow pass through the application switch, they are inspected for unique application signatures. These signatures can be as simple as a well-known Layer 4 port or as complex as a number of hexadecimal patterns scattered throughout the packet. If a match occurs during the inspection process, the flow is said to be classified. From this point forward no further packets within the flow requires inspection. Now that the traffic flow is classified, the application switch can control the remainder of the flow and use ITM to manage the traffic. Traffic Management includes many options of which the most common are: 1 2 3 Monitor the traffic by maintaining per second byte counts (which can be sent to a reporting server). Impose a defined rate limit on the traffic as well as maintain the byte counts. Deny the traffic.

As stated earlier, each flow must be inspected but not each packet within the flow. This is done by maintaining the state of each session. Deep packet inspection can involve looking for a single character at an exact location in a packet, to looking for a more complex pattern or groups of complex patterns that can occur in a variable location in a packet. While inspecting a packet for a pattern, the switch attempts to match each pattern one at a time sequentially, and will stop at the first complete match. For this reason, the most popular and efficient patterns should take precedence over lesser used patterns to sustain processing efficiency. Precedence is achieved simply by placing the more popular rules higher in the list in the Traffic Management Wizard (see “Prioritizing Applications” on page 48.)

Alteon Intelligent Traffic Management User’s Guide

34

Chapter 1: Overview

Application Signature
An application signature is one or more attributes that accurately defines an application. Application signatures can include Layer 2 through 7 attributes. Application signatures are obtained from a number of sources including third party virus and IDS vendors, in-house development, existing customers sharing signatures for the common good as well as independent project working groups and organizations. Nortel Networks provides and validates application signatures on an on-going basis. Applications are constantly added and are available for download from http://www130.nortelnetworks.com/itm/signatures.xml. For more information on automaticaly updating the application signature file, see “Updating the Signature File” on page 139. Alteon ITM currently supports the classification of hundreds of applications and protocols including the most popular applications from the following segments: ? ? ? ? ? ? ? ? Peer to Peer Applications Network Gaming Instant Messaging Core Business Applications Email Applications Security Protocols Networking Protocols Worms and Viruses

For more information on writing rules to recognize applications, see “Creating Custom Application Rules” on page 141.

216392-B

35

Chapter 2 Getting Started
This section explains the initial tasks that need to be done to get the Alteon ITM solution up and running and basic tasks that you do using the Traffic Management Wizard.

Select a Topic
? ? ? ? ? ? “Before You Begin” on page 36 “Starting the Alteon ITM Wizard” on page 36 “Checking Current Configuration” on page 60 “Deleting Existing Configuration” on page 60 “Configuring from a Remote Client” on page 61 “Determining How to Prioritize Applications” on page 61

Alteon Intelligent Traffic Management User’s Guide

36

Chapter 2: Getting Started

Before You Begin
Before you start using the Alteon Intelligent Traffic Management solution, make sure the hardware and software components are installed. For more information on the hardware and software requirements, see “Hardware and Software Requirements” on page 22. If you are using the previous version of Alteon ITM with AOS 21.0.4 and EMS 3.0.1, then you must first upgrade to AOS 22.0.2 and EMS 3.1.2 before you start configuring Alteon ITM. Note that the previous release of the Application switch software, AOS 22.0.1 and EMS 3.1.0 does not support Alteon ITM.

Starting the Alteon ITM Wizard
Alteon EMS 3.1.2 provides an easy to use wizard to manage the Intelligent Traffic Management solution. This wizard helps you assign and prioritize application rules as well as define and assign the required traffic enforcement policies. The ITM wizard allows you to classify the traffic by application. Once classified, this traffic can then be monitored, rate limited or simply denied altogether. Note: You must use the Alteon EMS Traffic Management Wizard to classify the traffic, even though it can be done using the Command Line Interface (CLI) and the Browser-Based Interface (BBI). Configuring Alteon ITM involves: 1 2 3 4 5 6 7
216392-B

“Launching Alteon EMS” on page 38 “Selecting the Physical Ports” on page 39 “Configuring ITM to Prevent DoS Attacks” on page 41 “Validating SMTP Settings” on page 42 “Checking for New Signature File” on page 43 “Selecting Applications to Classify” on page 44 “Configuring Bandwidth Management Contracts” on page 49

Chapter 2: Getting Started

37

8 9

“Defining Traffic Policies” on page 51 “Creating Contract Groups” on page 54

10 “Configuring Time Policies” on page 55 11 “Applying and Saving Your Configuration” on page 57 12 “Deploying ITM Configuration to Multiple Switches” on page 58

Alteon Intelligent Traffic Management User’s Guide

38

Chapter 2: Getting Started

Launching Alteon EMS
From the client workstation where you installed Alteon EMS, do the following: 1 Launch Alteon EMS by clicking on the Alteon EMS icon.

2

Select the switch to manage traffic. If your switch does not appear in the left column (tree hierarchy), then select Alteon > Open and in the Device Name field enter the IP address (or DNS name) of your switch. Click on the folder icon (Open) to close the dialog box. For more information on how to connect to a switch from Alteon EMS, see Installing Alteon EMS 3.1.2 document on the Alteon EMS CD.

3

Select Switch > Configure > Traffic Management Wizard menu option. The screen shown in Figure 2 is displayed.

Note: In EMS 3.1.2, you can open an ITM wizard per switch.

4

Continue with configuring Alteon ITM by proceeding to the next step, Selecting the Physical Ports.

216392-B

Chapter 2: Getting Started

39

Selecting the Physical Ports
If you are configuring Alteon ITM for the first time and if trunks are not configured on the switch, then the screen shown in Figure 2 is displayed.
Figure 2 Selecting the Physical Ports

1

Select the ports for the inbound and outbound traffic. Click the browse button to display the list of ports. You can select one or more ports from the list. If trunks are currently configured on the switch, you can browse for trunks or ports. Trunks are later converted to ports, based on the ports associated to the trunk.

Alteon Intelligent Traffic Management User’s Guide

40

Chapter 2: Getting Started

2

Continue with the next step, Configuring ITM to Prevent DoS Attacks.

216392-B

Chapter 2: Getting Started

41

Configuring ITM to Prevent DoS Attacks
You can configure the switch to prevent common Denial of Service (DoS) attacks such as smurf and nullscan. To turn on the DoS attack prevention feature, enable Denial of Service Attack on the ports as shown in Figure 2 on page 39. This enables the switch to deny common predefined attacks, such as Smurf, Fraggle and so on. Here are some details on the embedded DoS attacks supported on the switch:
Table 6 DOS Attacks Supported on the Switch
Smurf LandAttack Fraggle Nullscan Xmascan ScanSynFin PortZero Blat

ICMP ping request to a broadcast destination IP (x.x.x.255)
Packets with source IP equal to destination IP UDP packet sent to a broadcast destination IP (x.x.x.255) TCP sequence number is zero and all control bits are zeros TCP sequence number is zero and the FIN, URG and PSH bits are set SYN and FIN bits are set in the packet TCP/UDP Packets whose source or destination port is zero TCP packets with SIP!=DIP and SPORT=DPORT

Proceed to the next step, Validating SMTP Settings.

Alteon Intelligent Traffic Management User’s Guide

42

Chapter 2: Getting Started

Validating SMTP Settings
SMTP is used to transfer statistics on application usage to the reporting server. User data is transmitted to the reporting server by using a TCP socket. Application usage statistics is a pre-requisite for obtaining user statistics, so that means that SMTP settings must be accurate in order to receive user statistics. To validate SMTP settings check the Validate data archival and collection settings option in Figure 2 on page 39. If validation for SMTP host and username fails, then Figure 3 is displayed.
Figure 3 Specify SMTP Host and Username

Specify data in both fields. The SMTP user name must begin with itm@. To enable the collection of data for reporting purposes, you are prompted to enter the SMTP host and user name. To determine the appropriate SMTP host and user name, run the validation script on the reporting server at /var/www/html/itm/bin/validate. Step 6 of the validation script provides the SMTP host and user name. Refer to the Alteon ITM Installation Guide for information on SMTP host and user name. The prompt to validate data archival and collection settings appears again if you enter an invalid SMTP host and user name. Enter valid data or select Cancel to proceed without making any SMTP changes. Proceed to the next step, Checking for New Signature File.

216392-B

Chapter 2: Getting Started

43

Checking for New Signature File
This feature compares the current signature file with the signature file posted on the Nortel web site and automatically updates the installed signature file. To allow the ITM Wizard to check for automatic updates of the the Signature file, enable the Check for New Signature file over network option (see Figure 2 on page 39).

Note: If an existing configuration is detected (for example, non-ITM filters), then you can decide if you want the wizard to automatically remove the filters from the ports (Alteon ITM does not delete the filters). Select Next to go the next page of the ITM wizard and proceed to the next step, Selecting Applications to Classify. For more information on updating the Signature file, see “Updating the Signature File” on page 139.

Alteon Intelligent Traffic Management User’s Guide

44

Chapter 2: Getting Started

Selecting Applications to Classify
The available list shown in Figure 4 is populated with all the applications specified in the Nortel supplied and user-defined (if it exists) XML files.
Figure 4 Selecting Applications to Classify

Right-click on an application to display a description of the application. Applications that require an explanation are provided with a description. The description is retrieved from the XML files. For more information on XML files, see Chapter 7, “Working with Signature Files,” on page 131. Applications that were previously selected are populated in the selected list. These applications are removed from the available side. Applications are moved between lists by double clicking on the selected applications or by clicking the Add or Remove buttons. Layer 2 through 4 filters are the most efficient while Layer 7 filters are the most taxing on the switch.
216392-B

Chapter 2: Getting Started

45

Refer to Table 7 for more information on the applications displayed in Figure 4 on page 44:
Table 7 Information on the Displayed Applications
If an Application is Displayed in red in the Available list Displayed in blue in the Available list Placed at the end of the Selected list See “Notifying Updated Applications” on page 46 “Conflicting Applications” on page 47 “Prioritizing Applications” on page 48

Select Next to proceed to the next page of the ITM wizard.

Alteon Intelligent Traffic Management User’s Guide

46

Chapter 2: Getting Started

Notifying Updated Applications
When new signature files are downloaded it is possible for applications to require updating. Any application that is different from a previous version of the signatures file will appear red in the available list, but only if that application is currently applied. If the modified rule is not currently applied then the rule is automatically updated when the new signature is downloaded. It is recommended to scan through the list of available applications (Figure 4 on page 44) after new signature downloads to see if any rules have been modified. If any rules have been modified then they should be selected so that the appropriate modifications to the rule can be applied to the switch. Select the modified rule(s), update any actions and policies if necessary and apply and save the configuration for the updated rules to immediately take effect.

216392-B

Chapter 2: Getting Started

47

Conflicting Applications
When applying rules with exclusions, the ITM wizard notifies you on the rules that are excluded.Typically, hybrid rules are a superset of other rules, so to prevent conflicts, some applications shouldn’t be selected when using applications with Rule exclusion. Applications with exclusion rules appear in blue (Figure 4 on page 44). This tells you which applications conflict with other rules if they are configured together. If you choose an application that excludes other applications that you have chosen, only one of them is configured. Applications are removed automatically depending on which application has higher precedence. An application in higher precedence takes priority over a lower precedence application that tries to exclude it.

Alteon Intelligent Traffic Management User’s Guide

48

Chapter 2: Getting Started

Prioritizing Applications
The order on the selected side (see Figure 4 on page 44) implies priority. One or more applications can be selected and moved up or down in priority by using the up and down buttons. To manage traffic efficiently, heavily used applications must be at the top of the list and lesser used applications at the bottom of the list.

Caution: If you selected more than 25 applications, you may see degradation in performance. Alteon ITM can support hundreds of applications if you apply the rules efficiently. However, if the list is filled with applications that rarely appear and are not prioritized properly, then it is recommended to have 25 applications or less.

Note: The OEM-L7 HTTP application however, is placed at the end of the list to force the precedence of this application to be last. This application is placed at the bottom of the list to prevent mis-classification of the HTTP protocol. Many applications use the HTTP protocol, so if HTTP L7 is placed above another application that uses the HTTP protocol, it will be classified as HTTP rather than the desired application. Proceed to the next step, Configuring Bandwidth Management Contracts.

216392-B

Chapter 2: Getting Started

49

Configuring Bandwidth Management Contracts
Figure 5 shows the Bandwidth management contract relationship with the Applications (rules) in a hierarchical tree form. Applications can be dragged and dropped from one contract to another. Click on the Expand All button to see the Applications (rules) sharing the contract. When the same application is displayed under different contracts, it shows that different parts of the applications are affected in different contracts. To reassign applications to a different contract simply select one or more applications (use the CTRL or SHIFT key to select multiple applications) and then drag those applications over top of the destination contract name or any applications within that contract.If you wish to move all applications from a contract you must select all the applications and drag them.
Figure 5 Pre-defined Bandwidth Management Contracts and Policies

You can create a new contract by clicking on Add Contract in Figure 5. The new contract window is displayed as shown in Figure 6.

Alteon Intelligent Traffic Management User’s Guide

50

Chapter 2: Getting Started Figure 6 Creating a New Contract

The ITM wizard allows you to drag and drop an existing application to the new contract. Contracts that have no applications under them are not saved as this would unnecessarily consume a contract resource.

Note: The new application with the changed contract information is saved in the current.xml file. For more information on xml files, see Chapter 7, “Working with Signature Files.” To revert to the old application, you must run the wizard and remove the modified application. Then rerun the wizard and add back the application. If contracts have been created outside of the ITM wizard environment such as the CLI, EMS, or the Web UI, then the wizard will overwrite contracts with the same name. Proceed to the next step, Defining Traffic Policies.

216392-B

Chapter 2: Getting Started

51

Defining Traffic Policies
Define traffic policies for the BWM contracts. Left-click on the Action column in Figure 5 on page 49 and select one of the policies. The possible actions to choose for a policy on a contract are defined in the following table (additional concepts on traffic policies are provided in Table 4 on page 26):

Table 8 Defining Policies for BWM Contracts
Policy Monitor Description (default) Inspects all traffic for reporting. NOTE: The monitor mode does not apply to user-based policies. To generate monitor statistics per user, enable user limiting and set both the hard limit and user limit to 1000M. Technically this is a policy and it is defined as full speed so no traffic is discarded. Creates a policy to limit the application to the stated limit. Rate Limiting performs a hard discard of the traffic as soon as the limit is reached. It is recommended to use this type of policy anytime that you wish to reduce the traffic by up to 25% Creates a policy with a rate limit of 0 K. Uses buffers and queues to smooth the traffic. Use this policy type for positive enforcement, for example, to guarantee critical traffic. Traffic shaping is CPU intensive and should be selected in the following scenarios: ? If you are discarding more than 25% of the application traffic ? Applications that do not respond well to rate limiting Creates a policy to limit classified traffic by user. User limits are defined based on source or destination address. Typically, source IP address is used for traffic uploads and destination IP address is used for all other traffic.

Rate Limit

Deny Traffic shaping

User Rate Limit

For more information on these policies, refer to “Traffic Policies” on page 25. To customize your Rate Limit, Traffic Shaping, and User Limit policies, select the policy and modify the parameters. Figure 7, Figure 8, and Figure 9 show the basic and advanced dialog boxes to customize Rate Limit, Traffic Shaping, and User Limit policies.
Alteon Intelligent Traffic Management User’s Guide

52

Chapter 2: Getting Started

Customizing Rate Limit: Allows you to change the Hard Limit.
Figure 7 Customizing Rate Limit Policy

Customizing Traffic Shaping: Allows you to change the Hard, Soft, and Reserved Limits.
Figure 8 Customizing Traffic Shaping Policy

Customizing User Rate Limit: Allows you to change the Hard and User Limits and user address type.

216392-B

Chapter 2: Getting Started Figure 9 Customizing User Rate Limit Policy

53

For more information on bandwidth management contracts and policies, see the Alteon Application Switch Application Guide. Proceed to the next step, Creating Contract Groups.

Alteon Intelligent Traffic Management User’s Guide

54

Chapter 2: Getting Started

Creating Contract Groups
This step is optional. Select the Contract Group icon (see Figure 5) to consolidate multiple contracts into a single group. Enter the Contract Group name and the newly created Contract Group is displayed along with the other contracts and applications with the icon denoting that it is a Contract Group. To populate the contract group select contracts one at a time and drag and drop the contracts over the Contract Group. You create a contract group to share the bandwidth among contracts. A contract group can hold up to 8 contracts. A contract group is always created in pairs, an IN_bound contract and an OUT_bound contract. The in-bound contracts are added to the IN_bound contract group and the out-bound contracts are added to the OUT_bound contract group. You can create up to 16 pairs of contract groups. For more information on contract groups, see “Grouping Contracts” on page 25. Proceed to the next step, Configuring Time Policies.

216392-B

Chapter 2: Getting Started

55

Configuring Time Policies
This step is optional. To configure a time policy for a contract you must first specify the time window to define when the policy should apply. 1 Select a contract and click the Add Time Policies icon to add one or two time policies to the selected contract.

Figure 10 Configuring Time Policy

2

Configure the Starting Time, Ending Time, and Day of week.

Note: Make sure the time periods do not overlap and midnight cannot be in the time period. Midnight can be at the start or end of a time period. For example, a time period between 10pm to 7am is invalid, because it includes 12am. The third default time period in Figure 10 includes midnight to 8am and 11pm to midnight. 3 Check the Add/Keep Time Policy in Figure 10 to create a Time Window and deselecting this box deletes the time policy. It is possible to define a Time Window by selecting this check box but the policy itself can be disabled by removing the check from the Enabled box. This allows you to configure the Time Windows and assign the policies for later use.

Alteon Intelligent Traffic Management User’s Guide

56

Chapter 2: Getting Started

A time policy is automatically created for the associated IN- and OUTcontracts. 4 Specify the action for each time policy. The time policy action is dependent on your configuration for each contract. Table 9 shows the supported actions for a time policy.

Table 9 Inbound and Outbound Action for Time Policies
If BWM contract is configured for Rate Limit Traffic Shaping User Rate Limit Configure Time Policy Action for Deny or Rate Limit Traffic Shaping Deny or User Rate Limit

The configured time policies appear as shown in Figure 11.
Figure 11 Configuring Action for Time Policies

5

Right-click on the time policy folder to get the popup menu options to remove or modify the time policies. Double click on a specific time policy to modify it. Select Finish in Figure 11 and proceed to the next step, Applying and Saving Your Configuration.

216392-B

Chapter 2: Getting Started

57

Applying and Saving Your Configuration
Once all GUI changes have been made, the Wizard issues SNMP commands to configure the switch to the new configuration. Then, the wizard writes out a new current.xml file, so it remembers the changes it has made on the switch. The current.xml is a unique file that is written by the wizard for each switch. It contains an XML representation of what is currently configured on that switch. For more information on the current.xml file, see “How the Alteon ITM Wizard Reads the XML Files” on page 137. Everytime you go through the screens of the Alteon ITM wizard, the wizard removes all information based on the current XML file and issues the SNMP commands to configure the switch to the “new” configuration. Then, the wizard overwrites the current.xml file. Proceed to the next step, Deploying ITM Configuration to Multiple Switches.

Alteon Intelligent Traffic Management User’s Guide

58

Chapter 2: Getting Started

Deploying ITM Configuration to Multiple Switches
This step is optional. Alteon ITM allows you to configure multiple switches with identical rule sets. Before you deploy the configuration, complete the following tasks: 1 From the EMS client connect to each switch. Initiate the connection by clicking the top level of the switch. 2 3 4 Run the ITM wizard. Select the IN and OUT ports on each switch. Save the configuration.

To continue deployment, the wizard first checks for all connected switches with Alteon OS 22.0.2 software and displays the following dialog box:
Figure 12 Bulk Provisioning

Select the switches that you want to push the ITM configuration to.The default overwrites the indexes of the specific data on the other switches. After you push the generic ITM rules, you can update the configuration specific to each switch. Caution: If you override the default and instead want to insert the new configuration, then make sure there is enough space on the remote switches for the new configuration. It is recommended to allow overwrite to provide consistency across configurations and reduce the risk of configuration error.

216392-B

Chapter 2: Getting Started

59

Before pushing the configuration out, the wizard looks for port properties of the other switches in the following order: 1 port properties file The dm_ui.properties file under /alteonEMS/properties folder contains
ITMPortProperties=tm.ports

which specifies the port properties file that the wizard references for bulk provisioning. The port properties file contains IP addresses and port information of the remote switches. For example, <ip_address_of _switch>_IN=<port numbers> <ip_address_of _switch>_OUT=<port numbers> 2 switch’s current.xml file If the port properties file or entry in the port properties file doesn’t exist then the wizard looks for port information in the switch’s current.xml file. 3 current switch’s configuration If the current.xml file doesn’t exist for the other switch, then the wizard looks for port information in the current switch’s current.xml file. By default, the bulk configuration feature overwrites the configuration (filters, contracts, policies and so on) on the other switches based on the indexes of the current switch. You can however, override the default option by editing the port.properties file with the following: <ip_address_of _switch>_Overwrite=false The above line makes the Alteon ITM wizard discard the indexes of contracts, contract groups, policies, filters, pattern, and pattern groups, and reassigns them based on the new switch’s configuration. This concludes configuring Intelligent Traffic Management software using the Alteon ITM wizard.

Alteon Intelligent Traffic Management User’s Guide

60

Chapter 2: Getting Started

Checking Current Configuration
To check the current configuration, simply run through the Traffic Management Wizard without making changes. Start EMS at the workstation that you used to configure Alteon ITM. After launching Alteon EMS, select the switch that you want to check the current configuration. Then, select Switch > Configure > Traffic Management Wizard menu option. Click Cancel when you come to the last page of the Wizard (Figure 5 on page 49). Then the current configuration will not be overwritten by the Wizard. When the wizard is started, it populates its fields based on the current.xml file. The current.xml is a unique file that is written by the wizard for each switch. It contains an XML representation of what is currently configured on that switch. The current ITM configuration (current.xml) is stored on the workstation that was used to configure Alteon ITM. For more information on the current.xml file, see “How the Alteon ITM Wizard Reads the XML Files” on page 137.

Deleting Existing Configuration
This step is required if the switch configuration has been manually removed (for example, setting the switch to factory defaults). Under normal circumstances to delete the current configuration, it is sufficient to simply run the wizard and remove all the rules as described below: 1 Launch Alteon EMS at the workstation that you used to configure ITM. The switch’s current configuration (current.xml) is stored on that workstation. For more information on current.xml, see “How the Alteon ITM Wizard Reads the XML Files” on page 137. 2 3 4 Select the switch that you want to delete the configuration. Select Switch > Configure > Traffic Management Wizard menu option. Remove the rules from the Selected list (see Figure 4 on page 44).

216392-B

Chapter 2: Getting Started

61

By removing the rules from the list, all the associated contracts and policies are automatically removed.

Configuring from a Remote Client
If you are configuring Alteon ITM from a remote client, that is a workstation that is not the same as the Reporting Server, then all configuration updates must be done from the same remote client. It is recommended to use one management client (that runs on the reporting server) to configure Alteon ITM. This client must be backed up regularly. All configuration data is stored on the Alteon EMS client workstation. The configuration data is saved in the current.xml file and is located under /alteonems/tm/<switch_ip_address> directory. Contact Nortel Technical Support ( http://www.nortelnetworks.com/cs) to run Alteon ITM from multiple EMS clients.

Determining How to Prioritize Applications
The traffic management applications are selected when you run the Traffic Management Wizard (see Figure 4 on page 44). These applications should be prioritized from most likely to occur at the top to least likely to occur at the bottom. To determine if an application is most or least likely to occur, you must know how many times an application is matched. Because the system is flow-based, the hit rate becomes the most important metric and is directly proportional to the number of concurrent flows. Typically, hybrid applications are a superset of other applications, so to prevent conflicts, some applications shouldn’t be applied when using applications with Rule exclusion.If you choose an application rule that excludes another application that you have chosen, only one of them is configured. One of the applications is removed automatically depending on which application has higher precedence. For more information on this rule exclusion feature, see “Conflicting Applications” on page 47.

Alteon Intelligent Traffic Management User’s Guide

62

Chapter 2: Getting Started

To determine the hit rate, monitor the following views from Alteon EMS:

Table 10 Monitoring Alteon ITM
Views in Alteon EMS Denial of Service Statistics Switch > Monitor > Security Layer 4 Filter Matches Switch > Monitor > Layer 4 > Filters Layer 7 Filter Matches Switch > Monitor > Security > Pattern Match Group Description View the statistics of the applications that the switch is actively denying service. View the counters for Layer 4 in the Filter Matches column1. View “Hits” counter for Pattern Group matches. See also “Viewing Denial of Service Statistics” on page 64 “Viewing Layer 4 Filter Statistics” on page 65 “Viewing Pattern Group Statistics” on page 67

1 Ignore the filter hits for Filters 2043 and 2044. These filters display the most hits, because the Pattern Group hit values are also included.

It is recommended to find the applications (which consist of a group of filters) that have the highest filter or pattern matches and put these in the appropriate order of priority in the Alteon ITM Wizard (see Figure 4 on page 44). Refer to the next section, Chapter 3, “Viewing Switch Statistics,” on page 63 to determine the popularity of each application. If filter hit rates do not clearly define which application should take precedence, then refer to the Traffic Reports to determine which application is more popular. For more information on generating traffic reports, see Chapter 6, “Generating Traffic Reports,” on page 91.

216392-B

63

Chapter 3 Viewing Switch Statistics
This section explains how to monitor the switch traffic using Alteon EMS and get additional data beyond the reporting graphs. For more informaton on the reporting graphs, see Chapter 6, “Generating Traffic Reports.

Select a Topic
? ? ? ? “Viewing Denial of Service Statistics” on page 64 “Viewing Layer 4 Filter Statistics” on page 65 “Viewing Pattern Group Statistics” on page 67 “Viewing Real Time Bandwidth Management Statistics” on page 68

Alteon Intelligent Traffic Management User’s Guide

64

Chapter 3: Viewing Switch Statistics

Viewing Denial of Service Statistics
To view Denial of Service (DoS) statistics, start Alteon EMS and select Switch > Monitor > Security. Select the Port Denial of Service tab. Figure 13 shows the applications that the switch is protected from denial of service attacks. Click Apply to resynchronize the configuration.
Figure 13 Monitoring DoS Statistics

Figure 13 shows that the network is being attacked by all the services, except for Blat. If these statistics show that the network is under attack, then you must log into SYSLOG to capture additional information on the attack such as IP information, where it is present and the time of attack. To deny these service attacks, run the Traffic Management Wizard and enable the Denial of Service Attack option (see Figure 2 on page 39).

Note: It is recommended to keep this integrated rule enabled even if there are not a lot of hits for Denial of Service. The detection for these attacks occur prior to rule inspection and is built into the switch, so its processing impact is minimal.

216392-B

Chapter 3: Viewing Switch Statistics

65

Viewing Layer 4 Filter Statistics
Filter statistics should be reviewed periodically. View filter statistics to help prioritize —those with more hits should be placed higher in the priority list on Page 2 of the Wizard (see “Prioritizing Applications” on page 48). To view filter statistics on the switch, select Monitor > Layer 4 > Filters. Select the Statistics tab.
Figure 14 Viewing Filter Statistics

Alteon Intelligent Traffic Management User’s Guide

66

Chapter 3: Viewing Switch Statistics

Figure 14 shows that the SNMP application has the most number of filter matches followed by Yahoo indicating that SNMP traffic is popular on your network. In the Traffic Management wizard (see Figure 4 on page 44), you would place SNMP on the top of the list followed by Yahoo. It is recommended to click apply after you make any configuration changes using the ITM Wizard. Typically, apply implies a configuration change, so it forces a re-sync.

216392-B

Chapter 3: Viewing Switch Statistics

67

Viewing Pattern Group Statistics
Layer 7 pattern group statistics should be reviewed periodically. Use the values displayed for Pattern Match Group to prioritize applications and optimize performance. To view pattern group statistics on the switch, select Monitor > Security > Pattern Match Group tab.
Figure 15 Pattern Match Group Statistics

Applications with more hits should be placed higher in the priority list. From Figure 14 and Figure 15 you can see that PeerEnabler with 62196 hits should be placed higher in the priority list followed by SNMP with 23017 hits. For more information on the priority list, see “Prioritizing Applications” on page 48. It is recommended to click apply after you make any configuration changes using the ITM Wizard. Typically, apply implies a configuration change, so it forces a re-sync.

Alteon Intelligent Traffic Management User’s Guide

68

Chapter 3: Viewing Switch Statistics

Viewing Real Time Bandwidth Management Statistics
To monitor the real time bandwidth management statistics of the defined contracts, observe the changing traffic patterns in the bandwidth management statistics window. To view bandwidth management statistics on the switch, select Switch > Monitor > BWM.
Figure 16 Clearing Bandwidth Management Statistics

For additional details on working with BWM Real Time Statistics, refer to the bandwidth management section in the Using Alteon EMS 3.1.2 Guide. It is recommended to click apply after you make any configuration changes using the ITM Wizard. Typically, apply implies a configuration change, so it forces a re-sync.

216392-B

69

Chapter 4 Monitoring Switch Performance
This section describes the statistics that should be monitored to determine the overall health of the application switch. For example, monitoring these statistics helps you find out if the traffic management processing is too demanding on the switch.

Select a Topic
? ? ? ? ? “Monitoring the Forwarding Database” on page 70 “Monitoring Session Capacity” on page 72 “Monitoring MP Statistics” on page 74 “Monitoring SP-Specific Statistics” on page 75 “Monitoring SP Statistics by Sessions” on page 76

Alteon Intelligent Traffic Management User’s Guide

70

Chapter 4: Monitoring Switch Performance

Monitoring the Forwarding Database
The Forwarding DataBase (FDB) contains information that maps the Media Access Control (MAC) address of each known device to the switch port where the device address was learned. The FDB is important in the Layer 2 mode, because it is responsible for making the switching decisions. Monitor the absolute values for Current Entries and Highest Number of Entries and make sure they do not exceed the capacity of 8096 entries. Filling the FDB table results in packet flooding and not packet discard. To view MAC and FDB Error statistics from Alteon EMS, click Monitor > Bridge > Forwarding Statistics.
Figure 17 Forwarding Database Statistics

216392-B

Chapter 4: Monitoring Switch Performance

71

It is normal for Failed Lookups to be excessive compared to creates, deletes and current, because every time the switch forwards a packet to an address it hasn’t learned yet, there is a Failed Lookup. Note: If routing is used on either side of the application switch, FDB usage is minimal even in a Layer 2 deployment model. This is because the application switch needs to learn the address of the upstream and downstream routers only.

Alteon Intelligent Traffic Management User’s Guide

72

Chapter 4: Monitoring Switch Performance

Monitoring Session Capacity
The value for current sessions should not be close to the maximum session capacity of the application switch. For example, Table 11 shows the session capacity for five different switch models.

Table 11 Session Capacity for Application Switches

Application Switch Alteon 2208 Alteon 2216 Alteon 2224 Alteon 2424 Alteon 3408

Maximum Number of Sessions 560K 1M 2M 2M 2M

Observe the Dashboard summary in Alteon EMS which shows the current total sessions and the switch capacity. To view the Dashboard summary, click Switch > Summary View tab.

216392-B

Chapter 4: Monitoring Switch Performance

73

To monitor session capacity, view the rate of new sessions in Alteon EMS by clicking Monitor > Layer 4 > SLB > SP Maintenance tab and observe the Current Sessions (64 second average) column.
Figure 18 Monitoring Session Capacity

Ignore the values in the Filtered Denied Frames column, because the values do not indicate that the switch is dropping the packets. These values are a form of Layer 7 counter for hex and ASCII patterns and do not indicate denied frames.

Alteon Intelligent Traffic Management User’s Guide

74

Chapter 4: Monitoring Switch Performance

Monitoring MP Statistics
Monitor the Management Processor (MP) statistics to track MP CPU utilization. The MP statistics is required to track all the bandwidth management statistics and transmitting data that is sent to the reporting server. You should expect one second utilization to spike at 100% and then drop down to normal. Many internal processes, such as the Save procedure can cause this 1 second spike. Watch closely the 64 and 4 second intervals. CPU utilization higher than 75% at 64 second intervals is the cause for closer inspection, but the device can run while sustaining closer to 100%. To view MP statistics from Alteon EMS, click Monitor > Switch > MP CPU Stats.

216392-B

Chapter 4: Monitoring Switch Performance

75

Monitoring SP-Specific Statistics
Monitor all the Switch Processors (SP) for high CPU utilization. Observe the 4 and 64 second intervals. There is an inherent overhead of 20-30% even with an idle system. You should expect to see about 50% utilization in your deployment; but each environment is different. The SPs can sustain utilization up to 90% to 100%. To view SP statistics from Alteon EMS, click Monitor > Switch > SP CPU Stats.
Figure 19 Switch Processor Statistics

Alteon Intelligent Traffic Management User’s Guide

76

Chapter 4: Monitoring Switch Performance

Monitoring SP Statistics by Sessions
View the SP Maintenance statistics to monitor the hand-offs to the management processor (MP). SP Maintenance is used to check for Layer 2 errors. The key statistics to watch out for is Attempts to add to full FDB. This will tell you if the Forwarding database is full and flooding is occurring. The SP Maintenance Receive is used to determine if the switch processing is too busy to consistently receive critical updates from the management processor. The key statistics to watch is Receive Letter Errors from MP. On an average Receive errors should not be more than 5% of the Receive letter successes. To view letter errors, click Monitor > Switch > SP Maintenance Receive tab. Similarly, in the SP Maintenance Send tab, the key statistics to observe are Send Letter Failures to MP. The same rules as above apply except that these are failures that occur trying to send to the MP rather than receive. The end result in either case is that the switch is too busy to process the internal MP traffic. To reduce the load, optimize the inspection process by re-prioritizing the rules. If re-prioritizing the applications isn’t enough, then remove a few L7 applications. To view letter failures, click the Monitor > Switch > SP Maintenance Send tab and Figure 20 is displayed.
Figure 20 SP Maintenance Statistics

216392-B

Chapter 4: Monitoring Switch Performance

77

The MP is required to maintain the BWM counts and deliver the statistics. Too many MP Letter Failures indicate that the MP CPU cannot handle all the communication between the switch processor and the MP. If letter failures become a problem, then application priority should be re-evaluated and optimized.

Alteon Intelligent Traffic Management User’s Guide

78

Chapter 4: Monitoring Switch Performance

216392-B

79

Chapter 5 Advanced Database Administration
To facilitate the most common database administration tasks, Alteon ITM provides a number of database administration scripts. The purpose of each script and instructions on how to run them are included in this section.

Select a Topic
? ? ? ? ? ? “Database Administration Scripts” on page 80 “Backing Up the Database” on page 81 “Purging the Database” on page 82 “Removing Obsolete Contract Names” on page 83 “Manually Adding Data to the Database” on page 84 “Advanced SQL Commands” on page 85 ? “Connecting to the Database” on page 85 ? “Listing Available Databases” on page 85 ? “Listing Tables” on page 86 ? “Viewing Table Structure” on page 87 ? “Updating a Contract Name in the Database” on page 87 ? “Manual Data Queries” on page 88

Alteon Intelligent Traffic Management User’s Guide

80

Chapter 5: Advanced Database Administration

Database Administration Scripts
Alteon ITM provides database scripts to perform administrative tasks such as ? ? ? ? “Backing Up the Database” on page 81 “Purging the Database” on page 82 “Removing Obsolete Contract Names” on page 83 “Manually Adding Data to the Database” on page 84

The database administration scripts are located on the Reporting Server in the following directory:
/var/www/html/itm/bin

To run a database administration script, do the following: 1 2 3 Open a terminal window in Linux. Navigate to /var/www/html/itm/bin. Launch the desired script by typing,
./<script_name>

Make sure to include the prefix of “./”.

216392-B

Chapter 5: Advanced Database Administration

81

Backing Up the Database
The database backup script is used to store a backup copy of the database (current to the time the backup is run). It is recommended to backup the database prior to running any of the database administration scripts. The database backup script (backup_db) is located in /var/www/html/itm/
bin.

Each backup will receive its own directory name with date and time stamp in the format of YYYY-MM-DD-HH:MM. It is not possible to run two backups within the same minute as this will result in conflicting directory names. Database backups initiated from the database backup script are stored in:
/home/itm/itm_backups

Press <Ctrl-C> at anytime to abort the script.

Alteon Intelligent Traffic Management User’s Guide

82

Chapter 5: Advanced Database Administration

Purging the Database
This script deletes the contents of the database and optionally removes the list of application names from the Web-based reporting front end (these are the application names that appear under Traffic Selection and Discard Selection in the Reporting Menu.) For example, you may purge the database to clear the entire database from testing/ pilot environment. Other valid reasons to clear the entire database is when you are moving from pilot to deployment or simply conducting more testing. The script to purge the database (purge_db) is located in /var/www/html/ itm/bin. The script prompts for confirmation to remove the contents of the database. Enter “Yes.” Any input other than "yes|YES" is considered a NO. The second section of the script prompts for confirmation to remove the list of application names that show up in the Reporting Menu. Enter “Yes” or “No.” Press <Ctrl-C> at anytime to abort the script.

216392-B

Chapter 5: Advanced Database Administration

83

Removing Obsolete Contract Names
Run this script to remove a contract name from the database. This script removes the contract name from appearing in the Reporting Menu (Figure 21 on page 93). A valid reason for running this script may be as a result of modifying an application name (contract). The script to remove a contract name (rm_appname) is located in /var/www/ html/itm/bin. When you run the script, it connects to the database and provides the user with the list of all registered contract names. Enter the name of the contract you wish to remove. If a match is found, the contract name is removed from the database. Press <Ctrl-C> at anytime to abort the script. See also “Updating a Contract Name in the Database” on page 87. Changing the name of a contract in the Rules file applies to new data only.

Alteon Intelligent Traffic Management User’s Guide

84

Chapter 5: Advanced Database Administration

Manually Adding Data to the Database
Even though data is automatically added to the database, sometimes a manual data import may be required. For example, you may want to manually import data from another switch for a troubleshooting purpose or simply import data that may not be imported due to Reporting Server maintenance. The script to manually add data to the database (data_inload) is located in /var/www/html/itm/bin. One or more data files that need to be imported into the database are passed to the data_inload script. The script parses out the valid data and imports it directly into the database. If the SQL database is down for maintenance and new mail is sent to the reporting server, then you can access the data files manually from the reporting server at
/home/itm/itm_archive

Decompress the file(s) in the itm_archive folder and then manually add data to the database using the following commands:
./data_inload file1, file2

Press <Ctrl-C> at anytime to abort the script. Similarily, to manually import user-level data, run userdata_inload against the user data file(s). A sample data file (20040101) is included in the /var/www/html/itm/data/ sample_data directory. Note: Raw data is archived and is concatenated into a single file every day, so you can import an entire day’s worth of data even if a small portion is missing. Importing the data will simply fill in the missing data records.

216392-B

Chapter 5: Advanced Database Administration

85

Advanced SQL Commands
Typically, you will not be required to work directly with the database, but some general functions are described in this section for troubleshooting purposes. The following advanced commands are provided for reference only: ? ? ? ? ? ? “Connecting to the Database” on page 85 “Listing Available Databases” on page 85 “Listing Tables” on page 86 “Viewing Table Structure” on page 87 “Updating a Contract Name in the Database” on page 87 “Manual Data Queries” on page 88

Connecting to the Database
To communicate with the database, you must enter the SQL command mode and connect to the database. From a terminal window enter the following: 1 2 Enter SQL command mode.
msql

Enter the database used by the Reporting module.
mysql> use l7rate

To exit SQL command mode, type exit or \q. For additional details on Structured Query Language (SQL) commands, refer to the mysql documentation located at http://www.mysql.com.

Listing Available Databases
After connecting to the database, you can list available databases by entering the show databases command. All SQL queries must be terminated with a semi-colon (;).

Alteon Intelligent Traffic Management User’s Guide

86

Chapter 5: Advanced Database Administration

For example, to list available databases, enter the command
mysql> show databases;

To exit SQL command mode, type exit or \q.

Listing Tables
After connecting to the database, you can show the Tables by entering the show tables command. All SQL queries must be terminated with a ; (semi-colon). For example,
mysql> show tables; Tables_in_l7rate admin contract discardaggregates discardgroups protocolaggregates protocolgroups traffic traffic_total udatasum user_traffic user_traffic_total userdiscardaggregates duseriscardgroups userprotocolaggregates userprotocolgroups 15 rows in set (0.00 sec) mysql>

216392-B

Chapter 5: Advanced Database Administration

87

Viewing Table Structure
It may be necessary to explore a Table’s structure to give details on the valid parameters for a table (such as describing field types and sizes). To obtain a table’s structure, enter the command
mysql> describe <table_name>;

To exit SQL command mode, type exit or \q.

Updating a Contract Name in the Database
You may want to update a contract name because of an error on the initial implementation or the original name was not descriptive enough. The reporting database is based on the contract name, so when you update a contract name, it applies to new data only. All existing data keeps the old contract name, so the contract name in the database needs to be updated to preserve the existing data. This allows reports to be generated by the same name rather than reporting on both the old and new contract names. The SQL commands update and set are used to modify a contract name.

Note: Changing the contract name within the database to correct existing data does not update the contract name in the Reporting Menu. But if you update the contract name in the Rule, then the contract name in the Reporting menu is updated. To make changes to the Rule, see “Sample Custom Rules” on page 144. The format of the update command is as follows:
update <table> set protocolname='<the new contract name>' where protocolname='<the contract name you want to change>';

Alteon Intelligent Traffic Management User’s Guide

88

Chapter 5: Advanced Database Administration

For example,
mysql> update traffic set protocolname='New_Name' where protocolname='OEM_APP1 Out';
Query OK, 1392 rows affected (0.22 sec) Rows matched: 1392 Changed: 1392 Warnings: 0 mysql>

In the above sample, the database is updated to replace all instances of OEM_APP1
Out with New Name.

Manual Data Queries
Manual data queries allow the operator to query the database directly without going through the Reporting module. Isolating data, checking record counts, and even integrating with a third party system (such as a billing system) are all valid reasons for running manual queries. The three most common types of queries are outlined below.

Current Record Count
To obtain the current record count for a table use the command:
mysql> select count(*) from <tablename>;

For example,
mysql> select count(*) from traffic; count(*) 16704 1 row in set (0.00 sec) mysql>

This shows that there are currently 16,704 records in the traffic table.

216392-B

Chapter 5: Advanced Database Administration

89

All Data in a Table
To dump all the data in a table, enter the command,
mysql> select * from <tablename>;

Specific Data in a Table
To dump specific data from a table, enter the command,
mysql>select * from <tablename> where <fieldname>='<query>';

For example, the following command dumps the records that have the name New_Name for the protocolname.
mysql> select * from traffic where protocolname='New_Name';

Alteon Intelligent Traffic Management User’s Guide

90

Chapter 5: Advanced Database Administration

216392-B

91

Chapter 6 Generating Traffic Reports
Alteon Intelligent Traffic Management provides a reporting tool to display graphs that help you analyze traffic patterns. This chapter describes how to generate these graphs and reports and to understand the information they contain.

Select a Topic
? ? ? ? ? ? “The Reporting Tool” on page 92 “Starting the Reporting Tool” on page 93 “Understanding the Graph Display” on page 100 “Sample Data” on page 102 “Generating Reports Across Multiple Switches” on page 103 “Sample Reports” on page 105 ? “Sample 1: Selecting Individual Applications” on page 106 ? “Sample 2: Selecting Traffic Groups” on page 109 ? “Sample 3: Aggregating Traffic” on page 111 ? “Sample 4: Selecting Multiple Applications” on page 112 ? “Sample 5: Summarizing Data” on page 113 ? “Sample 6: Displaying Data Points” on page 115 ? “Sample 7: Percent of Inbound Traffic” on page 116 ? “Sample 8: Graphing Discarded Traffic” on page 117 ? “Sample 9: Stacking Applications” on page 118 ? “Sample 10: Measuring Discarded Traffic” on page 121 ? “Sample 11: Selecting Time” on page 123 ? “Sample 12: Selecting Time Zone” on page 124 ? “Sample 13: Generating a Typical Report” on page 125 ? “Sample 14: Generating User Reports” on page 127

Alteon Intelligent Traffic Management User’s Guide

92

Chapter 6: Generating Traffic Reports

The Reporting Tool
The Reporting tool is a software application that runs on Linux and generates reports and graphs for classified traffic. Reports can be generated for traffic collected over a period of time, or summarize values (average traffic for a traffic class) for a selected period of time. The Reporting module is capable of storing data from multiple switches concurrently. The Traffic Reporting system allows you to generate reports based on ? Applications You can run a report on individual or multiple application usage for total traffic or discarded traffic. ? Multiple switches You to run a report of the same elements across multiple switches. For example, you can generate a report to see how Application A’s usage compares across these three switches during the defined time period. ? Users You can run a report that includes individual or multiple user usage for one or more applications (total or discarded traffic). You can also find the top 10 users for a specific application. ? Aggregate of protocols

“Application Ranking” reports and graphs can be generated based on total traffic and discarded traffic for each of the following categories: ? ? ? ? Top 5 applications, inbound Top 5 applications, outbound Top 5 users, inbound Top 5 users, outbound

216392-B

Chapter 6: Generating Traffic Reports

93

Starting the Reporting Tool
The Reporting tool is a Web-based network management software installed on the Linux server. Open any browser and enter the DNS server name of the Linux server that contains the database that you want to run reports on as shown below, http://<linux_server_name>/itm/html/index.html where linux_server_name is the IP address or the DNS server name of the Linux server. The Intelligent Traffic Management Main menu or the Reporting Menu is displayed as shown in Figure 21:
Figure 21 Reporting Menu

Table 12 describes the menu options in the Reporting menu.

Alteon Intelligent Traffic Management User’s Guide

94

Chapter 6: Generating Traffic Reports

Table 12 Reporting Menu Descriptions
Menu Home Help Graphing Customize Groups and Aggregates See “Home Page” on page 95 Provides Help on the Reporting system “Graphing Menu” on page 97 “Customizing Reports” on page 99

216392-B

Chapter 6: Generating Traffic Reports

95

Home Page
The Reporting menu Home page provides the following information from the database hosting records for one or more switches: ? Summary Report This report provides information on the database size, database rows, first data record, last data record, total classified applications, number of switches, and total users as shown in Figure 21. ? Traffic for Top 5 Applications In and Out

?

Discard traffic for Top 5 Applications In and Out

Alteon Intelligent Traffic Management User’s Guide

96

Chapter 6: Generating Traffic Reports

?

Traffic for Top 5 Users In and Out

?

Discard traffic for Top 5 Users In and Out

216392-B

Chapter 6: Generating Traffic Reports

97

Graphing Menu
The Graphing menu allows you generate the following types of reports: ? Application Report Show the usage of the classified applications. ? User Report Identifies users using the classified applications. ? Top User Report Illustrates the top users of the classified applications. Set the graphing parameters in Table 13 before you start generating traffic reports:
Table 13 Graphing Menu Parameters

Option Graph Title Traffic

Description Enter a title for the graph. Select one or more of the applications or groups of applications. With the same selection of applications, you can generate a graph showing an aggregate of the selected applications. To deselect an item, use the <Ctrl> key. Enter individual or multiple user IP address and select one or more of the classified applications or groups of applications. Select one or more of the applications or groups of applications. With the same selection of applications, you can generate a graph showing an aggregate of the selected applications. Enter individual or multiple user IP address and select one or more of the classified applications or groups of applications. Select one or more switches to run the reports on.

Discards

Host

Alteon Intelligent Traffic Management User’s Guide

98

Chapter 6: Generating Traffic Reports

Option Y-Axis

Description Allows you to select the units of measurement of how the data is displayed depending on the amount of traffic and the graph type: ? Kilobytes per second ? Kilobits per second ? Megabits per second ? Percentage of total inbound traffic (Percent Inbound) ? Percentage of total outbound traffic (Percent Outbound) ? Percentage of total traffic (Percent Inbound + Outbound) ? Efficiency for a specific traffic class (Percentage of application discard related to the total traffic for the application) For example, if more traffic is traversing the switch, then generate your report in Mbits per second. Select Stacking if you want to see applications plotted based on the previous application selected. See “Sample 9: Stacking Applications” on page 118. Stacking by application with discards glues the discards to the application, and treats the application with its discards as a single entity. Available data is scaled by the defined time range and displayed on the X-axis. All user reports however, are normalized over 10 minute plots, because tracking per minute consumes too many resources. Displays world time zones based on Universal Co-ordinated Time (UTC) or GMT. The default time zone is UTC+01. If you want an average of all the records plotted, then select Average Data or select Show Data Points to place a mark (data point) that corresponds to the exact point in time the record was plotted. ? ? Enable or disable the grid on the graph. Display or hide the legend on the graph.

Stacking

Time Range

Graph Time Zone

Data Presentation

Graph Format

216392-B

Chapter 6: Generating Traffic Reports

99

Customizing Reports
This menu allows you to create custom reports by creating the following groups and aggregates: ? ? ? ? ? ? ? ? Application Groups Application Aggregates Discard Groups Discard Aggregates User Traffic Group User Traffic Aggregates User Discard Groups User Discard Aggregates

After you define your groups, go back to the “Graphing Menu” on page 97 and select the Traffic or Discard parameters to generate the report.

Alteon Intelligent Traffic Management User’s Guide

100

Chapter 6: Generating Traffic Reports

Understanding the Graph Display
Figure 22 shows the information that is displayed when you generate a graph. The same information can be displayed in a table format or in CSV format. See “Sample 1: Selecting Individual Applications” on page 106.
Figure 22 Understanding the Graph Display

Table 14 describes each of the graph components displayed in Figure 22.

Table 14 Graph Components
Option Graph Title Summary Data Description Displays the type of graph that was generated. Displays the applications selected for graphing. The default summary data is displayed based on mean value from high to low. If you’ve selected more than 5 applications, then summary data is not displayed.

216392-B

Chapter 6: Generating Traffic Reports Table 14 Graph Components
Option Y-Axis Measurement Description

101

Allows you to select the units of measurement of how the data is displayed. Data in the reports and graphs is expressed in Kilobytes, Kilobits, Megabits, Percent of Inbound, Percent of Outbound, Percent of all Traffic, and Percent of application with discards. For example, if more traffic is traversing the switch, then generate your report in Mbits per second. Displays world time zones based on Universal Co-ordinated Time (UTC) or GMT. The default time zone is UTC+01. Available data is scaled by the defined time range and displayed on the X-axis. Places a mark (data point) which corresponds to the exact point in time the record is plotted. Displays the selected applications to graph in different colors. Displays the time range, switch IP address, data average scale (optional), and the stacking method (optional)

Time Zone

Time Range Data Point Legend Information Line

Alteon Intelligent Traffic Management User’s Guide

102

Chapter 6: Generating Traffic Reports

Sample Data
Alteon ITM includes sample data to help you familiarize yourself with the Reporting module. The sample data does not impact existing or future data as it is all registered to a null switch (0.0.0.0 as the host). The sample data includes bandwidth usage statistics for six applications over a six day period from January 1, 2004 to January 7, 2004. The sample data also includes application discards to facilitate generating reports where rate limiting is enabled. To use the sample data to run reports, you must run the import script. The import script imports the sample data into the Reporting database. To run the sample data import script, do the following: 1 2 Launch a terminal window on the Linux Server running the reporting module. Navigate to /var/www/html/itm/data/sample_data. [root@A18I root]# cd /var/www/html/itm/data/sample_data/ 3 Run the import script to manually add data into the database. [root@A18I sample_data]# ./import.sh This script automatically imports all of the sample data. For more information on manually adding data into the database, see “Manually Adding Data to the Database” on page 84. All of the sample reports outlined in the next section, “Sample Reports” on page 105 were created with the same sample data.

216392-B

Chapter 6: Generating Traffic Reports

103

Generating Reports Across Multiple Switches
This example shows you how to generate a report for an application across multiple switches. For example, in Figure 23 you can generate a report for application OEM_APP1 In usage across two switches (0.0.0.0 and 1.1.1.1) for the defined time period.
Figure 23 Selecting Multiple Switches

Scroll down the window and click Plot Graph.The graph shown in Figure 24 is displayed.

Alteon Intelligent Traffic Management User’s Guide

104

Chapter 6: Generating Traffic Reports Figure 24 Graphing Across Multiple Switches

The graph illustrates that there is more inbound traffic usage for application, OEM_APP1 on application switch 1.1.1.1 than on application switch 0.0.0.0.

216392-B

Chapter 6: Generating Traffic Reports

105

Sample Reports
The following sample reports are discussed in this section: ? ? ? ? ? ? ? ? ? ? ? ? ? ? “Sample 1: Selecting Individual Applications” on page 106 “Sample 2: Selecting Traffic Groups” on page 109 “Sample 3: Aggregating Traffic” on page 111 “Sample 4: Selecting Multiple Applications” on page 112 “Sample 5: Summarizing Data” on page 113 “Sample 6: Displaying Data Points” on page 115 “Sample 7: Percent of Inbound Traffic” on page 116 “Sample 8: Graphing Discarded Traffic” on page 117 “Sample 9: Stacking Applications” on page 118 “Sample 10: Measuring Discarded Traffic” on page 121 “Sample 11: Selecting Time” on page 123 “Sample 12: Selecting Time Zone” on page 124 “Sample 13: Generating a Typical Report” on page 125 “Sample 14: Generating User Reports” on page 127

The data for the reports is obtained from the sample data provided with the Alteon ITM software. For more information on the sample data, see “Sample Data” on page 102.

Alteon Intelligent Traffic Management User’s Guide

106

Chapter 6: Generating Traffic Reports

Sample 1: Selecting Individual Applications
The data for Sample report 1 is all inbound traffic at all times for Applications 5 and 6 over a 6 day period. Sample report 1 shows three different ways of displaying the same information. The information can be displayed in the following three views: ? ? ? Graph format CSV format Table format

216392-B

Chapter 6: Generating Traffic Reports

107

Graph Format
Figure 25 shows the inbound traffic graphed in Mbits/second from January 1 to 7. The graph shows that usage of Application 6 peaks up to 60% after midnight and drops to 6% at noon. Unlike Application 6, Application 5 shows a steady state. The usage of Application 5 averages 3.34 % and Application 6 averages 37.15%.
Figure 25 Sample Report in Standard Graph Format

Alteon Intelligent Traffic Management User’s Guide

108

Chapter 6: Generating Traffic Reports

CSV Format Report
Figure 25 can be displayed in CSV (Comma-Separated Value) format as shown below. CSV format is a data format in which each piece of data is separated by a comma. This is a popular format for transferring data from one application to another, because most database systems are able to import and export comma-delimited data. Some systems may prompt you with the Open/Save dialog box when running Perl scripts. Select Save and save the file to disk. Open the file with a Text editor (or Excel) and the following information is displayed in CSV format:

Table Format
The data in Figure 25 can also be displayed in table format as shown in Table 15.

Table 15 Sample Report in Table Format
Application OEM_App6 In OEM_App5 In Min (Mbits/s) 2.81 0.30 Mean (Mbits/s) Max (Mbits/s Total 37.15 3.34 72.76 6.25 1968504644542 177574301944

216392-B

Chapter 6: Generating Traffic Reports

109

Sample 2: Selecting Traffic Groups
This sample report shows a graph for the top 5 inbound traffic groups. In this sample, the top five inbound applications are Applications 1, 2, 3, 5 and 6. The summary data shows a statistical summary for the top 5 inbound traffic groups.
Figure 26 Top 5 Inbound Traffic Group

Alteon Intelligent Traffic Management User’s Guide

110

Chapter 6: Generating Traffic Reports

Figure 27 shows the graph for all inbound traffic. All inbound traffic includes Applications 1—6. The graph shows that Application 3 and 5 are used regularly and Applications 1, 2, 4 and 6 vary with more usage in the night and less usage during the day. Note: The summary data does not appear if more than 5 applications are selected to graph.
Figure 27 All Inbound Traffic Group

216392-B

Chapter 6: Generating Traffic Reports

111

Sample 3: Aggregating Traffic
In this sample report, all inbound traffic for Applications 1 through 6 is averaged to a single line of data (sum) as shown in Figure 28.
Figure 28 Traffic Aggregates

Figure 28 shows traffic aggregates for inbound traffic over 6 days.

Alteon Intelligent Traffic Management User’s Guide

112

Chapter 6: Generating Traffic Reports

Sample 4: Selecting Multiple Applications
This sample compares three selections: inbound and outbound traffic for Application 3 and aggregated traffic for all inbound traffic.
Figure 29 Selecting Multiple Applications

216392-B

Chapter 6: Generating Traffic Reports

113

Sample 5: Summarizing Data
This sample shows two graphs, data before averaging and after averaging the top five inbound traffic patterns for six days. Note that the statistics that you gather from both graphs are identical even though the graphs look different. Figure 30 shows inbound traffic for Application 2 and 6 fluctuating throughout the day, but using 37% of the bandwidth. The two steady Applications 5 and 3 are using 3% and 6% respectively.
Figure 30 Before Averaging the Data

Figure 31 on page 114 shows the averaged data. Note that it is easier to read the averaged data even though the graphs are identical.

Alteon Intelligent Traffic Management User’s Guide

114

Chapter 6: Generating Traffic Reports Figure 31 After Averaging the Data

216392-B

Chapter 6: Generating Traffic Reports

115

Sample 6: Displaying Data Points
This graph shows the data points on the averaged inbound traffic for Application 3 over six days.
Figure 32 Data Points on Inbound Traffic for Application 3

Alteon Intelligent Traffic Management User’s Guide

116

Chapter 6: Generating Traffic Reports

Sample 7: Percent of Inbound Traffic
This is a sample of a relative graph that shows how much an application is being used compared to the total traffic. Figure 33 shows inbound traffic for Application 6 is 31.15% of the total inbound traffic.
Figure 33 Relative Graph

216392-B

Chapter 6: Generating Traffic Reports

117

Sample 8: Graphing Discarded Traffic
This sample lets you generate a report for outbound traffic for Application 3 and its discarded traffic. Figure 34 shows the outbound traffic on the switch is at 4 Mbits/second and the discarded traffic for the same application is 0.4 Mbits/ second only.
Figure 34 Discarded Traffic

Alteon Intelligent Traffic Management User’s Guide

118

Chapter 6: Generating Traffic Reports

Sample 9: Stacking Applications
This sample report discusses the benefits of generating reports by stacking applications. Three graphs Figure 35, Figure 36, and Figure 37 are illustrated in this example. Figure 35 shows a graph without stacking Applications 1 and 4. Figure 36 shows a graph with Applications 1 and 4 stacked by application. Figure 37 shows a graph stacked by application with its discards.
Figure 35 Applications Not Stacked

If you generate a graph without stacking applications as shown in Figure 35, then each application is plotted in direct reference to Y axis. If two applications were to be running at the same rate then their lines would be drawn over each other. The data in Figure 35 is plotted again with the data stacked by individual application and the graph displayed is shown in Figure 36.

216392-B

Chapter 6: Generating Traffic Reports

119

In Figure 36, each application is plotted based on position of the previous application. For example, App1 averages 32% of the traffic and App2 averages 22.5%. However, instead of plotting App2 at 22.5%, it is plotted around 54.5% which is 22.5% above App1. This shows the most used applications at the bottom of the graph and the least used at the top of the graph, so that no lines run over each other.
Figure 36 Stacking by Application

In Figure 36 however, it is very difficult to tell which discards relate to which application. In Figure 37 you generate a graph by stacking application with its discards. Stacking by application with discards glues the discards to the application, and treats the application with its discards as a single entity.

Alteon Intelligent Traffic Management User’s Guide

120

Chapter 6: Generating Traffic Reports

As shown in Figure 37, the application’s discards will always be plotted directly above the application’s allowed traffic, even though its discard rate is most likely less than the next application’s allowed rate.
Figure 37 Stacking Applications with Discards

216392-B

Chapter 6: Generating Traffic Reports

121

Sample 10: Measuring Discarded Traffic
A relative report showing an application’s discards as a percentage of the application traffic is very informative. Figure 38 shows the percentage of outgoing Application 1 traffic and its discards. Note the line that is displayed at 100%. The 100% is the total traffic including the measured discarded traffic. The difference between the permitted traffic and the total traffic is the discard rate. This graph shows that Application 1 is discarding traffic at a rate around 9% of the total traffic.
Figure 38 Measuring Discards

Alteon Intelligent Traffic Management User’s Guide

122

Chapter 6: Generating Traffic Reports

This report is very informative because discarding too much of an application’s traffic results in excessive application retransmissions. If this occurs, it is very likely that the offered traffic actually becomes congested with retransmissions instead of the original application traffic. However, it depends on how each application responds to discarded traffic. It is recommended to keep the discard rate to less than 30% of the offered traffic.

216392-B

Chapter 6: Generating Traffic Reports

123

Sample 11: Selecting Time
This sample shows the time selection for inbound traffic on Application 1. To provide more granularity for the graphs, ITM allows you to select the unit of time to the minute. Figure 39 shows a graph isolated to a single 24-hour period, as opposed to the other samples in this chapter which show a 6-day period. The graph size is always the same across the x-axis, but scales accordingly to the time parameters selected.
Figure 39 Selecting Time

All user reports are normalized over 10 minute plots, because tracking per minute consumes too many resources. For more information, see “Sample 14: Generating User Reports” on page 127.

Alteon Intelligent Traffic Management User’s Guide

124

Chapter 6: Generating Traffic Reports

Sample 12: Selecting Time Zone
Alteon ITM allows you to select a time zone for your report based on UTC or GMT. Typically, the data is saved and logged using the time zone local to the switch. The sample data in Figure 40 is collected and graphed as Pacific Standard Time (PST) or UTC-8. The first record is 00:00 which is the first record of the data. In Figure 39, the first record is at 03:00, because the graph was generated using EST or UTC-5. Considering there is a 3 hour difference between PST and EST, the first record is displayed as 03:00 EST which is 00:00 PST.
Figure 40 Selecting Time Zone

216392-B

Chapter 6: Generating Traffic Reports

125

Sample 13: Generating a Typical Report
Typical reports require more data to be meaningful. Figure 41 shows the average inbound traffic for Application 6 on any given day. Available reports are by Typical Hour, Typical Day and Typical Week. A time range can be selected for the x-axis (if you want to run a typical report based on a specific time window), but the x-axis display is the same as the type of typical report selected. For example, if Typical Hour is selected, then the x-axis scales to show a single hour. Figure 41 shows a Typical Day based on data gathered from January 1 to January 6. The reporting module inspects each data point for the time period selected (January 1 to 6) and plots 3 points for each time period. The highest and lowest value for a specific time period is plotted as the 1st and 2nd point, and the average of all the data for that time period is plotted as the 3rd point.

Alteon Intelligent Traffic Management User’s Guide

126

Chapter 6: Generating Traffic Reports Figure 41 A Typical Report

The graph shows the highs, the lows and the averages for a typical reporting period. This shows the typical range (or variance) that you should expect. For example, based on the report below, we should expect to see traffic fall in the range of 28 to 48 Mbps each day at around 0600 hours. These reports are more reliable with more data.

216392-B

Chapter 6: Generating Traffic Reports

127

Sample 14: Generating User Reports
You can generate user reports to see ? Top users for a specific application If you want to know the top users using the Web browser, then run a top user report and select the specific application. For example, see Figure 42. ? Top users for a group of applications If you want to know the top users for a few applications, then create a group with the selected applications and run a top user report on that group. For example, top users using Internet applications, such as HTTP, FTP, etc. If you want to know the overall top users, then run a top user All Inbound (or out) Aggregate. This sums up all the user data and gives 1 line per user regardless of how many applications the user is using. It is invalid to run a top user report for All Inbound group as you will get a line plotted for the top users per application, so you would have hundreds of lines plotted. ? Application usage for a specific user If you want to know the application usage for specific users, then enter the IP addresses of users and run the User Report. for example, see Figure 43 and Figure 44. For example, Figure 42 shows the top two users of application, OEM APP 4 In. Note the IP addresses of the top two users are displayed in the graph. The following graph shows an average of 575 Kbytes of the application traffic is accessed by the user with IP address 172.116.253.5 and an average of 3.45 Kbytes of the same application traffic is accessed by user with IP address 172.116.253.133.

Alteon Intelligent Traffic Management User’s Guide

128

Chapter 6: Generating Traffic Reports Figure 42 Top User Report

Note: Note that the user report is normalized over 10 minute plots. When plotting user data, the specific data occurred within the previous 10 minutes of the actual data plot.This means the user used all the bandwidth within a few minutes or evenly across the 10 minutes. Next, generate a user report to show All Inbound applications for a specific user XYZ. In Figure 43, enter user XYZ’s IP address and select All Inbound in the Groups column.

216392-B

Chapter 6: Generating Traffic Reports Figure 43 Configuring a User Report for a Specific User

129

Scroll down the the window displayed in Figure 43 and define the other parameters (host, y-axis, time range, stacking, and time zone) and click Plot Graph. The graph shown in Figure 44 is displayed.

Alteon Intelligent Traffic Management User’s Guide

130

Chapter 6: Generating Traffic Reports Figure 44 All Inbound Applications for User XYZ

The graph shows user XYZ with IP address 172.116.253.5 using an average of 580 Kbytes of application OEM APP 4 and 50 Kbytes of application OEM APP 5 for the same time period. Note that the user report is normalized over 10 minute plots. When plotting user data, the specific data occurred within the previous 10 minutes of the actual data plot.This means user XYZ used all the bandwidth within a few minutes or evenly across the 10 minutes.

216392-B

131

Chapter 7 Working with Signature Files
An application signature is defined as one or more filters, patterns, and pattern group that collectively define an application. The following topics on how application signatures work with the Alteon ITM are discussed in this section:

Select a Topic
? ? ? ? ? ? ? ? “What is a Signature File?” on page 132 “Nortel Signature File” on page 136 “How the Alteon ITM Wizard Reads the XML Files” on page 137 “Checking Date of Signature File” on page 138 “Updating the Signature File” on page 139 “Modifying Application Rules” on page 140 “Creating Custom Application Rules” on page 141 “Sample Custom Rules” on page 144

Alteon Intelligent Traffic Management User’s Guide

132

Chapter 7: Working with Signature Files

What is a Signature File?
A signature file contains one or more rules and each rule defines an application. As packets flow through the application switch, they are inspected for identifers as simple as a well-known Layer 4 port number, or as complex as a number of hexadecimal patterns scattered throughout the packet. Alteon ITM provides two signature files—signature.xml and user.xml. The signature.xml file contain application rules defined by Nortel. The user.xml file contains user-defined application rules.

Rule
A Rule is a logical element consisting of Layer 2 to 7 filters that defines the boundaries of an application. The Layer 7 filters detect complex application patterns that contain a series of strings or patterns to identify traffic at an application level. Table 16 shows Rule elements that are used to identify applications:

Table 16 Elements of a Rule
Terms Layer 2 - 4 Attributes Description Layer 2 attribute refers to a MAC address Layer 3 attribute refers to a protocol or IP address Layer 4 attribute refers to well known port such as port 80 A pattern is a Layer 7 attribute that uniquely identify an application on its own or in a group. A Layer 7 string is a single HEX or ASCII identifier (of one or more characters) that can be used on its own or with other strings to uniquely identify an application. A pattern group contains one or more strings. All strings within a Pattern Group must match in order for a successful hit to occur. Multiple pattern groups can be assigned to a rule and if any pattern group matches then the rule has a hit (match). An application fingerprint is one or more patterns and/or lower layer attributes (Layer 2 to 4) that uniquely identifiy an application.

Pattern

Pattern Group

Application Fingerprint

216392-B

Chapter 7: Working with Signature Files

133

Types of Rules
A rule consists of one or more application identifiers. Table 17 provides a brief definition of each generic type of rule.

Table 17 Rule Types
Rule Layer 2-4 Rule Description One or more filters that utilize well known Layer 2-4 attributes to uniquely identify an application. Nortel supplied rules of this type are denoted as OEM-L2 or OEM-L3 or OEM-L4. For examples, see ? ? ? Layer 7 Rule These rules have no defined Layer 2-4 attributes and ? rely only on Layer 7 information in the packet to identify the application. Layer 7 rules requires deep packet inspection. Nortel supplied rules of this type ? are referenced as OEM-L7. It is important to note that L7 rules are more processor intensive than Layer 2-4 rules. ? “Basic Layer 7 Rule (matching a single hex pattern)” on page 148. “Basic Layer 7 Rule (matching multiple hex patterns)” on page 149 “Basic Layer 7 Rule (matching optional hex patterns)” on page 151 “Basic Hybrid Rule” on page 154. “Basic Layer 3 Rule” on page 145 “Basic Layer 4 Rule” on page 146

? Hybrid Rules Hybrid rules employ a combination of both Layer 2-4 attributes as well as Layer 7 attributes. For example, FileTopia is a hybrid rule that instructs the switch to conduct Layer 7 inspection when the Layer 4 port is 443. This is because the FileTopia application is known to run over this well known port. Without support for this hybrid filter, FileTopia traffic would be mis-classified as SSL simply because it uses port 443. ?

Alteon Intelligent Traffic Management User’s Guide

134

Chapter 7: Working with Signature Files

Pattern Groups
Pattern groups serve two key functions. ? Group multiple patterns to create a unique application fingerprint The patterns within a pattern group can be inspected with a logical AND or logical OR. A logical AND means that either ALL patterns within a pattern group must match. A logical OR means that ANY pattern within a pattern group must match. Because this attribute is configured per filter and not per pattern group, the most common and safest application is to configure the pattern group to match on all patterns—which is the default configuration. This is preferred because there is already an implicit OR between pattern groups. For example, if an application has three identifiable rules, then the OR can be achieved by configuring three individual pattern groups. ? Provide support for precedence Pattern groups are used to provide precedence, because rules contain multiple patterns and precedence plays a large role in the overall processing efficiency. It is recommended to use a pattern group when creating custom Layer 7 rules, even if you are using only a single pattern. The pattern group location is automatically updated according to how the rules are prioritized in the Alteon ITM Wizard. Pattern groups are processed in order, and patterns within pattern groups are processed in order. In the default configuration however, the second pattern is not inspected if the first pattern fails when the condition is MATCHALL. It is possible to inspect each packet within a flow but the default behavior is to inspect until there is a match. Inspection of each packet however, impacts the performance of the switch and should be done sparingly. This may also result in false positives when classifying applications.

216392-B

Chapter 7: Working with Signature Files

135

Application Masquerading
Masquerading is a technique employed by some applications where they obscure their identity by hiding within well-known ports (ports that are in fact registered to other applications). The most common form of masquerading is a non-HTTP application using Layer 4 port 80 and in effect masquerading as Web traffic. In some instances applications have been known to masquerade as SMTP or NNTP applications. This is primarily done to bypass firewall policies, as firewalls typically allow these ports. Alteon ITM supports the detection of masquerading applications by looking deeper into the well-known ports instead of just assuming that the traffic is from the registered port’s application. Hybrid Rule are designed to detect application masquerading. These rules have the -HY denotation.

Alteon Intelligent Traffic Management User’s Guide

136

Chapter 7: Working with Signature Files

Nortel Signature File
The signature.xml file is the Nortel supplied “signatures” of known applications. Nortel continues to update this file as new and modified versions of these applications are released by third-party vendors. The convention of Nortelcreated signatures is to label the Rule name to start with “OEM-”. Nortel OEM signatures exist in /alteonems/tm/signatures.xml. This file should never be modified. Nortel Networks updates application signatures on an on-going basis. The Alteon ITM wizard can automatically download updated versions of the signature file from the Nortel customer Web site. For more information on automatically updating the signature file, see “Updating the Signature File” on page 139. Signatures.xsd is the XML Schema that defines the tags, attributes and elements allowed in the XML files (signatures, user, and current). The new Signature schema version 2 contains many new Filter attributes, contract attributes, contract groups, contract time policies, port attributes, and rule exclusion. Alteon EMS validates these files before using them. In addition to defining Filters, Contracts, Pattern Groups, Ports, Policies and Patterns, the schema is used to represent the relationships among them. The schema lets you restrict the file to only contain valid associations and valid values for attributes (for example, a Pattern Group can contain between 1 and 8 patterns). Refer to the schema file only when creating custom rules or if you are not clear on the syntax for a particular attribute. The schema file should be used only as a reference.

216392-B

Chapter 7: Working with Signature Files

137

How the Alteon ITM Wizard Reads the XML Files
When the Alteon Intelligent Traffic Management wizard is started, it reads the current configuration from the current.xml file. It then reads the signature and user XML files and validates them against the Signatures.xsd schema file as shown in Figure 45. The fields in the wizard are populated based on the current.xml file.
Figure 45 Working with the XML Files

The current.xml is a unique file created by the ITM wizard for each switch and is stored locally on the Alteon EMS client. It contains an XML representation of what is currently configured on that switch. It is recommended to configure the switch from the same client running the Alteon ITM wizard. If you start configuring from another EMS client, then it will not find the current.xml file in its memory or if the file exists it will be different from the switch configuration. Caution: Do not modify or delete the current.xml file.

Alteon Intelligent Traffic Management User’s Guide

138

Chapter 7: Working with Signature Files

Use the Alteon ITM wizard to configure the policies and generate the current.xml. Do not use the CLI or BBI to modify bandwidth management parameters such as filters, contracts, and pattern groups defined by the ITM wizard. If the switch configuration and the current.xml file are out of synch, the Traffic Management wizard may not function correctly. The Traffic Management Wizard validates the signature.xml, user.xml, and current.xml files against the Signatures.xsd file. The Traffic Management Wizard terminates or warns you if any of the files are found to be invalid. Once all GUI changes have been made, the Wizard removes via SNMP all information based on the current.xml file, and issues all the required SNMP commands to configure the switch to the new configuration. Then, the wizard writes out a new current.xml file, so it remembers the changes on the switch that it has made.

Checking Date of Signature File
You can view dates on the application signature files from the “Application Selection” window. Click on the date icon in Figure 4 on page 44 and the creation date of the Nortel Signature file, user signature file (if the user set the date attribute), and the last configured switch traffic file are displayed as shown in Figure 46.
Figure 46 Signature File Dates

216392-B

Chapter 7: Working with Signature Files

139

Updating the Signature File
The Nortel signature.xml file is updated regularly with new signatures. The Alteon ITM Wizard automatically checks for a new signature file from the Nortel customer support Web site. See Figure 2 on page 39 to enable automatic updates of the signature.xml file. By default the ITM Wizard uses the following URL to update the current signature file from http://www130.nortelnetworks.com/itm/signatures.xml.Refer to the Readme file for information on the updated signature file at http:// www130.nortelnetworks.com/itm/readme.txt. If you are behind a firewall (do not have access to the internet), you may opt to have the ITM wizard check for automatic updates from a local web server.To use a different URL for accessing signature files, you must first manually download the signature file and post it to your private server. Then, uncomment the lines below in the dm_ui.properties file and enter the URL specific for the environment.
#ITMSignatureURL=http://www130.nortelnetworks.com/itm/ signatures.xml #ITMSignatureReadmeURL=http://www130.nortelnetworks.com/itm/ readme.txt

You can also opt to turn off this check from the welcome panel, but this will only take in affect the next time you run the wizard. You can manually download the signature file from the Nortel Customer Support Web page at http://www130.nortelnetworks.com/itm/signatures.xml. You should download a new signature file only if the xml file date (see “Checking Date of Signature File” on page 138) is more recent than the one you are currently using. To use a different URL for accessing signature files, you must first manually download the signature file and post it to your private server.

Alteon Intelligent Traffic Management User’s Guide

140

Chapter 7: Working with Signature Files

Modifying Application Rules
You can modify rules in the user.xml file only. This file should be verified for validity against the schema (Signature.xsd) file. An invalid user.xml file is ignored by the Alteon ITM Wizard. For more information on modifying application rules, see “Creating Custom Application Rules” on page 141.

216392-B

Chapter 7: Working with Signature Files

141

Creating Custom Application Rules
If an application is not characterized by Nortel in the signatures.xml file or the existing rule definition is not exactly as desired (too restrictive or not restrictive enough), you can define your own application rules in the user.xml file. The user.xml file however, must be verified for validity against the schema (Signature.xsd) file. Custom rules are entered in the user.xml file. A signature file must start with the signature element. It can then have zero or more rules. Each rule can have zero or more filters (FilterIN, FilterOUT, NullFilterIn, NullFilterOut), and so on. To create custom rules for an application, do the following: 1 2 3 4 Make a backup copy of the signatures.xml file and work from the backup. Open the signatures.xml file in a text editor and find the rule that is closest to the one that you want to duplicate. Copy and paste the section beginning with Rule and ending with /Rule into the user.xml file. Modify the user.xml file as needed (change name, attributes, and so on). It is recommend that you come up with your own naming standards to ensure that rule names do not conflict and are self-explanatory. 5 Enter the file date by updating the Signature attribute “CreationDate.”

Use any validator to validate the user.xml file against the schema (Signature.xsd) file. The user.xml file must be placed in the /alteonems/tm directory on the management station or the Linux server running the Alteon EMS client software. For sample rules, see “Sample Custom Rules” on page 144.

Alteon Intelligent Traffic Management User’s Guide

142

Chapter 7: Working with Signature Files

Before Creating Custom Rules
Follow these guidelines before you start creating custom rules: ? ? Define a nomenclature for Rule Names to easily distinguish custom rules from the OEM rules (For example, USER-L4 Application A TCP). Separate applications that support both TCP and UDP protocols into unique Rule Entries and label them appropriately. Typically, one protocol is used more than the other and separating them allows you to prioritize the rules more efficiently. Modify the CreationDate field in the top line of the signature file when new custom rules are added/modified. The format of the date stamp is as follows:
YYYY-MM-DD-(time zone from GMT)

?

There is no need to modify the time zone attribute, it is just a place holder.

216392-B

Chapter 7: Working with Signature Files

143

Generic Syntax
Table 18 shows the generic syntax used to create custom rules:

Table 18 Generic Syntax Rules
Syntax Rule Name Filter Name Description A descriptive name that adequately defines what is inspected as these names appear on Page 2 of the Wizard A short form name to describe the filter and can be no longer than 31 characters in length. This names must end in either _IN or _OUT depending on FilterIN or FilterOUT block A descriptive name that is no more than 27 characters. This name must end in either _IN or _OUT depending on FilterIN or FilterOUT block. This name appears in the Reporting System when you plot graphs and in the Traffic Management Wizard (see Figure 4 on page 44). Multiple rules are assigned to the same contract by using the same contract name for each rule. The protocol number is required for Layer 3 and Layer 4 rules. For a complete list of protocol numbers, refer to http://www.iana.org/assignments/protocol-numbers

Contract Name

Protocol

For more information on XML syntax, refer to http://www.w3.org/xml. For more information on XML schema, refer to http://www.w3.org/TR/ xmlschema-0.

Alteon Intelligent Traffic Management User’s Guide

144

Chapter 7: Working with Signature Files

Sample Custom Rules
To prevent you from having to learn XML, this section provides a sample for each type of rule (with advanced parameters). In some cases, the rule is a very simple Layer 4 port that has a well defined port from IANA. In this case a simple replace (cut and paste) is sufficient to create a custom rule. In other cases, a rule may be a complex hybrid filter with advanced options such as ToS overwrite, but based on well-known attributes. Even in this case, the samples provided in this section may help in creating hybrid rules. To create your own custom rule, do the following to one of the sample rules provided in the next section: 1 2 3 4 Determine the type of rule required to identify your application. Update the sections in bold only. Copy the text block from <Rule> to </Rule>. Paste into the user.xml file before the </signature> line.

This section provides six sample custom rules: ? ? ? ? ? ? “Basic Layer 3 Rule” on page 145 “Basic Layer 4 Rule” on page 146 “Basic Layer 7 Rule (matching a single hex pattern)” on page 148 “Basic Layer 7 Rule (matching multiple hex patterns)” on page 149 “Basic Layer 7 Rule (matching optional hex patterns)” on page 151 “Basic Hybrid Rule” on page 154

216392-B

Chapter 7: Working with Signature Files

145

Basic Layer 3 Rule
This rule detects IP traffic that matches a specific protocol and the protocol is matched on either inbound or outbound direction.
<Rule Name="OEM-L3 Internet Control Message Protocol ICMP"> <FilterInV2 Name="ICMP_IN" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="Network_IN" Enabled="1"> </ContractV2> </FilterInV2> <FilterOutV2 Name="ICMP_OUT" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0 HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="Network_OUT" Enabled="1"> </ContractV2> </FilterOutV2> </Rule>

Alteon Intelligent Traffic Management User’s Guide

146

Chapter 7: Working with Signature Files

Basic Layer 4 Rule
This rule detects IP traffic that matches a specific Layer 4 (or range of) port(s) by source port or destination port.
<Rule Name="OEM-L4 Network News Protocol NNTP TCP"> <FilterInV2 Name="NTTP_QIN" Enabled="1" Action="Allow" Protocol="6" Vlan="0" LowSourcePortRange="0"HighSourcePortRange="0" LowDestPortRange="119" HighDestPortRange="119"> <ContractV2 Name="NNTP_IN" Enabled="1"> </ContractV2> </FilterInV2> <FilterInV2 Name="NTTP_RIN" Enabled="1" Action="Allow" Protocol="6" Vlan="0" LowSourcePortRange="119" HighSourcePortRange="119" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="NNTP_IN" Enabled="1"> </ContractV2> </FilterInV2> <FilterOutV2 Name="NTTP_QOUT" Enabled="1" Action="Allow" Protocol="6" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="119" HighDestPortRange="119"> <ContractV2 Name="NNTP_OUT" Enabled="1"> </ContractV2> </FilterOutV2> <FilterOutV2 Name="NTTP_ROUT"

216392-B

Chapter 7: Working with Signature Files
Enabled="1" Action="Allow" Protocol="6" Vlan="0" LowSourcePortRange="119" HighSourcePortRange="119" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="NNTP_OUT" Enabled="1"> </ContractV2> </FilterOutV2> </Rule>

147

Alteon Intelligent Traffic Management User’s Guide

148

Chapter 7: Working with Signature Files

Basic Layer 7 Rule (matching a single hex pattern)
Use this rule to detect IP traffic that matches a single hex-based Layer 7 string.
<Rule Name="OEM-L7 HyperText Transfer Protocol HTTP"> <NullFilterIn> <ContractV2 Name="HTTP_IN" Enabled="1"> </ContractV2> <PatternGroup Name="HTTP Both"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="128" Pattern="485454502F312E"/> </PatternGroup> </NullFilterIn> <NullFilterOut> <ContractV2 Name="HTTP_OUT" Enabled="1"> </ContractV2> <PatternGroup Name="HTTP Both"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="128" Pattern="485454502F312E"/> </PatternGroup> </NullFilterOut> </Rule>

216392-B

Chapter 7: Working with Signature Files

149

Basic Layer 7 Rule (matching multiple hex patterns)
This rule detects IP traffic that matches multiple hex-based Layer 7 strings. Use this if you are combining multiple strings and all strings MUST match for a successful hit.
<Rule Name="OEM-L7 P2P Network EDonkey"> <NullFilterIn> <ContractV2 Name="EDonkey_IN" Enabled="1"> </ContractV2> <PatternGroup Name="eDonkey Both"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="1" Pattern="E3"/> <Pattern Type="Binary" Operator="Equals" Offset="43" Depth="2" Pattern="0000"/> </PatternGroup> </NullFilterIn> <NullFilterOut> <ContractV2 Name="EDonkey_OUT" Enabled="1"> </ContractV2> <PatternGroup Name="eDonkey Both"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="1" Pattern="E3"/> <Pattern Type="Binary" Operator="Equals" Offset="43" Depth="2" Pattern="0000"/>

Alteon Intelligent Traffic Management User’s Guide

150

Chapter 7: Working with Signature Files
</PatternGroup> </NullFilterOut> </Rule>

216392-B

Chapter 7: Working with Signature Files

151

Basic Layer 7 Rule (matching optional hex patterns)
Use this rule in the following scenarios: ? ? Detect IP traffic that matches optional hex-based Layer 7 pattern groups each of which contain one or more strings. Identify an application that includes multiple identifiers.

Alteon Intelligent Traffic Management User’s Guide

152

Chapter 7: Working with Signature Files

Typically, this rule is used when the Query and Response patterns are different.
<Rule Name="OEM-L7 P2P Network Ares"> <NullFilterIn> <ContractV2 Name="Ares_IN" Enabled="1"> </ContractV2> <PatternGroup Name="Ares Query"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="256" Pattern="557365724167656E743A2041726573"/> </PatternGroup> <PatternGroup Name="Ares Response"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="256" Pattern="5365727665723A2041726573"/> </PatternGroup> </NullFilterIn> <NullFilterOut> <ContractV2 Name="Ares_OUT" Enabled="1"> </ContractV2> <PatternGroup Name="Ares Query"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="256" Pattern="557365724167656E743A2041726573"/> </PatternGroup> <PatternGroup Name="Ares Response"> <Pattern Type="Binary" Operator="Equals" Offset="40" Depth="256"

216392-B

Chapter 7: Working with Signature Files
Pattern="5365727665723A2041726573"/> </PatternGroup> </NullFilterOut> </Rule>

153

Alteon Intelligent Traffic Management User’s Guide

154

Chapter 7: Working with Signature Files

Basic Hybrid Rule
A hybrid rule inspects for Layer 7 matches only after the Layer 4 port (or Layer 3 protocol) matches; and classifies the traffic as the Layer 7 application only if there is a pattern match. If there is no match then the traffic is said to be clean, and is classified based on the well-known Layer 4 attributes. Use this rule in the following scenarios: ? ? Inspect for a Layer 7 pattern within a well-known Layer 4 port (or Layer 3 protocol). Combat against application masquerading when an application pretends to be a well-known application by using a well-known Layer 4 port (or Layer 3 protocol).

In the following example, the first FilterIn definition is used to inspect ICMP traffic for the Nachia worm. Some of the parameters defined for this filter are Protocol=”1” for ICMP, Contract Name equal to NACHIA_IN, as well as the necessary strings and pattern groups to define the Nachia worm.

216392-B

Chapter 7: Working with Signature Files

155

The first filter is guaranteed to match on ICMP at a minimum, but if it does not match on the Layer 7 parameters it would be incorrect to classify the traffic as the Nachia virus. If the first filter fails, then the traffic is processed by the second filter, FilterIn. The second FilterIn defines ICMP attributes without any Layer 7 parameters. Its attributes are identical to the first portion of the first FilterIn with the exception of the Contract Name which is defined Network (for network traffic).
<Rule Name="OEM-HY Nachia WORM" Description="if desired, enter a rule description here – this description will appear with a right-click of the rule name."> <FilterInV2 Name="ICMP_IN" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="NACHIA_IN" Enabled="1"> </ContractV2> <PatternGroup Name="Nachia-ICMP"> <Pattern Type="Binary" Operator="Equals" Offset="2" Depth="2" Pattern="005c"/> <Pattern Type="Binary" Operator="Equals" Offset="28" Depth="4" Pattern="AAAAAAAA"/> </PatternGroup> </FilterInV2> <FilterInV2 Name="ICMP_IN" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0">

Alteon Intelligent Traffic Management User’s Guide

156

Chapter 7: Working with Signature Files
<ContractV2 Name="Network_IN" Enabled="1"> </ContractV2> </FilterInV2> <FilterOutV2 Name="ICMP_OUT" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="NACHIA_OUT" Enabled="1"> </ContractV2> <PatternGroup Name="Nachia-ICMP"> <Pattern Type="Binary" Operator="Equals" Offset="2" Depth="2" Pattern="005c"/> <Pattern Type="Binary" Operator="Equals" Offset="28" Depth="4" Pattern="AAAAAAAA"/> </PatternGroup> </FilterOutV2> <FilterOutV2 Name="ICMP_OUT" Enabled="1" Action="Allow" Protocol="1" Vlan="0" LowSourcePortRange="0" HighSourcePortRange="0" LowDestPortRange="0" HighDestPortRange="0"> <ContractV2 Name="Network_OUT" Enabled="1"> </ContractV2> </FilterOutV2> </Rule>

216392-B

Chapter 7: Working with Signature Files

157

In summary, the first filter is inspected for both ICMP and the Layer 7 parameters. If there is a successful match the traffic is classified as NACHIA. If there is no Layer 7 match then it falls back to the second FilterIn which classifies the traffic as ICMP (network).

Alteon Intelligent Traffic Management User’s Guide

158

Chapter 7: Working with Signature Files

216392-B

159

Chapter 8 Troubleshooting Alteon ITM
This section provides solutions for problems that you may encounter using the Alteon Intelligent Traffic Management.

Select a Topic
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? “Before You Start Troubleshooting” on page 160 “Traffic Management Wizard Option Missing” on page 163 “BWM Statistics are not Generated in Real-time” on page 164 “Cannot Connect to the Switch” on page 165 “Generating Only Default BWM Statistics” on page 166 “Generating Only “Other” BWM Statistics” on page 167 “Cannot Generate Traffic Reports” on page 168 “Excessive Discards” on page 171 “Statistics not Imported into Database” on page 173 “Traffic Reports Display Discards When Rate Limit is not Configured” on page 174 “SMTP Field Missing in Alteon EMS” on page 175 “Graphs Display Straight Lines” on page 176 “Error on Port Selection” on page 177 “Security Menu Missing” on page 178 “Rate Limit Policy not Working” on page 179 “Overall Upload Traffic Exceeds Download Traffic” on page 180 “Timeout Error” on page 181 “Reporting Server Cannot Receive Statistics” on page 182 “Error Message When Installing the Reporting Server” on page 183

Alteon Intelligent Traffic Management User’s Guide

160

Chapter 8: Troubleshooting Alteon ITM

Before You Start Troubleshooting
Run the following command before you start troubleshooting ITM:
/var/www/html/itm/bin/validate

216392-B

Chapter 8: Troubleshooting Alteon ITM

161

Not Receiving User Data
Symptom: The Reporting module does not receive user data from the switch. Action ? ? ? Run the validate command (/var/www/html/itm/bin/validate) Make sure user policies are defined (set to 1000M). See “Defining Traffic Policies” on page 51. Make sure a firewall is not preventing the switch from communicating with the TCP port 49152 on the reporting server

Alteon Intelligent Traffic Management User’s Guide

162

Chapter 8: Troubleshooting Alteon ITM

Cannot Receive SYSLOG Data
Symptom: EMS client does not receive SYSLOG data Action ? ? Make sure a firewall is not preventing the switch from communicating with the UDP port 514 on the reporting server Make sure the appropriate instance of SYSLOG is running For example, if you want to use the EMS SYSLOG Server, then you must stop the SYSLOG daemon on the native server. To capture SYSLOG data at the EMS workstation, see “Alteon EMS Properties” on page 181Figure 50.

216392-B

Chapter 8: Troubleshooting Alteon ITM

163

Traffic Management Wizard Option Missing
Symptom: The Traffic Management Wizard option is missing in the Alteon EMS Configure menu. Action ? ? Install EMS 3.1.2 or higher on the Linux server (EMS Server). Install one of the following licenses on the switch: ? ITM license key ? Bandwidth management and security pack license keys Install Alteon OS version 22.0.2 or higher on the switch.

?

Alteon Intelligent Traffic Management User’s Guide

164

Chapter 8: Troubleshooting Alteon ITM

BWM Statistics are not Generated in Real-time
Symptom: Bandwidth management statistics are not generated and displayed in real time in Alteon EMS under Switch > Monitor > BWM > Contracts tab. Action ? ? ? Install the ITM license key or the bandwidth management/security license keys on the switch. Enable Bandwidth management from Alteon EMS under Switch > Configure > BWM > General tab. Make sure you did an apply after configuring Alteon ITM.

216392-B

Chapter 8: Troubleshooting Alteon ITM

165

Cannot Connect to the Switch
Symptom: Cannot connect to the switch from Alteon EMS to run Alteon ITM. Action This may occur for one of the following reasons: ? ? SNMP is not set to Write on the switch. Using the application switch CLI enter, /cfg/sys/access/snmp w to enable SNMP write mode. SNMP community strings do not match. Make sure that the public and private strings under /cfg/sys/access/ssnmp/cur match the strings entered in Alteon EMS. SNMP v3 authentication information is incorrect or SNMP v3 is not configured properly on the switch.

?

Alteon EMS supports SNMP v1, v2, and v3.

Alteon Intelligent Traffic Management User’s Guide

166

Chapter 8: Troubleshooting Alteon ITM

Generating Only Default BWM Statistics
Symptom: BWM statistics are generated for default contract 256 only. In Figure 47, default contract 256 shows 37 million bytes of traffic.
Figure 47 Default Contract Gets All the Traffic

Action ? ? Configure at least one rule to enable the switch to start classifying traffic. Make sure the bandwidth management contracts are correctly associated with the physical ports. Traffic defaults to the default contract 256 if non-ITM ports are being used. That is, ? Physical ports still refer to contract 256. ? Other ports are being used on the switch that don’t participate in Traffic Management. Make sure you apply and save the configuration. Existing filters on the switch are not configured via the Traffic Management Wizard (filters default to 256).

? ?

216392-B

Chapter 8: Troubleshooting Alteon ITM

167

Generating Only “Other” BWM Statistics
Symptom: BWM statistics are only generated for contracts OTHER_IN and OTHER_OUT only. Action Make sure filtering is enabled on the port. To enable filtering, go to the Switch > Port # > Filtering tab and enabling filtering for that port. When a null filter (2041 and 2042) is created, four contracts are automatically created by default, OTHER_IN, OTHER_OUT, Non_IP_IN, and Non_IP_OUT.

Alteon Intelligent Traffic Management User’s Guide

168

Chapter 8: Troubleshooting Alteon ITM

Cannot Generate Traffic Reports
Symptom: There is no data for graphs to be generated because statistics are not being sent to the reporting server. Action ? Check the time on the switch when it should email the data to the reporting server. At the application switch Command Line Interface (CLI), enter /info/bwm to see when the next statistics are scheduled to be emailed. Note: You can configure the frequency of how often you want the switch to email the user level data. To configure the frequency, click on the General tab under Switch > Configure > BWM (see Figure 19) or use the Command Line Interface (/cfg/bwm/frequen). Configuring this frequency value enables you to optimize reporting efficiency relative to user load. The switch will stop collecting statistics when the buffer is full and sends the user data at the scheduled time. ? Make sure the switch is configured to use the correct port for SMTP traffic. From Alteon EMS, configure the switch to use the management port for SMTP under Switch > Configure > Management Port. Force the switch to mail BWM statistics immediately. The switch sends data only when the buffer (70,915 bytes) is full. This can take up to 14 hours if only a single contract is configured, or 3 to 4 minutes for a fully-loaded system.

?

216392-B

Chapter 8: Troubleshooting Alteon ITM

169

You can force the switch to send bandwidth management statistics immediately (takes time to compile and send) by pressing the envelope button shown in Figure 19. This sends the statistics to the SMTP server. The following table shows two different ways to force the switch to mail BWM statistics immediately. Using the application switch CLI Using Alteon EMS Enter /oper/bwm/sendhist to send data to the reporting server immediately. Click on the envelope (Send BWM History) under Switch > Configure > BWM > General tab and Figure 19 is displayed.

Table 19 Forcing Switch to Mail Statistics

?

? ? ?

Make sure the Validate Data Archival and Collection Settings is enabled in the Alteon Traffic Management Wizard (see Figure 2 on page 39). Make sure the SMTP host and user names are valid in Alteon EMS under the Switch > Configure > BWM > General tab. Run the system validation script (validate) at /var/www/html/itm/bin to make sure Alteon ITM is configured properly. Make sure the switch has IP connectivity to the Reporting Server by pinging the server from the switch CLI.

Alteon Intelligent Traffic Management User’s Guide

170

Chapter 8: Troubleshooting Alteon ITM

?

Not enough data (or invalid data) to generate the type of report chosen (for example, if you are generating a Typical Weekly report with only a few minutes worth of data).

216392-B

Chapter 8: Troubleshooting Alteon ITM

171

Excessive Discards
Symptom: Excessive discards are displayed in your graphs Action ? Check the policy settings for default policy 64 to make sure that it has not been inadvertantly changed, because contracts configured for monitor use the default policy (see “Define traffic policies for the BWM contracts. Left-click on the Action column in Figure 5 on page 49 and select one of the policies. The possible actions to choose for a policy on a contract are defined in the following table (additional concepts on traffic policies are provided in Table 4 on page 26):” on page 51). Policy 64 should have a hard limit of 1000M. From Alteon EMS, select Switch > Configure > BWM > policies and Figure 48 is displayed. Figure 48 shows that all the contracts assigned for policy 64 is configured for Monitor in the Alteon ITM wizard. Run the Alteon ITM wizard and enforce a different policy to the contracts.
Figure 48 Default Policy

Alteon Intelligent Traffic Management User’s Guide

172

Chapter 8: Troubleshooting Alteon ITM

?

Sum of all the Reserve Limit should not exceed the speed of the physical port or trunk. To add the reserved rate in Alteon EMS, click on the Switch > Configure > BWM > Policies tab. Figure 49 shows a sum of 10M of reserve limit. This value should not exceed the value of the port speed.

Figure 49 Sum of Reserve Limit

?

Verify if switch processing is too intensive (see “Monitoring MP Statistics” on page 74 and “Monitoring SP Statistics by Sessions” on page 76.

216392-B

Chapter 8: Troubleshooting Alteon ITM

173

Statistics not Imported into Database
Symptom: Statistics not imported into database but received at SMTP gateway Action ? Make sure the database is up. Run the validation script located in /var/www/html/itm/bin on the Linux server. ? Make sure mail processing is functioning properly. Run the validation script located in /var/www/html/itm/bin on the Linux server. ? Add data to the database manually. Run the data_inload script (see “Manually Adding Data to the Database” on page 84).

Alteon Intelligent Traffic Management User’s Guide

174

Chapter 8: Troubleshooting Alteon ITM

Traffic Reports Display Discards When Rate Limit is not Configured
Symptom: Discards are present when rate limit is not configured. Action ? Use the reporting system to get a total percentage of application discard related to the total traffic for the application. See “Sample 10: Measuring Discarded Traffic” on page 121. These discards can be caused by malformed packets that are legally dropped. Discards of .01% is acceptable loss. ? Find the percentage of discards for an application by generating reports for ? inbound traffic for an application and its discarded traffic ? outbound traffic for an application and its discarded traffic. See “Sample 8: Graphing Discarded Traffic” on page 117.

216392-B

Chapter 8: Troubleshooting Alteon ITM

175

SMTP Field Missing in Alteon EMS
Symptom: The SMTP field is missing in Alteon EMS under the Switch > Configure > BWM > General tab. Action ? ? Enable the ITM or bandwidth management license key. Make sure the demo license has not expired. To verify your demo license, from the switch CLI, enter /info/swkey.

Alteon Intelligent Traffic Management User’s Guide

176

Chapter 8: Troubleshooting Alteon ITM

Graphs Display Straight Lines
Symptom: Traffic reports display straight lines. Action Straight lines indicate jump in data or missing data. Refer to “Cannot Generate Traffic Reports” on page 168.

216392-B

Chapter 8: Troubleshooting Alteon ITM

177

Error on Port Selection
Symptom: The Alteon Traffic Management Wizard prompts you with an error if you selected an incorrect port in the Port Selection page (see Figure 2 on page 39). Action Select all ports in the trunk group. This may occur if the port belongs to a trunk group. Or, select the trunk group instead of the ports.

Alteon Intelligent Traffic Management User’s Guide

178

Chapter 8: Troubleshooting Alteon ITM

Security Menu Missing
Symptom: The Security Menu is missing under Switch > Configure > Security > Pattern Match Group tab. Action ? ? Enable the ITM or Security Pack (Advanced DoS) license key. Make sure the demo license has not expired. To verify your demo license, from the switch CLI, enter /info/swkey.

216392-B

Chapter 8: Troubleshooting Alteon ITM

179

Rate Limit Policy not Working
Symptom: Rate limit is configured, but the reports show that the throughput is higher than the rate limit imposed and there are no discards present. Action Make sure policy enforcement (Enforce BWM Policies) is enabled in Alteon EMS under the Switch > Configure > BWM > General tab.

Alteon Intelligent Traffic Management User’s Guide

180

Chapter 8: Troubleshooting Alteon ITM

Overall Upload Traffic Exceeds Download Traffic
Symptom: The reported upload traffic exceeds the download or vice versa and is not typical of environment. Action 1 2 3 4 5 Make sure you configured the Inbound and Outbound port selection correctly on the first page of the wizard (see “Selecting the Physical Ports” on page 39). Remove the configuration (see “Deleting Existing Configuration” on page 60). Backup the database (see “Backing Up the Database” on page 81). Purge the database (see “Purging the Database” on page 82). Start configuring all over again.

216392-B

Chapter 8: Troubleshooting Alteon ITM

181

Timeout Error
Symptom: You receive a Timeout Error when you click Finish on the Final Page of the Wizard (Figure 5 on page 49) or after you click Apply and/or Save. Action SNMP is UDP traffic which is not guaranteed, so modify the properties of Alteon EMS properties to wait for a switch response. Typically, this error occurs when working with very large configurations only. Extend the number of retries and length of time in Alteon EMS by selecting Alteon > Properties menu and make sure the following is updated as shown in Figure 50: ? ? ? ? Status Interval is set to 151 seconds or greater. Set retry count is set to 5 Timeout is set to 30 Do not select Listen for Traps

Figure 50 Alteon EMS Properties

Alteon Intelligent Traffic Management User’s Guide

182

Chapter 8: Troubleshooting Alteon ITM

Reporting Server Cannot Receive Statistics
Symptom: The Reporting module does not receive statistics from the switch. Action ? Run the system validation script (validate) at /var/www/html/itm/bin to make sure a firewall rule isn’t preventing access and to ensure that Sendmail is configured properly. Force the switch to mail the statistics immediately as described under “Cannot Generate Traffic Reports” on page 168. Check the switch log (/info/log) to see if there are any SMTP errors. Check the mail log file (maillog) on the Reporting Server under /var/log. Look for receive errors in this file. An error “Relaying Denied” is usually indicative of an invalid email address. In case it is a DNS-based Relay error message, it is recommended to change the SMTP user name to itm@<host> and not <hostname>. For example, use itm@rpt-srv instead of
itm@rpt-srv.alteon.lab

? ? ?

216392-B

Chapter 8: Troubleshooting Alteon ITM

183

Error Message When Installing the Reporting Server
Symptom: You receive the following error message when you run the reporting server install script.
cp: cannot stat <file>: No such file or directory

Action You must launch the install script from within the application directory /var/ www/html/itm. If you receive this error message you must run the Reporting Server installation again, even though it may appear like it completed successfully.

Alteon Intelligent Traffic Management User’s Guide

184

Chapter 8: Troubleshooting Alteon ITM

216392-B

185

Index
A
aggregating traffic 111 Alteon EMS client 22, 31 server 22, 31 Alteon ITM components 29 definition 18 logical elements 132 not receiving SYSLOG data 162 not receiving user data 161 rules 132 wizard 36, 134, 137 wizard, missing 163 application fingerprint 132, 134 application masquerading 135, 154 application priority 48 application rules 132 creating 141 application signature 34, 132 application switches 22, 72 applications classifying HTTP traffic 48 statistics, troubleshooting 164, 166 basic elements contracts 23 filters 23 policies 23 basic Layer 3 rule 145 basic Layer 4 rule 146 basic Layer 7 rule 148 bulk provisioning 28, 58

C
checking current configuration 60 classifying traffic 44 configuration checking 60 deleting 60 configure multiple switches 28 configuring multiple switches 58 connecting to the database 85 connecting to the switch 38 troubleshooting 165 contract groups 25 contract name 143 contract name, modifying 87 contract, new 49 contract, reverse 18 contract, static 24 contracts 23 contracts, bandwidth management 25 creating custom rules 141 Alteon Intelligent Traffic Management User’s Guide

B
backing up the database 81 bandwidth management contracts 25 grouped contracts 25 license key 22, 163 monitoring statistics 68 SMTP field missing 175

186

Index discards,troubleshooting 171 displaying a graph 100 displaying data points 115 DoS attacks 20, 41, 64 DoS statistics 64 downloading new signatures 139

guidelines 142 Layer 7 rule 134 samples 144 syntax 143 critical traffic 51 CSV format, reports 108 current records, database 88 current.xml file 57, 137 customer support 16

E
Element Management System (EMS) 22, 31 EMS server 163 excessive discards, troubleshooting 171 exclusion, rule 47

D
dashboard summary 72 data point 98, 101, 115 database administration backing up the database 81 connecting to database 85 data queries 88 dump all data 89 dump specific data 89 importing data 84 list available databases 85 listing tables 86 purging the database 82 removing a contract name 83 running a script 80 sample data file 84 total records 88 updating a contract name 87 viewing table structure 87 database, troubleshooting 173 date, signature file 138 deep packet inspection 33 default policy, troubleshooting 171 definition, Alteon ITM 18 deleting current configuration 60 Denial of Service. See DoS attacks 41 deny traffic 26, 51 deploying ITM 20 discarded traffic 117, 121 216392-B

F
FDB error statistics 70 features 19, 20 files Nortel signature 136 port properties 59 properties 24 Signatures.xsd 136 XML 57 filter name 143 filters layer 4 statistics 65 flow, traffic 33 forcing switch to email statistics 169 Forwarding DataBase 70 Fraggle attack 20

G
generating reports aggregating traffic 111 CSV format 108 discarded traffic 117, 121 graph format 107 import sample data 102

187

Index instant messaging 19

relative graphs 116 sample data 102 stacking applications 118 summarizing data 113 table format 108 top 5 inbound traffic groups 109 troubleshooting 168 typical 125, 127 understanding 100 graph display 100 graph format, reports 107 graphs data point 98, 101 discarded traffic 117, 121 display summarized data 113 displaying data points 115 relative 116 sample data 102 stacking applications 118 time range 98, 101, 123 time zone 98, 101, 124 grouped contracts, bandwidth 25 grouping contracts 25

L
Layer 2 to 4 attributes 26 Layer 2 to 4 rule 133 Layer 2 to 7 filters, rule 132 layer 4 statistics 65 Layer 7 rule 133, 134 layer 7 statistics 67 license, requirements 22 license, troubleshooting 178 Linux server 22, 29, 30, 31, 80, 92, 93, 141, 173 list available databases 85 listing tables 86 logical elements, Alteon ITM 23

M
mailing statistics troubleshooting 169 malformed packets 174 management module 30 Management Processor (MP) statistics 74 managing traffic prerequisites 32 manual data queries 88 manually importing data 84 masquerading applications 135, 154 matching multiple patterns 149 matching optional hex patterns 151 matching single pattern 148 modifying an application name 83 modifying rules 140 monitor traffic 26, 51 monitoring

H
hardware requirements 22 hit rate 62 HTTP protocol selecting applications 48 hybrid rule 133, 135, 154

I
identical ITM configurations 28 importing data, manually 84 importing sample data 102 importing statistics troubleshooting 173 inbound traffic 39 install script 183 216392-B

188

Index user rate limit 26, 51, 52, 56 policy module 29 precedence, patterns 33 precedence, setting 48 prioritize traffic 26 processing module 30 product support 16 publications hard copy 14 purging the database 82

bandwidth management statistics 68 DoS statistics 64 Forwarding Database 70 Layer 2 errors 76 layer 4 filter matches 65 letter failures 76 management processor (MP) utilization 74 pattern group matches 67 switch processor (SP) by sessions 76 switch processor (SP) utilization 75

N
non-IP traffic 19 Nortel signature file 136, 139 notifying rule updates 46

R
rate limit policy, troubleshooting 179 rate limit traffic 20, 26, 51 redirect traffic 26 relative graphs 116 remarking packets 20 removing a contract name 83 reporting menu 93 module 30, 92 module, troubleshooting 161, 182 tool 92, 93 reports a typical report 125 CSV format 108 discarded traffic 117, 121 displaying data points 115 graph format 107 import sample data 102 sample data 102 selecting time range 123 selecting time zone 124 selecting traffic groups 109, 111 stacking applications 118 summarizing data 113 table format 108 troubleshooting 168 user report 127

O
outbound traffic 39

P
packet remarking 20 pattern groups 33, 134 layer 7 statistics 67 pattern, Layer 7 attribute 132 performance enhancement 18 physical ports 39 policies 25 assigning to contracts 51 deny traffic 26, 51 monitor 26 monitor traffic 51 pre-defined 51 prioritize 26 rate limit traffic 26, 51 rate limit, troubleshooting 179 redirect traffic 26 TCP window resize 26 time 27 traffic shaping 26, 51 216392-B

Index requirements hardware and software 22 reserve traffic 26 reverse contract 18 rule exclusion 47 rule update notification 46 rules application fingerprint 132 creating 141 custom rule, hybrid 154 definition 132 guidelines to create 142 modifying application rules 140 pattern group 132 rule name 143 sample 144 sample, basic Layer 7 148 sample, basic Layer 3 145 sample, basic Layer 4 146 syntax 143 traffic flow 33 types of 133 updating contract names 87 removing obsolete contract names 83 validation, troubleshooting 169, 173 security license key 22, 163 menu, troubleshooting 178 selecting applications to classify 44 selecting HTTP applications 48 selecting the ports 39 selecting traffic groups 109 session reverse 18 shaping traffic 20, 26, 51 signature file date 138 definition 132 downloading 139 XML 132, 136, 137 signature, applications 34 Signature.xsd file 136, 140 SMTP applications 135 SMTP field, missing 175 SMTP host name troubleshooting 169 SMTP settings 42 Smurf attack 20 software requirements 22 SQL commands 85 stacking applications, reports 118 starting Alteon ITM wizard 36 static contracts 24 statistics bandwidth management 68 DoS attacks 64 FDB errors 70 layer 4 filter 65 layer 7 pattern group 67 management processor (MP) utilization 74 switch processor (SP) maintenance 76 switch processor (SP) utilization 75

189

S
sample data 102 sample data file 84 sample rules 144 basic Layer 3 145 basic Layer 4 146 basic Layer 7 148 schema file 136 scripts backing up the database 81 database administration 80 import sample data 102 install, troubleshooting 183 location of 80 manually importing data 84 purging the database 82

Alteon Intelligent Traffic Management User’s Guide

190

Index

troubleshooting 164 summarizing data 113 support, Nortel Networks 16 switch models 22 session capacity 72 switch performance 70– 77 Switch Processor (SP) statistics 75, 76

U
updating a contract name 87 updating rules 46 user rate limit 20, 26, 51, 52, 56 user.xml file 132, 137, 140, 141

V
validation script 169, 173, 182 viewing bandwidth management statistics 68 DoS statistics 64 layer 4 filter statistics 65 letter failures 76 pattern group statistics 67 SP statistics by sessions 76 viewing table structure 87 virus response 21 VLAN 23 VoIP traffic 19

T
table dump all data 89 dump specific data 89 table format, reports 108 table, structure 87 tables, database 86 TCP window resize 26 technical publications 14 technical support 16 time periods 55 time policies 27 time range, graphs 98, 101, 123 time zone 98, 101, 124 timeout error 181 Traffic non-IP 19 traffic aggregates 111 traffic discards 117, 121 traffic flow 18, 33 traffic reports, stacking applications 118 traffic shaping 20 troubleshooting not receiving SYSLOG data 162 not receiving user data 161 trunk group, troubleshooting 177 trunks, configuring 39

X
XML files 57, 132, 137 schema 136, 143 See also signature files 44 syntax 143

216392-B


相关文章:
Redware Alteon详细配置手册
例:telnet 192.168.0.110; 1.2.4 HTTP方式登陆 Alteon 操作系统基于浏览...1.2.6 EMS 软件方式登陆使用北电的EMS软件可以用图形化方式管理应用交换机, ...
Alteon 2208简易配置手册
Alteon 2208简易配置手册_互联网_IT/计算机_专业资料。Alteon2208 简易配置手册 ...本例中 ip 地址段为:59.37.52.0/28 3. 确定与上联交换机互联所在的 VLAN...
command应用示例
北电Alteon应用层交换机... 688页 免费 应用示例 106页 1下载券 应用示例 4...步骤 2:将文档标题设置为“Command 对象执行 INSERT 语句向数据库中添加新记录...
Alteon设备用户使用手册
14 2 Alteon 设备调试管理使用手册 Alten 四层交换机的配置一、网络拓扑网络拓扑图如下:(标准架构) 整个网络由防火墙、路由交换机、二层交换机和两台负载均衡交换...
Alteon 实验操作手册
Alteon 实验操作手册 LAB 1 Alteon Web Switch 基本操作 实验环境:alteon web ...Alteon基本配置示例 41页 1下载券 北电Alteon应用层交换机... 8页 免费 北电...
Alteon负载均衡配置说明十
Alteon负载均衡配置说明十_计算机硬件及网络_IT/计算机_专业资料。Alteon负载均衡...北电Alteon配置实例_Alt... 44页 1下载券 Redware Alteon详细配置... 63页...
最新Radware Alteon负载均衡器指导书
最新Radware Alteon负载均衡器指导书_计算机硬件及网络_IT/计算机_专业资料。最新...97 第 14 章 配置实例 ......
Alteon2424操作手册
3.SLB 配置实例以 nbtest.pconline.com.cn 开通 VIP 为例,对应网通 real ...北电Alteon应用层交换机... 688页 免费©2015 Baidu 使用百度前必读 | 文库...
ALTEON 2208
ALTEON 2208_信息与通信_工程科技_专业资料。北电 ALTEON 2208 产品资料2208...Alteon交换机各款 暂无评价 1页 免费 Alteon基本配置示例 41页 1下载券 Radware...
PIXASA Failover 技术
北电Alteon应用层交换机... 8页 免费 failover 18页 1下载券 failover 24页 ...的方式,下面是一个 LAN 方式实现的配置实例 个人比较倾向 方式实现的配置实例。...
更多相关标签:
radware alteon 配置 | alteon 配置 | 北电交换机配置手册 | 北电设备配置 | 北电交换机配置 | 北电交换机清空配置 | 北电交换机配置命令 | alteon |