Periodical aging, Forced aging, Tcp fin- and rst-triggered aging – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 156: Netstream data export, Netstream traditional data export, Netstream aggregation data export
141
When the timer of the entry expires, the NDE exports the summarized data to the NetStream server in a
specified NetStream version export format.
The following types of NetStream flow aging are available:
•
•
•
TCP FIN- and RST-triggered aging
(it is automatically triggered when a TCP connection is
terminated)
Periodical aging
Periodical aging uses the following approaches: inactive flow aging and active flow aging.
•
Inactive flow aging
A flow is considered inactive if its statistics have not been changed, that is, no packet for this NetStream
entry arrives in the time specified by the ip netstream timeout inactive or ipv6 netstream timeout inactive
command. The inactive flow entry remains in the cache until the inactive timer expires. Then the inactive
flow is aged out and its statistics, which can no longer be displayed by the display ip netstream cache
or display ipv6 netstream cache command, are sent to the NetStream server. The inactive flow aging
ensures the cache is big enough for new flow entries.
•
Active flow aging
An active flow is aged out when the time specified by the ip netstream timeout active or ipv6 netstream
timeout active command is reached, and its statistics are exported to the NetStream server. The device
continues to count the active flow statistics, which can be displayed by the display ip netstream cache or
display ipv6 netstream cache command. The active flow aging exports the statistics of active flows to the
NetStream server.
Forced aging
The reset ip netstream statistics or reset ipv6 netstream statistics command ages out all NetStream
entries in the cache and clears the statistics. This is forced aging. Alternatively, use the ip netstream
max-entry or ipv6 netstream max-entry command to configure maximum NetStream entries in the cache.
By default, the entries are aged out when the maximum number is reached.
TCP FIN- and RST-triggered aging
For a TCP connection, when a packet with a FIN or RST flag is sent out, it means that a session is finished.
When a packet with a FIN or RST flag is recorded for a flow with the NetStream entry already created,
the flow is aged out immediately.
NetStream data export
NetStream traditional data export
NetStream collects statistics of each flow and, when the entry timer expires, exports the data of each
entry to the NetStream server.
Though the data includes statistics of each flow, this method consumes more bandwidth and CPU, and
requires large cache size. In most cases, not all the statistics are necessary for analysis.
NetStream aggregation data export
NetStream aggregation merges the flow statistics according to the aggregation criteria of an
aggregation mode, and sends the summarized data to the NetStream server. This process is the