H3c-technologies H3C MSR 5600 Instrukcja Użytkownika Strona 1

H3C MSR Series RoutersNetwork Management and MonitoringConfiguration Guide(V7) Hangzhou H3C Technologies Co., Ltd. http://

iv How to use NETCONF ·······························································································································

87 Figure 33 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 33. (Details not shown.) 2. Conf

88 # Router A and Router B get synchronized upon receiving a broadcast message from Router C. Display the NTP status of Router A after clock synchron

89 Figure 34 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 34. (Details not shown.) 2. Conf

90 Clock jitter: 0.044281 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00229 ms Root dispersion: 4.12572 ms Reference time: d0d2

91 Leap indicator: 00 Clock jitter: 0.165741 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00534 ms Root dispersion: 4.51282 ms

92 2. Configure Router C: # Enable the NTP service. <RouterC> system-view [RouterC] ntp-service enable # Specify the local clock as the refer

93 Total sessions : 1 The output shows that an association has been set up between Router D and Router C. 5. Configure Router B: Because Router A

94 Reference: 127.127.1.0 Clock stratum: 2 Reachabilities: 2 Poll interval: 64 Last receive time: 71 Offset: -

95 # Specify Device A as the NTP server of Device B, and associate the server with key 42. [DeviceB] ntp-service unicast-server 1.0.1.11 authenticat

96 Configuration example for NTP broadcast mode with authentication Network requirements As shown in Figure 37, Router C functions as the NTP server

v Verifying the configuration ·······················································································································

97 3. Configure Router B: # Enable the NTP service. <RouterB> system-view [RouterB] ntp-service enable # Enable NTP authentication on Router B

98 Clock stratum: 4 System peer: 3.0.1.31 Local mode: bclient Reference clock ID: 3.0.1.31 Leap indicator: 00 Clock jitter: 0.006683 s Stabili

99 Figure 38 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/0 10.1.1.1/24 PE 1 S2/0 10.1.1.2/24 CE 2 CE 3 S2/

100 Clock status: synchronized Clock stratum: 3 System peer: 10.1.1.1 Local mode: client Reference clock ID: 10.1.1.1 Leap indicator: 00 Clock

101 Figure 39 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/0 10.1.1.1/24 PE 1 S2/0 10.1.1.2/24 CE 2 CE 3 S2

102 Reference clock ID: 10.1.1.1 Leap indicator: 00 Clock jitter: 0.005096 s Stability: 0.000 pps Clock precision: 2^-10 Root delay: 0.00655 ms

103 Configuring SNTP SNTP is a simplified, client-only version of NTP specified in RFC 4330. SNTP supports only the client/server mode. An SNTP-enabl

104 Step Command Remarks 2. Specify an NTP server for the device. • For IPv4: sntp unicast-server { ip-address | server-name } [ vpn-instance vpn-i

105 Step Command Remarks 5. Associate the SNTP authentication key with the specific NTP server. • For IPv4: sntp unicast-server { ip-address | serv

106 # Configure an NTP authentication key, with the key ID of 10 and key value of aNiceKey. Input the key in plain text. [DeviceA] ntp-service authen

vi Verifying the configurations ·····················································································································

107 Configuring SNMP NOTE: FIPS is not available for Russia. This chapter provides an overview of the Simple Network Management Protocol (SNMP) an

108 MIB and view-based MIB access control A MIB stores variables called "nodes" or "objects" in a tree hierarchy and identifies e

109 Configuring SNMP basic parameters SNMPv3 differs from SNMPv1 and SNMPv2c in many ways. Their configuration procedures are described in separate s

110 Step Command Remarks 8. Configure the SNMP access right. • (Method 1) Create an SNMP community: snmp-agent community { read | write } [ simple

111 Security model Security model keyword for the group Security key settings for the user Remarks No authentication, no privacy Neither authenticati

112 Step Command Remarks 8. (Optional.) Create or update a MIB view. snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-valu

113 The SNMP agent logs Get requests, Set requests, Set responses, and SNMP notifications, but does not log Get responses. • Get operation—The agen

114 Step Command Remarks 2. Enable notifications globally. snmp-agent trap enable [ protocol | standard [ authentication | coldstart | linkdown | li

115 Step Command Remarks 2. Configure a target host. • (Method 1) Send traps to the target host: In non-FIPS mode: snmp-agent target-host trap addr

116 Displaying the SNMP settings Execute display commands in any view. Task Command Display SNMP agent system information, including the contact, ph

vii Index ···········································································································································

117 # Configure the IP address of the agent and make sure the agent and the NMS can reach each other. (Details not shown.) # Specify SNMPv1, and crea

118 SNMPv3 configuration example Network requirements As shown in Figure 44, the NMS (1.1.1.2/24) uses SNMPv3 to monitor and manage the interface sta

119 { Set the authentication key to 123 456T ESTaut h& ! and the privacy key to 123 456 TE STenc r &! . { Set the timeout time and maximum

120 Configuring RMON Overview Remote Network Monitoring (RMON) is an enhancement to SNMP. It enables proactive remote monitoring and management of ne

121 • None—Takes no actions. Alarm group The RMON alarm group monitors alarm variables, such as the count of incoming packets (etherStatsPkts) on an

122 Sample types for the alarm group and the private alarm group The RMON agent supports the following sample types: • absolute—RMON compares the va

123 To create an RMON history control entry: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Ethernet interface view. interfa

124 Step Command Remarks 2. (Optional.) Create an event entry in the event table. rmon event entry-number [ description string ] { log | log-trap se

125 Figure 46 Network diagram Configuration procedure # Create an RMON Ethernet statistics entry for Ethernet 1/1. <Sysname> system-view [Sys

126 Configuration procedure # Create an RMON history control entry to sample traffic statistics every one minute for Ethernet 1/1. Retain up to eight

1 Using ping, tracert, and system debugging This chapter covers ping, tracert, and information about debugging the system. Ping Use the ping utility

127 dropevents : 0 , octets : 898 packets : 9 , broadcast packets : 2 multicast packets

128 [Sysname] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname public # Create an RMON Ethernet statistics entry for Ethern

129 Configuring NETCONF NOTE: FIPS is not available for Russia. Overview Network Configuration Protocol (NETCONF) is an XML-based network manageme

130 NETCONF message format NETCONF All NETCONF messages are XML-based and comply with RFC 4741. The NETCONF operations supported by the device and th

131 <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <Ifmgr

132 NETCONF configuration task list Task at a glance (Optional.) Enabling NETCONF over SOAP (Required.) Establishing a NETCONF session (Optional.) Su

133 Entering xml view Task Command Remarks Enter XML view. xml Available in user view. Exchanging capabilities After you enter XML view, the clie

134 Subscription procedure # Copy the following message to the client to complete the subscription: <?xml version="1.0" encoding="U

135 </rpc-reply> For more information about error messages, see RFC 4741. Example for subscribing to event notifications Network requirements

136 </notification> # When another client (192.168.100.130) logs in to the device, the device sends the following text to notify the client tha

2 Figure 1 Network diagram Configuration procedure # Use the ping command on Device A to test connectivity to Device C. Ping 1.1.2.2 (1.1.2.2): 56

137 Unlocking the configuration # Copy the following text to the client to unlock the configuration: <?xml version="1.0" encoding="

138 Verifying the configuration If the client receives the following response, the lock operation is successful: <?xml version="1.0" enc

139 <getopration> <filter> <top xmlns=" http://www.h3c.com/netconf/data:1.0"> Specify the module, s

140 <?xml version="1.0"?> <rpc-reply message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0&quo

141 <target><running></running></target> <error-option> Default operation when an error occurs </error-option

142 Verifying the configuration If the client receives the following text, the get-config operation is successful: <rpc-reply xmlns="urn:ietf

143 <Web> <Service> <SessionAgingTime>98</SessionAgingTime> &

144 <LogBuffer> <BufferSize>120</BufferSize> </LogBuffer>

145 <IfIndex>1</IfIndex> <Name>Aux0</Name> <AbbreviatedName>

146 </rpc> Verifying the configuration If the client receives the following text, the edit-config operation is successful: <?xml version=&qu

3 2. The intermediate device (Device B) adds the IP address of its outbound interface (1.1.2.1) to the RR option of the ICMP echo request, and forwa

147 </rpc-reply> Loading the configuration After you perform the load operation, the loaded configurations are merged into the current configur

148 </rpc> Verifying the configuration If the client receives the following response, the save operation is successful: <?xml version="

149 </source> <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/config:1.0">

150 <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <Device>

151 </top> </filter> </get> </rpc> Verifying the configuration If the client receives the following text, the ope

152 <IfIndex>2688</IfIndex> <Description>Ten-GigabitEthernet6/0/2:4 Interface</D

153 # Retrieve data in the Name column with the ifIndex value not less than 5000 in the Interfaces table under the Ifmgr module. <rpc message-id=&

154 Configuration procedure # Copy the following text to the client to execute the commands: <?xml version="1.0" encoding="UTF-8&qu

155 </CLI> </rpc> Verifying the configuration If the client receives the following text, the operation is successful. <?xml vers

156 <SessionID>Configuration session ID </SessionID> <Line>line information</Line> <UserName>Name of

4 6. The source device thinks that the packet has reached the destination device after receiving the port-unreachable ICMP message, and the path to

157 # Copy the following message to the client to terminate the specified NETCONF session: <rpc message-id="101" xmlns="urn:ietf

158 Returning to the CLI To return from XML view to the CLI, send the following close-session request: <?xml version="1.0"?> <r

159 Appendix Appendix A Supported NETCONF operations Table 18 lists the NETCONF operations available with Comware V7. Table 12 NETCONF operations Ope

160 Operation Description XML example get-config Retrieves the non-default configuration data. If non-default configuration data does not exist, the

161 Operation Description XML example get-bulk-config Retrieves a number of non-default configuration data entries starting from the data entry next

162 Operation Description XML example edit-config: create Creates a specified target. To use the create attribute in the edit-config operation, you m

163 Operation Description XML example edit-config: delete Deletes the specified configuration. • If the specified target has only the table index,

164 Operation Description XML example edit-config: default-operation Modifies the current configuration of the device using the default operation met

165 Operation Description XML example edit-config: error-option Determines the action to take in case of a configuration error. The error-option elem

166 Operation Description XML example edit-config: test-option Determines whether to issue a configuration item in the edit-configure operation. The

5 Test the network connectivity between Device A and Device C. If they cannot reach each other, locate the failed nodes in the network. Figure 3 Netw

167 Operation Description XML example lock Locks the configuration data that can be changed by the edit-config operation. Other configurations are no

168 Operation Description XML example CLI Executes CLI operations. A request message encloses commands in the <CLI> element, and a response mes

169 Configuring port mirroring Overview Port mirroring refers to the process of copying the packets passing through a port to the monitor port connec

170 Figure 49 Local port mirroring implementation As shown in Figure 49, the source port Ethernet 1/1 and monitor port Ethernet 1/2 reside on the s

171 Configuration restrictions and guidelines When you configure source ports for a local mirroring group, follow these restrictions and guidelines:

172 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the monitor port for the specified local mirroring group. mirroring-gr

173 Figure 50 Network diagram Configuration procedure # Create local mirroring group 1. <Device> system-view [Device] mirroring-group 1 local

174

175 Configuring samplers A sampler samples packets. The sampler selects a packet from among sequential packets, and it sends the packet to other serv

176 • Configure fixed sampling in the inbound direction to select the first packet from among 100 packets. • Configure random sampling in the outbo

6 5. Use the debugging ip icmp command on Device A and Device C to verify that they can send and receive the specific ICMP packets, or use the displ

177 Configuring NetStream Overview Conventional ways to collect traffic statistics, like SNMP and port mirroring, cannot provide precise network mana

178 • NetStream collector—The NSC is usually a program running in an operation system. It parses the packets received from the NDE, and then it stor

179 NetStream aggregation data export NetStream aggregation merges the flow statistics according to the aggregation criteria of an aggregation mode,

180 Aggregation mode Aggregation criteria Prefix-port aggregation • Source prefix • Destination prefix • Source address mask length • Destinatio

181 In an aggregation mode with AS, if the packets are not forwarded according to the BGP routing table, the AS number cannot be obtained. In the agg

182 Figure 53 NetStream configuration flow Complete these tasks to configure NetStream: Tasks at a glance Remarks (Required.) Enabling NetStream o

183 Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable NetStream on the interface. ip netstream

184 • Statistics about source AS, destination AS, and peer ASs in version 5 or version 9 format. • Statistics about BGP next hop in version 9 forma

185 Configuring the refresh rate for NetStream version 9 templates Version 9 is template-based and supports formats that can be defined, so the NetSt

186 Periodical aging Periodical aging uses the following methods: • Inactive flow aging—A flow is considered inactive if no packet for this NetStre

Copyright © 2014, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted

7 To debug a feature module: Step Command Remarks 1. Enable debugging for a specified module in user view. debugging { all [ timeout time ] | modu

187 Step Command Remarks 3. Configure forced aging of the NetStream entries. 4. Set the maximum entries that the cache can accommodate: ip netstrea

188 Step Command Remarks 1. Enter system view. system-view N/A 2. Set a NetStream aggregation mode and enter its view. ip netstream aggregation {

189 Task Command Age out and export all NetStream data, and clear the cache. reset ip netstream statistics NetStream traditional data export configu

190 Flow active timeout (minutes) : 30 Flow inactive timeout (seconds) : 30 Max number of entries : 1024 IP active flow ent

191 NetStream aggregation data export configuration example Network requirements As shown in Figure 56, configure NetStream on Router A to meet the f

192 [RouterA-ns-aggregation-as] enable [RouterA-ns-aggregation-as] ip netstream export host 4.1.1.1 2000 [RouterA-ns-aggregation-as] quit # Configure

193 L2 flow entries been counted : 0 IPL2 flow entries been counted : 0 Last statistics reset time : Never IP packet size distr

194 Version 9 exported flows number : 0 Version 9 exported UDP datagrams number (failed): 0 (0) destination-prefix aggregation e

195 Configuring sFlow Sampled Flow (sFlow) is a traffic monitoring technology. As shown in Figure 57, the sFlow system involves an sFlow agent embed

196 Tasks at a glance Perform at least one of the following tasks: • Configuring flow sampling • Configuring counter sampling Configuring the sFlo

8 Configuring NQA Overview Network quality analyzer (NQA) allows you to measure network performance, verify the service levels for IP services and ap

197 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Ethernet interface view. interface interface-type interface-number N/A 3.

198 sFlow configuration example Network requirements As shown in Figure 58, configure flow sampling in random mode and counter sampling on Ethernet 1

199 Verifying the configurations # Display the sFlow configuration and operation information. [Sysname-Ethernet1/1] display sflow sFlow datagram vers

200 Configuring the information center NOTE: FIPS is not available for Russia. The information center on a device classifies and manages logs for

201 Table 14 Log levels Severity value Level Description 0 Emergency The system is unusable. For example, the system authorization has expired. 1 A

202 Table 16 Default output rule for diagnostic logs Destination Log source modules Output switch Severity Diagnostic log file All supported modules

203 Output destination Format Example Log host • H3C format: <PRI>Timestamp Sysname %%vvModule/Level/Mnemonic: Source; Content • unicom form

204 Field Description %% (vendor ID) Indicates that the information was generated by an H3C device. This field exists only in logs sent to the log ho

205 Timestamp parameters Description Example none No timestamp is included. All logs support this parameter. % Sysname FTPD/5/FTPD_LOGIN: User ftp (1

206 Step Command Remarks 3. Configure an output rule for the console. info-center source { module-name | default } { console | monitor | logbuffer |

9 • A UDP jitter or a voice operation sends a specific number of probe packets. The number of probe packets is configurable with the probe packet-nu

207 Outputting logs to a log host Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the information center. info-center enable

208 The log file feature saves logs from the log file buffer to a log file every 24 hours. You can adjust the saving interval or manually save logs t

209 Managing security logs Security logs are very important for locating and troubleshooting network problems. Generally, security logs are output to

210 Task Command Remarks Display a summary of the security log file. display security-logfile summary Available in user view. Change the directory of

211 Step Command Remarks 5. (Optional.) Specify the directory to save diagnostic log files. info-center diagnostic-logfile directory dir-name By def

212 • If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and t

213 Task Command Display a summary of the log buffer (MSR 2600/MSR 3600). display logbuffer summary [ level severity ] Display a summary of the log

214 Configuration example for outputting logs to a UNIX log host Network requirements Configure the device to output to the UNIX log host FTP logs th

215 NOTE: Follow these guidelines while editing the file /etc/syslog.conf: • Comments must be on a separate line and must begin with a pound sign

216 [Sysname] info-center source ftp loghost level informational 2. Configure the log host: The following configurations were performed on Solaris.

10 Table 1 Performance metrics and NQA operation types Performance metric NQA operation types that can gather the metric Probe duration All NQA oper

217 Configuring EAA Overview Embedded Automation Architecture (EAA) is a monitoring framework that enables you to self-define monitored events and ac

218 RTM RTM manages the creation, state machine, and execution of monitor policies. EAA monitor policies A monitor policy specifies the event to moni

219 Event type Description SNMP SNMP event occurs when the monitored MIB variable's value changes. Each SNMP event is associated with two user-d

220 ($variable_name) instead of entering a specific value for an argument. EAA will replace the variable name with the variable value when it perform

221 User-defined variables You can use user-defined variables for all types of events. User-defined variable names can contain digits, characters, a

222 Step Command Remarks 3. Configure an event in the policy. • Configure a CLI event: event cli { async [ skip ] | sync } mode { execute | help |

223 Step Command Remarks 4. Configure the actions to take when the event occurs. • Configure the action to execute a command: action number cli c

224 Step Command Remarks 4. Create a Tcl-defined policy and bind it to the Tcl script file. rtm tcl-policy policy-name tcl-filename By default, the

225 Displaying and maintaining EAA settings Execute display commands in any view. Task Command Display user-defined EAA environment variables. displ

226 In response to this CLI event, EAA executes the policy. You can see the message "rtm_tcl_test is running" and the policy successfully e

11 Step Command Remarks 2. Enable the NQA server. nqa server enable By default, the NQA server is disabled. 3. Configure a TCP or UDP listening ser

227 Monitoring and maintaining processes H3C Comware V7 is a full-featured, modular, and scalable network operating system based on the Linux kerne

228 Displaying and maintaining user processes Execute display commands in any view. MSR 2600/MSR 3600: Task Command Display log information for all

229 Kernel threads share resources. If a kernel thread monopolizes the CPU, other threads cannot run, resulting in a deadloop. This feature enables t

230 Step Command Remarks 1. Enter system view. system-view N/A 2. Enable kernel thread starvation detection. monitor kernel starvation enable By d

231 Task Command Display kernel thread deadloop information. display kernel deadloop show-number [ offset ] [ verbose ] [ slot slot-number ] Display

232 Index A C D E F H I K L M N O P R S T A Alarm function configuration example,127 Appendix A Supported NETCONF operations,159 C Configuration e

233 Enabling the NTP service,65 Enabling the SNTP service,103 Establishing a NETCONF session,132 Ethernet statistics group configuration example,124

234

12 Configuring the ICMP echo operation The ICMP echo operation measures the reachability of a destination device. It has the same function as the pi

13 The NQA client simulates the DHCP relay agent to forward DHCP requests for IP address acquisition from the DHCP server. The interface that perform

14 Step Command Remarks 5. Specify the domain name that needs to be translated. resolve-target domain-name By default, no domain name is specified.

15 Configuring the HTTP operation An HTTP operation measures the time for the NQA client to obtain data from an HTTP server. The TCP port number of

16 Jitter means inter-packet delay variance. A UDP jitter operation measures unidirectional and bidirectional jitters so that you can verify whether

Preface The H3C MSR documentation set includes 14 configuration guides, which describe the software features for the H3C MSR Series Routers and guide

17 Step Command Remarks 12. (Optional.) Specify the source IP address for UDP packets. source ip ip-address By default, no source IP address is spec

18 Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operat

19 Step Command Remarks 5. Specify the destination port of UDP packets. destination port port-number By default, no destination port number is speci

20 The voice operation requires both the NQA server and the NQA client. Before you perform a voice operation, configure a UDP listening service on th

21 Step Command Remarks 12. Specify the number of voice packets to be sent in a voice probe. probe packet-number packet-number The default setting

22 • Enable sending ICMP destination unreachable packets on the destination device. If the destination device is an H3C device, use the ip unreachab

23 Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operat

24 Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operat

25 The state of a reaction entry can be invalid, over-threshold, or below-threshold. • Before an NQA operation starts, the reaction entry is in inva

26 Step Command Remarks 5. Configure threshold monitoring. • Monitor the operation duration (not supported in the UDP jitter and voice operations):

Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text rep

27 Configuring the NQA statistics collection function NQA collects statistics for operations completed within a specific period. The statistics form

28 Step Command Remarks 2. Create an NQA operation and enter NQA operation view. nqa entry admin-name operation-tag By default, no NQA operation is

29 Configuring the ICMP template A feature that uses the ICMP template creates and starts the ICMP operation to measure the reachability of a destina

30 Step Command Remarks 6. Configure the domain name resolution type. resolve-type { A | AAAA } By default, the type is type A. A type A query resol

31 Step Command Remarks 6. (Optional.) Configure the expected data. expect data expression [ offset number ] By default, no expected data is configu

32 Step Command Remarks 8. (Optional.) Enter or paste the content of the GET request for the HTTP operation. N/A This step is required for the raw o

33 Step Command Remarks 8. Set the data transmission mode. mode { active | passive } The default mode is active. Configuring optional parameters f

34 Task Command Display history records of NQA operations. display nqa history [ admin-name operation-tag ] Display the current monitoring results of

35 [DeviceA-nqa-admin-test1-icmp-echo] destination ip 10.2.2.2 # Configure 10.1.1.2 as the next hop. The ICMP echo requests are sent through Device C

36 DHCP operation configuration example Network requirements As shown in Figure 8, configure and schedule a DHCP operation to test the time required

About the H3C MSR documentation set The H3C MSR documentation set includes: Category Documents Purposes Product description and specifications Market

37 DNS operation configuration example Network requirements As shown in Figure 9, configure a DNS operation to test whether Device A can translate th

38 [DeviceA] display nqa history admin test NQA entry (admin admin, tag test) history records: Index Response Status Time

39 # Display the results of the FTP operation. [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send

40 [DeviceA-nqa-admin-test1-http] operation get # Configure the operation to use HTTP version 1.0. (Version 1.0 is the default version, and this step

41 Configuration procedure 1. Assign each interface an IP address. (Details not shown.) 2. Configure static routes or a routing protocol to make su

42 Positive SD square-sum: 754 Positive DS square-sum: 460 Min negative SD: 1 Min negative DS: 6 Max

43 Number of SD delay: 410 Number of DS delay: 410 Sum of SD delay: 3705 Sum of DS delay: 3891 Squa

44 Send operation times: 1 Receive response times: 1 Min/Max/Average round trip time: 50/50/50 Square-Sum of round tri

45 # Enable the saving of history records. [DeviceA-nqa-admin-test1-tcp] history-record enable [DeviceA-nqa-admin-test1-tcp] quit # Start the TCP ope

46 # Enable the NQA server, and configure a listening service to listen on the IP address 10.2.2.2 and UDP port 8000. <DeviceB> system-view [De

We appreciate your comments.

47 Figure 16 Network diagram Configuration procedure 1. Assign each interface an IP address. (Details not shown.) 2. Configure static routes or a

48 Min positive SD: 1 Min positive DS: 1 Max positive SD: 204 Max positive DS: 1297 Positive

49 Max negative SD: 360 Max negative DS: 1297 Negative SD number: 1028 Negative DS number: 1022 Neg

50 [DeviceA] display nqa result admin test1 NQA entry (admin admin, tag test1) test results: Send operation times: 1 Receive res

51 [DeviceA-nqa-admin-test1-path-jitter] quit # Start the path jitter operation. [DeviceA] nqa schedule admin test1 start-time now lifetime forever #

52 Min/Max/Average negative jitter: 2/10/6 Sum/Square-Sum positive jitter: 19/153 NQA collaboration configuration example Network

53 # Create track entry 1, and associate it with reaction entry 1 of the ICMP echo operation (admin-test1). [RouterA] track 1 nqa entry admin test1 r

54 Reaction: 1 # Display brief information about active routes in the routing ta

55 Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a routing protocol to make sure t

56 [DeviceA-nqatplt-dns-dns] reaction trigger probe-pass 2 # If the number of consecutive probe failures reaches 2, the operation fails. [DeviceA-nqa

i Contents Using ping, tracert, and system debugging ································································································

57 Figure 23 Network diagram Configuration procedure # Assign each interface an IP address. (Details not shown.) # Configure static routes or a rou

58 # Specify the URL of the FTP server. [DeviceA-nqatplt-ftp-ftp] url ftp://admin:[email protected] # Specify 10.1.1.1 as the source IP address. [D

59 Configuring NTP Synchronize your device with a trusted time source by using the Network Time Protocol (NTP) or changing the system time before you

60 The synchronization process is as follows: 1. Device A sends Device B an NTP message, which is timestamped when it leaves Device A. The time stam

61 many NTP hops away a device is from the primary time server. A stratum 2 time server receives its time from a stratum 1 time server, and so on. To

62 Mode Working process Principle Application scenario Symmetric active/passive On the symmetric active peer, specify the IP address of the symmetric

63 NTP security To improve time synchronization security, NTP provides the access control and authentication functions. NTP access control You can co

64 in the NTP message. If they are the same, the receiver accepts the message. Otherwise, it discards the message. NTP for MPLS VPNs The device suppo

65 Configuration task list Tasks at a glance (Required.) Enabling the NTP service (Required.) Perform at least one of the following tasks: • Configu

66 Step Command Remarks 2. Specify an NTP server for the device. • Specify an NTP server for the device: ntp-service unicast-server { ip-address |

ii ICMP echo operation configuration example ···································································································· 34

67 Step Command Remarks 2. Specify a symmetric-passive peer for the device. • Specify a symmetric-passive peer: ntp-service unicast-peer { ip-addre

68 Step Command Remarks 3. Configure the device to operate in NTP broadcast server mode. ntp-service broadcast-server [ authentication-keyid keyid |

69 Step Command Remarks 3. Configure the device to operate in multicast server mode. • Configure the device to operate in multicast server mode: nt

70 NTP server on the client. The key IDs and key values configured on the server and client must be the same. Otherwise, NTP authentication fails. To

71 Table 3 NTP authentication results Client Server Authentication result Enable NTP authentication Configure a key and configure it as a trusted key

72 Step Command Remarks 3. Configure an NTP authentication key. ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } v

73 Active peer Passive peer Authentication result Enable NTP authentication Configure a key and configure it as a trusted key Associate the key with

74 Step Command Remarks 1. Enter system view. system-view N/A 2. Enable NTP authentication. ntp-service authentication enable By default, NTP auth

75 Broadcast server Broadcast client Authentication result Enable NTP authentication Configure a key and configure it as a trusted key Associate the

76 Step Command Remarks 3. Configure an NTP authentication key. ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } v

iii Configuration example for NTP client/server mode with authentication ································································· 94Configu

77 Multicast server Multicast client Authentication result Enable NTP authentication Configure a key and configure it as a trusted key Associate the

78 To specify the source interface for NTP messages: Step Command Remarks 1. Enter system view. system-view N/A 2. Specify the source interface f

79 A single device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. Perform this task to re

80 Displaying and maintaining NTP Execute display commands in any view. Task Command Display information about NTP service status. display ntp-serv

81 Local mode: client Reference clock ID: 1.0.1.11 Leap indicator: 00 Clock jitter: 0.000977 s Stability: 0.000 pps Clock precision: 2^-10 Roo

82 <DeviceB> system-view [DeviceB] ntp-service enable # Specify Device A as the IPv6 NTP server of Device B so that Device B is synchronized to

83 • Configure Device C to operate in symmetric-active mode and specify Device B as the passive peer of Device C. Figure 31 Network diagram Config

84 Clock status: synchronized Clock stratum: 3 System peer: 3.0.1.33 Local mode: sym_passive Reference clock ID: 3.0.1.33 Leap indicator: 00 C

85 Figure 32 Network diagram Configuration procedure 1. Set the IP address for each interface as shown in Figure 32. (Details not shown.) 2. Conf

86 Clock stratum: 3 System peer: 3000::36 Local mode: sym_passive Reference clock ID: 163.29.247.19 Leap indicator: 11 Clock jitter: 0.000977 s