41.1. TRFA resource

41.1. TRFA resource
	Chapter 41. TRFA - Traffic Analyzer

The Abilis CPX TRFA resource provides the following features:

Configures each IP interface for the desired capture detail (TOTALS, by IP, by PROTOCOL, by IP and PROTOCOL). The configuration parameters related to this function are present in the IP resource configuration.
Shows the total traffic for each interface.
Shows the traffic by IP address.
Shows the traffic by protocol/applications (FTP, TELNET, etc.).
Shows the traffic by IP address and a protocol/application.
Shows the desired traffic types of the last day/week/month/year.
Shows the traffic as individual interface or all summed interfaces.
Shows graph or table view.
Results are presented using the Abilis HTTP server (see HTTP resource).

Configuring the TRFA resource and the section inside the IP resources are needed to activate the IP Traffic Analyzer.

41.1.1. Activating the TRFA resource

Add the resource to the Abilis system with the following command:

[11:01:39] ABILIS_CPX:a res:trfa

RES:TRFA ALREADY EXISTS

The TRFA resource may already exist in the system, but may not yet be active: set it active with the command:

[11:01:48] ABILIS_CPX:s act res:trfa

COMMAND EXECUTED

	Caution
	After adding or setting the TRFA active, you must restart the Abilis to make the resource running (use the command warm start to reboot the Abilis).

[11:01:39] ABILIS_CPX:s p trfa act:yes

COMMAND EXECUTED

[11:01:39] ABILIS_CPX:d p trfa

RES:Trfa - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
       ------------------------------------------------------------------------
Run    DESCR:Traffic_Analyzer
       LOG:DS        ACT:YES       max-addresses:1000   max-png:5      BAK:NO
       WDIR:C:\APP\TRFA\

41.1.2. TRFA resource parameters

Use the following command to display the parameters of the resource; the d p trfa ? command shows the meaning of parameters.

[17:06:43] ABILIS_CPX:d p trfa

RES:Trfa ----------------------------------------------------------------------
Run    DESCR:Traffic_Analyzer
       LOG:DS        ACT:YES       max-addresses:1000   max-png:5      BAK:NO
       WDIR:C:\APP\TRFA\

Meaning of the most important parameters:

LOG: Logging functionalities activation/deactivation.
ACT: Runtime TRFA activation/deactivation.

max-addresses: Maximum number of pair “IP resource,IP address” in the TRFA address table.
max-png: Maximum number of PNG shell objects. This objects will be used to create PNG files for TRFA's HTML information page. If you have a lot of interfaces with active TRFA and TRFA's HTML information page is created too slowly, then increase this value. Each PNG shell object gets about 400K memory.
BAK: Enables/disables back-up file creation.
WDIR: Directory where traffic data files are stored.

The following command allows the administrator to change the configuration of the resource:

s p trfa parameter:value...

	Caution
	To activate the changes made on the upper case parameters, execute the initialization command init res:trfa; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. with warm start command).

41.1.3. Activating the TRFA inside IP resources

Activating the traffic survey on an IP resource, type:

[17:45:32] ABILIS_CPX:s p ip-1 trfa:yes

COMMAND EXECUTED

[17:45:41] ABILIS_CPX:d p ip-1

RES:Ip-1 - IP over LAN (LAN) --------------------------------------------------
Run    DESCR:
       OPSTATE:UP             IPLOG:NO               STATE-DETECT:NORMAL
       LANRES:Eth-1
       IPADD:192.168.000.201  MASK:255.255.255.000
       REDIS:YES     HIDE:NO         RP:NONE            IPSEC:YES      VRRP:NO
       NAT:OUTSIDE   UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:50     OUTQUEUE:FAIR   MTU:1500           BRD:NET
       OUTSPL:NO
       INBUF:0                      mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:YES     TRFA-MODE:TOTALS
       TRFA-IPADD:LOCALNET (192.168.000.000:192.168.000.255)
       - Lan ------------------------------------------------------------------
       LOG:NO             arpcache:200     CACHETIMER:120
       rxbuf:4            txbuf:14
RES:Eth-1 ---------------------------------------------------------------------
Run    DESCR:
       LOG:NO            MODE:AUTO         DUPLEX:HALF   TPPOL:AUTO
       dma-rxbuf:25      dma-txbuf:25      ip-rxbuf:25   arp-rxbuf:5
       pppoed-rxbuf:5    pppoes-rxbuf:25   ieee-rxbuf:25

In the “TRFA Section” the following parameters will appear:

TRFA: Enables/disables traffic analysis.
TRFA-MODE: Select traffic analysis mode [TOTALS: saves the total global traffic; PROT: subdivides the registration for the main protocol models; IP: saves the totals for every single IP address; IP-PROT: subdivides the traffic by protocol, for every single crossing IP address];
IP-RESERVE: Reserves records in the traffic analysis data base: it represents the maximum IP number trace.
TRFA-SIDE: Selects IP address type [LOCAL: filters the traffic by destination IP address; REMOTE: filters the traffic by source IP address].
TRFA-IPADD: IP address filter.


Chapter 41. TRFA - Traffic Analyzer		41.2. TRFA diagnostics, statistics and debug