43.4. Example of IP TRFA configuration

Specifications:

43.4.1. Configuring IP TRFA resource

Activate the TRFA survey on the private LAN (IP-1 resource).

[11:13:18] ABILIS_CPX:s p ip-1 trfa:yes

COMMAND EXECUTED

[11:13:20] ABILIS_CPX:d p ip-1


RES:Ip-1 - IP over LAN (LAN) --------------------------------------------------
Run    DESCR:LAN
       OPSTATE:UP             LOG:NO                 STATE-DETECT:NORMAL
       LANRES:Eth-1
       IPADD:192.168.029.254  MASK:255.255.255.000   
       REDIS:EXT     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:INSIDE    UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:100    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:YES     TRFA-MODE:TOTALS       
       - Lan ------------------------------------------------------------------
       LLOG:NO       arpcache:200    CACHETIMER:120     rxbuf:4     txbuf:14
       VLAN-ID:UNTAG 
RES:Eth-1 ---------------------------------------------------------------------
Run    DESCR:
       LOG:DS            MODE:AUTO         DUPLEX:HALF
       MAC-ADDR:FACTORY (00-E0-C5-54-A2-78) 
       dma-rxbuf:250     dma-txbuf:25      max-vlans:0
       ip-rxbuf:25       arp-rxbuf:5       pppoed-rxbuf:5    pppoes-rxbuf:25 

Activate the TRFA survey on the Internet connection (IP-2 resource) and configure it with following the specifications.

[11:20:18] ABILIS_CPX:s p ip-2 trfa:yes

COMMAND EXECUTED

[11:21:02] ABILIS_CPX:s p ip-2 trfa:yes trfa-mode:ip-prot trfa-side:remote trfa-ipadd:*

COMMAND EXECUTED

[11:46:03] ABILIS_CPX:d p ip-2

RES:Ip-2 - IP over LAN (LAN) --------------------------------------------------
Run    DESCR:WAN
       OPSTATE:UP             LOG:NO                 STATE-DETECT:NORMAL
       LANRES:Eth-2
       IPADD:192.168.010.254  MASK:255.255.255.000   
       REDIS:EXT     HIDE:NO         RP:NONE            IPSEC:NO       VRRP:NO
       NAT:OUTSIDE   UPNP:NO         DIFFSERV:NO        DDNS:NO
       OUTBUF:100    OUTQUEUE:FAIR   MTU:1500           
       OUTSPL:NO     
       INBUF:0                       mru:1500           SRCV:NO
       - TRFA section ---------------------------------------------------------
       TRFA:YES     TRFA-MODE:IP-PROT      IP-RESERVE:AUTO     TRFA-SIDE:REMOTE
       TRFA-IPADD:*
       - Lan ------------------------------------------------------------------
       LLOG:NO       arpcache:200    CACHETIMER:120     rxbuf:4     txbuf:14
       VLAN-ID:UNTAG 
RES:Eth-2 ---------------------------------------------------------------------
Run    DESCR:
       LOG:DS            MODE:AUTO         DUPLEX:HALF
       MAC-ADDR:FACTORY (00-E0-4C-20-07-17) 
       dma-rxbuf:250     dma-txbuf:25      max-vlans:0
       ip-rxbuf:25       arp-rxbuf:5       pppoed-rxbuf:5    pppoes-rxbuf:25
[Tip]Tip

Interesting chapters: Section 20.3, “IP Resources”.

43.4.2. Configuration of the HTTP rights

Add the usertrfa” and enable it to HTTP.

[11:01:39] ABILIS_CPX:a user:trfa pwd:trfa http:yes

COMMAND EXECUTED

[11:01:39] ABILIS_CPX:d user

------------------------+-------------+----------------------------------------
USER             PWD ACT|CTIP CLUS    |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin            *** YES #    #        YES  YES  YES YES YES  NO   NO  NO  NO
guest                NO  #    #        NO   NO   NO  NO  NO   NO   NO  NO  NO
trfa             *** YES #    #        NO   NO   NO  NO  YES  NO   NO  NO  NO

Add the HTTP rights for the user “trfa”.

[11:01:39] ABILIS_CPX:a http rights path:/sys/trfa/ip/ user:trfa

COMMAND EXECUTED

[11:01:39] ABILIS_CPX:d http rights

-------------------------------------------------------------------------------
ID: PATH:
       USER:                            FILE: DIR:  RECUR: PROT:
-------------------------------------------------------------------------------
  1 /sys/
       admin                            r---  l---  YES    PLAIN,SSL
-------------------------------------------------------------------------------
  2 /sys/pub/
       anonymous                        r---  ----  YES    PLAIN,SSL
-------------------------------------------------------------------------------
  3 /sys/trfa/ip/
       trfa                             r---  l---  YES    PLAIN,SSL
-------------------------------------------------------------------------------

43.4.3. Using HTTP for showing IP TRFA statistics

The TRFA resource allows to save and analyze the traffic for one or more IP interfaces.

43.4.3.1. Parameters of request

Follow the steps described in Chapter 64, IP traffic analyzer.

The TRFA starting page will be shown.

Figure 43.1. TRFA - starting page

TRFA - starting page

Definition of the configurable parameters:

Period

It allows the definition of the time period that will be used as a report base.

  • Current year

    If you select the current year, you can define the report period more precisely:

    • Year: the minimal period is one day.

    • Month: the minimal period is two hours.

    • Week: the minimal period is 30 minutes (half an hour).

    • Day: the minimal period is five minutes.

  • Range: You can choose the range that will be used as a report base.

Window display

A window where you can choose the time period: day/week/month/year.

  • Sliding: views the whole period preceding the current time and date. For instance: if you select the “day” period and the current time is 10.PM, you will get a report of the last 24 hours: until 10PM of the preceding day.

  • Beginning: views the period starting from the beginning of the current day: For instance, it's 9.PM, and you select the “day” period you will view the report starting at 0.AM and ending at 9.PM.

Show as

It detects an output view of the report.

  • Picture: in this case traffic information will be represented as a picture.

  • Table: in this case the traffic information will be represented as a table.

    [Note]Note

    You can always switch to another view: graph/table and vice versa. To switch from graph to table, click on the graph; to switch from table to graph, click on Switch to PICTURE view.

If is selected the traffic information will be represented in a unique graph.

Measure Units

Defines the kilobytes size that will be used for the report. You can use, if you prefer, a value equal to 1000 bytes as 1024 bytes.

Throughput

This parameter defines the unit that will be used to show the traffic information. You can select: bits per second (Bits/Sec) or bytes per second (Bytes/Sec).

IP Resource

Filters the traffic information for a selected period by IP resource only.

IP Address

Filters the traffic information for a selected period by selected IP addresses (or IP addresses intervals) only.

Protocols

Filters the traffic information for a selected period by selected protocols only.

Report

This button generates the graphs or the table.

Reset

Restores the default settings.

TOP 10 IP

Shows the ten IP addresses that have generated the most traffic on an IP resource and the amount of traffic. It simultaneously generates IN, OUT, IN+OUT traffic.

TOP 20 IP

Shows the twenty IP addresses that have generated the most traffic on an IP resource and the amount of traffic. It simultaneously generates IN, OUT, IN+OUT traffic.

Real time analalysis

It displays the analysis in real time.

  • Side: Side for the analysis.

    LOCAL = analyse destination IP address in output packets and source IP in input packets.

    REMOTE = analyse source IP address in output packets and destination IP address in input packets, applying address translation if packets have been natted to/from the remote IP resource.

  • Time window: The amount of time to consider to get an average result.

  • Sample interval: Sampling interval.

  • Reverse: Track peers of the IP address specified in Monitored IP.

  • Monitored IP: IP address for which peers are tracked.

  • Max IP addresses: Maximum number of IPs displayed.

  • Max graphs: Maximum number of graphs displayed.

43.4.3.2. Example of request

Below there are examples of IP Traffic Analyzer consultations through HTTP interface.

43.4.3.2.1. Request by IP resource

Example of view: IP-1 and IP-2 resources day graphs.

  1. In Period click day option.

  2. Select IP-1 and IP-2 in the IP resource list (Click on IP-1 and keep the Ctrl button pressed while clicking on IP-2).

  3. Keep the other default settings: Window display Sliding, Display information as Picture, Report type Individuals:

    Figure 43.2. TRFA Example 1 - Settings

    TRFA Example 1 - Settings

  4. To view the graphs, click on the Report button.

    Figure 43.3. TRFA Example 1 - Graphs generation

    TRFA Example 1 - Graphs generation

    [Note]Note

    If the graph is grey, then in the period the TRFA wasn't activated.

  5. To view the tables, click on the graph.

    Figure 43.4. TRFA Example 1 - Table

    TRFA Example 1 - Table

43.4.3.2.2. Request by Selected IP Address

View example: IP-2 resource day graph generated by the IP 192.168.0.33.

  1. In Period select Day option.

  2. Select IP-2 in the IP resource list.

  3. Select Selected IP in the IP address filter.

  4. Type the IP address 92.115.254.190 in the label.

  5. Keep the other default settings: Window display Sliding, Display information as Picture, Report type Individuals.

    Figure 43.5. TRFA Example 2 - Settings

    TRFA Example 2 - Settings

  6. To view the graph, click on the Report button.

    Figure 43.6. TRFA Example 2 - Graph generation

    TRFA Example 2 - Graph generation

  7. To view the table, click on the graph.

    Figure 43.7. TRFA Example 2 - Table

    TRFA Example 2 - Table

43.4.3.2.3. TOP 10 Request

Let’s try to view: the 10 IP addresses that have generated the most traffic on the IP-2 resource, and quantity of traffic:

  1. In Period select Day option.

  2. Select IP-2 in the IP-resource list.

  3. Keep the other default settings: Window display Sliding, Display information as Picture, Report type Individuals.

    Figure 43.8. TRFA Example 3 - Settings

    TRFA Example 3 - Settings

  4. To view the graph, click on the TOP10 button.

    Figure 43.9. TRFA Example 3 - Graph Generation

    TRFA Example 3 - Graph Generation

    [Note]Note

    You can get this view only if you select one IP resource from the IP resource list at a time.

  5. To view the table and the whole traffic of the single IP, click on the graph.

    Figure 43.10. TRFA Example 3 - Table

    TRFA Example 3 - Table

    [Caution]Caution

    To make this view work, you must configure the TRFA on the IP resource in TRFA-MODE:IP or in TRFA-MODE:IP-PROT.

43.4.3.2.4. Request by Protocols

To view the day traffic of HTTP conveyed through the IP-1 resource, follow these instructions:

  1. In Period select Day option.

  2. Select IP-2 in the IP-resource list.

  3. Select ICMP in the Protocols list.

  4. Keep the other default settings: Window display Sliding, Display information as Picture, Report type Individuals.

    Figure 43.11. TRFA Example 4 - Settings

    TRFA Example 4 - Settings

  5. To view the graph, click on the Report button.

    Figure 43.12. TRFA Example 4 - Graph Generation

    TRFA Example 4 - Graph Generation

  6. To get the table view, click on the graph.

    Figure 43.13. TRFA Example 4 - Table

    TRFA Example 4 - Table

    [Caution]Caution

    To make this view work, you must configure the TRFA on the IP resource in TRFA-MODE:PROT or TRFA-MODE:IP-PROT.

43.4.3.2.5. Real time analisys

To view the network traffic in real time use the Real time analisys.

Example: view who is generating more traffic on IP-2 and where the data are sent.

  1. Select Real time analysis.

  2. Select IP-2 resource

  3. Keep the other default settings: Window display Sliding, Display information as Picture, Report type Individuals.

    Figure 43.14. TRFA Example 5 - Settings

    TRFA Example 5 - Settings

  4. Click the TOP10 button.

    Figure 43.15. TRFA Example 5 - Graph generation

    TRFA Example 5 - Graph generation

  5. We see that 92.115.254.190 is generating more traffic than the other devices.

  6. Select Reverse to see where the data are going to

  7. Insert 92.15.254.190 in Monitored IP textbox

    Figure 43.16. TRFA Example 5 - Reverse settings

    TRFA Example 5 - Reverse settings

  8. Click on TOP10 to see the IP where data is following

    Figure 43.17. TRFA Example 5 - Reverse graph

    TRFA Example 5 - Reverse graph

  9. We see that 92.115.254.190 is sending/receiving data from 192.168.10.254.