Здравствуйте.
Возникла проблема с подсчетом трафика относительно биллинга провайдера. Пробовали считать netflow на нашей стороне, данные сильно разнятся. Сегодня скинули счетчик интерфейса смотрящего в строну провайдера, замеряли 4 часа, посмотрели in+out bytes. Данные отличаются раза в 2-3 от провайдерских.
Насколько корректно смотреть данные пакетов in-out по интерфейсу Fe 4 и потом сравнивать с провайдером? Железка Cisco 881.
конфигурация netflow перепилена, можно не обращать на нее внимание, но замечания приветствуются
Код:
Current configuration : 7028 bytes
!
! Last configuration change at 10:14:47 EKT Wed Nov 24 2021 by admin
! NVRAM config last updated at 21:12:32 EKT Tue Nov 23 2021 by admin
! NVRAM config last updated at 21:12:32 EKT Tue Nov 23 2021 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXXX
!
boot-start-marker
boot system flash:c880data-universalk9-mz.153-3.M3.bin
boot-end-marker
!
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
clock timezone EKT 5 0
!
!
!
!
!
ip dhcp excluded-address 192.168.23.1 192.168.23.100
ip dhcp excluded-address 192.168.23.200 192.168.23.255
ip dhcp excluded-address 192.168.10.1 192.168.10.128
!
ip dhcp pool XXXXXX
network 192.168.23.0 255.255.255.0
default-router 192.168.23.1
dns-server 192.168.1.4 192.168.1.7
!
ip dhcp pool TEL610
host 192.168.23.106 255.255.255.0
client-identifier 0100.0b82.e62c.8a
client-name tel610
!
ip dhcp pool TEL612
host 192.168.23.105 255.255.255.0
client-identifier 589e.c602.8e64
client-name tel612
!
ip dhcp pool TEL612-1
host 192.168.23.107 255.255.255.0
client-identifier 0158.9ec6.028e.64
client-name tel612-1
!
ip dhcp pool WORK-TABLET1
host 192.168.10.2 255.255.255.0
client-identifier 0154.b121.4bf1.d1
client-name WORK-TABLET1
!
ip dhcp pool WIFIXXXXX
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 77.88.8.8 77.88.8.1
!
!
!
ip flow-cache timeout active 1
ip cef
no ipv6 cef
!
!
!
flow exporter FLOW_EXPORTER
destination 192.168.1.2
source Vlan1
output-features
transport udp 9995
export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR
exporter FLOW_EXPORTER
cache timeout active 1
record netflow-original
!
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
license udi pid C881G+7-K9 sn FCZ1806C3CL
!
!
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXX
username halt privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
!
!
controller Cellular 0
!
ip tftp source-interface Vlan1
ip ssh version 2
!
class-map match-all WiLimit
match access-group 150
!
policy-map WiLimitQOS
class WiLimit
police rate 256000
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXXXXXXXXX address XXXXXXXXXXXXXXXXXXXX
crypto isakmp key XXXXXXXXXXXXXXXXXXXX address XXXXXXXXXXXXXXXXXXXX
!
!
crypto ipsec transform-set ts esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map vpn_map 10 ipsec-isakmp
set peer XXXXXXXXXXXXXXXXXXXX
set transform-set ts
set pfs group2
match address ipsec-conn
!
!
!
!
!
interface FastEthernet0
description AP_Nanostation_M5
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
description Lan network
no ip address
!
interface FastEthernet3
description WIFI
switchport access vlan 10
no ip address
!
interface FastEthernet4
description WAN
ip address XXXXXXXXXXXXXXXXXXXX
ip access-group outside_acl_in in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map vpn_map
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string hspa-R7
!
interface Vlan1
description Internal Network
ip address 192.168.23.1 255.255.255.0
ip flow monitor FLOW_MONITOR input
ip flow monitor FLOW_MONITOR output
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
description Wi-Fi Networks
ip address 192.168.10.1 255.255.255.0
ip flow monitor FLOW_MONITOR input
ip flow monitor FLOW_MONITOR output
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
service-policy output WiLimitQOS
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 20000
!
ip nat inside source static tcp 192.168.23.205 7001 interface FastEthernet4 7001
ip nat inside source route-map nonat interface FastEthernet4 overload
ip nat inside source static tcp 192.168.23.205 7000 XXXXXXXXXXXXXXXXXXXX 7000 route-map DOMINATION extendable
ip route 0.0.0.0 0.0.0.0 185.108.195.1
!
ip access-list standard SNMP_ACCESS_RO
permit 192.168.1.3
ip access-list standard WIFIPool
permit 192.168.10.128 0.0.0.127
!
ip access-list extended DOMINATION
deny ip host 192.168.23.205 192.168.0.0 0.0.7.255
permit ip host 192.168.23.205 any
ip access-list extended ipsec-conn
permit ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.7.255
ip access-list extended outside_acl_in
remark --- Add anti-spoofing entries. !--- Deny special-use address sources. !--- Refer to RFC 3330 for add
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 255.255.255.255 any
remark --- The deny statement should not be configured !--- on Dynamic Host Configuration Protocol (DHCP) r
deny ip host 0.0.0.0 any
remark --- Filter RFC 1918 space.
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
remark --- Explicitly permit return traffic. !--- Allow specific ICMP types.
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
deny icmp any any
remark --- These are outgoing DNS queries.
permit udp any eq domain any gt 1023
remark --- Permit older DNS queries and replies to primary DNS server.
permit udp any eq domain any eq domain
remark --- Permit legitimate business traffic.
permit tcp any any established
permit udp any range 1 1023 any gt 1023
remark --- Deny all other DNS traffic.
deny udp any any eq domain
deny tcp any any eq domain
permit udp host XXXXXXXXXXXXXXXXXXXX any eq isakmp
permit udp host XXXXXXXXXXXXXXXXXXXX any eq isakmp
deny udp any any eq isakmp
permit udp host XXXXXXXXXXXXXXXXXXXX any eq non500-isakmp
permit udp host XXXXXXXXXXXXXXXXXXXX any eq non500-isakmp
deny udp any any eq non500-isakmp
permit esp any any
permit ahp any any
permit gre any any
remark --- These are Internet-sourced connections to !--- publicly accessible servers.
permit tcp any any eq 22
permit tcp any any eq 7000
permit ip any any
!
!
route-map DOMINATION permit 10
match ip address DOMINATION
!
route-map nonat permit 10
match ip address 130
!
snmp-server community public RO SNMP_ACCESS_RO
access-list 130 deny ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.7.255
access-list 130 deny ip host 192.168.23.201 any
access-list 130 deny ip host 192.168.23.202 any
access-list 130 deny ip host 192.168.23.203 any
access-list 130 deny ip host 192.168.23.204 any
access-list 130 permit ip 192.168.23.0 0.0.0.255 any
access-list 130 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 192.168.10.128 0.0.0.127 any
access-list 150 permit ip any 192.168.10.128 0.0.0.127
!
!
!
!
line con 0
no modem enable
line aux 0
line 3
script dialer hspa-R7
no exec
line vty 0 4
logging synchronous
transport input ssh
!
ntp update-calendar
ntp server 195.210.189.106
!
end