Command Manual IP Accounting (IP Services Volume)

Table of Contents

Table of Contents
Chapter 1 IP Accounting Configuration Commands ................................................................. 1-1
1.1 IP Accounting Configuration Commands........................................................................... 1-1
1.1.1 display ip count........................................................................................................ 1-1
1.1.2 display ip count rule ................................................................................................ 1-2
1.1.3 ip count enable ........................................................................................................ 1-3
1.1.4 ip count exterior-threshold....................................................................................... 1-4
1.1.5 ip count firewall-denied ........................................................................................... 1-5
1.1.6 ip count inbound-packets ........................................................................................ 1-6
1.1.7 ip count interior-threshold........................................................................................ 1-7
1.1.8 ip count outbound-packets ...................................................................................... 1-8
1.1.9 ip count rule............................................................................................................. 1-8
1.1.10 ip count timeout ..................................................................................................... 1-9
1.1.11 reset ip count....................................................................................................... 1-10

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands

The support for this feature depends on the specific model of the Quidway AR series
routers.

Note:
z

Refer to the configuration manual of this module for feature support of the Quidway
AR series routers.

All the models of the Quidway AR series routers are centralized devices.

Chapter 1 IP Accounting Configuration

Commands
1.1 IP Accounting Configuration Commands
1.1.1 display ip count
Syntax
display ip count { inbound-packets | outbound-packets } { exterior |
firewall-denied | interior }

View
Any view

Default Level
1: Monitor level

Parameters
inbound-packets: Displays information about incoming IP packets.
outbound-packets: Displays information about outgoing IP packets.
exterior: Displays information about the IP packets in the exterior table. The exterior
table records valid rule-incompliant packets.
firewall-denied: Displays information about denied IP packets.

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

1-1

Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)

interior: Displays information about the IP packets in the interior table. The interior
table records valid rule-compliant packets.

Note:
If no firewall is configured on the interface, valid packets refer to all incoming and
outgoing IP packets. If a firewall is configured, only those valid packets can pass the
firewall.

Description
Use the display ip count command to display the statistics of the IP accounting about
IP packets.

Examples
# Display information about valid rule-incompliant incoming IP packets.
<Sysname> display ip count inbound-packets exterior
6 Inbound streams information in exterior list:
SrcIP

DstIP

Protocol

Pkts

Bytes

0.0.0.0

255.255.255.255

UDP

28

9502

10.153.72.181

10.153.73.255

UDP

174

38034

10.153.72.137

239.255.255.250

UDP

644

10.153.72.141

224.0.0.2

IGMP

128

10.153.72.141

224.0.0.9

UDP

208

10.153.72.141

224.0.0.9

IGMP

128

Table 1-1 display ip count command output description

Field

Description

SrcIP

Source IP address of a packet

DstIP

Destination IP address of a packet

Protocol

Protocol carried in a packet

Pkts

Number of packets

Bytes

Number of bytes of packets

1.1.2 display ip count rule

Syntax
display ip count rule

1-2

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands

View
Any view

Default Level
1: Monitor level

Parameters
None

Description
Use the display ip count rule command to display IP accounting rules.

Examples
# Display IP accounting rules.
<Sysname> display ip count rule
IP Count rule list:
IP address

address mask

1.1.1.0

255.255.255.0

2.0.0.0

255.0.0.0

-----------------------------------Total: 2 rules

Table 1-2 display ip count rule command output description

Field

Description

IP address

IP address

address mask

Subnet mask

1.1.3 ip count enable

Syntax
ip count enable
undo ip count enable

View
System view

Default Level
2: System level

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

1-3

Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)

Parameters
None

Description
Use the ip count enable command to enable IP accounting.
Use the undo ip count enable command to disable IP accounting.
By default, IP accounting is disabled.

Examples
# Enable IP accounting.
<Sysname> system-view
[Sysname] ip count enable

1.1.4 ip count exterior-threshold

Syntax
ip count exterior-threshold number
undo ip count exterior-threshold

View
System view

Default Level
2: System level

Parameters
number: Maximum number of flow records in the exterior table, in the range of 0 to
8,192.

Description
Use the ip count exterior-threshold command to configure the maximum number of
flow records in the exterior table.
Use the undo ip count exterior-threshold command to restore the default. When
doing this, you are prompted to clear the table first if any flow records already exist in
the table.
By default, the maximum number of flow records in the exterior table is 0.
Rule-incompliant packets are not to be counted.
IP packets are sorted as follows:
z

If a firewall is configured on an interface and incoming and outgoing IP packets are

denied by the firewall, these IP packets are counted in the firewall-denied table.

1-4

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands

If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the IP
accounting rule, the packets are recorded in the interior table. Otherwise, the
packets are counted in the exterior table.

Examples
# Set the maximum number of flow records in the exterior table to 100.
<Sysname> system-view
[Sysname] ip count exterior-threshold 100

1.1.5 ip count firewall-denied

Syntax
ip count firewall-denied { inbound-packets | outbound-packets }
undo ip count firewall-denied { inbound-packets | outbound-packets }

View
Interface view

Default Level
2: System level

Parameters
inbound-packets: Counts the incoming IP packets denied by the firewall on the current
interface.
outbound-packets: Counts the outgoing IP packets denied by the firewall on the
current interface.

Description
Use the ip count firewall-denied command to count the IP packets denied by the
firewall on the current interface.
Use the undo ip count firewall-denied command to restore the default.
By default, IP packets denied by the firewall are not counted.
Information about counted firewall-denied IP packets is stored in the firewall-denied
table.

Examples
# Count the outgoing IP packets denied by the firewall on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] ip count firewall-denied outbound-packets

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

1-5

Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)

# Specify not to count the outbound IP packets denied by the firewall on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] undo ip count firewall-denied outbound-packets

1.1.6 ip count inbound-packets

Syntax
ip count inbound-packets
undo ip count inbound-packets

View
Interface view

Default Level
2: System level

Parameters
None

Description
Use the ip count inbound-packets command to count incoming IP packets on the
current interface.
Use the undo ip count inbound-packets command to restore the default.
By default, incoming IP packets on the interface are not counted.
After you execute the ip count inbound-packets command in interface view, the
incoming IP packets are stored in the exterior or interior table, depending on whether
they match the IP accounting rules.

Note:
If no firewall is configured on the interface, valid packets refer to all incoming and
outgoing IP packets. If a firewall is configured, valid packets refer to only those passing
the firewall.

Examples
# Count valid incoming IP packets on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0

1-6

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands

[Sysname-Ethernet1/0] ip count inbound-packets

# Specify not to count valid incoming IP packets on Ethernet 1/0.

<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] undo ip count inbound-packets

1.1.7 ip count interior-threshold

Syntax
ip count interior-threshold number
undo ip count interior-threshold

View
System view

Default Level
2: System level

Parameters
number: Maximum number of flow records in the interior table, in the range 0 to 16,384.

Description
Use the ip count interior-threshold command to configure maximum number of flow
records in the interior table.
Use the undo ip count interior-threshold command to restore the default. When
doing this, you are prompted to clear the table first if the number of flow records in the
table is greater than the default.
By default, maximum number of flow records in the interior table is 512.
IP packets are sorted as follows:
z

If a firewall is configured on an interface and incoming and outgoing IP packets are

denied by the firewall, these IP packets are recorded in the firewall-denied table.

If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the IP
accounting rule, the packets are recorded in the interior table. Otherwise, the
packets are recorded in the exterior table.

Examples
# Set maximum number of flow records in the interior table to 1000.
<Sysname> system-view
[Sysname] ip count interior-threshold 1000

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

1-7

Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)

1.1.8 ip count outbound-packets

Syntax
ip count outbound-packets
undo ip count outbound-packets

View
Interface view

Default Level
2: System level

Parameters
None

Description
Use the ip count outbound-packets command to count outgoing valid IP packets on
the current interface.
Use the undo ip count outbound-packets command to restore the default.
By default, valid outgoing IP packets on the interface are not counted.
You can execute this command in interface view to count outgoing IP packets, which
will be stored in the exterior table or interior table, depending on whether they match the
accounting rules.

Examples
# Count valid outgoing IP packets on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] ip count outbound-packets

1.1.9 ip count rule

Syntax
ip count rule ip-address { mask | mask-length }
undo ip count rule [ ip-address { mask | mask-length } ]

View
System view

Default Level
2: System level
1-8

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands

Parameters
ip-address: IP address.
mask: Subnet mask.
mask-length: Length of a subnet mask, in the range of 0 to 32.

Description
Use the ip count rule command to create an IP accounting rule.
Use the undo ip count rule command to remove the specified accounting rule. All IP
accounting rules will be deleted if no parameter is specified.
Each IP accounting rule consists of an IP address and its mask, namely, a network
address, which is the result of ANDing the IP address with its mask. IP packets are
sorted as follows:
z

If a firewall is configured on an interface and incoming and outgoing IP packets are

denied by the firewall, these IP packets are counted in the firewall-denied table.

If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the
rule, the packets are counted in the interior table. Otherwise, the packets are
counted in the exterior table.

Note that:
z

You can configure up to 32 rules.

If no rule is configured, the current packets are not concerned and are all counted
in the exterior table.

Examples
# Create an IP accounting rule.
<Sysname> system-view
[Sysname] ip count rule 169.254.10.1 255.255.0.0

1.1.10 ip count timeout

Syntax
ip count timeout minutes
undo ip count timeout

View
System view

Default Level
2: System level

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd

1-9

Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)

Parameters
minutes: Aging time in minutes for a flow record in the accounting table, in the range of
60 to 10,080.

Description
Use the ip count timeout command to configure aging time for a flow record in the IP
accounting table.
Use the undo ip count timeout command to restore the default.
By default, the aging time for a flow record is 720 minutes, namely, 12 hours.
If a flow record does not update before its aging time expires, the record is considered
expired and then deleted.

Examples
# Set the aging time for a flow record to 100 minutes.
<Sysname> system-view
[Sysname] ip count timeout 100

1.1.11 reset ip count

Syntax
reset ip count { all | exterior | firewall | interior }

View
User view

Default Level
2: System level

Parameters
all: Clears all statistics.
firewall: Clears the statistics from the firewall-denied table.
exterior: Clears the statistics from the exterior table.
interior: Clears the statistics from the interior table.

Description
Use the reset ip count command to clear the statistics of IP packets.

Examples
# Clear the statistics of all IP packets.
<Sysname> reset ip count all

1-10

Huawei Proprietary and Confidential

Copyright (c) Huawei Technologies Co., Ltd