监控 CGN、有状态防火墙和软线流
目的
使用以下命令检查软线、预 NAT 流和后 NAT 流的创建情况。输出可使用更具体的字段进行过滤,例如 AFTR 或 B4 地址,或者同时使用 DS-Lite 的 AFTR 或 B4 地址,以及第 6 个字段的软线集中器或软线发起方两者。
show services 有状态防火墙流
show services 软线流
行动
user@host# show services stateful-firewall flows
Interface: sp-0/1/0, Service set: dslite-svc-set2
Flow State Dir Frm count
TCP 200.200.200.2:80 -> 44.44.44.1:1025 Forward O 219942
NAT dest 44.44.44.1:1025 -> 20.20.1.4:1025
Softwire 2001::2 -> 1001::1
TCP 20.20.1.2:1025 -> 200.200.200.2:80 Forward I 110244
NAT source 20.20.1.2:1025 -> 44.44.44.1:1024
Softwire 2001::2 -> 1001::1
TCP 200.200.200.2:80 -> 44.44.44.1:1024 Forward O 219140
NAT dest 44.44.44.1:1024 -> 20.20.1.2:1025
Softwire 2001::2 -> 1001::1
DS-LITE 2001::2 -> 1001::1 Forward I 988729
TCP 200.200.200.2:80 -> 44.44.44.1:1026 Forward O 218906
NAT dest 44.44.44.1:1026 -> 20.20.1.3:1025
Softwire 2001::2 -> 1001::1
TCP 20.20.1.3:1025 -> 200.200.200.2:80 Forward I 110303
NAT source 20.20.1.3:1025 -> 44.44.44.1:1026
Softwire 2001::2 -> 1001::1
TCP 20.20.1.4:1025 -> 200.200.200.2:80 Forward I 110944
NAT source 20.20.1.4:1025 -> 44.44.44.1:1025
Softwire 2001::2 -> 1001::1