IPv6 Classification. PacketShaper 11.8

Similar documents
Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Blue Coat Security First Steps Solution for Controlling HTTPS

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

Using Kerberos Authentication in a Reverse Proxy Environment

Blue Coat ProxySG First Steps Solution for Exception Pages SGOS 6.7

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Partner Information. Integration Overview. Remote Access Integration Architecture

Office 365 Best Practices: Protocols

Symantec Protection Center Getting Started Guide. Version 2.0

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version January 2017

Symantec Enterprise Vault

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version May 2017

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Multi-Tenant Policy Deployment Guide

Partner Information. Integration Overview Authentication Methods Supported

Symantec Enterprise Vault

Message Manager Administrator Guide for ZA

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

Symantec Managed PKI. Integration Guide for ActiveSync

Migrating to a New ProxySG Appliance. ProxySG 900/9000 to ProxySG S400/500

Configuring Symantec Protection Engine for Network Attached Storage. Compuverde vnas Cluster

Web Security Service. Near Real-Time Log Sync Solution Brief. Version /OCT

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Configuring Symantec Protection Engine for Network Attached Storage. Dell FluidFS 5.0

SGOS on KVM Deployment Guide

Symantec Enterprise Vault

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Altiris Software Management Solution 7.1 from Symantec User Guide

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

Enterprise Vault Versions of FSA Agent and Enterprise Vault Reporting or later

Security Content Update Release Notes for CCS 12.x

First Steps to Using a PacketShaper

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Veritas Desktop and Laptop Option Mac Getting Started Guide

Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Veritas Data Insight Software Compatibility List 6.1.1

Veritas Desktop and Laptop Option Mobile Application Getting Started Guide

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Message Manager Administrator Guide

Enterprise Vault Migrating Data Using the Microsoft Azure Blob Storage Migrator or later

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Veritas Data Insight 6.1 Software Compatibility List 6.1

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Symantec Workflow 7.1 MP1 Release Notes

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Symantec Mail Security for Microsoft Exchange 7.9 Getting Started Guide

Partner Management Console Administrator's Guide

Security Content Update Release Notes for CCS 12.x

Configuring Symantec. device

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Enterprise Vault Requesting and Applying an SSL Certificate and later

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Enterprise Vault.cloud Journaling Guide

Precise for BW. User Guide. Version x

Veritas Desktop Agent for Mac Getting Started Guide

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Altiris Client Management Suite 7.1 from Symantec User Guide

SGOS on AWS Deployment Guide

Cluster Server Generic Application Agent Configuration Guide - AIX, Linux, Solaris

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Veritas ediscovery Platform

Veritas Enterprise Vault Managing Retention 12.1

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Enterprise Vault Guide for Outlook Users

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

NetBackup Self Service Release Notes

Enterprise Vault.cloud Archive Migrator Guide. Archive Migrator versions 1.2 and 1.3

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Veritas Enterprise Vault Setting up SMTP Archiving 12.2

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

Symantec Information Centric Analytics Symantec ICT Integration Guide. Version 6.5

Veritas Enterprise Vault Setting up SMTP Archiving 12.1

Enterprise Vault Best Practices

Silver Peak EC-V and Microsoft Azure Deployment Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Symantec NetBackup Appliance Fibre Channel Guide

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Veritas System Recovery 18 Management Solution Administrator's Guide

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Cisco 1000 Series Connected Grid Routers QoS Software Configuration Guide

Enterprise Vault Configuring Internal and External WebApp URLs for OWA SP4 and later

Veritas Enterprise Vault Guide for Mac OS X Users 12.2

Security Content Update Release Notes for CCS 12.x

Enterprise Vault Setting up SMTP Archiving 12.3

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Veritas NetBackup Backup, Archive, and Restore Getting Started Guide. Release 8.1.2

Transcription:

PacketShaper 11.8

Legal Notice Copyright 2017 Symantec Corp. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Blue Coat, and the Blue Coat logo are trademarks or registered trademarks of Symantec Corp. or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. SYMANTEC CORPORATION PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 www.symantec.com 3/31/2017

IPv6 Classification Overview PacketShaper can identify IPv6 traffic and sub-classify a variety of IPv6 protocols, such as CIFS and HTTP. IPv6 traffic is classified into separate services from IPv4 traffic, for example HTTP-IPv6, FTP-IPv6, and CIFS-IPv6. When traffic discovery is enabled, IPv6 classes are auto-discovered in the Inbound and Outbound branches of the traffic tree just as IPv4 classes are. You can also manually create IPv6 classes in the Advanced UI, the Sky UI, and the CLI. The tree above shows IPv4 and IPv6 auto-discovered or manually created at the root. However, there are other ways to build your traffic tree around IPv6 classification. Refer to the following topics: Create a Site-Based Traffic Tree for IPv6 Subnets Create a Service-Centric Traffic Tree for IPv6 Create an IPv6-Based Branch in the Traffic Tree Control of IPv6 Traffic Controlling IPv6 traffic is no different than controlling IPv4 traffic. First, you define classes for the type of traffic you want to control. Next, you assign appropriate policies and partitions; you can look at PacketShaper reports to see current utilization levels of various types of IPv4 and IPv6 traffic. Finally, you make sure shaping is enabled. You can then review your reports to see how shaping has affected the rate and distribution of traffic on your network. Features that Support IPv6 The following PacketShaper features support IPv6: Auto-discovery of IPv6 traffic Manual creation of IPv6 classes (IPv6 services, addresses, subnets) in Advanced UI, Sky UI, and CLI Setting of partitions, dynamic sub-partitions, and policies on IPv6 classes Collection of existing metrics for IPv6 traffic; new link ME variables available for tracking IPv4 vs. IPv6 traffic 3

Reporting (IPv6 Traffic Summary) to show how much IPv6 traffic is on your network in comparison to other types of traffic IPv4 and non-ip. Graphing of IPv6 classes in Legacy and Sky UIs Host analysis of IPv6 hosts Display of IPv6 hosts in CLI command output: traffic flow, traffic history, hostdb show, hostdb info Classification testing of IPv6 flows Tracking of top talkers/listeners for IPv6 hosts Feature Limitations The IPv6 classification feature has the following limitations: IPv6 DNS lookup in hostdb is not supported. PacketShaper does not support compression or acceleration of IPv6 traffic. Synthetic transactions for IPv6 classes are not supported. You can do a packet capture of an IPv6 class, but you cannot filter for IPv6 hosts, IPv6 network ranges, host lists with IPv6 addresses, or IPv6 subnets. Only the last 32 bits of IPv6 addresses are sent in a flow detail record; because of this, multiple hosts could appear as the same IP address in IntellenceCenter Top Host reports. Host lists cannot contain IPv6 addresses. Classification by IPv6 host DNS names is not supported. You cannot specify a range of IPv6 addresses in a class matching rule. The host accounting feature does not track data for IPv6 addresses. The host adaptive response agents, such as High Bandwidth Hosts, do not monitor IPv6 hosts. Therefore, you should not use the host agents to track IPv6 hosts. While the PacketShaper does send IPv6 URLs to WebPulse, the current coverage of IPv6 websites is limited. As IPv6 websites grow in popularity, this coverage is expected to improve. 4

Manually Create an IPv6 Class in the Advanced UI The PacketShaper can auto-discover a number of classes based on IPv6 services such as HTTP-IPv6, FTP-IPv6, and CIFS-IPv6 but you can manually create these classes as well. When defining an IPv6 class in the Advanced UI, you must specify the IPv6 protocol family in order to see the list of IPv6- based services. 1. Click the Manage tab. 2. In the left window pane, select the class or folder that will be the parent of the class you are about to define. 3. Click class and select add. The New Traffic Class screen appears. 4. In the Name field, type a descriptive name (up to 31 characters; hyphens, underscores, and periods are acceptable). 5. For the Protocol Family, select IPv6; once you do this, the Service list (step 6) then displays the IPv6-based services. 6. Select the desired IPv6 service from the Service list. 7. Click add class. 5

Manually Create an IPv6 Class in the Sky UI To create an IPv6 class in the Sky UI, just choose the appropriate IPv6 service (such as HTTP-IPv6 or FTP-IPv6). 1. Click the Traffic Management tab. The class tree appears in the upper pane. 2. In the class tree, select the parent class for your new class (such as Root). 3. Click the Policy Manager icon. The Policy Manager appears in the lower pane. 4. Select the Class Operations tab. 5. Click Add Class. 6. In the Name field, type a descriptive name for the traffic class (up to 31 characters; hyphens, underscores, and periods are acceptable). 7. Select the Direction for the new class: Both, Inbound, or Outbound 8. For the Service/Group matching rule criteria, select Service and choose the IPv6 service name from the list. IPv6 services have IPv6 appended to the name. 9. Click Apply. 6

Create a Class for an IPv6 Server The PacketShaper can auto-discover a number of classes based IPv6 services such as HTTP-IPv6, FTP-IPv6, and CIFS- IPv6 but you can manually create these classes as well. If you have a custom IPv6 application, you can create a class for the server's IPv6 address. Alternatively, you can create a class for an IPv6 subnet. 1. Create a class, choosing IPv6 for the Protocol Family. 2. Enter the IPv6 address in the IP Address field (for Inside or Outside, depending on where the server is located). 3. (Optional) Enable Traffic Discovery within Class if you want IPv6 services to be auto-discovered as children of the IPv6 server/subnet class. 7

Create a Service-Centric Traffic Tree for IPv6 In the following traffic tree example, there is a parent class that classifies all FTP traffic (IPv4 and IPv6), with child classes that break out the IPv4 and IPv6 flows. It allows you to track metrics for all FTP as well as for IPv4 and IPv6 FTP traffic. The FTP-All class has a set of matching rules for the FTP service (which classifies IPv4 FTP traffic) and another set of matching rules for the FTP-IPv6 service. To create a combined IPv4+IPv6 class with children: 1. In the Inbound root, create an "All" class for the IPv4-based service. 2. Add a matching rule to this class for the IPv6 version of this same service. 3. Create a child class of the "All" parent that classifies the IPv4-based service. 4. Create a child class of the "All" parent that classifies the IPv6 version of this same service. 5. Copy the parent and child classes to the Outbound root. 8

Create an IPv6-Based Branch in the Traffic Tree In this traffic tree example, there is an IPv6 parent class and child classes for each IPv6 service. You can either auto-discover the child IPv6 service classes or you can manually create them. 1. In the Inbound root, create an IPv6 class (service=ipv6) in Advanced UI or Sky UI. 2. Turn on Traffic Discovery within Class for the IPv6 class. or For each IPv6 service on your network, manually create a child class of the IPv6 class. 3. Copy the parent and child classes to the Outbound root. (Advanced UI) This step is not necessary for Sky UI because the class is automatically created in Inbound and Outbound. 9

Create a Site-Based Traffic Tree for IPv6 Subnets When building a site-based class tree in an IPv6 environment, you can create a class for each site by defining the applicable IPv6 subnets as class matching rules. 1. Create a class, choosing IPv6 for the Protocol Family. 2. To define an IPv6 subnet, enter the prefix (for example, 2001:db8:420::) in the Subnet field. 3. Specify the prefix length (for example, 48) in the Mask/Prefix field. 4. (Optional) Enable Traffic Discovery within Class if you want IPv6 services to be auto-discovered as children of the IPv6 subnet class. 10

IPv6 Traffic Summary Report View the IPv6 Traffic Summary to see how much IPv6 traffic is on your network and compare it to other types of traffic IPv4 and non-ip. This report contains two line graphs (Inbound and Outbound) that show the utilization of various types of IP traffic during the specified time period. In addition, the report includes a summary table of statistics, allowing you to see the breakdown of IPv4, IPv6, non-ip, and total bytes sent and received during the time period. It is not necessary to have IPv6-only classes in your traffic tree for this graph to populate; this data is tracked as a separate variable for all classes at the link level. To display the IPv6 Summary: 1. Click the Report tab. 2. Click IPv6 Summary. The IPv6 Traffic Summary report displays in the current window. 3. Adjust the time period and end date, if desired. 4. The default report contains data from the current PacketShaper. If you have enabled Standby, you can view the IPv6 Traffic Summary of the other partners in the high availability cluster. Choose the partner's IP address from the Standby Partner list. 11

5. If the report has been displayed for awhile, click update to retrieve the most current data. 6. To print the report, click print. The following statistics are graphed in the Inbound and Outbound Utilization line graphs: Statistic Overall Rate IPv4 Rate IPv6 Rate Non-IP Rate Description Rate of all traffic, averaged over the interval, in bits per second. This is an exponentially weighted moving average of five seconds of data throughput. Rate of IPv4-only traffic, averaged over the interval, in bits per second. Rate of IPv6-only traffic, averaged over the interval, in bits per second. Rate of non-ip traffic, averaged over the interval, in bits per second. 12

Selecting a Time Period The ability to create reports for a specific time period is useful for creating comparison reports. For example, you can print one report that analyzes traffic over the last week (a period of one week, with now as the end date and time), and then print a second report that analyzes traffic for the week before that (a period of one week, with a specific date specified for the end date the last day you want to analyze). If you want to view a report of the last hour (the default), eight hours, day, or week, just use one of the preset buttons: Or, to specify a different time period: 1. In the Show field, specify the number of minutes, hours, days, weeks, or months for which you want traffic analyzed. For example, by entering 2 in the Show field and selecting week for the unit of time, you create a report with the data PacketShaper collected over the last two weeks. The minimum period you can specify is 60 minutes (or 1 hour); the maximum is 60 days (or 2 months). 2. To choose a specific end date for the report, select the month and day from the Before drop-down lists. If you want the current date as the end date, leave the default values of now. Although you can select a date from the previous 12 months, the unit may not store data that far back the amount of historical data that is stored depends on how many traffic classes you have in your tree. The unit stores measurement data for a minimum of 31 days in hourly intervals and at least 1 day of data in one-minute intervals. 3. To choose a specific end time for the report, select the time from the drop-down list. If you want the current time as the end time, leave the default values of now. 4. Click update to update the statistics for the new time period. To update the summary at regular intervals, select an interval from the drop-down list located next to the update button. 5. To print the report, click print. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback