With the increase in the network and the increase in the number of machines that need to be managed, fault diagnosis and network analysis have become the content of the workload of network managers such as enterprise networks and Internet cafes. Another important point for administrators is how to understand the daily use of the network and quickly judge network failures when a network failure occurs, such as worm attacks. So what kind of information can HiPER's network management and monitoring functions provide to administrators?
Below, we will take the HiPER routing gateway of Shanghai Aitai Technology Co., Ltd. as an example to introduce how to manage and monitor networks.
1. Traffic management
First of all, through system status -> port statistics, you can view the number of bytes input and output of each LAN port, WAN port and DMZ port, the number of broadcast packets, and the average rate of traffic in each direction. BPS and PPS respectively represent the input of the WAN port is equivalent to the downloaded traffic. When the internal traffic within the network is relatively normal, the out of the LAN port should be closer to the in of the WAN port, and the in of the LAN port and the out of the WAN port are relatively close to the out of the WAN port. From this diagram, it is easy to understand the current network traffic status.
2. Statistical function
You can use the user statistics table of "Internet Monitoring" to count how many devices are currently online. The user statistics table can understand the IP address and MAC correspondence between each user machine connected to the HiPER, as well as the number of packets received and sent by the user since it was launched. If the number of packets downloaded by a certain user is particularly large, the user may be downloading a large amount of time or have other attacks, which reminds the administrator to pay attention.
3. Attack warning
If a user inside the LAN attacks or uses multi-threaded software, you can see the number of connections it occupies, including the total number of connections and the current number of connections on HiPER. If some machines have more than the limit, then most of the users have DoS attacks. If the number of failed connections occurs, it means that the number of NAT connections required by the entire network has exceeded the number of connections. There are two possible reasons. One is that there are too many attacks. If there is no attack, it means that the performance of the machine is no longer applicable and a better device needs to be replaced.
4. Fault diagnosis
The most important thing is that if the network traffic is high, there are many conflicts in Ethernet, or they are subject to "Blaster" attacks, they used to rely on some advanced packet capture software or hardware to find faults. Moreover, this kind of fault search software or hardware equipment is relatively expensive. In a network using switches, they have to operate through the switch's mirror port. Many companies use more than one switch, so it is very inconvenient. Now, on the HiPER as the exit router, we can view each user's behavior through the management interface, such as seeing whether the user is using the WWW service or chatting through MSN. At the same time, we can also view some abnormal behaviors, such as a machine constantly sending broadcast packets out, or its destination address is a multicast address.
If there are many machines to manage, you can enter the object to query through the query interface of the HiPER management software, which can be the address of the internal network or the server address of the external network.