sFlow - Sample Packet Monitoring for Multiple Interfaces
Overview
This chapter provides the steps for configuring Sampled Flow (sFlow).
sFlow is the standard for monitoring high-speed switches and routes in a network. It collects sample traffic from high-speed network devices to calculate its performance statistics. The sFlow system consists of an sFlow Agent which is embedded in a switch or router and an sFlow Collector.
The sFlow agent samples packets on both ingress and egress directions as well as polling traffic statistics for the device it is monitoring. The packet sampling is performed by the switching/routing device at wire speed. The sFlow agent forwards the sampled traffic statistics in sFlow Packet Data Units (PDUs) as well as sampled packets to an sFlow collector for analysis.
sFlow egress sampling for multicast, broadcast, or unknown unicast packets is not supported.
The sFlow agent uses the following forms of sampling:
- Sampling packets: samples one packet out of a defined sampling rate. This sampling is done by hardware at wire speed.
- Sampling counters: polls interface statistics such as generic and Ethernet counters at a defined interval.
The sFlow feature collects sampled traffic data and counters from configured interfaces. The collected data is sent to all collectors (by default) using the sFlow protocol. For more information, refer to RFC 3176.
This functionality support multiple collectors for interfaces simultaneously.
Features Characteristics
| • | Supports maximum of five concurrent sFlow collectors on the system. |
| • | Uses a specific user defined VRF interface for each collector. If not specified, the management VRF is used. |
| • | Sends the collected sFlow samples on each interface to all configured collectors on the system. |
| • | Has the ability to disable the sending of sFlow samples from an interface to specified collectors. |
| • | sFlow sampling monitoring can be enabled globally across all interfaces with a single command. |
| • | The sFlow feature is supported on both physical interfaces and LAG (Link Aggregation Group) interfaces. When sampling is configured on a LAG interface, it is automatically applied to all member ports within that LAG. |
| • | When sFlow sampling is in-progress on high rate, CPU usage spike messages from Chassis monitoring module (cmmd) is expected. |
Benefits
The sFlow with multiple collectors provides the capability to do multiple service analysis simultaneous in a network.
Tracks network utilization, bandwidth usage, and performance metrics across interfaces.
Analyzes traffic flows to understand application usage, user behavior, or device interactions.
Prerequisites
Make sure to enable the required interface with sflow feature and an agent IP address.
feature sflow
sflow agent-ip 1.2.7.10
interface xe1
sflow enable
!