sFlow Sample Packet Ingress and Egress Interface
Overview
This section provides information on sFlow Sample Packet Ingress and Egress Interface Indexes.
sFlow provides a view of the traffic by taking periodic snapshots of packets which helps in identifying the exact source and destination of the packets. While the packet header describes the data, the input and output port provides the context on where the data originated and where it is headed within the switch fabric.
Feature Characteristics
| • | Helps to know the physical or logical path taken by the packets through the distribution layers. |
| • | Input Port: Identifies the ingress interface where the packet entered the device. |
| • | Output Port: Identifies the egress interface where the packet was switched or routed. |
Feature Benefits
| • | Traffic path validation provides a bridge between the logical packet and the physical infrastructure. |
| • | Detection of bottlenecks aids in identifying traffic hotspots. |
| • | Entry port detection helps to trace any malicious traffic at the specific physical or logical port. |
sFlow - Ingress and Egress Interfaces Topologies
The following figures illustrate sFlow sampling mechanisms, detailing how output interfaces are reported during ingress flow sampling and how input interfaces are identified during egress flow sampling to ensure complete topology coverage.
Output Interface Reporting during Ingress Flow Sampling
Figure 48. Output Port Report during Ingress Flow Sampling
Input Interface Reporting during Egress Flow Sampling
Figure 49. Input Port Report during Egress Flow Sampling
Connection Type and Interface Index Mapping
Table 46. Connection Type and Interface Index Mapping
| Connection Type | Packet Direction | Interface Index |
|---|---|---|
| VLAN |
Ingress |
L2 interface index |
| Egress |
L2 interface index |
|
| L3 interface |
Ingress |
L3 interface index |
| Egress | L3 interface index | |
| Dynamic/Static LAG |
Ingress |
PO/SA interface index |
|
Egress |
PO/SA interface index |
|
| VPNv4 (l3VPN) |
Ingress |
L3 interface Index |
| Egress |
L3 interface Index |
|
| Sub-interface |
Ingress |
Parent interface’s index |
| Egress |
Parent interface’s index |
|
| VxLAN |
Ingress |
L3 interface index |
| Egress |
L3 interface index |
Usage Example
Consider the following scenario with the sampling point configured on eth1:
Sampling Direction Ingress configuration:
Ingress Connection Type = VLAN
Packet Direction = Ingress
Interface Index = L2 interface index (sampled input port)
Egress Connection Type = Dynamic LAG
Packet Direction = Egress
Interface Index= PO/SA interface index (sampled output port)
Sampling Direction Egress configuration:
Ingress Connection Type = Dynamic LAG
Packet Direction = Ingress
Interface Index = PO/SA interface index (sampled input port)
Egress Connection Type = VLAN
Packet Direction = Egress
Interface Index= L2 interface index (sampled output port)
Input/Output Interface Encoding
The following table describes the encoding formats of the sFlow interface. It defines how the interface information is reported based on whether a packet is successfully forwarded through a single interface, discarded in the pipeline, or replicated to multiple destinations.
Table 47. Input/Output Interface Encoding
| Format Types | Applicability | Comments |
|---|---|---|
| 0 - Single Interface |
Ingress and Egress Interface |
The value is the ifindex of the interface. The value 0x3FFFFFFF indicates that the destination interface is the CPU or that the packet was injected by the CPU (source interface). |
| 1 - Packet Discarded* |
Ingress Interface |
Packet identified to be sampled, but dropped in the ingress pipeline. |
| 2 - Multiple Destination Interfaces | Ingress Interface | Number of packet copies made. |
* sFlow reporting of packets dropped in OcNOS is not supported.