sflow Features
Agenda sflow intro. sflow architecture sflow config example Summary 1
What is sflow? sflow is a technology for monitoring traffic in data networks containing switches and routers. S9700 supports sflow v5. The sflow Agent uses sampling technology to capture traffic statistics from the device it is monitoring. sflow Datagrams are used to immediately forward the sampled traffic statistics to an sflow Collector for analysis. sflow Datagram UDP 6343(default) sflow collector sflow agent Traffic sflow Datagram Client Client sflow Report 2
sflow vs Netflow sflow Easy in egress & ingress Direction direction Frame type L2 and L3 Flow table Sampling. Accuracy Reaction Complex Application scenario OK in a normally condition. Fast & timely; no more than 1 second. Simple Traffic Monitoring / Statistic & Abnormal traffic Detection; Don't care flow scale. Netflow Normally ingress. Egress is much more complex. Only IP Need a large flow table because of 7 tuple key. Very good if flow table can hold all flows. It even has the flow's during, volume Normal, Flow aging. Complex in troubleshooting and deployment Accounting & Traffic Monitoring/Statistic & Abnormal traffic Detection 3
Agenda SFlow intro. SFlow architecture SFlow config example Summary 4
sflow walk-through 5 sflow export process Sup CPU Counter Sampling Buffer Flow Sampling Buffer 6 Sampled Header & Other info. 4 Control Channel sflow Datagram LC LC CPU 3 Sampled Header & Other info. Packet Processor 2 1 Packet Packet 5
sflow @ Packet Processor s pipeline Input Packet Ingress Parser L2/L3 Lookup Ingress ACL InBound sflow Output Packet OutBound sflow Egress ACL Egress Packet Modify Egress Parser 6
Agenda SFlow intro. SFlow architecture SFlow config example Summary 7
Config Example # config sflow Agent [Quidway] sflow agent ip 3.3.3.1 # config sflow Collector: ID=2; IP address=3.3.3.2, description= netserver [Quidway] sflow collector 2 ip 3.3.3.2 description netserver Specify the flowsampling rate 1/4000 [Quidway] interface gigabitethernet 0/0/2 [Quidway-GigabitEthernet0/0/2] sflow flow-sampling rate 4000 [Quidway-GigabitEthernet0/0/2] sflow flow-sampling collector 2 Use collector 2 [Quidway-GigabitEthernet0/0/2] sflow flow-sampling inbound [Quidway-GigabitEthernet0/0/2] sflow flow-sampling outbound [Quidway] interface gigabitethernet 0/0/2 [Quidway-GigabitEthernet0/0/2] sflow counter-sampling interval 120 Specify the countersampling interval 120 seconds 8
Verify <Quidway> display sflow sflow Version 5 Information: ------------------------------------------------------------------------- Agent Information: IP Address: 3.3.3.1 Address family: IPV4 Vpn-instance: N/A -------------------------------------------------------------------------- Collector Information: Collector ID: 2 IP Address: 3.3.3.2 Address family: IPV4 Vpn-instance: N/A Port: 6343 Datagram size: 1400 Time out: N/A Description: netserver Specify the flowsampling rate 1/4000 -------------------------------------------------------------------------- Port on slot 1 Information: Interface: GE0/0/2 Flow-sample collector: 2 Counter-sample collector : 2 Flow-sample rate(1/x): 4000 Counter-sample interval(s): 120 Flow-sample maxheader: 128 Flow-sample direction: IN,OUT 9 Use collector 2 Specify the countersampling interval 120 seconds
display sflow statistics <Quidway> display sflow statistics sflow Version 5 statistic Information: -------------------------------------------------------------------------- Collector 1 Current sample sequence:22388 Collector 2 Current sample sequence:22388 The current sampling -------------------------------------------------------------------------- sequence number. Port on slot 1 statistic Information: Interface: GE0/0/1 Flow-sample sequence : N/A Counter-sample sequence : 44778 Flow-sample inbound pool: N/A Flow-sample outbound pool: N/A ================================================================================ <Quidway> display sflow statistics slot 1 sflow Version 5 statistic Information: -------------------------------------------------------------------------- Port on slot 1 statistic Information: Interface: GE0/0/1 Flow-sample sequence : N/A Counter-sample sequence : 44778 Flow-sample inbound pool: N/A Flow-sample outbound pool: N/A -------------------------------------------------------------------------- 10
Agenda SFlow intro. SFlow architecture SFlow config example Summary 11
Summary : Top 5 thing to remember 1. sflow don t care flow scale. 2. sflow can statistic L2 & L3 3. sflow s reaction is faster 4. sflow is sampling packets 5. sflow is suitable in Traffic Monitoring / Statistic & Abnormal traffic Detection, etc; Not accounting. 12
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY Copyright 2012 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.