sFlow Fundamentals

Application-specific integrated circuit (ASIC) or Software Development Kit (SDK) limitation—To avoid wobbling, the counter interval for sFlow is 20 seconds. Minor wobbling can still occur even after configuring the counter interval due to the interaction between the sFlow agent counter export schedule and the frequency with which the switch ASIC SDK copies and caches counters from the ASIC.

sFlow supports a maximum of two collectors.

UDP datagram size and the collector buffer are restricted to 1400 bytes. sFlow sends datagrams to the collector when the buffer reaches the 1400–byte capacity or after a timeout of one second is triggered. The collector buffer size cannot be modified.

The switch supports IPv4 collector IP addresses.

VLAN counters/statistics are not supported.

sFlow can be enabled only on the front panel ports.

You cannot configure the sampling limit. The sampling limit applies system-wide rather than on a per port basis. Sampling rates differ depending on the hardware platform so any sampled packets beyond the limit are dropped. For more information about feature support, see Fabric Engine Release Notes.

The switch supports only ingress sampling. The switch does not support egress sampling.

The switch does not support enabling sFlow on a link aggregation group (LAG) interface. However, you can enable sFlow on the member interfaces of a LAG.

The sFlow collector can be reachable through the Management VRF, the Global Routing Table (GRT) or if your switch supports doing so, through a user created VRF (virtual routing and forwarding). If the sFlow collector is hosted in either the GRT or a user created VRF, SPB reachability only supports using Layer 2 VSN or IP shortcuts to access the collector. Layer 3 VSNs are not supported in accessing the collector when it is hosted in the GRT or a User created VRF.

For Segmented Management Instance interfaces, sFlow is only supported on Segmented Management Instance OOB and on circuitless IP (CLIP) in GRT.

If the sFlow collector has two network interface controller (NIC) cards, to avoid dropped sFlow datagrams that are a result of reverse path checks, you can add a route to the agent-ip address for the NIC card on which the sFlow datagrams are received.

First preference is always given to either the GRT or management VRF to where the sFlow agent IP address is configured. For example, if you configure the sFlow agent IP address as part of GRT, the GRT route to the collector is given preference over the management VRF. If the management network hosts a collector with a collector IP address that is reachable over SPB as a result of redistributing direct routes on a peer Backbone Edge Bridge (BEB) or in situations where the GRT has a default route (0.0.0.0) and the collector route is in the local management VRF, first preference is given to the VRF where you have configured the sFlow agent IP address.

For Segmented Management Instance interfaces, preference for sFlow collector reachability checks is determined by agent-ip configuration. If you configure the sFlow agent IP address to Segmented Management Instance OOB, preference for route lookup is given to the management VRF. If no route is found, lookup occurs in GRT.

If you do not configure the agent-ip address to Segmented Management Instance OOB, preference for route lookup is given to GRT. If no route is found, lookup occurs in the management VRF.