How Application Telemetry Works

Both sFlow and Application Telemetry mirror packets to a server for deep packet inspection, but they collect streams in very different ways:

The policy rules that Application Telemetry uses are ACL and ACE filters that are pre-configured in a policy configuration file called sflow.pol. This policy file is not user configurable. These rules enable the switch to recognize several signatures that represent a combination of the following:

Pattern matching enables Application Telemetry to target very specific, well-defined packets in each flow and not full streams of traffic. Thus, the switch mirrors only a relatively few packets to the Analytics Engine. It is the Analytics Engine that performs deep packet inspection to create reports of statistical data.

Important

Important

When you enable Application Telemetry, the switch loads the filter rules based on the logic below:

  • Application Telemetry uses the apptelemetry.pol or the sflow.pol file because the filter rules can exist in either file. The sflow.pol file is the default file and is included with the image that is loaded on the switch. This file contains the default filter rules. The apptelemetry.pol file is the user-defined file, which can be updated by the Extreme Management Center or ExtremeCloud IQ - Site Engine. To use this file, configure Application Telemetry using the Extreme Management Center or ExtremeCloud IQ - Site Engine. When you run the Application Telemetry LiveUpdate VOSS script from Extreme Management Center or ExtremeCloud IQ - Site Engine, the updated apptelemetry.pol file is placed in /intflash/.

  • When you enable Application Telemetry, the feature uses the files in the following order:

    • If the user-defined file (apptelemetry.pol) exists, then the switch loads the rules from this file.

    • If the apptelemetry.pol file does not exist or if there is a problem reading this file, then the switch uses the default sflow.pol file.