sFlow is a technology for monitoring traffic in data networks containing switches and routers. It relies on statistical sampling of packets from high-speed networks, plus periodic gathering of the statistics. A UDP (User Datagram Protocol) datagram format is defined to send the information to an external entity for analysis. sFlow consists of a MIB (Management Information Base), and a specification of the packet format for forwarding information to a remote agent. For details on sFlow specifications, see RFC 3176; and for more general information, go to www.sflow.org.
The ExtremeXOS implementation is based on sFlow version 5, which is an improvement from the revision specified in RFC 3176.
Additionally, the switch software also allows you to set the individual port sampling rates, so that you can fine-tune sFlow statistics.
sFlow and mirroring are not mutually exclusive on Summit and ExtremeSwitching family switches, whether or not they are included in a SummitStack. You can enable them simultaneously.
Summit and ExtremeSwitching family switches support hardware-based sampling at a programmed interval.
With hardware-based sampling, the data path for a packet that traverses the switch does not require processing by the CPU. Fast path packets are handled entirely by ASICs and are forwarded at wire speed rate.
Both ingress and egress sFlow sampling can be enabled simultaneously on a port. The enable sflow port command provides an option to enable sFlow on ingress, or egress, or both directions. The default value is ingress. The sample rate is maintained on a per-port basis, so a given port has the same sample rate for ingress and egress traffic. Ingress and egress sFlows sample both unicast and multicast egress flows. The global enable/disable control of sFlow is common to both ingress and egress. When the global option is enabled, the port level sFlow parameter is applied to hardware.
When sFlow sampling is enabled on a port, the sFlow agent samples the traffic on that port, processed in slow path and passed on to the collector. You can configure the rate at which the packets are sampled.
Currently, when a packet is sampled from the ingress traffic, the output interface index is populated as 0. This is applicable for both unicast and multicast traffic. As part of the egress sFlow, the output interface index is populated with the destination port information for unicast packets sampled in both ingress and egress directions. Multicast packet samples still have an output interface index as 0.
IfIndex Traffic Type Sampling Direction illustrates the expected output of the ifIndex when based on traffic type, and sampling direction.
Case # | Ingress/Engress Unicast/Multicast | Scenario |
---|---|---|
1 | Ingress/unicast | sFlow sample includes both ingress and egress port (ifindex). |
2 | Egress/unicast | sFlow sample includes both ingress and egress port information. |
3 | Ingress/multicast | Egress port information cannot be provided because of hardware limitation. Egress ifindex is 0 and ingress ifindex is supplied. |
4 | Egress/multicast | Egress port information cannot be provided because of hardware limitation. Egress ifindex is 0 and ingress ifindex is supplied. |