Using sFlow

sFlow is a technology for monitoring traffic in data networks containing switches and routers. It relies on statistical sampling of packets from high-speed networks, plus periodic gathering of the statistics. A UDP (User Datagram Protocol) datagram format is defined to send the information to an external entity for analysis. sFlow consists of a MIB (Management Information Base), and a specification of the packet format for forwarding information to a remote agent. For details on sFlow specifications, see RFC 3176; and for more general information, go to www.sflow.org.

The ExtremeXOS implementation is based on sFlow version 5, which is an improvement from the revision specified in RFC 3176.

Additionally, the switch software also allows you to set the individual port sampling rates, so that you can fine-tune sFlow statistics.

sFlow and mirroring are not mutually exclusive on ExtremeSwitching and Summit series switches, whether or not they are included in a SummitStack. You can enable them simultaneously.

However, be aware that the following limitations are present in the ExtremeXOS implementation:
  • Generic port statistics are reported to the sFlow collector
  • Non-extended data
  • Only port-based sampling
  • No MIB support

Sampling Mechanisms

ExtremeSwitching and Summit series switches support hardware-based sampling at a programmed interval.

With hardware-based sampling, the data path for a packet that traverses the switch does not require processing by the CPU. Fast path packets are handled entirely by ASICs and are forwarded at wire speed rate.

Both ingress and egress sFlow sampling can be enabled simultaneously on a port. The enable sflow port command provides an option to enable sFlow on ingress, or egress, or both directions. The default value is ingress. The sample rate is maintained on a per-port basis, so a given port has the same sample rate for ingress and egress traffic. Ingress and egress sFlows sample both unicast and multicast egress flows. The global enable/disable control of sFlow is common to both ingress and egress. When the global option is enabled, the port level sFlow parameter is applied to hardware.

When sFlow sampling is enabled on a port, the sFlow agent samples the traffic on that port, processed in slow path and passed on to the collector. You can configure the rate at which the packets are sampled.

ExtremeXOS 22.5 expands upon sFlow's capability by providing support for additional data structures that an sFlow agent can use to report table utilization statistics in sFlow counter samples (see Displaying sFlow Information).

Limitations of Egress sFlow

The following limitations apply to the egress sFlow feature:
  • Due to the hardware limitation, destination port information is not supported for multicast traffic. The output interface index is populated as 0.
  • Egress sFlow sampling does not support de-duplication of packets.
  • For multicast traffic, the sampling rate, sample pool of the egress sFlow sampled datagram is populated as 0, because the source ID of the egress sampled multicast packet is unknown.
  • For L3 unicast traffic, an unmodified packet is sampled and the destination port is supplied if the L3 traffic is a flow within single chip. When the egress port and ingress port are in different chips, then a modified packet is sampled and the destination ports are supplied. For L3 multicast traffic, unmodified packet is sampled and destination port is populated as zero.
  • Packets dropped due to egress ACL (Access Control List) are sampled.
  • In cases of unicast and multicast flooding, the packets are sampled before packet replication. If the ingress and member ports are in the same chip, then a single copy of the packet is sampled even though the egress sFlow is enabled on more than one member's ports. If the member ports are spread across different chip, then packets are sampled on a per-chip basis.
  • In flooding cases, the least configured sampling rate among the member ports on a port group is considered as a sample rate. Even if you configure different sample rates on a member ports, egress sampling is based on the least configured sample rate among the member ports on a chip.

sFlow Destination Port

Currently, when a packet is sampled from the ingress traffic, the output interface index is populated as 0. This is applicable for both unicast and multicast traffic. As part of the egress sFlow, the output interface index is populated with the destination port information for unicast packets sampled in both ingress and egress directions. Multicast packet samples still have an output interface index as 0.

IfIndex Traffic Type Sampling Direction illustrates the expected output of the ifIndex when based on traffic type, and sampling direction.

Click to expand in new window

IfIndex Traffic Type Sampling Direction

Case # Ingress/Engress Unicast/Multicast Scenario
1 Ingress/unicast sFlow sample includes both ingress and egress port (ifindex).
2 Egress/unicast sFlow sample includes both ingress and egress port information.
3 Ingress/multicast Egress port information cannot be provided because of hardware limitation. Egress ifindex is 0 and ingress ifindex is supplied.
4 Egress/multicast Egress port information cannot be provided because of hardware limitation. Egress ifindex is 0 and ingress ifindex is supplied.