Extreme Analytics Engines inspects both sFlow and ERSPAN packets to build up telemetry intelligence. Configuring Application Telemetry, includes the following steps. It needs SFLOW sampled flows along with ERSPAN encapsulated flow. As soon as SLX-OS switch is added as a telemetry source, XMC runs a TCL script that configures the switch with the following configurations. Alternatively the user can also use the steps below to configure App Telemetry.
SLX(config)# sflow enable
SLX(config)# sflow sample-rate 1024
SLX(config)# sflow collector 10.1.1.1 6343 use-vrf default-vrf
SLX(config)# sflow polling-interval 60
SLX(config)# int eth 0/1-54
SLX(conf-if-eth-0/1-54)# sflow enable
Following existing CLI can be used in XMC server configuration script to transfer .pol file from XMC server to SLX-OS switch.
SLX# copy tftp://@<hostname>//<filepath> flash://<filename>
This command will copy .pol file to directory /var/config/vcs/scripts on switch.
Following new CLI can be used in XMC server configuration script to enable application telemetry feature,
SLX(config)# app-telemetry enable
This command will trigger the following operations in the backend. sFlow module will provide ERSPAN encapsulation related fields ( SIP, DIP, SMAC, DMAC, Vlan, Egress VIF, VRF ) to hardware to encapsulate specific flow with IPv4 GRE header and transport the encapsulated packets towards the Analytics Engines. sFlow collector and ERSPAN destination will share same IPv4 address so that Analytics Engines receive both sFlow and ERSPAN frames. Unlike sFlow, the specific flow packets will be ERSPAN encapsulated and transported by hardware itself.
Switch management IPv4 address will be used as SIP, first configured collector IP in default-vrf as DIP, mac address of the Egress Port of ERSPAN flow will be used as SMAC, next hop router mac as DMAC. ERSPAN encapsulated frames will be IP routed towards sFlow collector. Any next hop related changes will be automatically taken care.
ERSPAN Type I header is supported for SLX-9150/9250, and additional 38 bytes will be added to the original packets during ERSPAN IPv4 GRE encapsulation (14 bytes L2 header, 20 bytes IP header, 4 bytes GRE header. For SLX-9540, ERSPAN Type II is supported and additional 50 bytes will be added to the original packets during ERSPAN IPv4 GRE encapsulation (14 bytes L2 header, 20 bytes IP header, 8 bytes GRE header and 8 bytes ERSPAN header.
Don‘t fragment bit in IP header is set to TRUE to avoid any fragmentation of ERSPAN encapsulated packets and hence it‘s best practice to enable Jumbo frame across ERSPAN pathway.
The following new CLI can be used in XMC server configuration script to configure telemetry access lists.
SLX(config)# app-telemetry access-list telemetry.pol ingress
Policy rules are written in telemetry.pol file format. These rules will be parsed and respective ACLs are applied on system level. These rules will be used to create copies of matching traffic and tunnel the copies towards the AE.
This requires telemetry.pol should already be present in the switch flash memory. Policy file will be read and parsed to extract appropriate ACL rules to be installed in hardware. Action for all ACL's will be to tunnel the traffic to AE, and to increment statistics. Extreme Analytics Engines will start receiving both sFlow and ERSPAN frames and will do further deep packet inspection.
The following new CLI can be used in XMC server configuration script to display telemetry access-lists.
SLX# show app-telemetry access-list
uda access-list dhcpv4 on system at Ingress
seq 10 permit udp any range 67 68 any range 67 68 (Active)
uda access-list dnstcp on system at Ingress
seq 10 permit tcp any eq 53 any (Active)
uda access-list tcpsynack on system at Ingress
seq 10 permit tcp any any ack sync (Active)
uda access-list bjnp on system at Ingress
seq 10 permit udp any any 0x424a4e50 0xffffffff 0x0 0x0 0x0 0x0 0x0 0x0 (Active)
uda access-list eset on system at Ingress
seq 10 permit tcp any any 0x0 0x0 0xabcd0000 0xffff0000 0x0 0x0 0x0 0x0 (Active)
The following new CLI can be used in XMC server configuration script to display application telemetry counter.
SLX# show app-telemetry counter ---------------------------------------------------- Application Telemetry Counters ---------------------------------------------------- Number of dhcpv4 packets: 10, bytes: 1280 Number of dnstcp packets: 0, bytes: 0 Number of tcpsynack packets: 20, bytes: 2560 Number of bjnp packets: 10, bytes: 2560 Number of eset packets: 5, bytes: 1280