SFLOW

Rashmi Bhardwaj | Blog,Protocol
Advertisements

SFLOW is abbreviation for “Sampled flow”. Originally developed by InMonsFlow is the leading, multi-vendor, standard for monitoring networks. sFlow packet export at Layer 2 of the OSI model. It provides a means for exporting truncated packets, together with interface counters. sFlow is designed to be embedded in any network device and to provide continuous statistics on any protocol (up to L7), so that all traffic throughout a network can be precisely monitored. The current version of sFlow is v5.

sFlow uses sampling to achieve scalability and therefore is applicable to high speed networks (Gbps and even higher). sFlow is supported by multiple network device manufacturers and network management software vendors.An sFlow system consists of multiple devices performing two types of sampling:

  • Random sampling of packets or application layer operations,
  • Time-based sampling of counters.

An sFlow monitoring system consists of an sFlow agent embedded in the switch/router and a centralized collector. The sFlow agent’s two main function are Random Sampling and Statistics Gathering. The sFlow agent sends counters and flow samples to the sFlow collector in UDP datagrams. The sampled data is sent as a UDP packet to the sFlow Collector on port 6343.Each datagram contains the following information:

Advertisements

  • The IP address of the sFlow agent
  • The number of samples
  • The interface through which the packets entered the agent
  • The interface through which the packets exited the agent
  • The source and destination interface for the packets
  • The source and destination VLAN for the packets

 

SFLOW VERSIONS –

Below table shows how sFlow has developed over time and included more features in its aresenal –

sflow

 

SFLOW SAMPLE CONFIGURATION ON JUNOS –

The following configuration enables sFlow monitoring of 1st 10 interfaces on a Juniper EX3200 switch, sampling packets at 1-in-500, polling counters every 30 seconds and sending the sFlow to an analyzer (10.0.0.50) on UDP port 6343 (the default sFlow port).

 

protocols {

sflow {

polling-interval 30;

sample-rate 500;

collector 10.0.0.50 {

udp-port 6343;

}

interfaces ge-0/0/0.0;

interfaces ge-0/0/1.0;

interfaces ge-0/0/2.0;

interfaces ge-0/0/3.0;

interfaces ge-0/0/4.0;

interfaces ge-0/0/5.0;

interfaces ge-0/0/6.0;

interfaces ge-0/0/7.0;

interfaces ge-0/0/8.0;

interfaces ge-0/0/9.0;

}

}

 

BELOW IS THE LIST OF VENDORS SUPPORTING SFLOW PROTOCOL –

  • A10 Networks
  • ADARA Networks
  • Aerohive
  • AlaxalA Networks
  • Alcatel-Lucent Enterprise
  • Allied Telesis
  • Arista Networks
  • AT&T
  • Aruba
  • Big Switch Networks
  • Black Box Network Services
  • Brocade
  • Cameo Communications
  • Cisco
  • Comtec Systems
  • Cumulus Networks
  • Dax Networks
  • DX-0500 series
  • DX-5000 series
  • Digital China Networks (DCN)
  • Dell
  • D-Link
  • DrayTek Corp.
  • Edge-Core Networks
  • Enterasys
  • Extreme Networks
  • F5
  • Fortinet
  • Gambit Communications
  • Hewlett-Packard
  • Hitachi
  • Host sFlow
  • Huawei
  • IBM
  • InMon Corp.
  • IP Infusion
  • ITS Express
  • Juniper Networks
  • LANCOM Systems
  • LevelOne
  • LG-ERICSSON
  • Maipu
  • Mellanox
  • MRV
  • NEC
  • NETGEAR
  • Nevion
  • OpenSwitch
  • Open vSwitch
  • Overture Networks
  • Pica8
  • Plexxi
  • Pluribus Networks
  • Proxim Wireless
  • Quanta Computer
  • Radisys Corporation
  • Silicom Ltd.
  • SMC Networks
  • Themis Computer
  • Vyatta
  • Xenya
  • XRoads Networks
  • ZTE
  • ZyXEL
  • XGS1900 series
  • XGS4500 series
  • XGS4700 series

ABOUT THE AUTHOR

Advertisements

Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart
Select your currency
USD United States (US) dollar
Scroll to Top