Did You Know?

ConnexOne provide virtual copy of your modbus slaves

CONNEXITE
leafleafleafMan illustrationFlower illustration
Updated on May 4, 2026

Configure sFlow

Estimated reading: 5 minutes 2 views

Summary: Networking › Switching › Edge › Synapse

Overview

sFlow is a network monitoring technology jointly developed by InMon , HP and Foundry Networks in 2001. It has been standardized and can provide complete second to fourth layer information and can adapt to traffic analysis in extremely large network traffic environments. Allows users to analyze the performance , trends and existing problems of network transmission streams in detail and in real time. sFlow has the following advantages:

  • Enables precise monitoring of network traffic on gigabit or higher-speed networks.
  • sFlow Collector can monitor thousands or hundreds of sFlow Agents, has good scalability.
  • sFlow agent is embedded in the network device and the cost is low.

Principle

sFlow system composition As shown in the figure, the sFlow system includes an sFlow Agent embedded in the device and a remote sFlow Collector. Among them, sFlow Agent obtains interface statistics and data information through sFlow sampling, and encapsulates the information into sFlow messages. When the sFlow message buffer is full or the sFlow message cache time times out (the cache time is 1 second), sFlow Agent The sFlow message will be sent to the specified sFlow Collector. sFlow Collector analyzes sFlow messages and displays the analysis results. sFlow sampling sFlow Agent provides two sampling methods for users to analyze network traffic conditions from different perspectives, namely Flow sampling and Counter sampling.

Flow sampling

Flow sampling means that the sFlow Agent device performs sampling and analysis on packets on a specified interface according to a specific sampling direction and sampling comparison to obtain information related to the packet data content. This sampling method mainly focuses on the details of traffic, so that the traffic behavior on the network can be monitored and analyzed. Field

Raw packet

Intercept all or part of the header of the original message (the specific length of the interception is determined by the configuration), encapsulate this part of the original message into an sFlow message and send it to the Collector.

Ethernet Frame Data

For Ethernet messages, parse the Ethernet header information of the message, encapsulate the parsed data into sFlow messages and send them to the Collector.

Extended Switch Data

For forwarded Ethernet packets, record the VLAN conversion and VLAN priority conversion of the packets, encapsulate the forwarding information into sFlow packets and send them to the Collector. When the VLAN ID is 0, it indicates an invalid VLAN.

Counter sampling

Counter sampling allows the sFlow Agent device to periodically obtain traffic statistics information on the interface. Counter sampling supports the acquisition of sampling information as shown in the following table. Compared with Flow sampling, Counter sampling only focuses on the quantity of traffic on the interface, but not on the detailed information of the traffic. Field

Generic Interface Counters

General interface statistics, including basic interface information and general interface traffic statistics.

Ethernet Interface Counters

For the Ethernet interface, it is used to collect Ethernet-related traffic statistics.

Processor Information

Used to count device CPU usage and memory usage. sFlow message sFlow messages are encapsulated by UDP, and the default destination port number is the well-known port 6343. There are four header formats for sFlow messages, namely Flow sample, Expanded Flow sample, Counter sample, and Expanded Counter sample. The Expanded Flow sample and Expanded Counter sample are new additions to sFlow version 5 and are extensions of the Flow sample and Counter sample, but are not forward compatible. All Extended sampling content must be encapsulated using the Expanded sampling packet header.

Configuration commands

  • Configure agent address

Order

SWITCH( config )# sflow agent { ip IPV4ADDR | ipv6 IPV6ADDR }
SWITCH( config )# no sflow agent { ip | ipv6}

describe Configure/delete a gent address; IPV4ADDR: agent/ device IPv4 address IPV6ADDR: a gent/device IPv6 address Supports configuring ipv 4 and ipv 6 addresses at the same time, for collectors of ipv 4 and ipv 6 respectively There is no configuration by default. If not configured, the protocol may not send packets.

Order

SWITCH(config )# sflow collector <1-2> { ip IPV4ADDR | ipv6 IPV6ADDR } [datagram-size <200-9000> | port <1024-65535> | description STRING ]
SWITCH(config )# no sflow collector <1-2>

describe Configure/delete collector; <1-2>: collector index IPV4ADDR: collector/ server IPv4 address IPV6ADDR: collector/ server IPv6 address <200-9000>: Maximum length of data packet, optional, default 1 400 <1024-65535>: Server port number, optional, default 6 343 STRING: c collector description information, optional, default is none

Order

SWITCH(config -if) #sflow flow -sampling collector <1-2>
SWITCH(config -if)# no flow-sampling collector

describe Configure/delete interface flow sampling; <1-2>: c collector index ss

Order

SWITCH(config -if)# sflow counter-sampling collector <1-2>
SWITCH(config -if)# no counter-sampling collector

describe Configure/delete interface counter sampling; <1-2>: collector index ss

Order

SWITCH( config-if)# sflow flow-sampling direction { inbound | outbound }
SWITCH( config-if)# sflow flow-sampling rate <1024-65536>
SWITCH( config-if)# sflow flow-sampling max-header <18-256>
SWITCH( config-if)# no flow-sampling direction
SWITCH(config -if)# no flow-sampling rate
SWITCH(config -if)# no flow-sampling max-header

describe Configure/ reset interface flow sampling parameters; { inbound | outbound } : flow sampling direction, optional, the default is to sample inbound + outbound at the same time <1024-65536>: flow sampling rate, optional, default is 2 048, one sample for every 2 048 flows <18-256> : Flow sampling message length, unit byte, optional, default 6 4

Order

SWITCH(config -if)# sflow counter-sampling interval <3-65535>
SWITCH(config -if)# no sflow counter-sampling interval

describe Configure/reset interface counter sampling parameters; <3-65535>: counter sampling period, unit seconds, optional, default 1 0

Examples

Requirements

sFlow network management server is 2.2.2.2 and the device IP address is 2.2.2.95. The network management server needs to monitor the status of device port 3 through sFlow . It is required to perform flow sampling and counter sampling at the same time. The parameters can be defaulted. Configurations

Initialize network management configuration

SWITCH#
SWITCH#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SWITCH(config )# sflow -agent- ip 2.2.2.95
SWITCH(config )# sflow collector 1 ip 2.2.2.2
SWITCH(config )#

Configure sampling for port 3

SWITCH( config)#int gi 0/3
SWITCH( config-if)#sflow flow-sampling collector 1
SWITCH( config-if)#sflow counter-sampling collector 1

Display Information

  • Show sFlow
SWITCH#show sflow

Collector 1: Address: 2.2.2.2 Agent: 2.2.2.95 Port: 6343 Datagram-Size: 1400 Description: Fd : 11 Seq: 45 Tx Timer: (nil) Buf : 0xab0d8 Alloc : 1400 Used: 0 ————————————————– ———————————- | Flow | Counter | Interface | ID Rate Direction Max-header Sequence | ID Interval Sequence | ————————————————– ———————————- GiE0/3 1 2048 both 64 2 1 10 7462

SWITCH#

Related articles

Share this Doc

Configure sFlow

Or copy link

Powered By EazyDocs