Monitoring System Statistics and Network Traffic with sFlow
sFlow is a monitoring protocol that samples network packets, application operations, and system counters. sFlow collects both interface counters and sampled 5-tuple packet information so that you can monitor your network traffic as well as your switch state and performance metrics. To collect and analyze this data, you need an outside server; an sFlow collector.
If you intend to run this service within a VRF, including the management VRF, follow these steps to configure the service.
Enable sFlow
To enable sFlow:
cumulus@switch:~$ nv set system sflow state enabled
cumulus@switch:~$ nv config apply
To disable sFlow, run the nv set system sflow state disabled command.
By default, the hsflowd service is disabled and does not start automatically when the switch boots up.
To enable and start the hsflowd service:
cumulus@switch:~$ sudo systemctl enable hsflowd
cumulus@switch:~$ sudo systemctl start hsflowd
To disable the hsflowd service:
cumulus@switch:~$ sudo systemctl stop hsflowd
cumulus@switch:~$ sudo systemctl disable hsflowd
Configure sFlow
To configure sFlow:
- Provide the sFlow collectors. You must configure at least one collector if you enable sFlow.
- Set the sFlow sampling rate.
- Set the polling interval.
- Provide the IP address and interface of the sFlow agent.
- Configure the sFlow policer rate and policer burst.
Cumulus Linux provides different sampling rate configurations. The value represents the sampling ratio; for example, if you specify a value of 400, SFlow samples one in every 400 packets.
| Sampling Rate | Default Value | Description |
|---|---|---|
default |
400 | The Default sampling rate for ports with no speed or application with no sampling setting. |
speed-100m |
100 | The sampling rate on a 100Mbps port. |
speed-1g |
1000 | The sampling rate on a 1Gbps port. |
speed-10g |
10000 | The sampling rate on a 10Gbps port. |
speed-40g |
40000 | The sampling rate on a 40Gbps port. |
speed-50g |
50000 | The sampling rate on a 50Gbps port. |
speed-100g |
100000 | The sampling rate on a 100Gbps port. |
speed-200g |
200000 | The sampling rate on a 200Gbps port. |
speed-400g |
400000 | The sampling rate on a 400Gbps port. |
speed-800g |
800000 | The sampling rate on a 800Gbps port. |
Some collectors require each source to transmit on a different port, others listen on only one port. Refer to the documentation for your collector for more information.
Configure Designated Collectors
Specify the IP address, UDP port number, and interface for the designated collectors. The port number and interface are optional; If you do not specify a port number, Cumulus Linux uses the default port 6343.
The following example configures sFlow to send data to collector 192.0.2.100 on port 6343 and collector 192.0.2.200 on eth0:
cumulus@switch:~$ nv set system sflow collector 192.0.2.100 port 6344
cumulus@switch:~$ nv set system sflow collector 192.0.2.200 interface eth0
cumulus@switch:~$ nv config apply
Configure the sFlow sampling rate in number of packets if you do not want to use the default rate, and the polling interval in seconds.
The following example polls the counters every 20 seconds and samples one in every 40000 packets for 40G interfaces:
cumulus@switch:~$ nv set system sflow sampling-rate speed-40g default 40000
cumulus@switch:~$ nv set system sflow poll-interval 20
cumulus@switch:~$ nv config apply
Edit the /etc/hsflowd.conf file to set up the collectors, sampling rates, and polling interval in seconds, then restart the hsflowd service with the sudo systemctl start hsflowd command.
The following example polls the counters every 20 seconds, samples 1 of every 40000 packets for 40G interfaces, and sends this information to a collector at 192.0.2.100 on port 6343 and to another collector at 192.0.2.200 on interface eth0.
cumulus@switch:~$ sudo nano /etc/hsflowd.conf
sflow {
# ====== Sampling/Polling/Collectors ======
# EITHER: automatic (DNS SRV+TXT from _sflow._udp):
# DNS-SD { }
# OR: manual:
# Counter Polling:
polling = 20
# default sampling N:
# sampling = 400
# sampling N on interfaces with ifSpeed:
sampling.100M = 100
sampling.1G = 1000
sampling.10G = 10000
sampling.40G = 40000
# sampling N for apache, nginx:
# sampling.http = 50
# sampling N for application (requires json):
# sampling.app.myapp = 100
# collectors:
collector { ip=192.0.2.100 udpport=6344 }
collector { ip=192.0.2.200 interface=eth0 }
}
cumulus@switch:~$ sudo systemctl start hsflowd
Configure the SFlow Agent
Provide the IP address or prefix, or the interface for the sFlow agent.
The following example configures the sFlow agent prefix to 10.0.0.0/8:
cumulus@switch:~$ nv set system sflow agent ip 10.0.0.0/8
The following example configures the sFlow agent interface to eth0:
cumulus@switch:~$ nv set system sflow agent interface eth0
cumulus@switch:~$ nv config apply
To provide the IP address or prefix for the sFlow agent, edit the /etc/hsflowd.conf file to set the agent.CIDR parameter, then restart the hsflowd service with the sudo systemctl start hsflowd command.
cumulus@switch:~$ sudo nano /etc/hsflowd.conf
...
sflow {
agent.CIDR = 10.0.0.0/8
}
cumulus@switch:~$ sudo systemctl start hsflowd
To provide an interface for the sFlow agent, edit the /etc/hsflowd.conf file to set the agent parameter, then restart the hsflowd service with the sudo systemctl start hsflowd command.:
cumulus@switch:~$ sudo nano /etc/hsflowd.conf
...
sflow {
agent = eth0
}
cumulus@switch:~$ sudo systemctl start hsflowd
Configure sFlow Policer Rate and Burst Size
You can limit the number of sFlow samples per second and the sample burst size per second that the switch sends.
The default number of sFlow samples and default sample size is 16384. You can specify a value between 0 and 16384.
The following example sets the number of sFlow samples to 800 and the sample size to 900:
cumulus@switch:~$ nv set system sflow policer rate 8000
cumulus@switch:~$ nv set system sflow policer burst 9000
cumulus@switch:~$ nv config apply
Edit the /etc/cumulus/datapath/traffic.conf file to change the sflow.rate and sflow.burst parameters, then reload switchd with the sudo systemctl reload switchd.service command.
cumulus@switch:~$ sudo nano /etc/cumulus/datapath/traffic.conf
# Set sflow/sample ingress cpu packet rate and burst in packets/sec
# Values: {0..16384}
sflow.rate = 8000
sflow.burst = 9000
cumulus@switch:~$ sudo systemctl reload switchd.service
Interface Configuration
By default, sFlow is enabled on interfaces that are operationally UP. To disable sFlow on an interface:
cumulus@switch:~$ nv set interface swp1 sflow state disabled
cumulus@switch:~$ nv config apply
To enable sFlow on an interface, run the nv set interface <interface> sflow state enabled command.
By default, sFlow is enabled on interfaces that are operationally UP. To disable sFlow on a specific interface, edit the /etc/cumulus/switchd.conf file and set the interface.<interface>.sflow.enable parameter to FALSE:
cumulus@switch:~$ sudo nano /etc/cumulus/switchd.conf
interface.swp1.sflow.enable = FALSE
To enable sFlow on an interface, set the interface.<interface>.sflow.enable parameter to TRUE.
To configure the sFlow sample rate on an interface.
cumulus@switch:~$ nv set interface swp1 sflow sample-rate 100000
cumulus@switch:~$ nv config apply
Edit the /etc/cumulus/switchd.conf file and set the interface.<interface-id>.sflow.sample_rate.ingress parameter:
cumulus@switch:~$ sudo nano /etc/cumulus/switchd.conf
interface.swp1.sflow.sample_rate.ingress = 100000
Monitor Dropped Packets
You can configure sFlow to monitor dropped packets in software or hardware.
The following example configures sFlow to monitor dropped packets in software:
cumulus@switch:~$ nv set system sflow dropmon sw
cumulus@switch:~$ nv config apply
The following example configures sFlow to monitor dropped packets in hardware:
cumulus@switch:~$ nv set system sflow dropmon hw
cumulus@switch:~$ nv config apply
Edit the /etc/hsflowd.conf file to add the dropmon { group=1 start=on sw=off hw=on } line to monitor dropped packets in hardware or the dropmon { group=1 start=on sw=on hw=off } line to monitor dropped packets in software:
cumulus@switch:~$ sudo nano /etc/hsflowd.conf
dropmon { group=1 start=on sw=off hw=on }
Restart the hsflowd service with the sudo systemctl start hsflowd command.
Configure sFlow Visualization Tools
For information on configuring various sFlow visualization tools, read this knowledge base article.
Show sFlow Configuration
To show all sFlow configuration on the switch:
cumulus@switch:~$ nv show system sflow
operational applied
----------------- ----------- ----------
State enabled
poll-interval 30
[collector] 10.10.10.1
sampling-rate
default 400
speed-100m 100
speed-1g 1000
speed-10g 10000
speed-25g 25000
speed-40g 40000
speed-50g 50000
speed-100g 100000
speed-200g 200000
speed-400g 400000
Speed-800g 800000
agent
ip 10.0.2.15
interface eth0 eth0
policer
rate 1638
burst 1638
To show sFlow collector configuration:
cumulus@switch:~$ nv show system sflow collector
Ip Port
---------------------------------
192.0.2.100 6343
192.0.2.200 6344
To show the sFlow sampling rate configuration:
cumulus@switch:~$ nv show system sflow sampling-rate
default 400
speed-100m 100
speed-1g 1000
speed-10g 10000
Speed-25g 25000
speed-40g 40000
speed-50g 50000
speed-100g 100000
speed-200g 200000
speed-400g 400000
Speed-800g 800000
To show the current sFlow polling interval:
cumulus@switch:~$ nv show system sflow poll-interval
poll-interval 30
To show sFlow agent configuration:
cumulus@switch:~$ nv show system sflow agent:
10.0.0.5
To show the number of samples per second and the sample burst size per second that the switch sends out:
cumulus@switch:~$ nv show system sflow policer
----------------------
Rate 16384
Burst 16384
To show sFlow configuration on a specific interface:
cumulus@switch:~$ nv show interface swp1 sflow
----------------------
sample-rate 100000
state enabled
Considerations
Cumulus Linux does not support sFlow egress sampling.