Configuring sFlow

This chapter describes how to configure sFlow on Cisco IOS XR devices.

Information About sFlow

Table 1. Feature History Table

Feature Name

Release Information

Feature Description

Sampled Flow

Release 7.5.1

Sampled flow (sFlow) allows you to monitor real-time traffic in data networks that contain switches and routers. It uses the sampling mechanism in the sFlow agent software on routers to monitor traffic and to forward the sample data to the central data collector.

sFlow uses version 5 export format to forward sampled data.

sFlow Agent

The sFlow Agent periodically polls the interface counters that are associated with a data source of the sampled packets. The data source can be an Ethernet interface, an EtherChannel interface, or a range of Ethernet interfaces. The sFlow Agent queries the Ethernet port manager for the respective EtherChannel membership information and also receives notifications from the Ethernet port manager for membership changes.

When you enable sFlow sampling, based on the sampling rate and the hardware internal random number, the ingress and egress packets are sent to the CPU as an sFlow-sampled packet. The sFlow Agent processes the sampled packets and sends an sFlow datagram to the central data collector. In addition to the original sampled packet, an sFlow datagram includes the information about the ingress port, egress port, and the original packet length. An sFlow datagram can have multiple sFlow samples such as mix of flow samples and counter samples.

Guidelines and Limitations for sFlow

Consider these points before configuring sFlow:

  • Ingress sFlow is supported on Cisco ASR 9000 Series Routers on the Cisco ASR 9000 High Density 100GE Ethernet line cards.

  • Supports a maximum of 8 export IPv4 and IPv6 destinations

  • Supported sampling rate is 1 out of 262144 (maximum)

  • Supports L3 Interface, L3 Bundle Interface, L3 Sub-interface, L3 Bundle Sub-interface

  • Does not support tunnel, L3 BVI and PW-Ether interfaces

  • Supports up to 2000 L3 interfaces

  • sFlow doesn't sample ARP, multicast, broadcast and IP-in-IP packets

  • sFlow on bundle having members on different LCs will have flows exported with same ifindex id (of bundle interface, if input/output ifindex physical is not configured), but with different sub-agent id and sequence number

  • The outbundlemember option does not function in the fourth generation and fifth generation of the Cisco ASR 9000 Series Ethernet line cards for the ingress direction. However, it is supported in the third generation of the Cisco ASR 9000 Series Ethernet line cards for both directions.

Default Settings for sFlow

Here are the default sFlow parameters:

Table 2. Default Parameters for sFlow

Parameters

Default

sFlow sampling-rate

1 out of 10000 packets

sFlow sampling-size

128 bytes. The maximum configurable value for sampler size is 160 bytes.

sFlow counter-poll-interval

20 seconds

sFlow collector-port

6343

Configuring sFlow

Configuring sFlow includes:

  • Configuring Exporter Map

  • Configuring Monitor Map

  • Configuring Sampler Map

  • Configuring sFlow on an Interface

  • Enabling sFlow on a Line Card

Configuring Exporter Map

This sample exporter map includes two exporter maps for IPv4 and IPv6 traffic. sFlow uses default collector-port number 6343.

Also, in the below sample configuration the DF-bit (Don’t Fragment bit) is enabled for IPv4 header. However, the DF-bit configuration is not supported for IPv6 transport.


Note


A DF bit is a bit within the IP header that determines whether a router is allowed to fragment a packet.


flow exporter-map SF-EXP-MAP-1
 version sflow v5
 !
 packet-length 1468
 transport udp 6343
 source GigabitEthernet0/0/0/1
source-address 192.127.10.1
destination 192.127.0.1
 dfbit set
!

flow exporter-map SF-EXP-MAP-2
 version sflow v5
 !
 packet-length 1468
 transport udp 6343
 source GigabitEthernet0/0/0/1 
source-address db8::1
destination  FF01::1
!

Configuring Monitor Map

This sample monitor map records sFlow traffic. Optionally, you can choose to include extended router and extended gateway information in the monitor map.

The extended router information includes:

  • nexthop

  • source mask length

  • destination mask length

The extended gateway information includes:

  • nexthop

  • communities

  • local preference

  • AS, source AS, source peer AS, and desgtination AS path

You can export input and ouput interface handles if the ingress or egress interface is a bundle or a BVI type. The exported interface handles are of the physical interfaces on which the packet arrived or departed and not the bundle or BVI itself.


show flow monitor-map sflow-mon1
Thu Nov 11 10:47:48.015 IST
 
Flow Monitor Map : sflow-mon1
-------------------------------------------------
Id:                6
RecordMapName:     sflow (1 labels)
ExportMapName:     sflow-exp-v4-0012_30001
                   sflow-exp-v6-0012_99992
CacheAgingMode:    Normal
CacheMaxEntries:   5000
CacheActiveTout:   5 seconds
CacheInactiveTout: 10 seconds
CacheUpdateTout:   N/A
CacheRateLimit:    2000
HwCacheExists:     False
HwCacheInactTout:  50

sFlow options:
  Option: extended router
  Option: extended gateway
  Option: Input ifindex physical
  Option: Output ifindex physical
  Option: Max sample header size: using default: 128

Configuring Sampler Map

This sample configuration samples 1 out of 20000 packets:


Note


The default sampling rate is 10000.


sampler-map SF-SAMP-MAP
 random 1 out-of 20000
!

Configuring sFlow on an Interface

In the following example, sFlow configuration is applied on an interface at the ingress direction:

interface GigabitEthernet0/0/0/3
 ipv4 address 192.127.0.56 255.255.255.0
 ipv6 address FFF2:8:DE::56/64
 ipv6 enable
 flow datalinkframesection monitor-map SF-MON-MAP sampler SF-SAMP-MAP ingress

Enabling sFlow on a Line Card

This sample configuration enables sFlow on a line card at node 0/0/CPU0:

Router(config)# hw-module profile netflow sflow-enable location 0/0/CPU0 

You should reload the line card for the changes to take effect.

Verify sFlow Configuration

Exporter Map

To verify if the exporter map has sFlow v5 export version configured, use the show flow monitor-map command:

Router# show flow monitor-map sflow-mon1 

Flow Monitor Map : sflow-mon1
-------------------------------------------------
Id:                6
RecordMapName:     sflow (1 labels)
ExportMapName:     sflow-exp-v4-0012_30001
                   sflow-exp-v6-0012_99992
CacheAgingMode:    Normal
CacheMaxEntries:   5000
CacheActiveTout:   5 seconds
CacheInactiveTout: 10 seconds
CacheUpdateTout:   N/A
CacheRateLimit:    2000
HwCacheExists:     False
HwCacheInactTout:  50
 
sFlow options:
  Option: extended router
  Option: extended gateway
  Option: Input ifindex physical
  Option: Output ifindex physical
  Option: Max sample header size: using default: 128



Exporter Statistics Information

To view the flow, counter samples, and packet exported statistics, use the show flow monitor sflow-mon1 cache location command:

Router#show flow exporter SF-EXP-MAP-1 location 0/RP0/CPU0 
show flow monitor sflow-mon1 cache location 0/0/cPU0
Thu Nov 11 10:57:35.168 IST
Cache summary for Flow Monitor sflow-mon1:
Cache size:                           5000
Current entries:                         0
Flows added:                        326328
Flows not added:                         0
Ager Polls:                          44656
  - Active timeout                       0
  - Inactive timeout                     0
  - Immediate                       326328
  - TCP FIN flag                         0
  - Emergency aged                       0
  - Counter wrap aged                    0
  - Total                           326328
Periodic export:
  - Counter wrap                         0
  - TCP FIN flag                         0
Flows exported                      326328
sFlow details:
  - flow samples:                   299639
  - counter samples:                 26689
     0 (0 bytes)