Configuring sFlow

This chapter describes how to configure sFlow on Cisco NX-OS devices.

This chapter includes the following sections:

About sFlow

Sampled flow (sFlow) allows you to monitor real-time traffic in data networks that contain switches and routers. It uses the sampling mechanism in the sFlow agent software on switches and routers to monitor traffic and to forward the sample data to the central data collector.

For more information about sFlow, see RFC 3176.

sFlow Agent

The sFlow agent, which is embedded in the Cisco NX-OS software, periodically samples or polls the interface counters that are associated with a data source of the sampled packets. The data source can be an Ethernet interface, an EtherChannel interface, or a range of Ethernet interfaces. The sFlow agent queries the Ethernet port manager for the respective EtherChannel membership information and also receives notifications from the Ethernet port manager for membership changes.

When you enable sFlow sampling, based on the sampling rate and the hardware internal random number, the ingress packets and egress packets are sent to the CPU as an sFlow-sampled packet. The sFlow agent processes the sampled packets and sends an sFlow datagram to the sFlow analyzer. In addition to the original sampled packet, an sFlow datagram includes information about the ingress port, the egress port, and the original packet length. An sFlow datagram can have multiple sFlow samples.

Prerequisites for sFlow

sFlow has the following prerequisites:

  • For Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and for Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ generic expansion module (GEM), you must configure the sFlow and SPAN ACL TCAM region sizes for any uplink ports that are to be configured as an sFlow data source. To do so, use the hardware access-list tcam region sflow and hardware access-list tcam region span commands. See Configuring ACL TCAM Region Sizes for more information.


    Note


    By default, the sflow region size is zero, and the span region size is non-zero. You need to configure the sflow region to 256 and allocate enough entries to the span region in order to configure the port as an sFlow data source.
  • Egress sFlow of multicast traffic requires hardware multicast global-tx-span configuration

Guidelines and Limitations for sFlow


Note


For scale information, see the release-specific Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.


sFlow has the following guidelines and limitations:

  • If at least one sFlow data source is configured, the SPAN sessions cannot be brought up.

    • If at least one SPAN session is configured as no shut , sFlow data sources cannot be added.

    • The sampling mode that is used for sFlow is based on an algorithm that is known as LFSR. Due to the use of LFSR, it is not guaranteed that one in every few packets are sampled with the sampling rate of n. However, the number of packets that are sampled is equal to the total packets over a period of time.

  • When sFlow is used to sample the Rx traffic from FEX HIF ports, additional VNTAG and 802.1q tags are present in the sampled traffic.

  • In Cisco Nexus 9300-EX and 9300-FX platform switches, the FEX, HIF, and NIF ports cannot be configured as sFlow data-source interfaces.

  • When sFlow and SPAN are configured on the same interface, and the hardware rate-limiter is configured for sFlow, the Rate-Limiter Drops counter in the output of the show hardware rate-limiter command displays more drops than expected.

  • sFlow is a software-driven feature, hardware only sends copies of traffic from the sFlow source interfaces to the CPU for further processing. Elevated CPU usage is expected. sFlow traffic sent to the CPU by hardware is rate-limited to protect the CPU.

  • When you enable sFlow for an interface, it is enabled for both ingress and egress. You cannot enable sFlow for only ingress or only egress.

    For Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards, sFlow can be enabled for an interface only in the ingress direction.

  • The storm control feature does not work if you enable storm control on an interface where sFlow is also enabled.

  • sFlow egress sampling for multicast, broadcast, or unknown unicast packets is not supported on N9K-C93108TC-FX3P.

  • sFlow is not supported on the SVIs.

  • Subinterfaces are not supported for sFlow.

  • We recommend you configure the sampling rate that is based on the sFlow configuration and traffic in the system.

  • The switch supports only one sFlow collector.

  • sFlow and Network Address Translation (NAT) are not supported on the same port.

  • sFlow supports sampling IPv6 traffic.

  • sFlow does not support egress sampling for multicast, broadcast, or unknown unicast packets.

  • sFlow counters increment even for control packets that ingress on the sFlow data-source interfaces. These packets may be sampled and send out as sFlow datagrams (similar to data plane traffic).

  • The following Cisco Nexus switches support sFlow and SPAN together:

    • N9336C-FX2

    • N93240YC-FX2

    • N93360YC-FX2

  • Beginning with Cisco NX-OS Release 9.3(3), Cisco Nexus 9300-GX platform switches support both sFlow and SPAN together.

  • Nexus 9000-EX, FX, GX family of switches only support sampling at the following values: 4096, 8192, 16384, 32768, 65536. Configuring values other than these results in the value being rounded off to the next supported value.

  • When sFlow is configured on N9K-C9508-FM-G with the N9K-X9716D-GX line card, disable sFlow before configuring SPAN sessions.

  • Beginning with Cisco NX-OS Release 10.1(1), sFlow and SPAN are supported on Cisco N9K-C93180YC-FX3 platform switches.

  • Beginning with Cisco NX-OS Release 10.1(2), sFlow is supported on the Cisco Nexus N9K-X9624D-R2 line card.

  • Beginning with Cisco NX-OS Release 10.1(2), sFlow supports VXLAN traffic on the Cisco Nexus N9K-C9508-FM-G cloud-scale fabric module with the N9K-X9716D-GX line card.

  • Beginning with Cisco NX-OS Release 10.2(1), sFlow Extended BGP (Gateway) is supported on the Cisco Nexus N9K-C93600CD-GX, N9K-C93240YC-FX2, N9K-C93180YC-EX, N9K-C93180YC-FX, N9K-C93180YC-FX3S, N9K-93600CD-GX, and N9K-X9716D-GX platform switches.

  • NX-OS provides flexible forwarding templates to utilize the hardware resources according to customer needs. For sFlow ingress IPv6 sampling to fill BGP information correctly in the sFlow record, a template which has all IPv6 routes on the line-card has to be selected. For example, customers can configure system routing template-mpls-heavy. For more information, please refer to the Cisco Nexus 9000 Series NX-OS Command Reference (Configuration Commands), Release 9.3(x). For command to take effect, system needs to be rebooted. This is applicable on GX modular chassis.

  • When ECMP is configured in BGP and in case of ECMP destination routes, the next-hop information in the extended gateway record of the exported sFlow record will be 0. Other BGP information like Autonomous System will be derived from the first path. The output interface in the sFlow record will be set to 0 (unknown) to indicate that the flow could be through any of the paths.

  • Beginning with Cisco NX-OS Release 10.2(1q)F, sFlow is supported on the Cisco N9K-C9332D-GX2B platform switches.

  • Beginning with Cisco NX-OS Release 10.2(1), extended BGP data can now be collected. In order for sFlow to collect this data, a non-SVI Layer 3 interface such as a physical interface or port-channel must be configured as the sFlow source.

  • Beginning with Cisco NX-OS Release 10.2(3)F, sFlow flow-cache size is increased from 3k route entries in earlier releases to 30k v4 and 30k v6 route entries. This feature is supported on Cisco Nexus C93600CD-GX, C93240YC-FX2, C93180YC-EX, C93180YC-FX, C93180YC-FX3S, 93600CD-GX, and X9716D-GX platform switches.

  • Beginning with Cisco NX-OS Release 10.3(1)F, sFlow is supported on the Cisco Nexus 9808 platform switches.

    • For egress sampled packet, re-written information is not available in sFlow record.

    • Egress sFlow is not supported for directly connected host. However, beginning with Cisco NX-OS Release 10.4(2)F, Egress sFlow is supported for directly connected host.

    • sFlow is not supported on the sub-interface traffic.

  • Beginning with Cisco NX-OS Release 10.3(1)F, sFlow supports IPv6 collector. However, at a time, only one collector can be configured, either IPv4 or IPv6. Also, the source ip address and the collector ip address must belong to the same address family, that is, either IPv4 or IPv6 address family.

  • Beginning with Cisco NX-OS Release 10.2(5)M, storm control and sFlow cannot be enabled together on an interface.

  • Beginning with Cisco NX-OS Release 10.3(3)F, storm control and sFlow cannot be enabled together on an interface.

  • Beginning with Cisco NX-OS Release 10.4(1)F, sFlow is supported on the following line cards and switches:

    • Cisco Nexus 9804 switch and the following limitations apply:

      • For egress sampled packet, re-written information is not available in sFlow record

      • Egress sFlow is not supported for directly connected host

      • sFlow is not supported on the sub-interface traffic

    • Cisco Nexus C9332D-H2R switch

    • Cisco Nexus X98900CD-A and X9836DM-A line cards with Cisco Nexus 9808 and 9804 switches

  • Beginning with Cisco NX-OS Release 10.4(2)F, sFlow is supported on Cisco Nexus 93400LD-H1 platform switches.

  • Beginning with Cisco NX-OS Release 10.4(3)F, sFlow is supported on Cisco Nexus N9K-C9364C-H1 platform switches.

Default Settings for sFlow

The following table lists the default settings for sFlow parameters.

Table 1. Default sFlow Parameters
Parameters Default

sFlow sampling rate

4096

sFlow sampling size

128

sFlow counter poll interval

20

sFlow maximum datagram size

1400

sFlow collector IP address

0.0.0.0

sFlow collector port

6343

sFlow agent IP address

0.0.0.0

Configuring sFlow

Enabling sFlow

You must enable the sFlow feature before you can configure sFlow settings on the switch.

SUMMARY STEPS

  1. configure terminal
  2. [no] feature sflow
  3. (Optional) show feature
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] feature sflow

Example:

switch(config)# feature sflow

Enables or disables sFlow.

Step 3

(Optional) show feature

Example:

switch(config)# show feature
(Optional)

Displays the enabled and disabled features.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Sampling Rate

You can configure the sampling rate for sFlow.

Before you begin

Make sure that you have enabled sFlow.

Nexus 9000-EX, FX, and GX family of switches only support sampling at the following values: 4096, 8192, 16384, 32768, 65536. Configuring values other than these will result in the value being rounded off to the next supported value.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow sampling-rate sampling-rate
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow sampling-rate sampling-rate

Example:

switch(config)# sflow sampling-rate 50000

Configures the sFlow sampling rate for packets.

The sampling-rate can be an integer between 4096 and 1000000000.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Maximum Sampled Size

You can configure the maximum number of bytes that should be copied from a sampled packet.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow max-sampled-size sampling-size
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow max-sampled-size sampling-size

Example:

switch(config)# sflow max-sampled-size 200

Configures the sFlow maximum sampling size.

The range for the sampling-size is from 64 to 256 bytes.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Counter Poll Interval

You can configure the maximum number of seconds between successive samples of the counters that are associated with the data source. A sampling interval of 0 disables counter sampling.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow counter-poll-interval poll-interval
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow counter-poll-interval poll-interval

Example:

switch(config)# sflow counter-poll-interval 100

Configures the sFlow poll interval for an interface.

The range for the poll-interval is from 0 to 2147483647 seconds.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Maximum Datagram Size

You can configure the maximum number of data bytes that can be sent in a single sample datagram.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow max-datagram-size datagram-size
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow max-datagram-size datagram-size

Example:

switch(config)# sflow max-datagram-size 2000

Configures the sFlow maximum datagram size.

The range for the datagram-size is from 200 to 9000 bytes.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Collector Address

You can configure the IPv4 or IPv6 address of the sFlow data collector that is connected to the management port.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow collector-ip ip-address vrf vrf [source ip-address]
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow collector-ip ip-address vrf vrf [source ip-address]

Example:

switch(config)# sflow collector-ip 192.0.2.5 vrf management
switch(config)# sflow collector-ip 2001::1 vrf management

Configures the IPv4 or IPv6 address for the sFlow collector. If the IP address is set to 0.0.0.0, all samples will be dropped.

The vrf can be one of the following:

  • A user-defined VRF name—You can specify a maximum of 32 alphanumeric characters.

  • vrf management—You must use this option if the sFlow data collector is on the network connected to the management port.

  • vrf default—You must use this option if the sFlow data collector is on the network connected to the front-panel ports.

The source ip-address option causes the sent sFlow datagram to use the source IP address as the IP packet source address. The source IP address has to be already configured on one of the switch local interfaces; otherwise, an error message appears. If the interface with the source IP address is changed or removed after this option is configured, the sFlow datagram will no longer be sent out, and an event history error and syslog error will be logged. When the source ip-address option is not configured, Cisco NX-OS picks the IP packet source address automatically for the sent sFlow datagram.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Collector Port

You can configure the destination port for sFlow datagrams.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow collector-port collector-port
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow collector-port collector-port

Example:

switch(config)# sflow collector-port 7000

Configures the UDP port of the sFlow collector.

The range for the collector-port is from 1 to 65535.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Agent Address

You can configure the IPv4 or IPv6 address of the sFlow agent.

Before you begin

Make sure that you have enabled sFlow.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow agent-ip ip-address
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow agent-ip ip-address

Example:

switch(config)# sflow agent-ip 192.0.2.3
switch(config)# sflow agent-ip 2001::10

Configures the IPv4 or IPv6 address of the sFlow agent.

The default IP address is 0.0.0.0, which means that all samples will be dropped. You must specify a valid IP address to enable sFlow functionality.

Note

 

This IP address is not necessarily the source IP address for sending the sFlow datagram to the collector.

The agent ip address and the collector ip address must belong to the same address family, that is, either IPv4 or IPv6 address family.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Sampling Data Source

You can configure the source of the data for the sFlow sampler as an Ethernet port, a range of Ethernet ports, or a port channel.

Before you begin

Make sure that you have enabled sFlow.

If you want to use a port channel as the data source, make sure that you have already configured the port channel and you know the port channel number.

Make sure that the sFlow and SPAN ACL TCAM region sizes are configured for any uplink ports that are to be configured as an sFlow data source on the following devices: Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ generic expansion module (GEM).

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow data-source interface [ethernet slot/port[-port] | port-channel channel-number]
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow data-source interface [ethernet slot/port[-port] | port-channel channel-number]

Example:

switch(config)# sflow data-source interface ethernet 1/5-12

Configures the sFlow sampling data source.

For an Ethernet data source, slot is the slot number, and port can be either a single port number or a range of ports designated as port-port.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring sFlow Extended BGP (Gateway)

You can configure sFlow Extended BGP on the switch.

Before you begin

Make sure that you have enabled sFlow.

Make sure that the source port is a non-SVI Layer 3 interface, such as a physical interface or port-channel.

SUMMARY STEPS

  1. configure terminal
  2. [no] sflow extended bgp
  3. (Optional) show sflow
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow extended bgp

Example:

switch(config)# sflow extended bgp

Configures extended bgp on the switch.

Sampled sFlow packets with destination IP address to BGP installed routes will include extended gateway (bgp) data in the exported sFlow record.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Verifying the sFlow Configuration

Use these commands to display the sFlow configuration.

Table 2. sFlow Show Commands
Command Purpose
show sflow

Displays all the data sources of the sFlow samplers and the sFlow agent configuration.

show process

Verifies whether the sFlow process is running.

show running-config sflow [all]

Displays the current sFlow running configuration.

Monitoring and Clearing sFlow Statistics

Use the show sflow statistics command to display the sFlow statistics.

Use the following commands to clear the sFlow statistics:

Command

Description

clear sflow statistics

Clears most of the sFlow statistics from the show sflow statistics command.

clear counters interface all

Clears the Total Packets field from the show sflow statistics command.

clear hardware rate-limiter sflow

Clears the Total Samples field from the show sflow statistics command.

Configuration Examples for sFlow

This example shows how to configure sFlow:

feature sflow
sflow sampling-rate 4096
sflow max-sampled-size 200
sflow counter-poll-interval 100
sflow max-datagram-size 2000
sflow collector-port 7000
sflow agent-ip 192.0.2.3
sflow collector-ip 192.0.2.5 vrf management
sflow data-source interface ethernet 1/5