Sampled flow (sFlow) allows you to monitor real-time traffic in data networks that contain switches and routers. It uses the sampling mechanism in the sFlow agent software on switches and routers to monitor traffic and to forward the sample data to the central data collector.

For more information about sFlow, see RFC 3176.

sFlow has the following prerequisites:

• For Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and for Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ generic expansion module (GEM), you must configure the sFlow and SPAN ACL TCAM region sizes for any uplink ports that are to be configured as an sFlow data source. To do so, use the hardware access-list tcam region sflow and hardware access-list tcam region span commands. See Configuring ACL TCAM Region Sizes for more information.

  Note	By default, the sflow region size is zero, and the span region size is non-zero. You need to configure the sflow region to 256 and allocate enough entries to the span region in order to configure the port as an sFlow data source.

• Egress sFlow of multicast traffic requires hardware multicast global-tx-span configuration

Note	For scale information, see the release-specific Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.

sFlow has the following guidelines and limitations:

• If at least one sFlow data source is configured, the SPAN sessions cannot be brought up.

  • If at least one SPAN session is configured as no shut , sFlow data sources cannot be added.

  • The sampling mode that is used for sFlow is based on an algorithm that is known as LFSR. Due to the use of LFSR, it is not guaranteed that one in every few packets are sampled with the sampling rate of n. However, the number of packets that are sampled is equal to the total packets over a period of time.

• When sFlow is used to sample the Rx traffic from FEX HIF ports, additional VNTAG and 802.1q tags are present in the sampled traffic.

• In Cisco Nexus 9300-EX and 9300-FX platform switches, the FEX, HIF, and NIF ports cannot be configured as sFlow data-source interfaces.

• When sFlow and SPAN are configured on the same interface, and the hardware rate-limiter is configured for sFlow, the Rate-Limiter Drops counter in the output of the show hardware rate-limiter command displays more drops than expected.

• sFlow is a software-driven feature, hardware only sends copies of traffic from the sFlow source interfaces to the CPU for further processing. Elevated CPU usage is expected. sFlow traffic sent to the CPU by hardware is rate-limited to protect the CPU.

• When you enable sFlow for an interface, it is enabled for both ingress and egress. You cannot enable sFlow for only ingress or only egress.

  For Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards, sFlow can be enabled for an interface only in the ingress direction.

• The storm control feature does not work if you enable storm control on an interface where sFlow is also enabled.

• sFlow is not supported on the SVIs.

• Subinterfaces are not supported for sFlow.

• We recommend you configure the sampling rate that is based on the sFlow configuration and traffic in the system.

• The switch supports only one sFlow collector.

• sFlow and Network Address Translation (NAT) are not supported on the same port.

• sFlow supports sampling IPv6 traffic.

• sFlow does not support egress sampling for multicast, broadcast, or unknown unicast packets.

• sFlow counters increment even for control packets that ingress on the sFlow data-source interfaces. These packets may be sampled and send out as sFlow datagrams (similar to data plane traffic).

• The following Cisco Nexus switches support sFlow and SPAN together:

  • N9336C-FX2

  • N93240YC-FX2

  • N93360YC-FX2

• Beginning with Cisco NX-OS Release 9.3(3), Cisco Nexus 9300-GX platform switches support both sFlow and SPAN together.

• Nexus 9000-EX, FX, GX family of switches only support sampling at the following values: 4096, 8192, 16384, 32768, 65536. Configuring values other than these results in the value being rounded off to the next supported value.

• When sFlow is configured on N9K-C9508-FM-G with the N9K-X9716D-GX line card, disable sFlow before configuring SPAN sessions.

• Beginning with Cisco NX-OS Release 10.1(2), sFlow is supported on the Cisco Nexus N9K-X9624D-R2 line card.

• Beginning with Cisco NX-OS Release 10.1(2), sFlow supports VXLAN traffic on the Cisco Nexus N9K-C9508-FM-G cloud-scale fabric module with the N9K-X9716D-GX line card.

• Beginning with Cisco NX-OS Release 10.2(1), sFlow Extended BGP (Gateway) is supported on the Cisco Nexus N9K-C93600CD-GX, N9K-C93240YC-FX2, N9K-C93180YC-EX, N9K-C93180YC-FX, N9K-C93180YC-FX3S, N9K-93600CD-GX, and N9K-X9716D-GX platform switches.

• NX-OS provides flexible forwarding templates to utilize the hardware resources according to customer needs. For sFlow ingress IPv6 sampling to fill BGP information correctly in the sFlow record, a template which has all IPv6 routes on the line-card has to be selected. For example, customers can configure system routing template-mpls-heavy. For more information, please refer to the Cisco Nexus 9000 Series NX-OS Command Reference (Configuration Commands), Release 9.3(x). For command to take effect, system needs to be rebooted. This is applicable on GX modular chassis.

• When ECMP is configured in BGP and in case of ECMP destination routes, the next-hop information in the extended gateway record of the exported sFlow record will be 0. Other BGP information like Autonomous System will be derived from the first path. The output interface in the sFlow record will be set to 0 (unknown) to indicate that the flow could be through any of the paths.

• Beginning with Cisco NX-OS Release 10.2(1q)F, sFlow is supported on the Cisco N9K-C9332D-GX2B platform switches.

• Beginning with Cisco NX-OS Release 10.2(1), extended BGP data can now be collected. In order for sFlow to collect this data, a non-SVI Layer 3 interface such as a physical interface or port-channel must be configured as the sFlow source.

• Beginning with Cisco NX-OS Release 10.2(3)F, sFlow flow-cache size is increased from 3k route entries in earlier releases to 30k v4 and 30k v6 route entries. This feature is supported on Cisco Nexus C93600CD-GX, C93240YC-FX2, C93180YC-EX, C93180YC-FX, C93180YC-FX3S, 93600CD-GX, and X9716D-GX platform switches.

• Beginning with Cisco NX-OS Release 10.3(1)F, sFlow is supported on the Cisco Nexus 9808 platform switches.

  • For egress sampled packet, re-written information is not available in sFlow record.

  • Egress sFlow is not supported for directly connected host. However, beginning with Cisco NX-OS Release 10.4(2)F, Egress sFlow is supported for directly connected host.

  • sFlow is not supported on the sub-interface traffic.

• Beginning with Cisco NX-OS Release 10.3(1)F, sFlow supports IPv6 collector. However, at a time, only one collector can be configured, either IPv4 or IPv6. Also, the source ip address and the collector ip address must belong to the same address family, that is, either IPv4 or IPv6 address family.

• Beginning with Cisco NX-OS Release 10.4(1)F, sFlow is supported on the following line cards and switches:

  • Cisco Nexus 9804 switch and the following limitations apply:

    • For egress sampled packet, re-written information is not available in sFlow record

    • Egress sFlow is not supported for directly connected host

    • sFlow is not supported on the sub-interface traffic

  • Cisco Nexus C9332D-H2R switch

  • Cisco Nexus X98900CD-A and X9836DM-A line cards with Cisco Nexus 9808 and 9804 switches

• Beginning with Cisco NX-OS Release 10.4(2)F, sFlow is supported on Cisco Nexus 93400LD-H1 platform switches.

• Beginning with Cisco NX-OS Release 10.4(3)F, sFlow is supported on Cisco Nexus N9K-C9364C-H1 platform switches.

The following table lists the default settings for sFlow parameters.

Use these commands to display the sFlow configuration.

Use the show sflow statistics command to display the sFlow statistics.

Use the following commands to clear the sFlow statistics:

This example shows how to configure sFlow:

feature sflow
sflow sampling-rate 4096
sflow max-sampled-size 200
sflow counter-poll-interval 100
sflow max-datagram-size 2000
sflow collector-port 7000
sflow agent-ip 192.0.2.3
sflow collector-ip 192.0.2.5 vrf management
sflow data-source interface ethernet 1/5