• Tag : sflow

 
 

Failed samples – Does the sflow agent detect drops?

We would like to use as high sampling frequency as possible, i.e. going below the dangerous sampling rate limit of 16384. If the switch fails to sample a packet the sFlow protocol contains a counter for that, named drops. See struct flow_sample in https://sflow.org/sflow_version_5.txt Does the sflow agent detect drops?

Sflow Output Subinterfaces

Sflow Output Subinterfaces Packets sampled for sFlow are packaged in a flow sample structure containing, amongst other things, input and output port information. For single interfaces, port information is represented by the ifIndex of the interface. This feature allows for subinterface output port ifIndex values to be included in a sample, in place of parent interface ifIndexes. Samples in sFlow may be encoded in two formats: compact or expanded. The format  used depends on how ifIndex values are used on the device in question. If an sFlow agent will never use ifIndex values >= 2^24, then it must use compact...
Continue reading →

Arista 7280SR BGP sflow on vlan interfaces

Hello, I am using BGP on Arista 7280SR, and the ip are on vlan interfaces (not sub-interfaces). I’d like to enable sflow and its BGP extension to see the traffic per-AS with AS-stats / elastiflow, although I cannot enter the following command, which is not available in interface vlan configuration mode. sflow enable Is it a limitation of the Jericho chip, EOS, or did I misunderstand the way I’m supposed to get BGP extension informations via sflow in my setup ? Thank you.

Sampled Flow Tracking with IPFIX export

Description Network administrators require access to flow information that passes through various network elements, for the purpose of analyzing and monitoring their networks. This feature provides access to IP flow information by sampling traffic flows in ingress direction on the interfaces on which it is configured. The samples are then used to create flow records, which are exported to the configured collectors in the IPFIX format. Terminology Flow tracker: Collection of interfaces (observation points) on which samples are collected and flow records are created. It has one or more Exporters. Exporter: Device that sends flow records to one or more...
Continue reading →

Sflow IPv4 Tunnel Extension

When packets are encapsulated in tunnels via protocols such as GRE, sFlow samples with version 5 default extensions do not contain some important information about the packet including the IP address of the tunnel destination. Several additional, optional, tunnel extensions are defined in sFlow Tunnel Structure. The sFlow IPv4 tunnel extension feature provides the ability to add the extended_ipv4_tunnel_egress structure to packets forwarded via GRE next-hop groups. Platform Compatibility DCS-7280R DCS-7280R2 Configuration The tunnel extension is added to compatible samples by configuring sFlow on a device and then adding the desired tunnel extension sample configuration. For example: Arista(config)#sflow run Arista(config)#sflow...
Continue reading →

sFlow extension BGP in multi-agent

Description Sflow samples can be augmented with additional Extended gateway data by getting data from BGP in addition to sFlow’s standard IP information. The additional BGP information can be seen in sFlow Version 5 doc under extended_gateway. Extended gateway data was already supported in gated mode. Now it is being supported for multi-agent mode (arBGP). Platform compatibility This feature is supported on all platforms. Configuration A BGP instance must be configured on the switch for BGP sFlow export to operate. rtr1(config)#sflow run rtr1(config)#sflow extension bgp Show Commands bgprtr1(config)#show sflow sFlow Configuration ------------------- Destination(s):   127.0.0.1:54855 (VRF: default) Source(s):   10.10.10.10 (VRF: default)...
Continue reading →

Impact of CU/Performance when increasing sFlow sampling rate

Hi everyone, We looks to increase the sFlow sampling rate to 100 (1 sample per 100 packets). The document states that it is possible with “dangerous” option but it doesn’t state the impact on CPU and the switch performance. Is there anyone who has the same deployment? Can you advise or point to the document that explains the impact of such change in the configuration? Thanks

sFlow Generation for Legacy Networks with Tap Aggregation (NPB / Matrix switch)

  sFlow is a standard hadware sampling available on all the Arista platforms, providing rich statistical information on all ports. sFlow is available in Tap Aggregation mode, allowing additional use cases of Tap Aggregation than traffic analysis on analyzer tools: Retro-fitting sFlow to legacy infrastructure Distributed analysis This article focuses on Retro-fitting sFlow to legacy infrastructure.   1) sFlow vs Netflow sFlow is a sampling mechanism implemented in hardware: Widely available on non-legacy platforms, and widely supported on collectors/monitoring software sFlow requires minimal local processing which contrast with Netflow that is very CPU-intensive, making Netflow poorly suitable for any high performance...
Continue reading →

Fabric Visibility

A leaf and spine fabric is challenging to monitor. The fabric spreads traffic across all the switches and links in order to maximize bandwidth. Unlike traditional hierarchical network designs, where a small number of links can be monitored to provide visibility, a leaf and spine network has no special links or switches where running CLI commands or attaching a probe would provide visibility. Even if it were possible to attach probes, the effective bandwidth of a leaf and spine network can be as high as a Petabit/second, well beyond the capabilities of current generation monitoring tools. The 2 minute video...
Continue reading →

Introduction to Managing EOS Devices – Setting up Management

Note: This article is part of the Introduction to Managing EOS Devices series: https://eos.arista.com/introduction-to-managing-eos-devices/      1) Setting Up Management The following management tools are available on Arista EOS for all platforms: VRF-aware management Telnet and SSH Syslog and Console Logging SNMP Versions 1 and 3 NTP DNS Local and remote user control (AAA) TACACS+, RADIUS sFlow XMPP eAPI   Note: in the following configuration examples, the commands in square brackets are optional: [optional]   1.1) VRF Aware Management As of release 4.10.1, EOS supports the ability to constrain management functions to a VRF. This enables the user to separate management based functions...
Continue reading →

What happened to script for sFlow reading into Splunk?

From a .pdf entitled “Traffic Visualization with Arista sFlow and Splunk” there is a referenced sample script that’s supposed to be on EOS Central to decode the sFlow data and allow Splunk to process it.  Is that still active and around?  I’d really like to be able to use the Arista Telemetry App and not have to go to a 3rd party app for the data.  Thanks!

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: