sFlow (sampled flow)
Table of Contents
Configuring sFlow in SONiC
sFlow (defined in https://sflow.org/sflow_version_5.txt) is a standard-based sampling technology the meets the key requirements of network traffic monitoring on switches and routers.
sFlow is an industry standard, low cost and scalable technique that enables a single analyzer to provide a network wide view.
Example model & SONiC version:
- Aurora 721, Aurora 621
- Netberg SONiC: sonic-broadcom-202311-20240807
SONiC only supports two sFlow collectors.
Defaults:
- SFLOW is disabled
- polling interval is 20 s
- agent id is eth0
- UDP port is 6343
Syntax
sudo config sflow
Usage: config sflow [OPTIONS] COMMAND [ARGS]...
Commands:
agent-id Add/Delete a sFlow agent
collector Add/Delete a sFlow collector
disable Disable sFlow
enable Enable sFlow
interface Configure sFlow settings for an interface
polling-interval Set polling-interval for counter-sampling (0 to disable)
sample-direction Set sampling directionAdd/Delete a sFlow agent
This setting is global (applicable to both collectors) and optional. Only a single agent-id is allowed.
config sflow agent-id <add|del> <interface-name>Parameters:
interface-name: specify the interface name whose ipv4 or ipv6 address will be used as the agent-id in sFlow datagrams.Add/Delete a sFlow collector
This command is used to add a sFlow collector.
config sflow collector { add | del } <collector-name> <ipv4-address | ipv6-address> [port <number>]Parameters:
collector-name: unique name of the sFlow collector
ipv4-address : IP address of the collector in dotted decimal format for IPv4
ipv6-address : x: x: x: x::x format for IPv6 address of the collector (where :: notation specifies successive hexadecimal fields of zeros)
port (OPTIONAL): specifies the UDP port of the collector (the range is from 0 to 65535. The default is 6343.)Enable/Disable sFlow
Globally, sFlow is disabled by default. When sFlow is enabled globally, the sflow daemon is started, and sampling will start on all interfaces. When sflow is disabled globally, sampling is stopped on all relevant interfaces, and the sflow daemon is stopped.
 | sFlow must be enabled as a feature first. |
config sflow <enable|disable>Configure sFlow settings for an interface
Enable/disable sflow at an interface level. By default, sflow is enabled on all interfaces at the interface level. Use this command to explicitly disable sFlow for a specific interface. An interface is sampled if sflow is enabled globally as well as at the interface level. Note that this configuration deals only with sFlow flow samples, not counter samples.
config sflow interface <enable|disable> <interface-name|all>Parameters:
interface-name: specify the interface for which sFlow flow samples have to be enabled/disabled. The "all" keyword is used as a convenience to enable/disable sflow at the interface level for all the interfaces.config sflow interface sample-rate
Configure the sample-rate for a specific interface.
The default sample rate for any interface is (ifSpeed / 1e6) where ifSpeed is in bits/sec:
1-in-1000 for a 1G link
1-in-10,000 for a 10G link
1-in-40,000 for a 40G link
1-in-50,000 for a 50G link
1-in-100,000 for a 100G linkIt is recommended not to change the defaults.
config sflow interface sample-rate <interface-name> <value>Parameters:
interface-name: specify the interface for which the sampling rate value is to be set
value: value is the average number of packets skipped before the sample is taken. "The sampling rate specifies random sampling probability as the ratio of packets observed to samples generated. For example a sampling rate of 256 specifies that, on average, 1 sample will be generated for every 256 packets observed." Valid range 256:8388608.Set polling-interval for counter-sampling
This command is used to set the counter polling interval. Default is 20 seconds.
config sflow polling-interval <value>Parameters:
value: 0-300 seconds. Set polling-interval to 0 to disable counter pollingSet sampling direction
This command takes global sflow sample direction. If not configured, default is “rx” for backward compatibility. Based on the direction, the sFlow is enabled at all the interface level at rx or tx or both.
config sflow sample-direction <rx|tx|both>The same command is available for an interface:
config sflow sample-direction <interface-name|all> <rx|tx|both>Parameters:
interface-name: specify the interface for which sFlow flow sample-direction has to be set. The “all” keyword is used as a convenience
to set sflow sample-direction at the interface level for all the interfaces.Example
Enable the sFlow feature, disable sFlow at all interfaces, and enable it for Ethernet32.
admin@sonic:~$ sudo config feature state sflow enabled
admin@sonic:~$ sudo config sflow interface disable all
admin@sonic:~$ sudo config sflow interface enable Ethernet32Add an sFlow collector.
admin@sonic:~$ sudo config sflow collector add sFlow 192.168.10.2Check the result:
admin@sonic:~$ show sflow
sFlow Global Information:
sFlow Admin State: up
sFlow Polling Interval: 20
sFlow Sample Direction: rx
sFlow Polling Interval: default
sFlow AgentID: default
1 Collectors configured:
Name: sFlow IP addr: 192.168.10.2 UDP port: 6343 VRF: default
admin@sonic:~$ show sflow interface
sFlow interface configurations
+-------------+---------------+-----------------+----------------------+
| Interface | Admin State | Sampling Rate | Sampling Direction |
+=============+===============+=================+======================+
| Ethernet32 | up | 25000 | rx |
+-------------+---------------+-----------------+----------------------+
