Configuring sFlow

This chapter describes how to configure sFlow on Cisco NX-OS devices.

This chapter includes the following sections:

About sFlow

Sampled flow (sFlow) allows you to monitor real-time traffic in data networks that contain switches and routers. It uses the sampling mechanism in the sFlow agent software on switches and routers to monitor traffic and to forward the sample data to the central data collector.

For more information about sFlow, see RFC 3176.

sFlow Agent

The sFlow agent, which is embedded in the Cisco NX-OS software, periodically samples or polls the interface counters that are associated with a data source of the sampled packets. The data source can be an Ethernet interface, an EtherChannel interface, or a range of Ethernet interfaces. The sFlow agent queries the Ethernet port manager for the respective EtherChannel membership information and also receives notifications from the Ethernet port manager for membership changes.

When you enable sFlow sampling, based on the sampling rate and the hardware internal random number, the ingress packets and egress packets are sent to the CPU as an sFlow-sampled packet. The sFlow agent processes the sampled packets and sends an sFlow datagram to the sFlow analyzer. In addition to the original sampled packet, an sFlow datagram includes information about the ingress port, the egress port, and the original packet length. An sFlow datagram can have multiple sFlow samples.

Prerequisites for sFlow

sFlow has the following prerequisites:

  • For Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and for Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ generic expansion module (GEM), you must configure the sFlow and SPAN ACL TCAM region sizes for any uplink ports that are to be configured as an sFlow data source. To do so, use the hardware access-list tcam region sflow and hardware access-list tcam region span commands. See Configuring ACL TCAM Region Sizes for more information.


    Note


    By default, the sflow region size is zero, and the span region size is non-zero. You need to configure the sflow region to 256 and allocate enough entries to the span region in order to configure the port as an sFlow data source.
  • Egress sFlow of multicast traffic requires hardware multicast global-tx-span configuration

Guidelines and Limitations for sFlow


Note


For scale information, see the release-specific Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.


sFlow has the following guidelines and limitations:

  • When you enable sFlow for an interface, it is enabled for both ingress and egress. You cannot enable sFlow for only ingress or only egress.

    For Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards, sFlow can be enabled for an interface only in the ingress direction.

  • The storm control feature does not work if you enable storm control on an interface where sFlow is also enabled.

  • sFlow is not supported on the SVIs.

  • sFlow ingress sampling for multicast, broadcast, or unknown unicast packets are supported only for Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards.

  • You should configure the sampling rate based on the sFlow configuration and traffic in the system.

  • The switch supports only one sFlow collector.

  • sFlow and Network Address Translation (NAT) are not supported on the same port.

  • Beginning with Cisco NX-OS Release 7.0(3)I2(1), sFlow is supported on the Cisco Nexus 9300 and 9500 Series switches and the Cisco Nexus 3164Q, 31128PQ, 3232C, and 3264Q switches.

  • Beginning with Cisco NX-OS Release 7.0(3)F2(1), sFlow is supported on Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards.

  • Beginning with Cisco NX-OS Release 7.0(3)I5(1), sFlow is supported on Cisco Nexus 9200 and 9300-EX Series switches. Beginning with Cisco NX-OS Release 7.0(3)I5(2), sFlow is supported on Cisco 9500 Series switches with 9700-EX line cards. These switches have the following limitations with sFlow:

    • sFlow and SPAN can co-exist for Cisco Nexus 9508 switches with Cisco Nexus 9636C-R and 9636Q-R line cards. This combination of features is not supported for other Cisco Nexus 9000 Series switches. sFlow and SPAN sessions cannot share data sources.

    • If at least one sFlow data source is configured, the SPAN sessions cannot be brought up.

    • If at least one SPAN session is configured as no shut , sFlow data sources cannot be added.

    • The sampling mode that is used for sFlow is based on an algorithm known as LFSR. Due to the use of LFSR, it is not guaranteed that one in every few packets are sampled with the sampling rate of n. However, the number of packets that are sampled is equal to the total packets/n over a period of time.

  • Beginning with Cisco NX-OS Release 7.0(3)I7(1), sFlow is supported on the Cisco Nexus 9300-FX2 platform switches.

  • Beginning with Cisco NX-OS Release 7.0(3)I7(2), sFlow is supported on Cisco 9500 platform switches with the Cisco Nexus 9736C-FX line card.

  • Beginning with Cisco NX-OS Release 7.0(3)I7(3), sFlow is supported on Cisco 9500 platform switches with Cisco Nexus 9788TC-FX or 9732C-FX line cards.

  • SPAN and sFlow do not work together. The Cisco Nexus 9300-EX platform switch supports NetFlow and SPAN on the same interface at the same time. This functionality is a viable alternative to using SPAN and sFlow.

  • For an ingress sFlow sample of multicast packets, the out port is reported as multiple ports with the exact number of egress ports. This is not supported on Cisco Nexus 9300-EX and -FX/P platform switches.

  • sFlow supports sampling IPv6 traffic but only on IPv4 collector address.

  • sFlow counters increment even for control packets that ingress on the sFlow data-source interfaces. These packets may be sampled and send out as sFlow datagrams (similar to data plane traffic).

  • Nexus 9000-EX, FX, GX family of switches only support sampling at the following values: 4096, 8192, 16384, 32768, 65536. Configuring values other than these results in the value being rounded off to the next supported value.

  • Subinterfaces are not supported for sFlow.

Default Settings for sFlow

The following table lists the default settings for sFlow parameters.

Table 1. Default sFlow Parameters
Parameters Default

sFlow sampling rate

4096

sFlow sampling size

128

sFlow counter poll interval

20

sFlow maximum datagram size

1400

sFlow collector IP address

0.0.0.0

sFlow collector port

6343

sFlow agent IP address

0.0.0.0

Configuring sFlow

Enabling sFlow

You must enable the sFlow feature before you can configure sFlow settings on the switch.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] feature sflow

Example:

switch(config)# feature sflow

Enables or disables sFlow.

Step 3

(Optional) show feature

Example:

switch(config)# show feature
(Optional)

Displays the enabled and disabled features.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Sampling Rate

You can configure the sampling rate for sFlow.

Before you begin

Make sure that you have enabled sFlow.

Nexus 9000-EX, FX, and GX family of switches only support sampling at the following values: 4096, 8192, 16384, 32768, 65536. Configuring values other than these will result in the value being rounded off to the next supported value.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow sampling-rate sampling-rate

Example:

switch(config)# sflow sampling-rate 50000

Configures the sFlow sampling rate for packets.

The sampling-rate can be an integer between 4096 and 1000000000.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Maximum Sampled Size

You can configure the maximum number of bytes that should be copied from a sampled packet.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow max-sampled-size sampling-size

Example:

switch(config)# sflow max-sampled-size 200

Configures the sFlow maximum sampling size.

The range for the sampling-size is from 64 to 256 bytes.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Counter Poll Interval

You can configure the maximum number of seconds between successive samples of the counters that are associated with the data source. A sampling interval of 0 disables counter sampling.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow counter-poll-interval poll-interval

Example:

switch(config)# sflow counter-poll-interval 100

Configures the sFlow poll interval for an interface.

The range for the poll-interval is from 0 to 2147483647 seconds.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the Maximum Datagram Size

You can configure the maximum number of data bytes that can be sent in a single sample datagram.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow max-datagram-size datagram-size

Example:

switch(config)# sflow max-datagram-size 2000

Configures the sFlow maximum datagram size.

The range for the datagram-size is from 200 to 9000 bytes.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Collector Address

You can configure the IPv4 address of the sFlow data collector that is connected to the management port.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow collector-ip ip-address vrf vrf [source ip-address]

Example:

switch(config)# sflow collector-ip 192.0.2.5 vrf management

Configures the IPv4 address for the sFlow collector. If the IP address is set to 0.0.0.0, all samples will be dropped.

The vrf can be one of the following:

  • A user-defined VRF name—You can specify a maximum of 32 alphanumeric characters.

  • vrf management—You must use this option if the sFlow data collector is on the network connected to the management port.

  • vrf default—You must use this option if the sFlow data collector is on the network connected to the front-panel ports.

The source ip-address option causes the sent sFlow datagram to use the source IP address as the IP packet source address. The source IP address has to be already configured on one of the switch local interfaces; otherwise, an error message appears. If the interface with the source IP address is changed or removed after this option is configured, the sFlow datagram will no longer be sent out, and an event history error and syslog error will be logged. When the source ip-address option is not configured, Cisco NX-OS picks the IP packet source address automatically for the sent sFlow datagram.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Collector Port

You can configure the destination port for sFlow datagrams.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow collector-port collector-port

Example:

switch(config)# sflow collector-port 7000

Configures the UDP port of the sFlow collector.

The range for the collector-port is from 1 to 65535.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Agent Address

You can configure the IPv4 address of the sFlow agent.

Before you begin

Make sure that you have enabled sFlow.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow agent-ip ip-address

Example:

switch(config)# sflow agent-ip 192.0.2.3

Configures the IPv4 address of the sFlow agent.

The default IP address is 0.0.0.0, which means that all samples will be dropped. You must specify a valid IP address to enable sFlow functionality.

Note

 

This IP address is not necessarily the source IP address for sending the sFlow datagram to the collector.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring the sFlow Sampling Data Source

You can configure the source of the data for the sFlow sampler as an Ethernet port, a range of Ethernet ports, or a port channel.

Before you begin

Make sure that you have enabled sFlow.

If you want to use a port channel as the data source, make sure that you have already configured the port channel and you know the port channel number.

Make sure that the sFlow and SPAN ACL TCAM region sizes are configured for any uplink ports that are to be configured as an sFlow data source on the following devices: Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ or N9K-M12PQ generic expansion module (GEM).

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] sflow data-source interface [ethernet slot/port[-port] | port-channel channel-number]

Example:

switch(config)# sflow data-source interface ethernet 1/5-12

Configures the sFlow sampling data source.

For an Ethernet data source, slot is the slot number, and port can be either a single port number or a range of ports designated as port-port.

Step 3

(Optional) show sflow

Example:

switch(config)# show sflow
(Optional)

Displays the sFlow configuration.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Verifying the sFlow Configuration

Use these commands to display the sFlow configuration.

Table 2. sFlow Show Commands
Command Purpose
show sflow

Displays all the data sources of the sFlow samplers and the sFlow agent configuration.

show process

Verifies whether the sFlow process is running.

show running-config sflow [all]

Displays the current sFlow running configuration.

Monitoring and Clearing sFlow Statistics

Use the show sflow statistics command to display the sFlow statistics.

Use the following commands to clear the sFlow statistics:

Command

Description

clear sflow statistics

Clears most of the sFlow statistics from the show sflow statistics command.

clear counters interface all

Clears the Total Packets field from the show sflow statistics command.

clear hardware rate-limiter sflow

Clears the Total Samples field from the show sflow statistics command.

Configuration Examples for sFlow

This example shows how to configure sFlow:

feature sflow
sflow sampling-rate 4096
sflow max-sampled-size 200
sflow counter-poll-interval 100
sflow max-datagram-size 2000
sflow collector-ip 192.0.2.5 vrf management
sflow collector-port 7000
sflow agent-ip 192.0.2.3
sflow data-source interface ethernet 1/5