Example: Configuring sFlow Technology to Monitor Network Traffic on MX Series Routers
sFlow technology is a networking monitoring technology for high-speed switched or routed networks. It is a technology that is based on statistical sampling. You can configure sFlow technology to continuously monitor traffic at wire speed on all interfaces simultaneously. sFlow data can be used to provide network traffic visibility information. You can specify sampling rates for ingress and egress packets. Junos OS fully supports the sFlow standard described in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks.
This example describes how to configure and use sFlow technology to monitor network traffic.
This example uses the following hardware and software components:
One MX Series router
Junos OS Release 18.1 or later for MX Series routers
Overview and Topology
sFlow technology samples network packets and sends the samples to a monitoring station. You can specify sampling rates for ingress and egress packets. The information gathered is used to create a network traffic visibility picture.
An sFlow monitoring system consists of an sFlow agent embedded in the switch and a centralized collector. The sFlow agent runs on the switch. It combines interface counters and flow samples and sends them across the network to the sFlow collector. Figure 1 depicts the basic elements of the sFlow system.
To configure sFlow technology, perform the following tasks:
CLI Quick Configuration
To quickly configure sFlow technology, copy the following commands and paste them into the router terminal window:
set sflow collector 10.204.32.46 udp-port 5600
set sflow interfaces ge-0/0/0
set sflow polling-interval 20
set sflow sample-rate egress 1000
set sflow interfaces ge-0/0/1 polling-interval 10 sample-rate ingress 1000
To configure sFlow technology:
- Configure the IP address and UDP port of the collector:
You can configure a maximum of 4 collectors.
The default UDP port is 6343.
- Enable sFlow technology on a specific interface:
[edit protocols sflow]
user@host# set interfaces ge-0/0/0
You cannot enable sFlow technology on a Layer 3 VLAN-tagged interface.
You cannot enable sFlow technology on a link aggregation group (LAG) interface, but you can enable it on the member interfaces of a LAG.
- Specify in seconds how often the sFlow agent polls the
[edit protocols sflow]
user@host# set polling-interval 20
The polling interval can be specified as a global parameter also. Specify 0 if you do not want to poll the interface.
- Specify the global rate at which egress packets must be
[edit protocols sflow]
user@host# set sample-rate egress 1000
You can specify both egress and ingress sampling rates. If you set only the egress sampling rate, the ingress sampling rate will be disabled.
- Specify the interface level poling rate and sampling rate:
When you configure at both interface level and global level, former takes the precedence.
We recommend that you configure the same sampling rates on all the ports on a line card. If you configure different sampling rates are different, the lowest value is used for all ports. You could still configure different rates on different line cards.
Check the results of the configuration:
To confirm that the configuration is correct, perform these tasks:
Verifying That sFlow Technology Is Configured Properly
Verify that sFlow technology is configured properly.
Use the show sflow command:
user@host> show sflow
sFlow : Enabled Sample limit : 300 packets/second Polling interval : 20 second Sample rate egress : 1:2048: Disabled Sample rate ingress : 1:2048: Disabled Agent ID : 10.213.0.18 Agent ID IPv6 : fec0::a:0:0:4 Source IP address : 10.1.1.1 Source IPv6 address : fe80::200:ff:fe00:4
The sampling limit cannot be configured and is set to 300 packets/second per FPC.
The output shows that sFlow technology is enabled and specifies the values for the sampling limit, polling interval, and the egress sampling rate.
Verifying That sFlow Technology Is Enabled on the Specified Interface
Verify that sFlow technology is enabled on the specified interfaces and display the sampling parameters.
Use the show sflow interface command:
user@host> show sflow interface
Interface Status Sample rate Adapted sample rate Polling-interval Egress Ingress Egress Ingress Egress Ingress ge-0/0/0.0 Enabled Disabled 1000 2048 1000 2048 20 ge-0/0/1.0 Enabled Enabled 1000 1000 1000 1000 10
The output indicates that sFlow technology is enabled on the ge-0/0/0.0 interface with an egress sampling rate of 1000, a disabled ingress sampling rate, and a polling interval of 20 seconds. Similarly, sFlow is also enabled on the ge-0/0/1.0 interface with an egress sampling rate of 1000, an ingress sampling rate of 1000, and a polling interval of 10 seconds
Verifying the sFlow Collector Configuration
Verify the sFlow collector's configuration.
Use the show sflow collector command:
user@host> show sflow collector
Collector Udp-port No. of samples address 10.204.32.46 5600 1000 10.204.32.76 3400 1000
The output displays the IP address of the collectors and the UDP ports. It also displays the number of samples.