Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Monitoring Network Traffic Using sFlow Technology

 

The sFlow technology is a monitoring technology for high-speed switched or routed networks. sFlow monitoring technology collects samples of network packets and sends them in a UDP datagram to a monitoring station called a collector. You can configure sFlow technology on a device to monitor traffic continuously at wire speed on all interfaces simultaneously. You must enable sFlow monitoring on each interface individually; you cannot globally enable sFlow monitoring on all interfaces with a single configuration statement. Junos OS supports the sFlow technology standard described in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks.

This example describes how to configure and use sFlow monitoring on a QFX3500 switch in standalone mode.

Requirements

This example uses the following hardware and software components:

  • Junos OS Release 11.3 or later

  • One QFX3500 switch

Overview

An sFlow monitoring system consists of an sFlow agent embedded in the device and a centralized collector on the network. The two main activities of the sFlow agent are random sampling and statistics gathering. The sFlow agent combines interface counters and flow samples and sends them to the IP address and UDP destination port of the sFlow collector in UDP datagrams.

Figure 1 depicts the basic elements of an sFlow system.

Figure 1: sFlow Technology Monitoring System
sFlow Technology Monitoring System

Configuration

CLI Quick Configuration

To quickly configure sFlow technology, copy the following commands and paste them into the terminal window of the switch:

[edit protocols sflow]
set collector 10.204.32.46 udp-port 5600
set interfaces xe-0/0/1.0
set polling-interval 20
set sample-rate 1000

Step-by-Step Procedure

To configure sFlow features using the CLI:

  1. Configure the IP address and UDP port of at least one collector:
    [edit protocols sflow]

    user@switch# set collector 10.204.32.46 udp-port 5600

    The default UDP port assigned is 6343.

  2. Enable sFlow technology on a specific interface:
    [edit protocols sflow]

    user@switch# set interfaces xe-0/0/1.0
    Note

    You cannot enable sFlow technology on a Layer 3 VLAN-tagged interface.

    You cannot enable sFlow technology on a LAG interface (for example, ae0), but you can enable sFlow technology on the member interfaces of the LAG (for example, xe-0/0/1).

  3. Specify how often (in seconds) the sFlow agent polls all interfaces at the global level:
    [edit protocols sflow]

    user@switch# set polling-interval 20
    Note

    Specify 0 if you do not want to poll the interface.

  4. Specify the rate at which packets must be sampled at the global level. The following example sets a sample rate of 1 in 1000 packets:
    [edit protocols sflow]

    user@switch# set sample-rate 1000

Results

Check the results of the configuration:

Verification

To confirm that the configuration is correct, perform these tasks:

Verifying That sFlow Technology Has Been Configured Properly

Purpose

Verify that sFlow technology has been configured properly.

Action

Enter the show sflow operational mode command:

user@switch> show sflow
Note

The sample limit cannot be configured and is set to 300 packets per second.

Meaning

The output shows that sFlow technology is enabled and specifies the values for the sampling limit, polling interval, and sampling rate.

Verifying That sFlow Technology Is Enabled on an Interface

Purpose

Verify that sFlow technology is enabled on interfaces and display the sampling parameters.

Action

Enter the show sflow interface operational mode command:

user@switch> show sflow interface

Meaning

The output indicates that sFlow technology is enabled on the Node1:xe-0/0/1.0 interface on the Node device with a sampling rate of 1000 and a polling interval of 20 seconds.

Verifying the sFlow Collector Configuration

Purpose

Verify the sFlow collector configuration.

Action

Enter the show sflow collector operational mode command:

user@switch> show sflow collector

Meaning

The output displays the IP address of the collector, the UDP port, and the number of samples collected.