Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Ingress Inline Sflow Overview

Ingress inline sFlow performs real-time, hardware-based packet sampling on ingress local ports. It provides timely visibility into live traffic without using control plane resources. Sampling is performed inline in the data plane after ingress processing and before queuing, ensuring minimal impact on forwarding performance.

The Packet Forwarding Engine manages sampling decisions, statistics collection, and sample-destination selection without involving the control plane. It copies selected packets and mirrors them to a configured analyzer for inspection. While the original traffic flows through the device without modification.

This inline approach delivers accurate, high-speed visibility into live network flows, maintaining consistent behavior across all egress ports. Monitoring overhead is controlled by a configurable sampling rate, enabling precise insights with minimal latency.

Benefits of Ingress Inline Sflow

  • Provides precise, up-to-date network traffic data at wire speed.
  • Reduces operational complexity and cost by integrating sampling within the data plane.
  • Supports flexible export options for local or remote traffic analysis integration.
  • Enables proactive network monitoring, troubleshooting, and capacity planning with minimal impact on forwarding performance.

Limitations

  • The device uses a proprietary sFlow encapsulation and header format. This format does not comply with RFC 3176 and the collector must decode the proprietary header.
  • The device does not support flow sample statistics.
  • When ingress inline sampling is enabled:
    • The device does not support egress sampling, except on the devices with egress sampling and rate limitations.
    • Only ingress sampling configuration takes effect.
  • When inline sampling is disabled, the device supports both ingress and egress sampling.
  • The device cannot send sFlow packets to a collector through the management port.
  • The device does not allow agent-based sampling and inline sampling to run simultaneously.
  • The device does not support packet fragmentation for sFlow export. The maximum sFlow packet size is limited to the interface MTU minus the sFlow packet overhead.
  • The device does not support sFlow on Aggregated Ethernet (AE) and Integrated routing and bridging (IRB) interfaces.

Configuration

Use the following steps to configure ingress inline sFlow on your device:

CLI Quick Configuration

To quickly configure this example on your switch, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure ingress inline sFlow:

  1. Enable ingress inline sampling:

  2. Configure the IP address and UDP port of the collector:

  3. Specify the rate at which ingress packets must be sampled globally:

  4. Enable sFlow on a specific interface:

  5. Commit the configuration:

Results

Check the results of the configuration:

Verification

To confirm that the configuration is correct, verify the sFlow collector configuration using the show sflow collector command: