Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

sFlow Support on Routers

On PTX1000 routers and QFX10000 Series switches, sFlow technology always works at the level of the physical interface. Enabling sFlow monitoring on one logical interface enables it on all logical interfaces belonging to that physical interface.

On PTX1000 routers, PTX10000 routers, and QFX10000 Series switches, you can configure sFlow only on an active logical interface. Use the show interfaces terse command to display the status information of interfaces. If both operational and admin state of an interface is up, then it is an active interface.

On PTX10000 routers, PTX5000 routers and QFX10000 Series switches, sFlow will not generate samples as expected when the ingress or egress interfaces are part of routing instance specifically in ECMP scenario.

The sFlow agent is responsible for monitoring the network port, sample all incoming packets including control traffic and traffic arriving on all the ports in the system.

sFlow technology is supported only on the ACX5000 line of routers, other ACX Series routers do not support this technology.

The following sFlow features are supported on the ACX5000 line of routers:

  • Packet-based sampling

    Note:

    This feature is not supported on ACX5448 router.

  • Time-based sampling

  • Adaptive sampling

The following sFlow technology limitations apply on ACX5000 line of routers:

  • The ingress and egress sampling can be configured only on one of the units under a physical interface and the sFlow is enabled for the physical interface (port). The sFlow cannot be enabled if the unit under a physical interface is not configured.

  • Egress sampling for Broadcast, Unknown unicast and Multicast (BUM) traffic is not supported because the source-interface field in the sFlow datagrams cannot be populated.

  • Destination VLAN and Destination Priority fields are not populated in the case of Layer 3 forwarding.

  • sFlow sampling is not supported on the output interface of an analyzer.

  • SNMP MIB support for sFlow is not available.

  • sFlow cannot be enabled on IRB interfaces.

  • sFlow cannot be enabled on logical tunnel (lt-) and LSI interfaces.

sFlow for GRE Encapsulation

On PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016 devices, sFlow supports the export of Extended Tunnel Egress Structure fields for traffic entering IPv4 or IPv6 GRE tunnels. This enables sFlow to provide information about GRE tunnel into which a packet entering the device might be encapsulated. The GRE tunnel could be IPv4 or IPv6. The feature is supported only when sFlow is enabled in the ingress direction wherein firewall based GRE encapsulation happens on IPv4 or IPv6 packets.

The feature is supported for the below traffic scenarios when ingress sFlow sampling is enabled:

  • Incoming IPv4 traffic that undergoes IPv4 GRE encapsulation

  • Incoming IPv6 traffic that undergoes IPv4 GRE encapsulation

  • Incoming IPv4 traffic that undergoes IPv6 GRE encapsulation

  • Incoming IPv6 traffic that undergoes IPv6 GRE encapsulation

To learn more about the sFlow and sFlow Tunnel Structures, see sFlow Tunnel Structures.

#id-overview-of-sflow-technology__sflow-fields describes extended tunnel egress structure fields for traffic entering IPv4 or IPv6 GRE tunnels.

Table 1: Extended Tunnel Egress Structure Fields and Values
Field Name Value
Protocol reported 0x2f (GRE)
Source IP IPv4 or IPv6 address of the tunnel source
Destination IP IPv4 or IPv6 address of the tunnel destination endpoint
length 0
source port 0
destination port 0
tcp flags 0
priority 0

The extended structure for IPv4 and IPv6 GRE tunnels is below:

Sampled IPv4 header structure is below:

Sampled IPv6 header structure is below:

sFlow Sample Size

Starting in Junos OS Evolved 23.1R1 release for PTX Series devices, you can configure the sFlow sample size of the raw packet header to be exported as part of the sFlow record to the collector. The configurable range of sample size is from 128 bytes through 512 bytes. Use the set protocols sflow sample-size Sample-Size command to configure the sample size. If the configured sample size is greater than the actual packet size, then the actual size of the packet is exported. If you do not configure the sample size, the default size of the raw packet header exported to the collector is 128 bytes.

The sample size configured in the global sFlow configuration is inherited by all the interfaces configured under sFlow protocols.

sFlow Limitations on Routers

On routers, limitations of sFlow traffic sampling include the following:

  • Trio chipset cannot support different sampling rate for each family. Hence, only one sampling rate can be supported per line card.

  • Adaptive load balancingsampling is applied per line card and not for per interface under the line card.

Routers support configuration of only one sampling rate (inclusive of ingress and egress rates) on an line card. To support compatibility with the sFlow configuration of other Juniper Networks products, the routers still accept multiple rate configuration on different interfaces of the same line card. However, the router programs the lowest rate as the sampling rate for all the interfaces of that line card. The (show sflow interfaces) command displays the configured rate and the actual (effective) rate. However, different rates on different line cards is still supported on Juniper Networks routers.

You cannot configure sFlow on the following line cards:

  • JNP10K-LC4800

  • MPC10E

  • MPC15E

  • MPC11E

  • MX10K-LC9600

  • EX9200-15C

In Junos OS Evolved, you can configure sFlow only on Ethernet interfaces (et-*) for the following PTX Series devices:

  • PTX10003-80C and PTX10003-160C

  • PTX10008

  • PTX10001-36MR

  • PTX10004

  • PTX10016

You cannot configure sFlow on loopback interfaces (lo0).