sFlow (sampled flow)

sFlow (defined in https://sflow.org/sflow_version_5.txt) is a standard-based sampling technology the meets the key requirements of network traffic monitoring on switches and routers.

sFlow is an industry standard, low cost and scalable technique that enables a single analyzer to provide a network wide view.

Example model & SONiC version:

  • Aurora 615/715
  • Netberg SONiC: sonic-202012-nb-inno-211121

SONiC only supports two sFlow collectors.

Defaults:

  • SFLOW is disabled
  • polling interval is 20 s
  • agent id is eth0
  • UDP port is 6343

The default sample rate based on interface speed is:

1-in-1000 for a 1G link
1-in-10,000 for a 10G link
1-in-40,000 for a 40G link
1-in-50,000 for a 50G link
1-in-100,000 for a 100G link

Enable sFlow:

admin@sonic:~$ sudo config sflow enable
admin@sonic:~$ sudo config sflow interface enable Ethernet32
Note Sometimes may result in error:
Failed to enable unit: Unit file /etc/systemd/system/sflow.service is masked.

Fix:

sudo systemctl unmask sflow >/dev/null
sudo systemctl enable sflow
sudo systemctl start sflow

Add an sFlow collector.

admin@sonic:~$ sudo config sflow collector add sFlow 192.168.10.2

Check the result:

admin@sonic:~$ show sflow
sFlow Global Information:
  sFlow Admin State:          up
  sFlow Polling Interval:     20
  sFlow AgentID:              loopback0
  1 Collectors configured:
    Name: sFlow               IP addr: 192.168.10.2    UDP port: 6343   VRF: default
admin@sonic:~$ show sflow interface
sFlow interface configurations
+-------------+---------------+-----------------+
| Interface   | Admin State   |   Sampling Rate |
+=============+===============+=================+
| Ethernet32   | up            |          100000 |
+-------------+---------------+-----------------+