sflow

This chapter describes Arista's implementation of sflow, including configuration instructions and command descriptions. Topics covered by this chapter include the following:

sflow Conceptual Overview

sflow Technology

Sampled Flow (sflow) provides a multi-vendor sampling technology that continuously monitors application level traffic flow at wire speed simultaneously on all interfaces. sflow provides gigabit speed quantitative traffic measurements without impacting network performance.

sflow has the following network traffic monitoring characteristics:

  • sflow provides a statistical sampling technology designed to be deployed on all ports within a network to provide end-to-end visibility.
  • sflow exports packet samples and topology meta data to a centralized collector application.
  • sflow scales and operates on all switch ports simultaneously.
  • eos implements sflow on all switches, without requiring additional memory or CPU and does not impact data plane forwarding.

An sflow configuration consists of the following:
  • sflow agents, embedded on network equipment monitoring traffic and generating data.
  • sflow collectors that receive and analyze sflow data.

Arista switches include an sflow agent that monitors ingress data through all Ethernet interfaces.

sflow Agents

The sflow agent runs a software process as part of the network management software within an Arista switch. It combines interface counters and flow samples into sflow datagrams sent to an sflow collector. Packets typically include flow samples and state information of the forwarding/routing table entries associated with each sample. sflow agents gather additional data from entries originated by BGP.

When packaging data into datagrams, the sflow Agent performs minimal processing. Immediate data forwarding minimizes agent memory and CPU requirements.

sflow Collector

An sflow collector runs software that analyzes and reports network traffic. Collectors receive flow samples and counter samples as sflow datagrams from sflow agents.

Arista switches reference the IP address and UDP port of collectors as configurable settings through a CLI command. Arista switches do not include sflow collector software.

sflow Data

The sflow Agent uses two forms of sampling: statistical packet-based sampling of switched flows and time-based sampling of network interface statistics.
  • Switched flow sampling - Takes a sample by either copying the packet header or extracting feature data.
  • Interface statistics sampling - Counter sampling extracts statistics by periodically polling each data source on the device.

sflow implements flow sampling and counter sampling as part of an integrated system. An sflow datagram incorporates both sample types.

Arista sflow Implementation

Arista switches provide a single sflow agent instance that samples ingress traffic from all Ethernet and port channel interfaces. The switch provides two levels of settings for enabling sflow:
  • Global - Settings that enable packet sampling on the entire switch.
  • Interface - Settings that control sampling on individual interfaces when globally enabling sflow.

The sflow default settings include the following:
  • Global - Disable sflow and BGP sflow export globally.
  • Ethernet and Port Channel Interfaces - Enabling sflow globally impacts all interfaces. When enabled globally, BGP sflow export impacts all interfaces.

When globally enabled, the switch performs sflow polling. The CLI provides commands that globally turn off sampling while counter-polling remains enabled. Sample enabling is not controllable on individual interfaces.

The switch sends sflow datagrams to the collector at an IP address specified by a global configuration command. If no collector destination exists, the switch samples data without transmitting the resulting datagrams.

Although the CLI enforces the configured sampling rate limit, sflow may drop samples if it cannot handle the number of samples received over a specified period. Under normal operation, the maximum packet sample rate is one per 16384 packets. The CLI allows for higher sampling rates by using the dangerous keyword.

Configure the switch to allow the routing agent to export BGP information to the sflow agent. When enabling BGP sflow export, sflow adds BGP information to packets with BGP route destinations.

The following lists describe sflows sampling behavior relative to different packet types.
  • Sampled Packets
    • CPU
    • IP Options
    • L3 MTU violations
    • Flooded packets
    • Multicast packets
    • IGMP packets
    • LACP frames
    • PAUSE frames
    • STP BPDUs
    • BPDU dropped packets
    • STP blocked ports

      Note: Not sampled on 7300X3, 7320X, 7358, 7368, 7388, CCS-710P, CCS-720DF, CCS-720DP, CCS-720DT, CCS-720XP, CCS-722XPM, CCS-750, DCS-7010TX, DCS-7050X3, DCS-7050X4, DCS-7060X, DCS-7060X2, DCS-7060X4, DCS-7060X5, DCS-7260X, DCS-7260X3, DCS-7300X

    • PIM hello packets
    • VLAN tag violation dropped packets

      Note: Not sampled on 7300X3, 7320X, 7358, 7368, 7388, CCS-710P, CCS-720DF, CCS-720DP, CCS-720DT, CCS-720XP, CCS-722XPM, CCS-750, DCS-7010TX, DCS-7050X3, DCS-7050X4, DCS-7060X, DCS-7060X2, DCS-7060X4, DCS-7060X5, DCS-7260X, DCS-7260X3, DCS-7300X

  • Packets not sampled:
    • L2 MTU violations
    • LLDP frames
    • CRC error frames
    • ACL dropped packets

      Note: Use the sflow sample drop include reason acl command to sample these packets on 7289, 7500R3, DCS-7020, DCS-7130, DCS-7132, DCS-7280R, DCS-7280R2, DCS-7280R3, DCS-7500R, DCS-7500R2, DCS-7500R3, DCS-7800, DCS-7800R3, DCS-7280R, DCS-7280R2, DCS-7500R, DCS-7500R2, DCS-7020R, DCS-7280R3, DCS-7500R3, DCS-7800R3

sflow and Mirroring

sflow and Mirroring supports using the same interface for a mirroring session and sflow at the same time. When configured on the same interface, sflow does not support TAP Aggregation. Enabling TAP Aggregation mode configures the interface as a source for a mirroring session, and sflow only mirrors packets. No sflow samples produced.

The following switches support sflow and Mirroring:

  • DCS-7280R
  • DCS-7280R2
  • DCS-7280E
  • DCS-7500R
  • DCS-7500R2
  • DCS-7500E
  • DCS-7050X
  • DCS-7060X
  • DCS-7250X
  • DCS-7260X
  • DCS-7300X

However, the following switches have a limitation:

  • DCS-7280R
  • DCS-7280R2
  • DCS-7280E
  • DCS-7500R
  • DCS-7500R2
  • DCS-7500E

When configuring a mirroring session and sflow on a same interface for the above devices, the following packet types do not sample though they sample with only sflow.
  • STP BPDUs
  • LACP frames
  • LLDP frames
  • OSPF packets
  • PIM HELLO packets
  • Packets dropped due to VLAN violations

Hardware Accelerated sflow

Compatible platforms support hardware-accelerated sflow. Without hardware acceleration, the software performs all sflow processing, and performance depends on the capabilities of the host CPU. Aggressive sampling rates also decrease the processing time available for other eos applications.

With hardware acceleration, hardware performs all sflow processing using specialized chips called accelerators. These accelerators process sampled packets and send out sflow datagrams in the same manner as the software agent. The CPU has little involvement and dedicates the chips to sflow with higher performance and the CPU has more availability for other tasks, even with high sampling rates.

The following switches support hardware-accelerated sflow:

  • DCS-7280R3
  • DCS-7280SR2A-48YC6
  • DCS-7280CR2-60
  • DCS-7280CR2A-60
  • DCS-7280CR2K-60
  • DCS-7280CR2-30
  • DCS-7280CR2A-30
  • DCS-7280SRAM-48C6
  • DCS-7280SR2K-48C6
  • DCS-7500R3
  • DCS-7500R2A-36CQ-LC
  • DCS-7500R2AK-36CQ-LC
  • DCS-7500R2AM-36CQ-LC
  • DCS-7500R2AK-48YCQ-LC
  • DCS-7800R3

The following switches have limitations:

  • DCS-7280R
  • DCS-7280R2
  • DCS-7280E
  • DCS-7500R
  • DCS-7500R2
  • DCS-7500E

Before enabling hardware-accelerated sflow, the following requirements must be fulfilled:
  • sflow enabled globally.
  • Routing must be enabled in any VRF. This is required for sflow datagrams to be routed to the collector(s).

The following command enables or disables hardware-accelerated sflow in configuration mode.
switch(config)# [no|default] sflow hardware acceleration

The following command disables hardware-accelerated sflow on a particular LineCard.
switch(config)# no sflow hardware acceleration module Linecard3

The following command reverts hardware-accelerated sflow on a particular LineCard.
switch(config)# sflow hardware acceleration module Linecard3

Examples

  • The following example enables routing on the switch, activates sflow, and enables hardware acceleration globally, but forces software sflow on Linecard3. 
    switch(config)# ip routing
switch(config)# sflow run
switch(config)# sflow hardware acceleration
switch(config)# sflow source 10.10.10.1
switch(config)# sflow destination 10.10.10.2
switch(config)# sflow hardware acceleration sample 1024
switch(config)# no sflow hardware acceleration module Linecard3

  • The following example displays the IPv6 configuration. Hardware accelerated sflow enables either IPv4 or IPv6 collectors. IPv6 configuration takes precedence over IPv4 configuration and disables IPv4 collectors.
    switch(config)# ipv6 unicast-routing
switch(config)# ip routing
switch(config)# sflow run
switch(config)# sflow hardware acceleration
switch(config)# sflow source-interface Ethernet1/1
switch(config)# sflow destination 10.10.10.2
switch(config)# sflow hardware acceleration sample 1024
switch(config)# no sflow hardware acceleration module Linecard3

  • The command show sflow hardware status displays the current status of hardware acceleration for sflow for fixed system.
    switch(config)#show sflow hardware status
Status
——
Hardware Acceleration On: No
       – sflow must be enabled
       – sflow hardware acceleration must be enabled in the CLI
       – routing must be enabled in any VRF
Sample Rate: None

  • The command show sflow hardware status displays the current status of hardware acceleration for sflow for modular system.
    switch(config)#show sflow hardware status
Status
——
Hardware Acceleration On: Yes
Sample Rate: 1048576
                          sflow Mode
Module          Active                    Configured             Has sflow accelerators
—————-      ————————–            ————————–         ———————-
Linecard3       Software                  Hardware-accelerated        No
Linecard4       Software                  Hardware-accelerated        No
Linecard5       Hardware-accelerated      Hardware-accelerated        Yes
Linecard6       Hardware-accelerated      Hardware-accelerated        No

  • The command show sflow hardware counters displays counters specific to sflow acceleration.
    switch(config)# show sflow hardware counters
——————
sflowAccelFpga7:0
——————
Incoming Packet Count : 
Outgoing sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0
——————
sflowAccelFpga7:1
——————
Incoming Packet Count : 0
Outgoing sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0
——————
Total
——————
Incoming Packet Count : 0
Outgoing sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0

  • The command show sflow hardware accelerators displays a list of all hardware accelerators currently present in the system.
    switch(config)#show sflow hardware accelerators
Slice     sflow Accelerator    Type    PCI Address    Direct Connections
——————————————————————————–
Linecard7 sflowAccelFpga7:0   halo    0000:85:00.0     Jericho7/0
Linecard9 sflowAccelFpga9:0   halo    0000:a6:00.0     Jericho9/0

  • The command show sflow hardware mapping displays hardware accelerator performs sflow processing for each switch chip in the system. Hardware acceleration needs to be enabled and running, otherwise the output of the command is empty.
    switch(config)#show sflow hardware mapping
Chip          sflow Accelerator       Direct Connection
————————————————————
Jericho3/0    sflowAccelFpga7:0       False
Jericho3/1    sflowAccelFpga7:0       False
Jericho4/0    sflowAccelFpga9:0       False
Jericho4/1    sflowAccelFpga9:0       False
Jericho5/0    sflowAccelFpga7:0       False
Jericho5/1    sflowAccelFpga7:0       False
Jericho6/0    sflowAccelFpga9:0       False
Jericho6/1    sflowAccelFpga9:0       False
Jericho7/0    sflowAccelFpga7:0       True
Jericho9/0    sflowAccelFpga9:0       True

Configuring sflow

Implementing sflow on an Arista switch consists of configuring the following agent parameters:
  • Collector location address
  • Agent source address
  • Polling interval
  • Sampling rate

Optionally, sflow can be configured to include output interface and traffic class information in samples using the sflow sample command, and to include BGP information in samples whose destination is a BGP route using the sflow extension bgp command.

After configuring the sflow agent, enable sflow globally to initiate sampling sflow on the switch.

Platform-specific Considerations

Enabling BGP sflow export on Arad platform switches, DCS-7280E and DCS-7500E, adds BGP information to some sflow packets with ECMP destinations.

DCS-7500E switches use actual hardware egress port information in sflow packets. All other platforms use software simulation to determine the egress port.

Configuring the Collector Location

The sflow destination command specifies the IP address and UDP port of an sflow collector. The switch supports multiple collectors.

Example

This command configures the switch to send sflow data to collectors at 192.0.2.1, port 6100 and 2001:0db8::2 port 6343 (the default sflow port).
switch(config)# sflow destination 192.0.2.1 6100
switch(config)# sflow destination 2001:0db8::2
switch(config)#

Configuring the Agent Source Address

The sflow source command specifies the source address that the switch places in all sflow datagrams that it sends to the collector. This address is normally set to an IP address configured on the switch.

Example

This command configures 2001:0db8::21 as the sflow source address.
switch(config)# sflow source 2001:0db8::21
switch(config)#

The sflow source-interface command can be alternatively used to specify the interface from which an IP address is derived that the switch places in all sflow datagrams that it sends to the collector. This address is normally set to an IP address configured on the switch.

Example

This command configures interface vlan 25 as the sflow source interface. The switch enters the IP address for vlan 25 in the source field of sflow datagrams.
switch(config)# sflow source-interface vlan 25
switch(config)#

running-config cannot simultaneously contain sflow source and sflow source-interface commands.

Configuring the Polling Interval

The sflow polling-interval command specifies the interval for sending counter data to the sflow collector. The default interval is two seconds.

Example

This command configures the switch to send sflow data every 10 seconds.
switch(config)# sflow polling-interval 10
switch(config)#

Configuring the Sampling Rate and Sample Contents

The sflow sample command sets the packet sampling rate. Packets are sampled at random intervals to avoid inaccurate sampling of periodic events. A rate of 16384 corresponds to an average sample of one per 16384 packets. The default rate is 1048576.

Example

This command configures the sflow sampling rate as 65536 (one per 65536 packets).
switch(config)# sflow sample 65536
switch(config)#

The sflow sample command can also optionally configure sample packets to include information about the traffic class of the sample. Traffic class is communicated by rewriting the DSCP field in the sample packet.

By default, samples include information about the output interface. To remove this information, use the sflow sample output interface command.

Example

These commands configure sflow to include traffic class information in samples but to exclude output interface data.
switch(config)# no sflow sample output interface
switch(config)# sflow sample rewrite dscp
switch(config)#

Configuring the sflow Datagram Size

The default datagram size, 1400, may drop with a Maximum Transmission Unit (MTU) threshold configured. Configure the default maximum datagram payload size of 1400 bytes to a size from 200 to 1500 bytes to avoid fragmentation.

Note: Only software sflow supports this feature.

Use the following command to configure the sflow datagram size as 1500:

switch(config)# sflow datagram size maximum 1500

Enabling BGP sflow Export

The sflow extension bgp command enables BGP sflow export. When it is enabled, the routing agent will export the BGP routing table and autonomous system path information to the sflow agent. When sflow receives a sampled packets whose destination is a BGP route, it will look up the following additional BGP routing information and include it in the sample:
  • next hop IP
    • AS numbers
    • AS system path to the destination
    • communities
    • local pref

On Arad platform switches (DCS-7280E and DCS-7500E), BGP sflow export will also add the above BGP information to sample packets with ECMP destination routes unless they exit the switch via a trunk port or subinterface. When egress port is a trunk port or subinterface, the sample packet will only include AS path information from the first path of the ECMP route and a BGP next hop of 0.

On all other switch platforms, ECMP destination routes will include AS path information from the first path, but will identify the BGP next hop as 0.

Note: A BGP instance must be configured on the switch for BGP sflow export to operate. See the Border Gateway Protocol (BGP) chapter for details.

Example

These commands configure a BGP instance in AS 50 and enable BGP sflow export globally.
switch(config)# router bgp 50
switch(config-router-bgp)# exit
switch(config)# sflow extension bgp
switch(config)#

Extended Switch and Router Information

By default, extended switch and router information is added to sflow sample packets.

Extended switch information includes the following:
  • source and destination VLANs and priorities.

Extended router information includes the following:
  • IP version and address of next-hop router.
    • source and destination mask lengths.

The no form of sflow extension switch and no form of sflow extension router commands prevent the addition of extended switch and router information to sflow sample packets.

Example

These commands prevent extended switch and router information from being added to sflow sample packets.
switch(config)# no sflow extension switch
switch(config)# no sflow extension router
switch(config)#

sflow EVPN MPLS Extension

The sflow EVPN MPLS extension adds support for providing information related to the bridging domain in sflow packet samples for traffic forwarded through Layer 2EVPN MPLS. When forwarding traffic though an L2 EVPN MPLS network, this sflow extension ensures sflow samples contain additional information relevant to the bridging domain and MPLS label stack. This information provides critical information about the following:
  • Layer 2 - Information related to the original Ethernet segment, VLAN, and MAC addresses within the EVPN instance.
  • MPLS Forwarding Path - Details about MPLS labels used for encapsulation and forwarding through the EVPN MPLS core.

Configuring sflow with the EVPN MPLS Extension

Use the following commands to configure a full basic sflow configuration with the EVPN MPLS extension:

  • Configure the destination with the IP address and UDP port, 10.0.0.10 6343: 
    switch(config)# sflow destination 10.0.0.100 6343
  • Add Loopback0 as the source interface for sflow datagrams: 
    switch(config)# sflow source-interface Loopback0
  • Configure the sampling rate as 1 out of every 1024 packets: 
    switch(config)# sflow sample 1024
  • Configure the polling interface to send counter samples every 30 seconds: 
    switch(config)# sflow polling-interval 30
  • Enable sflow globally: 
    switch(config)# sflow run
  • Enable the EVPN MPLS sflow extension: 
    switch(config)# sflow extension evpn mpls
To disable the EVPN MPLS extension, use the no sflow extension evpn mpls command: 
switch(config)# no sflow extenstion evpn mpls

Displaying the sflow EVPN MPLS Extension configuration

To display information about the sflow EVPN MPLS extensions, use the show sflow detail command:

switch# show sflow detail
...
Status
------
...
Sample output interface: yes
Sample MPLS extension: no
Sample MPLS VC extension for EVPN traffic: yes
Sample MPLS VC extension for VPLS traffic: no
Sample switch extension: yes
Sample router extension: yes
Sample tunnel IPv4 egress extension: no
...

Support for VPLS on sflow

For VPLS forwarded traffic, the sflow datagram includes the name of the VPLS instance and the ID of the pseudowire where the packet egresses.

Use the following command to add the VPLS extension to capture relevant VPLS information:

switch(config)#sflow extension vpls

Enabling sflow

The sflow run command globally enables sflow on the switch. The sflow enable command controls sflow operation on Ethernet and port channel interfaces when enabling sflow globally. The sflow enable command has no effect disabling sflow globally.

Example

These commands enable sflow on the switch, then disables sflow on Ethernet interface 10.
switch(config)# sflow run
switch(config)# interface ethernet 10
switch(config-if-Et10)# no sflow enable
switch(config)#

Egress Sampling for sflow Interfaces

eos supports egress sampling for sflow on Ethernet interfaces, port channels, and subinterfaces on select platforms. Egress sflow does not support hardware acceleration. Sample processing occurs in eos.

Configuring Egress Sampling on sflow Interfaces

eos disables Egress sflow by default. Use the following command to enable egress sflow for all interfaces:

switch(config)# sflow interface egress enable default

Override the global egress sflow configuration by disabling it on a specified interface:

switch(config)# interface Ethernet1
switch(config-if-Et1)# no sflow egress enable

Displaying Egress sflow configurations

To display information about the Egress sflow configuration, use the show sflow interfaces command.

switch# show sflow interfaces
Default ingress sflow configuration for an interface: Enabled
Default egress sflow configuration for an interface: Disabled
  sflow Interface (s):
  --------------------
  Ethernet20/1 - running(Ingress,Egress,Counter)
  Ethernet21/1 - running(Ingress,Counter), inactive(Egress)
  Port-Channel1 - running(Counter), partial(Egress)
  Port-Channel2 - running(Ingress,Egress,Counter)

In the output, the parameter, inactive, indicates that the interface has been configured for Egress sflow, but not operational. The parameter, partial, displays the Port-Channel inoperational members, but other members are operational.

Adding the parameter, detail, shows active and inactive Port-Channel members.

switch# show sflow interfaces detail
                
Interface           Member            Ingress            Egress          Counter 
------------------- ----------------- ------------------ ------------------ ------- 
Ethernet20/1                          running            running         running
Ethernet21/1                          running            inactive        running  
Port-Channel1                         unconfigured       partial         running 
Port-Channel1       Ethernet1/1       unconfigured       inactive        running 
Port-Channel1       Ethernet2/1       unconfigured       running         running 
Port-Channel1       Ethernet3/1       unconfigured       running         running 
Port-Channel2                         running            running         running

Verifying an Egress sflow configuration

If the configuration does not send Egress samples to the collector, verify that you have active Egress sflow interfaces:

switch# show sflow interfaces
sflow Interface (s):
--------------------
Ethernet1 – running(Egress,Counter)
Ethernet2 – running(Ingress,Counter)
Ethernet3 - running(Ingress,Egress,Counter)
Ethernet4 - running(Ingress,Counter), inactive(Egress)

The output, inactive(Egress) indicates that an Egress sflow has been configured, but not operational.

sflow Subinterfaces

The sflow sample [input | output] subinterface command configures ifIndex values for subinterfaces on input and output ports to be included in the sflow sample. These values replace the default parent port ifIndex value. Enabling this feature changes all sflow samples generated by the switch from compact to the expanded format.

Configuring sflow Subinterface

The following configures subinterfaces on the switch for sampling. 

switch (config)# sflow run
switch (config-if-Et1)# sflow sample input subinterface
switch (config)# sflow sample output subinterface

The following file extract displays the output from a show sflow detail command. 

switch# show sflow detail
...
Status
------
...
Sample Switch Extension: Yes
Sample Router Extension: Yes
Sample Tunnel IPv4 Egress Extension: No
Sample Input Subinterface: Yes
Sample Output Subinterface: Yes
Port Channel Output Interface Index: portchannel
Sample Encoding Format: expanded
...

Limitations

  • Only some hardware platforms support this feature.
  • Only L3 subinterfaces and QinQ L3 subinterfaces support the sflow output subinterface.
  • sflow does not support tunneled packets such as GRE, MPLSoGRE, and IPinIP.

sflow commands

Global configuration commands

Interface configuration commands

Privileged EXEC Command

sflow Display commands

clear sflow counters

The clear sflow counters command resets the global sflow statistics, which includes the number of samples and sample pool. The hardware trigger count is not reset.

The show sflow command displays global sflow statistics.

Command Mode

Privileged EXEC

Command Syntax

clear sflow counters

Example
This command resets the sflow counters.
switch# clear sflow counters
switch#

sflow agent

The sflow agent command allows you to specify a specific type of address used by sflow to identify the datagrams exported to the collector and uniquely identifies the origin of the datagrams.

This command overrides the sflow source and sflow source-interface configurations and takes precedence as the agent identifier field in the sflow datagram. Only one agent IP address can be configured on a switch.

The no sflow agent command removes the configured agent ID. The default sflow agent command disables the feature.

Command Mode

Global configuration

Command Syntax

sflow agent address [ipv4_address | ipv6_address]

no sflow agent address

default agent address

Parameters

  • sflow agent - Configure an agent for sflow.
  • [ipv4_address | ipv6_address] - Specify an IPv4 or IPv6 address for the agent.

Example

Use the following commands to set the sflow agent IPv4 address to 192.168.10.11:

switch# config
switch(config)# sflow agent address 192.168.10.11

sflow datagram

The sflow datagram command configures the size of the sflow datagram from 200 to 1500 bytes to help avoid fragmentation of the datagram.

Note: eos supports this feature in software sflow.

Command Mode

Privileged EXEC

Command Syntax

sflow datagram size maximum bytes

Parameters

bytes - Configure the size of the datagram from 200 to 1500 bytes.

Example

Use the following command to configure an sflow datagram in 1000 bytes:

switch(config)# sflow datagram size maximum 1000

sflow destination

The sflow destination command specifies an sflow collector IPv4 or IPv6 address and, optionally, a UDP port (the default is 6343). The switch supports sflow collector addresses through multiple sflow destination commands in running-config.

The no sflow destination and default sflow destination commands remove the specified sflow collector IP address by deleting the corresponding sflow destination command from running-config.

Command Mode

Global configuration

Command Syntax

sflow destination dest_addr [UDP_PORT]

no sflow destination dest_addr [UDP_PORT]

default sflow destination dest_addr [UDP_PORT]

Parameters
  • dest_addr sflow collector's IP address.
  • UDP_PORT sflow collectors data reception port. Options include:
    • no parameter port number 6343 (default).
    • port_num port number. Value ranges from 0 to 65535.

Example

This command configures the switch to send sflow data to the collector located at 2001:0db8::2; the collector receives the data through UDP port 6100.
switch(config)# sflow destination 2001:0db8::2 6100
switch(config)#

sflow enable

The sflow enable command enables sflow on the configuration mode interface. When globally enabling sflow using the sflow run command, the command enables sflow on all interfaces by default. Use the sflow enable command when running-config contains a no sflow enable statement for the specified interface.

The no sflow enable command disables sflow on the configuration mode interface. When globally disabled, this command persists in running-config but does not affect switch operation.

The default sflow enable command removes the corresponding no sflow enable command from running-config enabling sflow capability on the interface.

Command Mode

Interface-Ethernet configuration

Interface-Port-Channel configuration

Command Syntax

sflow enable

no sflow enable

default sflow enable

Examples
  • These commands enable sflow on the switch and disable sflow on interface ethernet 12.
    switch(config)# sflow run
switch(config)# interface ethernet 12
switch(config-if-Et12)# no sflow enable
switch(config-if-Et12)#

  • This command removes the no sflow enable command for interface ethernet 12 from running-config, enabling sflow on the interface whenever sflow is globally enabled.
    switch(config-if-Et12)# sflow enable
switch(config-if-Et12)#

sflow extension bgp

The sflow extension bgp command enables BGP export to sflow. When enabled, the routing agent exports the BGP routing table and autonomous system path information to the sflow agent. When sflow receives a sampled packets whose destination is a BGP route, it will look up the following additional BGP routing information and include it in the sample:

Next hop IP address
  • AS numbers
  • AS system path to the destination
  • Communities
  • Local preferences

The no sflow extension bgp and default sflow extension bgp commands disable BGP export to sflow by deleting the corresponding sflow extension bgp command from running-config.

Note: A BGP instance must be configured on the switch for BGP sflow export to function.

Command Mode

Global configuration

Command Syntax

sflow extension bgp

no sflow extension bgp

default sflow extension bgp

Guidelines

BGP sflow export behaves differently on different switch platforms as follows:
  • DCS-7500E switches use actual hardware egress port information in sflow packets. All other platforms use software simulation to determine the egress port.
  • On Arad platform switches (DCS-7280E and DCS-7500E), BGP sflow export works for sample packets with ECMP destination routes unless they exit the switch through a trunk port or subinterface. When a trunk port or subinterface provides the egress port, the sample packet only includes AS path information from the first path of the ECMP route and a BGP next hop of 0.
  • On all other switch platforms, ECMP destination routes includes AS path information from the first path, but identifies the BGP next hop as 0.
  • DCS-7500E switches use actual hardware egress port information in sflow packets. All other platforms use software simulation to determine the egress port.

Example
Use the following commands to configure a BGP instance in AS 50 and enable BGP sflow export globally.
switch(config)# router bgp 50
switch(config-router-bgp)# exit
switch(config)# sflow extension bgp
switch(config)#

sflow extension evpn mpls

The sflow extension evpn mpls command adds support for providing information related to the bridging domain in sflow packet samples for traffic forwarded through Layer 2EVPN MPLS. When forwarding traffic though an L2 EVPN MPLS network, this sflow extension ensures sflow samples contain additional information relevant to the bridging domain and MPLS label stack. This information provides critical information about the following:
  • Layer 2 - Information related to the original Ethernet segment, VLAN, and MAC addresses within the EVPN instance.
  • MPLS Forwarding Path - Details about MPLS labels used for encapsulation and forwarding through the EVPN MPLS core.

The no sflow extension evpn mpls disables the feature.

Command Mode

Global configuration

Command Syntax

sflow evpn mpls

Example

Use the following command to add sflow EVPN MPLS extension to the switch configuration:

switch(config)# sflow evpn mpls

sflow extension router

By default, the switch provides extended router information in sflow packets, including the IP version and address of the next-hop router and source and destination mask lengths.

The no version of the sflow extension router command prevents this information from being included in sflow packets.

The sflow extension router and default sflow extension router commands restore the default behavior by deleting the corresponding no sflow extension router command from running-config.

Command Mode

Global configuration

Command Syntax

sflow extension router

no sflow extension router

default sflow extension router

Example
This command prevents the switch from including extended router information in sflow packets.
switch(config)# no sflow extension router 
switch(config)#

sflow extension switch

By default, the switch provides extended switch information in sflow packets, including source and destination VLANs and priorities.

The no version of the sflow extension switch command prevents this information from being included in sflow packets.

The sflow extension switch and default sflow extension switch commands restore the default behavior by deleting the corresponding no sflow extension switch command from running-config.

Command Mode

Global configuration

Command Syntax

sflow extension switch

no sflow extension switch

default sflow extension switch

Example
This command prevents the switch from including extended switch information in sflow packets. 
switch(config)# no sflow extension switch 
switch(config)#

sflow extension vpls

The sflow extension vpls command enables VPLS exporting to sflow configuration. When enabled, the routing agent exports VPLS information to the sflow agent.

The no sflow extension vpls and default sflow extension vpls commands disable VPLS exporting to sflow by deleting the corresponding sflow extension vpls command from running-config.

Note: VPLSmust be configured on the switch for VPLS sflow export to operate.

Command Mode

Global configuration

Command Syntax

sflow extension vpls

no sflow extension vpls

default sflow extension vpls

Use the following command to enable VPLS export to sflow:

switch(config)#sflow extension vpls

sflow interface

The sflow interface command enables the sampling of egress packets from an interface

on the switch.

Command Mode

EXEC

Command Syntax

sflow interface

Examples
  • This command enables global egress sflow for all interfaces.
    switch# sflow interface egress enable default

  • This command enables egress sflow on an interface. 
    switch(config)# interface Ethernet1
switch(config-if-Et1)# sflow egress enable

sflow polling-interval

The sflow polling-interval command specifies the counters polling interval. The switch uses this interval to schedule a ports counter data transmissions to the sflow collector.

The default interval is two seconds.

The no sflow polling-interval and default sflow polling-interval commands revert the polling interval to the default of two seconds by removing the sflow polling-interval command from running-config.

Command Mode

Global configuration

Command Syntax

sflow polling-interval interval_period

no sflow polling-interval

default sflow polling-interval

Parameters

interval_period polling interval (seconds). Value ranges from 0 to 3600 (60 minutes). Default is 2.

Example

This command configures the switch to send sflow counter data every 10 seconds.
switch(config)# sflow polling-interval 10
switch(config)#

sflow qos

The sflow qos command configures Quality of Service (QoS) for sflow datastreams by specifying the Differentiated Services Code Point (DSCP) value for sflow export datagrams. By setting a specific DSCP value, you can apply QoS policies on intermediate network devices to prioritize, manage, or rate-limit the sflow telemetry traffic without impacting core data plane fowarding.

The no sflow qos command reverts to the default value. The default sflow qos command disables the feature.

Command Mode

Global configuration

Command Syntax

sflow qos dscp dscp_value

no sflow qos dscp

default sflow qos dscp

Parameters

  • sflow qos - Configure QoS parameters for sflow.
  • dscp dscp_value - Specify a value between 0 and 63. Set to 0 by default.

Example

Use the following commands to set the DSCP value to 6 for sflow QoS:

switch# config
switch(config)# sflow qos 6

sflow run

The sflow run command globally enables sflow on the switch. eos disables the sflow global setting by default. You cannot enable sflow on individual interfaces when disabling sflow globally.

The sflow enable interface configuration command controls sflow operation on individual Ethernet and Port Channel interfaces when enabling sflow globally. When enabled globally, it enables sflow on all interfaces by default.

The no sflow run and default sflow run commands globally disable sflow on the switch.

Command Mode

Global configuration

Command Syntax

sflow run

no sflow run

default sflow run

Examples
  • Use this command to enable sflow on the switch.
    switch(config)# sflow run
switch(config)#

  • Use this command to globally disable sflow.
    switch(config)# no sflow run
switch(config)#

sflow sample

The sflow sample command sets the packet sampling rate. Packets sample at random intervals to avoid inaccurate sampling of periodic events. The packet sampling rate defines the average number of ingress packets that pass through an interface for every sampled packet. A rate of 16384 corresponds to an average sample of one per 16384 packets. The switch may drop samples if it cannot manage the configured sample rate. Under normal operation, the maximum packet sample rate occurs at one per 16384 packets.

By default, samples include information about the output interface. To remove this information, use the no sflow sample command.

Optionally, use the sflow sample command to configure packets with information about the traffic class of the sample. sflow communicates the traffic class by rewriting the DSCP field in the sample packet.

The no sflow sample and default sflow sample commands reset the packet sampling rate to the default of 1048576 and remove output interface and traffic class information from samples by removing the sflow sample command from the configuration.

Command Mode

Global configuration

Command Syntax

sflow sample sample_rate

no sflow sample

default sflow sample

Parameters

sample_rate - Specifies the size of the packet sample to select a packet. Default sample size is 1048576 packets. Options include the following:
  • recommended_rate - An integer between 16384 and 16777215.

Examples
  • This command configures the sflow sampling rate as 65536, one per 65536 packets).
    switch(config)# sflow sample 65536
switch(config)#

  • This command configures the sflow sampling rate as 256, one per 256 packets).
    switch(config)# sflow sample dangerous 256
switch(config)#

sflow sample input

The sflow sample input command enables sflow sampling on Switched Virtual Interfaces (SVIs) or subinterfaces, and explicitly targets the input direction. The configuration may be required in advanced or complex scenarios.

Note: Enabling sflow on SVIs consumes hardware resources such as TCAM (classification) and CPU (agent processing). Ensure you have enough resources available.

The no sflow sample input command disables the sampling on the switch.

Command Mode

Global configuration

Command Syntax

sflow sample input [subinterface] [svi ifindex [member | svi]

Parameters

  • input - Configure sflow input settings.
  • subinterface - Include the input subinterface in samples using the expanded sample format.
  • svi - Configure sflow SVI settings.
  • ifindex - Configure sflow SVI ifindex sampling.
    • member - Report the ifindex of the physical member of the SVI in the flow sample.
    • svi - Report the ifindex of the SVI in the flow sample.

Example

Use the following commands to include the subinterface in the sflow sample input:

switch# config
        switch(config)# sflow sample input subinterface

sflow sample output interface

By default, sflow samples include information about the output interface of the sampled packet. The no sflow sample output interface command excludes the information.

Command Mode

Global configuration

Command Syntax

no sflow sample output interface

Example
This command configures sflow to exclude output interface information in samples.
switch(config)# no sflow sample output interface
switch(config)#

sflow sample rewrite

The sflow sample rewrite command configures sflow to modify the Differentiated Services Code Point (DSCP) value of the sampled packet IP header as included in the sflow datagram. When sflow samples a packet, sflow copies the header and this command allows you to specify that the DSCP field in the copied header must be rewritten to a specific value before encapsulating it in the sflow datagram and sending to the collector.

The no sflow sample rewrite command reverts to the default behavior.

Command Mode

Global configuration Mode

Command Syntax

sflow sample rewrite dscp

Parameters

  • rewrite - Configure sample rewrite settings.
  • dscp - Rewrite the DSCP value in the sflow samples.

Example

Use the following commands to rewrite the DSCP value in sflow samples:

switch# config
            switch(config)# sflow sample rewrite dscp

sflow sample truncate

The sflow sample truncate command configures the maximum length of the sampled packet header included in the sflow datagram exported to a collector. By default, sflow samples a fixed length of the packet header, and truncating the header reduces the length to a specified number of bytes. This can be used to reduce bandwidth used by sflow export traffic and decrease the processing load on sflow collectors.

Note: The command applies to all sflow interfaces and not configurable on individual interfaces.

The no sflow sample truncate command reverts to the default sample length.

Command Mode

Global configuration Mode

Command Syntax

sflow sample truncate size bytes

Parameters

  • truncate - Limit the number of packet bytes included in sflow samples.
  • size bytes - Configure the maximum size from 128 to 512 bytes.

Example

Use the following commands to truncate the packet header to 256 bytes in sflow samples:

switch# config
            switch(config)# sflow sample truncate size 256

sflow sample vxlan

The sflow sample vxlan command explicitly configures sflow to intelligently sample and parse VXLAN encapsulated traffic. When enabled, the sflow agent captures and correctly interprets the VXLAN tunnel header as well as relevant information from the original encapsulated packet.

The no sflow sample truncate command disables explicit VXLAN sampling by the sflow agent.

Command Mode

Global configuration Mode

Command Syntax

sflow sample vxlan header strip

Parameters

  • vxlan - Set the sample characteristics for VXLAN packets.
  • header strip - Strip the VXLAN headers from VXLAN encapsulated packets.

Example

Use the following commands to strip VXLAN tunnel headers from VXLAN packets:

switch# config
            switch(config)# sflow sample vxlan header strip

sflow source

The sflow source command specifies the IP address used in the Agent address filed of the IPv4 or IPv6 sflow datagram that the switch sends to the collector. This command cannot be used if running-config contains an sflow source-interface command.

The no sflow source and default sflow source commands remove the sflow source command from running-config.

Command Mode

Global configuration

Command Syntax

sflow source source_addr

no sflow source

default sflow source

Parameter

source_addr source IP address (dotted decimal notation).

Example

This command configures 2001:0db8::2 as the sflow source address.
switch(config)# sflow source 2001:0db8::2
switch(config)#

sflow source-interface

The sflow source-interface command specifies the source IP address set to the IP address of the specified interfaces that the switch sends to the collector. An sflow packet specifies both the Agent address in the IPv4 or IPv6 sflow datagram and the source IP address sent to the collector. This command cannot be used if running-config contains an sflow source command.

The no sflow source-interface and default sflow source-interface commands remove the sflow source-interface command from running-config.

Command Mode

Global configuration

Command Syntax

sflow source-interface INT_NAME

no sflow source-interface

default sflow source-interface

Parameters

INT_NAME Interface type and number. Options include:
  • interface ethernet e_num Ethernet interface specified by e_num.
  • interface loopback l_num Loopback interface specified by l_num.
  • interface management m_num Management interface specified by m_num.
  • interface port-channel p_num Port-Channel Interface specified by p_num.
  • interface vlan v_num VLAN interface specified by v_num.

Example

This command configures the sflow source address as the IP address assigned to the loopback 0 interface.
switch(config)# sflow source-interface loopback 0
switch(config)#

sflow vrf

The sflow vrf command configures sflow parameters on Virtual Routing Forwarding instances, and enables sflow functionality to be established specific VRFs. sflow datagrams originating from or destined for an sflow collector in a specific VRF source and route correctly within the VRF.

The no sflow vrf command removes the feature from the running-config. The default sflow vrf command reverts VRF-specific parameters to default values.

Command Mode

Global configuration

Command Syntax

sflow vrf [vrf_name | default] [agent address ip_address] [destination address] [source ip_address address ip_address] [source-interface [Ethernet port] [Loopback interface_number] [Management interface_number ] [Port-Channel [lag subinterface_number] [Tunnel interface_number] [Vlan vlan_interface_number]]

Parameters

  • vrf - Configure VRFs for sflow.
    • vrf_name - Specify a VRF name.
    • default - Specify the default VRF.
  • agent address ip_address - Specify an IPv4 or IPv6 address for the sflow agent.
  • destination address - Specify an IPv4 or IPv6 address or specify a fully qualified domain name.
    • port - Specify a port between 1 and 65535.
  • source ip_address address ip_address - Specify a source IPv4 or IPv6 address as the source or set the source IP address independently of the agent IP address.
  • source-interface - Specify the source interface for sflow datagrams:
    • Ethernet port - Specify the port number for an Ethernet interface.
    • Loopback interface_number - Specify the interface number for a Loopback interface.
    • Management interface_number - Specify the interface number for a Management interface.
    • Port-Channellag subinterface_number - Specify the Link Aggregation Group (LAG) and Port-Channel subinterface number.
    • Tunnel interface_number
    • Vlan vlan_interface_number - Specify a VLAN interface number from 1 to 4094.

Example

Use the following commands to configure a Management interface for sflow:

switch(config)# sflow enable      
switch(config)# sflow sample 2048 
switch(config)# sflow vrf MGMT destination 10.0.0.200 port 6343
switch(config)# sflow vrf MGMT source-interface Management0
switch(config)# sflow vrf MGMT run               
switch(config)# end

show sflow

The show sflow command displays configured sflow parameters, operational status, and statistics.

The show sflow interfaces command displays the interfaces where sflow is enabled.

Command Mode

EXEC

Command Syntax

show sflow [detail]

Parameter

detail adds hardware sampling status and number of discarded samples to the information displayed.

Examples
  • This command displays the base sflow information.
    switch# show sflow 
! Displaying counters that may be stale 
sflow configuration 
------------------- 
Destinations: None (default) 
Source(s): 
 0.0.0.0 ( default ) ( VRF: default ) 
 :: ( default ) ( VRF: default ) 
Sample Rate: 1048576 ( default ) 
Polling Interval (sec): 2.0 ( default ) 
Rewrite DSCP value: No 
Status 
------ 
Running: No 
Polling On: No 
Sampling On: No 
Send Datagrams: 
 No ( sflow not running ) ( VRF: default ) 
BGP Export: 
 No ( VRF: default ) 
Hardware Sample Rate: 1044480 
Statistics 
 --More-- 
! Displaying counters that may be stale 
sflow configuration 
------------------- 
Destinations: None (default) 
Source(s): 
 0.0.0.0 ( default ) ( VRF: default )
  :: ( default ) ( VRF: default ) 
Sample Rate: 1048576 ( default ) 
Polling Interval (sec): 2.0 ( default )
 Rewrite DSCP value: No 
Status 
------ 
Running: No 
Polling On: No
Sampling On:
 No Send Datagrams:
  No ( sflow not running ) ( VRF: default )
BGP Export:
  No ( VRF: default ) 
Hardware Sample Rate: 1044480

Statistics
 ----------
Total Packets: 0 
Number of Samples: 0 
Sample Pool: 0 
Hardware Trigger: 0 
Number of Datagrams: 0

  • This command displays the expanded sflow information.
    switch# show sflow detail
! Displaying counters that may be stale
sflow configuration
-------------------
Destinations: None (default)
Source(s):
  0.0.0.0 ( default ) ( VRF: default )
  :: ( default ) ( VRF: default )
Sample Rate: 1048576 ( default )
Polling Interval (sec): 2.0 ( default )
Rewrite DSCP value: No

Status
------
Running: No
Polling On: No
Sampling On: No
Send Datagrams:
  No ( sflow not running ) ( VRF: default )
BGP Export:
  No ( VRF: default )
Hardware Sample Rate: 1044480
Hardware Sampling On: No
Sample Output Interface: Yes
Sample Switch Extension: Yes
Sample Router Extension: Yes

Statistics
----------
Total Packets: 0
Number of Samples: 0
Sample Pool: 0
Hardware Trigger: 0
Number of Datagrams: 0
Number of Samples Discarded: 0

show sflow interfaces

The show sflow interfaces command displays the interfaces with sflow enabled.

The show sflow command displays configured sflow parameters, operational status, and statistics.

Command Mode

EXEC

Command Syntax

show sflow interfaces

Parameters

detail

Examples
  • This command displays the show sflow interface message when globally disabling sflow.
    switch# show sflow interfaces
sflow Interface (s):
--------------------
sflow is not running

  • This command displays the show sflow interface message when enabling sflow globally and enabling sflow on all interfaces.
    switch(config)# sflow run
switch(config)# show sflow interfaces
Default sflow configuration for an interface: Disable
sflow Interface (s):
--------------------
Ethernet1  running(Counter)
Ethernet2  running(Counter)
Ethernet3  running(Flow,Counter)
Ethernet4  running(Flow,Counter)
Ethernet5  running(Flow,Counter)

  • To review active and inactive sflow interfaces, use the sflow interfaces detail command: 
    switch# show sflow interfaces detail
  Interface           Member            Ingress            Egress           Counter 
------------------- ----------------- ------------------ ------------------ ------- 
  Ethernet20/1                          running            running          running
  Ethernet21/1                          running            inactive         running  
  Port-Channel1                         unconfigured       partial          running 
  Port-Channel1       Ethernet1/1       unconfigured       inactive         running 
  Port-Channel1       Ethernet2/1       unconfigured       running          running 
  Port-Channel1       Ethernet3/1       unconfigured       running          running 
  Port-Channel2                         running            running          running