sFlow

This chapter describes Arista's implementation of sFlow, including configuration instructions and command descriptions. Topics covered by this chapter include:

sFlow Conceptual Overview

sFlow Technology

sFlow is a multi-vendor sampling technology that continuously monitors application level traffic flow at wire speed simultaneously on all interfaces. sFlow provides gigabit speed quantitative traffic measurements without impacting network performance.

sFlow has the following network traffic monitoring characteristics:

  • sFlow is a statistical sampling technology that is designed to be deployed on all ports within a network to provide end to end visibility.
  • sFlow exports packet samples and topology meta data to a centralized collector application
  • sFlow is scalable to operate on all switch ports simultaneously.
  • sFlow is implemented on all devices, without requiring additional memory or CPU and does not impact dataplane forwarding
  • sFlow is an industry standard (RFC 3176).
An sFlow configuration consists of:
  • sFlow agents, embedded on network equipment, that monitor traffic and generate data.
  • sFlow collectors that receive and analyze sFlow data.

Arista switches include an sFlow agent that monitors ingress data through all Ethernet interfaces.

sFlow Agents

The sFlow agent is a software process that runs as part of the network management software within an Arista switch. It combines interface counters and flow samples into sFlow datagrams that are sent to an sFlow collector. Packets typically include flow samples and state information of the forwarding/routing table entries associated with each sample. Additional data can be gathered for entries originated by BGP.

The sFlow Agent performs minimal processing when packaging data into datagrams. Immediate data forwarding minimizes agent memory and CPU requirements.

sFlow Collector

An sFlow collector is a server that runs software that analyzes and reports network traffic. Collectors receive flow samples and counter samples respectively as sFlow datagrams from sFlow agents.

Arista switches reference a collectors IP address and UDP port as a configurable setting through a CLI command. Arista switches do not include sFlow collector software.

sFlow Data

The sFlow Agent uses two forms of sampling: statistical packet-based sampling of switched flows and time-based sampling of network interface statistics.
  • Switched flow sampling: A sample is taken by either copying the packet's header or extracting feature data from the packet.
  • Interface statistics sampling: Counter sampling extracts statistics by periodically polling each data source on the device.

sFlow implements flow sampling and counter sampling as part of an integrated system. An sFlow datagram incorporates both sample types.

Arista sFlow Implementation

Arista switches provide a single sFlow agent instance that samples ingress traffic from all Ethernet and port channel interfaces. The switch provides two levels of settings for enabling sFlow:
  • a global setting that enables packet sampling on the entire switch.
  • interface settings that control sampling on individual interfaces when sFlow is globally enabled.
sFlow default settings include:
  • global: sFlow and BGP sFlow export are globally disabled.
  • Ethernet and port channel interfaces: sFlow is enabled on all interfaces when it is enabled globally. BGP sFlow export is likewise enabled on all interfaces when it is enabled globally.

The switch performs sFlow polling when sFlow is globally enabled. The CLI provides commands that globally disable sampling while counter polling remains enabled. Sample enabling is not controllable on individual interfaces.

The switch sends sFlow datagrams to the collector located at an IP address specified by a global configuration command. If the collector destination is not configured, the switch samples data without transmitting the resulting datagrams.

Although the CLI enforces the configured sampling rate limit, it may drop samples if it cannot handle the number of samples it receives over a specified period. Under normal operation, the maximum packet sample rate is one per 16384 packets. The CLI allows for higher sampling rates by using the dangerous keyword.

The switch can also be configured to allow the routing agent to export BGP information to the sFlow agent. When BGP sFlow export is enabled, sFlow will add BGP information to packets whose destination is a BGP route.

The following lists describe sFlows sampling behavior relative to different packet types:
  • Packets that are sampled:
    • CPU
    • IP Options and MTU violations
    • Flooded packets
    • Multicast packets
  • Packets that are not sampled:
    • LACP frames
    • LLDP frames
    • STP BPDUs
    • IGMP packets
    • PAUSE frames
    • PIM hello packets
    • CRC error frames
    • Packets dropped by ACLs or due to VLAN violations

sFlow and Mirroring

The sFlow and Mirroring is supported using the same interface for both a mirroring session and sFlow at the same time. But when sFlow and mirroring is configured on the same interface, the tap aggregation is not supported. And when tap aggregation mode is enabled, the interface configured as a source for both a mirroring session and sFlow will only mirror packets, and sFlow samples are not produced.

The sFlow and Mirroring are supported on the following switch series:

DCS-7280R, DCS-7280R2, DCS-7280E, DCS-7500R, DCS-7500R2, DCS-7500E, DCS-7050X, DCS-7060X, DCS-7250X, DCS-7260X, and DCS-7300X.

However, the following switches have a limitation:

DCS-7280R, DCS-7280R2, DCS-7280E, DCS-7500R, DCS-7500R2, and DCS-7500E.

When a mirroring session and sFlow is configured on a same interface for the above devices, the following packet types are not sampled though they are sampled with only sFlow.
  • STP BPDUs
  • LACP frames
  • LLDP frames
  • OSPF packets
  • PIM HELLO packets
  • Packets dropped due to VLAN violations

Hardware Accelerated sFlow

The hardware-accelerated sFlow is supported on compatible platforms. Without hardware acceleration, all sFlow processing is done in software, so performance is dependent on the capabilities of the host CPU. Aggressive sampling rates also decrease the amount of processing time available for other eos applications.

With hardware acceleration, all sFlow processing is done in hardware using specialized chips, called accelerators. These accelerators process sampled packets and send out sFlow datagrams similarly as the software agent. Involvement from the CPU is very little and the chips are dedicated to sFlow, performance is higher and the CPU has more availability for other tasks, even with high sampling rates.

The Hardware accelerated sFlow is supported on the following switch series:

DCS-7280R3, DCS-7280SR2A-48YC6, DCS-7280CR2-60, DCS-7280CR2A-60, DCS-7280CR2K-60, DCS-7280CR2-30, DCS-7280CR2A-30, DCS-7280SRAM-48C6, DCS-7280SR2K-48C6, DCS-7500R3, DCS-7500R2A-36CQ-LC, DCS-7500R2AK-36CQ-LC, DCS-7500R2AM-36CQ-LC, DCS-7500R2AK-48YCQ-LC. and DCS-7800R3

However, the following switches have a limitation:

DCS-7280R, DCS-7280R2, DCS-7280E, DCS-7500R, DCS-7500R2, and DCS-7500E.

Before enabling hardware-accelerated sFlow, the following requirements must be fulfilled:
  • sFlow must be running globally.
  • Routing must be enabled in any VRF. This is required for sFlow datagrams to be routed to the collector(s).
The following command enables or disables hardware-accelerated sFlow in configuration mode.
switch(config)# [no|default] sflow hardware acceleration
The following command disables hardware-accelerated sFlow on a particular LineCard.
switch(config)# no sflow hardware acceleration module Linecard3
The following command revertshardware-accelerated sFlow on a particular LineCard.
switch(config)# sflow hardware acceleration module Linecard3
Example
The following example enables routing on the switch, activates sFlow, and enables hardware acceleration globally, but forces software sFlow on Linecard3.
switch(config)# ip routing
switch(config)# sflow run
switch(config)# sflow hardware acceleration
switch(config)# sflow source 10.10.10.1
switch(config)# sflow destination 10.10.10.2
switch(config)# sflow hardware acceleration sample 1024
switch(config)# no sflow hardware acceleration module Linecard3
Example
The following example is for IPv6 configuration. Hardware accelerated sFlow enables either IPv4 or IPv6 collectors. IPv6 configuration takes precedence over IPv4 configuration and IPv4 collectors will be disabled.
switch(config)# ipv6 unicast-routing
switch(config)# ip routing
switch(config)# sflow run
switch(config)# sflow hardware acceleration
switch(config)# sflow source-interface Ethernet1/1
switch(config)# sflow destination 10.10.10.2
switch(config)# sflow hardware acceleration sample 1024
switch(config)# no sflow hardware acceleration module Linecard3
Example
The command show sflow hardware status displays the current status of hardware acceleration for sFlow for fixed system.
switch(config)# show sflow hardware status
Status
——
Hardware Acceleration On: No
       – sFlow must be enabled
       – sFlow hardware acceleration must be enabled in the CLI
       – routing must be enabled in any VRF
Sample Rate: None
Example
The command show sflow hardware status displays the current status of hardware acceleration for sFlow for modular system.
switch(config)# show sflow hardware status
Status
——
Hardware Acceleration On: Yes
Sample Rate: 1048576
                          sFlow Mode
Module          Active                    Configured             Has sFlow accelerators
—————-      ————————–            ————————–         ———————-
Linecard3       Software                  Hardware-accelerated        No
Linecard4       Software                  Hardware-accelerated        No
Linecard5       Hardware-accelerated      Hardware-accelerated        Yes
Linecard6       Hardware-accelerated      Hardware-accelerated        No
Example
The command show sflow hardware counters displays counters that are specific to sFlow acceleration.
switch(config)# show sflow hardware counters
——————
SflowAccelFpga7:0
——————
Incoming Packet Count : 
Outgoing Sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0
——————
SflowAccelFpga7:1
——————
Incoming Packet Count : 0
Outgoing Sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0
——————
Total
——————
Incoming Packet Count : 0
Outgoing Sflow Datagram Count : 0
Outgoing Flow Sample Count : 0
Incoming Processed Packet Count : 0
Receive Packet Drop Count : 0
Packet Truncated Count : 0
Incoming Packet Error Count : 0
Outgoing Processed Datagram Count : 0
Sample Pool : 0
Example
The command show sflow hardware accelerators displays a list of all hardware accelerators currently present in the system.
switch(config)# show sflow hardware accelerators
Slice     sFlow Accelerator    Type    PCI Address    Direct Connections
——————————————————————————–
Linecard7 SflowAccelFpga7:0   halo    0000:85:00.0     Jericho7/0
Linecard9 SflowAccelFpga9:0   halo    0000:a6:00.0     Jericho9/0
Example
The command show sflow hardware mapping displays hardware accelerator performs sFlow processing for each switch chip in the system. Hardware acceleration needs to be enabled and running, otherwise the output of the command will be empty.
switch(config)# show sflow hardware mapping
Chip          sFlow Accelerator       Direct Connection
————————————————————
Jericho3/0    SflowAccelFpga7:0       False
Jericho3/1    SflowAccelFpga7:0       False
Jericho4/0    SflowAccelFpga9:0       False
Jericho4/1    SflowAccelFpga9:0       False
Jericho5/0    SflowAccelFpga7:0       False
Jericho5/1    SflowAccelFpga7:0       False
Jericho6/0    SflowAccelFpga9:0       False
Jericho6/1    SflowAccelFpga9:0       False
Jericho7/0    SflowAccelFpga7:0       True
Jericho9/0    SflowAccelFpga9:0       True

sFlow Configuration Procedures

Implementing sFlow on an Arista switch consists of configuring the following agent parameters:
  1. Collector location address.
  2. Agent source address.
  3. Polling interval.
  4. Sampling rate.

Optionally, sFlow can be configured to include output interface and traffic class information in samples using the sflow sample command, and to include BGP information in samples whose destination is a BGP route using the sflow extension bgp command.

After configuring the sFlow agent, sampling is initiated by globally enabling sFlow on the switch.

Platform-specific Considerations

When BGP sFlow export is enabled on Arad platform switches (DCS-7280E and DCS-7500E), BGP information can be added to some sFlow packets with ECMP destinations.

DCS-7500E switches use actual hardware egress port information in sFlow packets. All other platforms use software simulation to determine the egress port.

Configuring the Collector Location

The sflow destination command specifies the IP address and UDP port of an sFlow collector. The switch supports multiple collectors.

Example

This command configures the switch to send sFlow data to collectors at 10.42.15.12, port 6100 and 10.52.12.2 port 6343 (the default sFlow port).
switch(config)# sflow destination 10.42.15.12 6100
switch(config)# sflow destination 10.52.12.2
switch(config)#

Configuring the Agent Source Address

The sflow source command specifies the source address that the switch places in all sFlow datagrams that it sends to the collector. This address is normally set to an IP address configured on the switch.

Example

This command configures 10.2.9.21 as the sFlow source address.
switch(config)# sflow source 10.2.9.21
switch(config)#

The sflow source-interface command can be alternatively used to specify the interface from which an IP address is derived that the switch places in all sFlow datagrams that it sends to the collector. This address is normally set to an IP address configured on the switch.

Example

This command configures interface vlan 25 as the sFlow source interface. The switch enters the IP address for vlan 25 in the source field of sFlow datagrams.
switch(config)# sflow source-interface vlan 25
switch(config)#

running-config cannot simultaneously contain sflow source and sflow source-interface commands.

Configuring the Polling Interval

The sflow polling-interval command specifies the interval for sending counter data to the sFlow collector. The default interval is two seconds.

Example

This command configures the switch to send sFlow data every 10 seconds.
switch(config)# sflow polling-interval 10
switch(config)#

Configuring the Sampling Rate and Sample Contents

The sflow sample command sets the packet sampling rate. Packets are sampled at random intervals to avoid inaccurate sampling of periodic events. A rate of 16384 corresponds to an average sample of one per 16384 packets. The default rate is 1048576.

Example

This command configures the sFlow sampling rate as 65536 (one per 65536 packets).
switch(config)# sflow sample 65536
switch(config)#

The sflow sample command can also optionally configure sample packets to include information about the traffic class of the sample. Traffic class is communicated by rewriting the DSCP field in the sample packet.

By default, samples include information about the output interface. To remove this information, use the [no] sflow sample output interface command.

Example

These commands configure sFlow to include traffic class information in samples but to exclude output interface data.
switch(config)# no sflow sample output interface
switch(config)# sflow sample rewrite dscp
switch(config)#

Enabling BGP sFlow Export

The sflow extension bgp command enables BGP sFlow export. When it is enabled, the routing agent will export the BGP routing table and autonomous system path information to the sFlow agent. When sFlow receives a sampled packets whose destination is a BGP route, it will look up the following additional BGP routing information and include it in the sample:
  • next hop IP
    • AS numbers
    • AS system path to the destination
    • communities
    • local pref

On Arad platform switches (DCS-7280E and DCS-7500E), BGP sFlow export will also add the above BGP information to sample packets with ECMP destination routes unless they exit the switch via a trunk port or subinterface. When egress port is a trunk port or subinterface, the sample packet will only include AS path information from the first path of the ECMP route and a BGP next hop of 0.

On all other switch platforms, ECMP destination routes will include AS path information from the first path, but will identify the BGP next hop as 0.

Note: A BGP instance must be configured on the switch for BGP sFlow export to operate. See the Border Gateway Protocol (BGP) chapter for details.

Example

These commands configure a BGP instance in AS 50 and enable BGP sFlow export globally.
switch(config)# router bgp 50
switch(config-router-bgp)# exit
switch(config)# sflow extension bgp
switch(config)#

Extended Switch and Router Information

By default, extended switch and router information is added to sFlow sample packets.

Extended switch information includes the following:
  • source and destination VLANs and priorities
Extended router information includes the following:
  • IP version and address of next-hop router
    • source and destination mask lengths

The no form of sflow extension switch and no form of sflow extension router commands prevent the addition of extended switch and router information to sFlow sample packets.

Example

These commands prevent extended switch and router information from being added to sFlow sample packets.
switch(config)# no sflow extension switch
switch(config)# no sflow extension router
switch(config)#

Enabling sFlow

The sflow run command globally enables sFlow on the switch. The sflow enable command controls sFlow operation on Ethernet and port channel interfaces when sFlow is globally enabled. The sflow enable command has no effect when sFlow is globally disabled.

Example

These commands enable sFlow on the switch, then disables sFlow on Ethernet interface 10.
switch(config)# sflow run
switch(config)# interface ethernet 10
switch(config-if-Et10)# no sflow enable
switch(config)#

sFlow Subinterfaces

The sflow sample [input | output] subinterface command configures ifIndex values for subinterfaces on input and output ports to be included in the flow sample. These values are in place of the default parent port ifIndex value. Enabling this feature changes all sFlow samples generated by the switch from the compact to the expanded format.

Configuring sFlow Subinterface

The following configures subinterfaces on the switch for sampling.

switch (config)# sflow run
switch (config-if-Et1)# sflow sample input subinterface
switch (config)# sflow sample output subinterface

The following file extract displays the output from a show sflow detail command.

switch# show sflow detail
...
Status
------
...
Sample Switch Extension: Yes
Sample Router Extension: Yes
Sample Tunnel IPv4 Egress Extension: No
Sample Input Subinterface: Yes
Sample Output Subinterface: Yes
Port Channel Output Interface Index: portchannel
Sample Encoding Format: expanded
...

Limitations

  • The feature is supported only on some hardware platforms.
  • Only L3 subinterfaces and QinQ L3 subinterfaces support the sFlow output subinterface.
  • Tunneled packets such as GRE, MPLSoGRE, and IPinIP are not supported.

QinQ L3 Subinterfaces

QinQ L3 subinterfaces divide a single Ethernet or port-channel interface into multiple logical L3 interfaces based on a combination of two 802.1q tags (VLAN ID) in the incoming traffic. QinQ L3 subinterfaces are commonly used in the L2/L3 boundary device, but they are also used to isolate traffic with a combination of two 802.1q tags between L3 peers by assigning each subinterface to a different VRF.

QinQ L3 subinterfaces are similar to regular L3 subinterfaces, with the only difference being the number of tags being used to isolate traffic. While L3 subinterfaces use a single 802.1q tag (VLAN ID) in the incoming traffic, QinQ L3 subinterfaces use a combination of two 802.1q tags outer, and inner, in the incoming traffic.

All restrictions that are applicable to L3 subinterfaces are also applicable to QinQ L3 subinterfaces including the following:
  • PBR service policy.
  • ACL logging.
  • Tunneling features including VxLAN, MPLS EVPN, MPLS VPN, and Pseudowire.
  • QinQ subinterfaces with Algomatch ACLs.
  • QinQ subinterfaces with flex-route configuration with optimization for non-nibble aligned prefix length.
  • QoS service policy on QinQ subinterfaces with TCAM profiles that have feature qos subintf ip/ipv6.
  • On a routed port, a single tag L3 subinterface and a QinQ L3 subinterface with the same outer tag in the dot1q encapsulation configuration are not supported simultaneously.
  • On a routed port Et1, if Et1 has a dot1q encapsulation of 100, and if Et1.2 has a dot1q encapsulation of <100,200 outer tag 100, inner tag 200, then Et1.1 and Et1.2 are not supported simultaneously.

Configuring QinQ L3 Subinterfaces

The following commands assign packets ingressing on Ethernet interface 1/1 (routed port) with two dot1q tags (VLAN ID) - outer tag 100 and inner tag 200 to Ethernet subinterface 1/1.1, making Ethernet1/1.1 a QinQ L3 subinterface.

  1. Bring up the parent interface and ensure that it is configured as a routed port.
    witch(config)# interface Ethernet1/1
    switch(config-if-Et1/1)# no switchport
    switch(config-if-Et1/1)# no shutdown
  2. Configure a VLAN on the subinterface. The encapsulation dot1q vlan command is also used for VLAN translation, but in this context it associates a VLAN with the subinterface.
    switch(config-if-Et1/1)# interface Ethernet1/1.1
    switch(config-if-Et1/1.1)# encapsulation dot1q vlan 100 inner 200
    switch(config-if-Et1/1.1)#
  3. Configure IPv4, and IPv6 ACL on QinQ subinterface.
    switch(config)# interface ethernet1/1.1
    switch(config-if-Et1/1.1)# ip access-group acl_1 in
    switch(config-if-Et1/1.1)# ipv6 access-group acl_v6_1 in
  4. Configure the subinterface counters to ingress and egress.
    switch(config)# hardware counter feature subinterface in
    switch(config)# hardware counter feature subinterface out
To confirm the status of the subinterfaces you can use the show interface status sub-interfaces command as shown in the following example.
switch(config)# show interface status sub-interfaces
Port       Name    Status       Vlan     Duplex Speed  Type                Flags  Encapsulation
Et1.1              connect      routed   full   10G    dot1q-encapsulation        100,200
Et1.2              connect      routed   full   10G    dot1q-encapsulation        102       
switch>
To confirm the status of the show interface et1.1 counters command, use the ingress and egress counters as shown in the following example.
switch(config)# show interface et1.1 counters
L3 Interface                   InOctets          InPkts
Et1.1                                 0               0
L3 Interface                  OutOctets         OutPkts
Et1.1                                 0               0

sFlow Commands

clear sflow counters

The clear sflow counters command resets the global sFlow statistics, which includes the number of samples and sample pool. The hardware trigger count is not reset.

The show sflow command displays global sFlow statistics.

Command Mode

Privileged EXEC

Command Syntax

clear sflow counters

Example
This command resets the sFlow counters.
switch# clear sflow counters
switch#

[no] sflow sample output interface

By default, sFlow samples include information about the output interface of the sampled packet. The no sflow sample output interface command prevents sFlow from including that information.

Command Mode

Global Configuration

Command Syntax

no sflow sample output interface

Example
This command configures sFlow to not include output interface information in samples.
switch(config)# no sflow sample output interface
switch(config)#

sflow destination

The sflow destination command specifies an sFlow collector IP address and UDP port. The switch supports sFlow collector addresses through multiple sFlow destination commands in running-config.

The no sflow destination and default sflow destination commands remove the specified sFlow collector IP address by deleting the corresponding sflow destination command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow destination dest_addr [UDP_PORT]

no sflow destination dest_addr [UDP_PORT]

default sflow destination dest_addr [UDP_PORT]

Parameters
  • dest_addr sflow collectors IP address.
  • UDP_PORT sFlow collectors data reception port. Options include:
    • no parameter port number 6343 (default).
    • port_num port number. Value ranges from 0 to 65535.
Example
This command configures the switch to send sFlow data to the collector located at 10.42.15.12; the collector receives the data through UDP port 6100.
switch(config)# sflow destination 10.42.15.12 6100
switch(config)#

sflow enable

The sflow enable command enables sFlow on the configuration mode interface when sFlow is globally enabled. By default, sFlow is enabled on all interfaces when sFlow is globally enabled (sflow run). The sflow enable command is required only when running-config contains a no sflow enable statement for the specified interface.

The no sflow enable command disables sFlow on the configuration mode interface. When sFlow is globally disabled, this command persists in running-config but has no effect on switch operation.

The default sflow enable command removes the corresponding no sflow enable command from running-config enabling sFlow capability on the interface.

Command Mode

Interface-Ethernet Configuration

Interface-Port-Channel Configuration

Command Syntax

sflow enable

no sflow enable

default sflow enable

Examples
  • These commands enable sFlow on the switch and disable sFlow on interface ethernet 12.
    switch(config)# sflow run
    switch(config)# interface ethernet 12
    switch(config-if-Et12)# no sflow enable
    switch(config-if-Et12)#
  • This command removes the no sflow enable command for interface ethernet 12 from running-config, enabling sFlow on the interface whenever sFlow is globally enabled.
    switch(config-if-Et12)# sflow enable
    switch(config-if-Et12)#

sflow extension bgp

The sflow extension bgp command enables BGP export to sFlow. When enabled, this feature the routing agent will export the BGP routing table and autonomous system path information to the sFlow agent. When sFlow receives a sampled packets whose destination is a BGP route, it will look up the following additional BGP routing information and include it in the sample:

next hop IP
  • AS numbers
  • AS system path to the destination
  • communities
  • local pref

The no sflow extension bgp and default sflow extension bgp commands disable BGP export to sFlow by deleting the corresponding sflow extension bgp command from running-config.

Note: A BGP instance must be configured on the switch for BGP sFlow export to operate. See the Border Gateway Protocol chapter for details.

Command Mode

Global Configuration

Command Syntax

sflow extension bgp

no sflow extension bgp

default sflow extension bgp

Guidelines

BGP sFlow export behaves differently on different switch platforms as follows:
  • DCS-7500E switches use actual hardware egress port information in sFlow packets. All other platforms use software simulation to determine the egress port.
  • On Arad platform switches (DCS-7280E and DCS-7500E), BGP sFlow export works for sample packets with ECMP destination routes unless they exit the switch via a trunk port or subinterface. When egress port is a trunk port or subinterface, the sample packet will only include AS path information from the first path of the ECMP route and a BGP next hop of 0.
  • On all other switch platforms, ECMP destination routes will include AS path information from the first path, but will identify the BGP next hop as 0.
  • DCS-7500E switches use actual hardware egress port information in sFlow packets. All other platforms use software simulation to determine the egress port.
Example
These commands configure a BGP instance in AS 50 and enable BGP sFlow export globally.
switch(config)# router bgp 50
switch(config-router-bgp)# exit
switch(config)# sflow extension bgp
switch(config)#

sflow extension router

By default, the switch provides extended router information in sFlow packets, including the IP version and address of the next-hop router and source and destination mask lengths.

The no version of the sflow extension router command prevents this information from being included in sFlow packets.

The sflow extension router and default sflow extension router commands restore the default behavior by deleting the corresponding no sflow extension router command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow extension router

no sflow extension router

default sflow extension router

Example
This command prevents the switch from including extended router information in sFlow packets.
switch(config)# no sflow extension router 
switch(config)#

sflow extension switch

By default, the switch provides extended switch information in sFlow packets, including source and destination VLANs and priorities.

The no version of the sflow extension switch command prevents this information from being included in sFlow packets.

The sflow extension switch and default sflow extension switch commands restore the default behavior by deleting the corresponding no sflow extension switch command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow extension switch

no sflow extension switch

default sflow extension switch

Example
This command prevents the switch from including extended switch information in sFlow packets.
switch(config)# no sflow extension switch 
switch(config)#

sflow polling-interval

The sflow polling-interval command specifies the counters polling interval. The switch uses this interval to schedule a ports counter data transmissions to the sFlow collector.

The default interval is two seconds.

The no sflow polling-interval and default sflow polling-interval commands revert the polling interval to the default of two seconds by removing the sflow polling-interval command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow polling-interval interval_period

no sflow polling-interval

default sflow polling-interval

Parameters

interval_period polling interval (seconds). Value ranges from 0 to 3600 (60 minutes). Default is 2.

Example
This command configures the switch to send sFlow counter data every 10 seconds.
switch(config)# sflow polling-interval 10
switch(config)#

sflow run

The sflow run command globally enables sFlow on the switch. The default sFlow global setting is disabled. sFlow cannot be enabled on individual interfaces when it is globally disabled.

The sflow enable interface configuration command controls sFlow operation on individual Ethernet and port channel interfaces when sFlow is globally enabled. When sFlow is enabled globally, sFlow is also enabled on all interfaces by default.

The no sflow run and default sflow run commands globally disable sFlow on the switch.

Command Mode

Global Configuration

Command Syntax

sflow run

no sflow run

default sflow run

Examples
  • This command enables sFlow on the switch.
    switch(config)# sflow run
    switch(config)#
  • This command globally disables sFlow.
    switch(config)# no sflow run
    switch(config)#

sflow sample

The sflow sample command sets the packet sampling rate. Packets are sampled at random intervals to avoid inaccurate sampling of periodic events; the packet sampling rate defines the average number of ingress packets that pass through an interface for every packet that is sampled. A rate of 16384 corresponds to an average sample of one per 16384 packets. The switch may drop samples if it cannot handle the configured sample rate. Under normal operation, the maximum packet sample rate is one per 16384 packets. Higher sampling rates can be specified with the dangerous option.

By default, samples include information about the output interface. To remove this information, use the [no] sflow sample output interface command.

The sflow sample command can also optionally configure sample packets to include information about the traffic class of the sample. Traffic class is communicated by rewriting the DSCP field in the sample packet.

The no sflow sample and default sflow sample commands reset the packet sampling rate to the default of 1048576 and remove output interface and traffic class information from samples by removing the sflow sample command from the configuration.

Command Mode

Global Configuration

Command Syntax

sflow sample TRUNCATE SAMPLE_RATE[rewrite dscp]

no sflow sample

default sflow sample

Parameters

SAMPLE_RATE size of the packet sample from which one packet is selected. Default sample size is 1048576 packets. Options include:
  • recommended_rate Integer between 16384 and 16777215.
    • dangerous any_rate permits overriding the recommended range of sampling rates. The any_rate value range varies by platform:
      • fm6000 1 to 65535.
      • trident 1 to 16777216.
  • rewrite dscp configures sFlow to rewrite the DSCP field of sample packets to indicate the traffic class of the original packet.
  • TRUNCATE sFlow sample truncation size between the range of 128 to 512. By default, the sFlow sample truncate size is set to 128. Note, this option is hidden.
Examples
  • This command configures the sFlow sampling rate as 65536 (one per 65536 packets).
    switch(config)# sflow sample 65536
    switch(config)#
  • This command configures the sFlow sampling rate as 256 (one per 256 packets).
    switch(config)# sflow sample dangerous 256
    switch(config)#
  • This command configures sFlow to include traffic class information in samples.
    switch(config)# sflow sample rewrite dscp
    switch(config)#

sflow source

The sflow source command specifies the IP address used in the Agent address filed of the IPv4 sFlow datagram that the switch sends to the collector. This command cannot be used if running-config contains an sflow source-interface command.

The no sflow source and default sflow source commands remove the sflow source command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow source source_addr

no sflow source

default sflow source

Parameter

source_addr source IP address (dotted decimal notation).

Example
This command configures 10.2.9.21 as the sFlow source address.
switch(config)# sflow source 10.2.9.21
switch(config)#

sflow source-interface

The sflow source-interface command specifies the source IP address that is set to the IP's of the specified interfaces that the switch sends to the collector. Both, the Agent address in the IPv4 sFlow datagram as well as the source IP address sent to the collector are specified in sFlow packet. This command cannot be used if running-config contains an sflow source command.

The no sflow source-interface and default sflow source-interface commands remove the sflow source-interface command from running-config.

Command Mode

Global Configuration

Command Syntax

sflow source-interface INT_NAME

no sflow source-interface

default sflow source-interface

Parameters

INT_NAME Interface type and number. Options include:
  • interface ethernet e_num Ethernet interface specified by e_num.
  • interface loopback l_num Loopback interface specified by l_num.
  • interface management m_num Management interface specified by m_num.
  • interface port-channel p_num Port-Channel Interface specified by p_num.
  • interface vlan v_num VLAN interface specified by v_num.
Example
This command configures the sFlow source address as the IP address assigned to the loopback 0 interface.
switch(config)# sflow source-interface loopback 0
switch(config)#

show sflow

The show sflow command displays configured sFlow parameters, operational status, and statistics.

The show sflow interfaces command displays the interfaces where sFlow is enabled.

Command Mode

EXEC

Command Syntax

show sflow [detail]

Parameters

detail adds hardware sampling status and number of discarded samples to the information displayed.

Examples
  • This command displays the base sFlow information.
    switch# show sflow 
    ! Displaying counters that may be stale 
    sFlow Configuration 
    ------------------- 
    Destinations: None (default) 
    Source(s): 
     0.0.0.0 ( default ) ( VRF: default ) 
     :: ( default ) ( VRF: default ) 
    Sample Rate: 1048576 ( default ) 
    Polling Interval (sec): 2.0 ( default ) 
    Rewrite DSCP value: No 
    Status 
    ------ 
    Running: No 
    Polling On: No 
    Sampling On: No 
    Send Datagrams: 
     No ( Sflow not running ) ( VRF: default ) 
    BGP Export: 
     No ( VRF: default ) 
    Hardware Sample Rate: 1044480 
    Statistics 
     --More-- 
    ! Displaying counters that may be stale 
    sFlow Configuration 
    ------------------- 
    Destinations: None (default) 
    Source(s): 
     0.0.0.0 ( default ) ( VRF: default )
      :: ( default ) ( VRF: default ) 
    Sample Rate: 1048576 ( default ) 
    Polling Interval (sec): 2.0 ( default )
     Rewrite DSCP value: No 
    Status 
    ------ 
    Running: No 
    Polling On: No
    Sampling On:
     No Send Datagrams:
      No ( Sflow not running ) ( VRF: default )
    BGP Export:
      No ( VRF: default ) 
    Hardware Sample Rate: 1044480
    
    Statistics
     ----------
    Total Packets: 0 
    Number of Samples: 0 
    Sample Pool: 0 
    Hardware Trigger: 0 
    Number of Datagrams: 0
  • This command displays the expanded sFlow information.
    switch# show sflow detail
    ! Displaying counters that may be stale
    sFlow Configuration
    -------------------
    Destinations: None (default)
    Source(s):
      0.0.0.0 ( default ) ( VRF: default )
      :: ( default ) ( VRF: default )
    Sample Rate: 1048576 ( default )
    Polling Interval (sec): 2.0 ( default )
    Rewrite DSCP value: No
    
    Status
    ------
    Running: No
    Polling On: No
    Sampling On: No
    Send Datagrams:
      No ( Sflow not running ) ( VRF: default )
    BGP Export:
      No ( VRF: default )
    Hardware Sample Rate: 1044480
    Hardware Sampling On: No
    Sample Output Interface: Yes
    Sample Switch Extension: Yes
    Sample Router Extension: Yes
    
    Statistics
    ----------
    Total Packets: 0
    Number of Samples: 0
    Sample Pool: 0
    Hardware Trigger: 0
    Number of Datagrams: 0
    Number of Samples Discarded: 0

show sflow interfaces

The show sflow interfaces command displays the interfaces where sFlow is enabled.

The show sflow command displays configured sFlow parameters, operational status, and statistics.

Command Mode

EXEC

Command Syntax

show sflow interfaces

Examples
  • This command displays the show sflow interface message when sFlow is globally disabled.
    switch# show sflow interfaces
    sFlow Interface (s):
    --------------------
    sFlow is not running
  • This command displays the show sflow interface message when sFlow is globally enabled and enabled on all interfaces.
    switch(config)# sflow run
    switch(config)# show sflow interfaces
    Default sFlow configuration for an interface: Disable
    sFlow Interface (s):
    --------------------
    Ethernet1  running(Counter)
    Ethernet2  running(Counter)
    Ethernet3  running(Flow,Counter)
    Ethernet4  running(Flow,Counter)
    Ethernet5  running(Flow,Counter)