Blog :: Network Operations :: Security Operations

Cisco sFlow Support

Yes, you heard it right! Cisco has added support for the sFlow standard in the latest NX-OS 5.0(3)U4(1) release for Nexus 3000 Series switches.

Cisco Nexus 3000 Series - Flow MonitoringThe Nexus 3000 series are the first Cisco switches to include hardware support for sFlow, offering scalable wire-speed monitoring of all traffic flowing throughout entire networks of Nexus 3000 series switches.

Since the Nexus 3000 series switches are the first Cisco products with sFlow, many Cisco network administrators experienced with using Cisco’s NetFlow technology for monitoring TCP/IP traffic may likely be unfamiliar with sFlow technology.

Based on the name, you might think that sFlow is just another version of Cisco NetFlow.

This is not the case – sFlow differs significantly from NetFlow and understanding these differences is important if you want to get the most out of sFlow:

  • sFlow exports interface counters. Lets you see full interface use while sampling traffic details.
  • sFlow exports packet headers not flow records. By exporting packet headers, sFlow is able to provide full layer 2 – 7 visibility into all types of traffic flowing at the network edge, including: MAC addresses, VLANs, in addition to the TCP/IP information typically reported by NetFlow.
  • sFlow is highly scalable.
  • sFlow is a multi-vendor standard supported by almost every network equipment vendor.
  • sFlow configuration is very easy:

Log into the switch

switch# configure terminal
switch(config)# feature sflow
switch(config)# sflow agent-ip [IP Address of exporting interface]
switch(config)# sflow sampling-rate [sample rate]
switch(config)# sflow counter-poll-interval 60
switch(config)# sflow collector-ip [collector IP Address] vrf [default or management]

switch(config)# sflow collector-port [udp port #]
switch(config)# sflow data-source interface ethernet 1/1

switch(config)# sflow data-source interface ethernet 1/24
switch(config)# copy running-config startup-config

Configuration complete!

“Cisco’s decision to support sFlow is a wise move.  It shows that they are focused on customer needs and not just their own technology”, said Michael Patterson – CEO, Plixer. “I still think the majority of customers want a true flow architecture which sFlow is not, but it doesn’t matter.  Our goal is to service what the customer wants and clearly there is room for NetFlow, IPFIX and sFlow in the market.  We support them all.”

Election season is here, and it looks like for now the NetFlow vs. sFlow debate continues. What side do you come down on?

Related

briand

Where should I enable flow data?

The big boss had a conference call over the weekend. She sent a message to your boss’s boss, which trickled downhill, and eventually made

::
briand

How to Filter Network Traffic

When it comes to filtering network traffic, a scenario that appears simple in nature can be hard to accomplish at scale. Understanding top talker

::
critical thinking

Asking the Hard Questions: Why Analyze Network Traffic?

There are times when we adults would be better off thinking like toddlers. More specifically, I want us all to go back to the

::