Today I want to show you how to configure sFlow on your Arista device and demonstrate its featured output through Plixer Scrutinizer. Our goal is to define multicast flow on our switch.
What is sFlow?
sFlow is a packet-sampling technology that monitors application-level traffic flow, which includes all the interfaces at the same time. sFlow provides gigabit speed quantitative traffic measurements without impacting network performance. For more information, consider reading this whitepaper on sFlow vs. NetFlow.
sFlow configuration on Arista
Arista switches provide a single sFlow agent instance that samples ingress traffic from all Ethernet and port channel interfaces. Here is a list of a packets that are being sampled:
- IP options and MTU violations
- Flooded packets
- Multicast packets
sFlow and irroring are supported on the following switch series:
We’ll use IOS 4.21.1 and virtually we’ll use vIOS 4.21.1. Settings can be applied to either of the devices mentioned above.
Here is an example of sFlow configuration on an Arista device.
This command enables sflow on your device including all the interfaces since it’s enabled in global mode:
This command configures the switch to send sFlow data to Scrutinizer:
switch(config)#sflow destination 10.42.16.80 2055
This command configures the sFlow source, which in our case is Eth1:
switch(config)#sflow source x.x.x.x switch(config)#
switch(config)#sflow source-interface vlan xx switch(config)#
switch(config)#sflow polling-interval 10 switch(config)#
switch(config)#sflow sample 65536
Configuring sFlow on subinterfaces would look like:
switch (config-if-Et1)#sflow sample input subinterface
switch (config)#sflow sample output subinterface
You can add bgp to be exported as sFlow with the following commands:
switch(config)#router bgp 50
switch(config)#sflow extension bgp
If you want more information about configuration of sFlow on Arista devices, you check out Arista’s documentation. In general, this show command should tell you if sFlow is configured and for what reason.
switch#show sflow detail ... Status ------ ... Sample Switch Extension: Yes Sample Router Extension: Yes Sample Tunnel IPv4 Egress Extension: No Sample Input Subinterface: Yes Sample Output Subinterface: Yes Port Channel Output Interface Index: portchannel Sample Encoding Format: expanded
Once we have finished the configuration, it’s time to take a look at Plixer Scrutinizer and see what we’ve got:
Here is an output of the report based on collected sFlow. If we highlight the “show interfaces” option, we can see that the host is having multiple communications through the interface number: 2147483647.
Since sFlow doesn’t have “egress” metering capabilities, the best way to report on multicast traffic is to run a report on the desired interface and then add the multicast interface, as long as we know what interface is going to be used. Doing this, we’ve been able to determine between which devices we have multicast transmission and its respective traffic utilization rate.
Of course you may want to spend some time to figure out all the network communications established in your environment, and I would recommend you consider Plixer Scrutinizer. If you would like technical assistance, one of our professionals will be always happy to help you if you contact us.