Blog :: Network Operations

Configuring sFlow on Arista devices

khalil

Today I want to show you how to configure sFlow on your Arista device and demonstrate its featured output through Plixer Scrutinizer. Our goal is to define multicast flow on our switch.

What is sFlow?

sFlow is a packet-sampling technology that monitors application-level traffic flow, which includes all the interfaces at the same time. sFlow provides gigabit speed quantitative traffic measurements without impacting network performance. For more information, consider reading this whitepaper on sFlow vs. NetFlow.

sFlow configuration on Arista

Arista switches provide a single sFlow agent instance that samples ingress traffic from all Ethernet and port channel interfaces. Here is a list of a packets that are being sampled:

  • CPU
  • IP options and MTU violations
  • Flooded packets
  • Multicast packets

sFlow and irroring are supported on the following switch series:

  • DCS-7280R
  • DCS-7280R2
  • DCS-7280E
  • DCS-7500R
  • DCS-7500R2
  • DCS-7500E
  • DCS-7050X
  • DCS-7060X
  • DCS-7250X
  • DCS-7260X
  • DCS-7300X.

We’ll use IOS 4.21.1 and virtually we’ll use vIOS 4.21.1. Settings can be applied to either of the devices mentioned above.

Here is an example of sFlow configuration on an Arista device.

This command enables sflow on your device including all the interfaces since it’s enabled in global mode:

switch(config)#sflow run

This command configures the switch to send sFlow data to Scrutinizer:

switch(config)#sflow destination 10.42.16.80 2055

This command configures the sFlow source, which in our case is Eth1:

switch(config)#sflow source x.x.x.x
switch(config)#
switch(config)#sflow source-interface vlan xx
switch(config)#
switch(config)#sflow polling-interval 10
switch(config)#
switch(config)#sflow sample 65536

Configuring sFlow on subinterfaces would look like:

switch (config-if-Et1)# sflow sample input subinterface
switch (config)# sflow sample output subinterface

You can add bgp to be exported as sFlow with the following commands:

switch(config)#router bgp 50
switch(config-router-bgp)#exit
switch(config)#sflow extension bgp

If you want more information about configuration of sFlow on Arista devices, you check out Arista’s documentation. In general, this show command should tell you if sFlow is configured and for what reason.

switch# show sflow detail
...
Status
------
...
Sample Switch Extension: Yes
Sample Router Extension: Yes
Sample Tunnel IPv4 Egress Extension: No
Sample Input Subinterface: Yes
Sample Output Subinterface: Yes
Port Channel Output Interface Index: portchannel
Sample Encoding Format: expanded

Once we have finished the configuration, it’s time to take a look at Plixer Scrutinizer and see what we’ve got:

Scrutinizer Pair > Conversations App report

Here is an output of the report based on collected sFlow. If we highlight the “show interfaces” option, we can see that the host is having multiple communications through the interface number: 2147483647.

Since sFlow doesn’t have “egress” metering capabilities, the best way to report on multicast traffic is to run a report on the desired interface and then add the multicast interface, as long as we know what interface is going to be used. Doing this, we’ve been able to determine between which devices we have multicast transmission and its respective traffic utilization rate.

Of course you may want to spend some time to figure out all the network communications established in your environment, and I would recommend you consider Plixer Scrutinizer. If you would like technical assistance, one of our professionals will be always happy to help you if you contact us.