dokucama

User Tools

Site Tools

Trace: vagrant junos zscaler tcpdump cryptography netsim
network_stuff:flow_information

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:flow_information [2023/05/11 11:38] jotasandokunetwork_stuff:flow_information [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 27: Line 27:
    ip flow monitor Flow-monitor sampler Flow-sampler input    ip flow monitor Flow-monitor sampler Flow-sampler input
        
-Netflow in ubuntu or FRR:+Netflow in ubuntu or FRR (agent):
 \\ \\
   FRR01:~# systemctl status pmacctd.service   FRR01:~# systemctl status pmacctd.service
Line 58: Line 58:
   pre_tag_map: /etc/pmacct/pretag.map   pre_tag_map: /etc/pmacct/pretag.map
   timestamps_secs: true   timestamps_secs: true
-  + 
 +SFLOW collector: 
 +  * The default open source collector is : [[http://www.pmacct.net/]]
  
 ---- ----
-SFLOW IN LINUX / FRR:+**__SFLOW__** 
 +  * sampled frames + interface counter + flow-tuple data. All in the same packet 
 +  * sflow is configurable via SNMP mibs 
 + 
 +  * Flow sample (conceptually one in each sflow packet but in reality we pack more than 1). It lists things like: ingress egress. ifindex and  <del>sampling rate</del> 
 +    * Flow record (the frame header with a little bit of metadata (like header protocol (eg: Ethernet)) 
 + 
 + 
 +\\ 
 + SFLOW IN LINUX / FRR:
 \\ \\
 USE 'HOST SFLOW' PROJECT: [[https://sflow.net/documentation.php]] USE 'HOST SFLOW' PROJECT: [[https://sflow.net/documentation.php]]
  
 +  # Example of working config in /etc/hsflowd.conf : polling every 20 sec, sampling 1:100, collecting data from interface ens4
 +  sflow {
 +    polling = 20
 +    sampling = 100
 +    collector { ip=10.100.11.143 udpport=6343 }
 +    pcap { dev = ens4 }
 +    nflog { group = 5  probability = 0.01 }
 +  }
 +  
 +  # Then we need to issue this commandsL:
 +  NFLOG_CONFIG="--nflog-group 5 --nflog-prefix SFLOW"
 +  echo 1 > /proc/sys/net/ipv4/ip_forward  # Enable IP forwaring in the linux box 
 +  MOD_STATISTIC="-m statistic --mode random --probability 0.0025"    # This is for a sampling rato of 100, needs to match with what we configure in /etc/hsflowd.conf
 +  NFLOG_CONFIG="--nflog-group 5 --nflog-prefix SFLOW"
 +  sudo iptables -I INPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG
 +  sudo iptables -I OUTPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG
 +  
 +  # Ad restart:
 +  sudo systemctl enable hsflowd
 +  service hsflowd start
 +  
 +  # If issues
 +  service hsflowd start
 +  hsflowd -dd
 +
 +Also see:
 +  * [[https://groups.google.com/g/sflow/c/990vzm2g16c]]
 +  * [[https://github.com/sflow/host-sflow/issues/38]]
 +  * [[https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-42/Monitoring-and-Troubleshooting/Network-Troubleshooting/Monitoring-System-Statistics-and-Network-Traffic-with-sFlow/|Cumulus_tshoot]]
 +  * [[https://sharkfestus.wireshark.org/assets/presentations18/21.pdf|Tutu1]]
 +\\
 +\\
 +In Arista:
 +  * Arista Networks DCS-7060CX-32S: Hardware Sample Rate for SW sFlow: 4096 / Polling Interval (sec): 2.0 (default).
 +
 +  sflow run
 +  sflow interface disable default
 +  int e2
 +  ip address 10.100.11.129/24
 +  description to-collector
 +  int e1
 +  ip add 192.168.0.1/24
 +  description measurement
 +  sflow enable
 +  !
 +  sflow destination 10.100.11.143 6343
 +  sflow source 10.100.11.129
 +  sflow source-interface e3
 +  sflow polling-interval 30    # interval for sending counter data to the sFlow collector. The default interval is two seconds.
 +  sflow sample 15    #  packet sampling rate. Packets are sampled at random intervals to avoid inaccurate sampling of periodic events.
 +  sflow extension bgp    # Optional. routing agent will export the BGP routing table and autonomous system path information to the sFlow agent
 +  !
 +  show sflow detail
 +  
 +In Junos
 +  set protocols sflow polling-interval 2 # interval for sending data to the collector
 +  set protocols sflow sample-rate ingress 4096 # packet sampling rate. Packets are sampled at random intervals
 +  set protocols sflow source-ip 1.1.1.1
 +  set protocols sflow collector 2.2.2.2 udp-port 6343
 +  set protocols sflow interfaces xe-0/0/0:0.0
 +  ibr-0-0-1 protocols sflow
 +  set protocols sflow agent-id 1.1.1.1
 +  set protocols sflow polling-interval 1
 +  set protocols sflow sample-rate ingress 1024
 +  set protocols sflow source-ip 1.1.1.1
 +  set protocols sflow collector 2.2.2.2 udp-port 6343
 +  set protocols sflow interfaces xe-0/0/0:0.0
 +  
 +In Cisco (IOS-XR): [[https://blog.sflow.com/2022/02/cisco-ncs-5500-series-routers.html]]
network_stuff/flow_information.1683805139.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki