Differences

This shows you the differences between two versions of the page.

--- network_stuff:flow_information [2023/05/11 22:01] – jotasandoku
+++ network_stuff:flow_information [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 27: / Line 27: @@
    ip flow monitor Flow-monitor sampler Flow-sampler input
-Netflow in ubuntu or FRR:
+Netflow in ubuntu or FRR (agent):
 \\
   FRR01:~# systemctl status pmacctd.service
@@ Line 58: / Line 58: @@
   pre_tag_map: /etc/pmacct/pretag.map
   timestamps_secs: true
+SFLOW collector:
+  * The default open source collector is : [[http://www.pmacct.net/]]
 ----
 **__SFLOW__**
+  * sampled frames + interface counter + flow-tuple data. All in the same packet
+  * sflow is configurable via SNMP mibs
+  * Flow sample (conceptually one in each sflow packet but in reality we pack more than 1). It lists things like: ingress egress. ifindex and  <del>sampling rate</del>
+    * Flow record (the frame header with a little bit of metadata (like header protocol (eg: Ethernet))
 \\
- IN LINUX / FRR:
+ SFLOW IN LINUX / FRR:
 \\
 USE 'HOST SFLOW' PROJECT: [[https://sflow.net/documentation.php]]
+  # Example of working config in /etc/hsflowd.conf : polling every 20 sec, sampling 1:100, collecting data from interface ens4
+  sflow {
+    polling = 20
+    sampling = 100
+    collector { ip=10.100.11.143 udpport=6343 }
+    pcap { dev = ens4 }
+    nflog { group = 5  probability = 0.01 }
+  }
+  # Then we need to issue this commandsL:
+  NFLOG_CONFIG="--nflog-group 5 --nflog-prefix SFLOW"
+  echo 1 > /proc/sys/net/ipv4/ip_forward  # Enable IP forwaring in the linux box
+  MOD_STATISTIC="-m statistic --mode random --probability 0.0025"    # This is for a sampling rato of 100, needs to match with what we configure in /etc/hsflowd.conf
+  NFLOG_CONFIG="--nflog-group 5 --nflog-prefix SFLOW"
+  sudo iptables -I INPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG
+  sudo iptables -I OUTPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG
+  # Ad restart:
+  sudo systemctl enable hsflowd
+  service hsflowd start
+  # If issues
+  service hsflowd start
+  hsflowd -dd
+Also see:
+  * [[https://groups.google.com/g/sflow/c/990vzm2g16c]]
+  * [[https://github.com/sflow/host-sflow/issues/38]]
+  * [[https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-42/Monitoring-and-Troubleshooting/Network-Troubleshooting/Monitoring-System-Statistics-and-Network-Traffic-with-sFlow/|Cumulus_tshoot]]
+  * [[https://sharkfestus.wireshark.org/assets/presentations18/21.pdf|Tutu1]]
 \\
 \\
 In Arista:
+  * Arista Networks DCS-7060CX-32S: Hardware Sample Rate for SW sFlow: 4096 / Polling Interval (sec): 2.0 (default).
   sflow run
   sflow interface disable default
@@ Line 87: / Line 129: @@
   !
   show sflow detail
+In Junos
+  set protocols sflow polling-interval 2 # interval for sending data to the collector
+  set protocols sflow sample-rate ingress 4096 # packet sampling rate. Packets are sampled at random intervals
+  set protocols sflow source-ip 1.1.1.1
+  set protocols sflow collector 2.2.2.2 udp-port 6343
+  set protocols sflow interfaces xe-0/0/0:0.0
+  ibr-0-0-1 protocols sflow
+  set protocols sflow agent-id 1.1.1.1
+  set protocols sflow polling-interval 1
+  set protocols sflow sample-rate ingress 1024
+  set protocols sflow source-ip 1.1.1.1
+  set protocols sflow collector 2.2.2.2 udp-port 6343
+  set protocols sflow interfaces xe-0/0/0:0.0
+In Cisco (IOS-XR): [[https://blog.sflow.com/2022/02/cisco-ncs-5500-series-routers.html]]

dokucama

User Tools

Site Tools

Differences

Page Tools