Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] How to monitor traffic using sFlow technology

0

0

Article ID: KB14855 KB Last Updated: 04 Jan 2020Version: 4.0
Summary:

sFlow technology is a statistical-sampling–based network monitoring technology for high-speed switched or routed networks. sFlow technology samples network packets and sends the samples to a monitoring station. The information gathered by the sFlow technology is used to create a network traffic visibility picture.

Solution:

sFlow technology is a monitoring technology for high-speed switched or routed networks. sFlow monitoring technology randomly samples network packets and sends the samples to a monitoring station. You can configure sFlow technology on a Juniper Networks EX Series Ethernet Switch to continuously monitor traffic at wire speed on all interfaces simultaneously.

sFlow technology has the following two sampling mechanisms:

  • Packet-based sampling: Samples one packet out of a specified number of packets from an interface enabled for sFlow technology.
  • Time-based sampling: Samples interface statistics at a specified interval froman interface enabled for sFlow technology.

The sFlow collector uses the sFlow agent’s IP address to determine the source of the sFlow data. The IP address assigned to the agent is based on the following order of priority of interfaces configured on the switch:

  1. Loopback interface
  2. Virtual Management Ethernet (VME) interface
  3. Management Ethernet interface
  4. Any other Layer 3 interface

If a particular interface has not been configured, the IP address of the next interface in the priority list is used as the IP address for the agent. For example, if the loopback interface has not been configured, then the IP address of the VME interface is assigned as the agent’s IP address. Once an IP address is assigned to the agent and an interface with a higher priority is configured, the agent’s IP address is not modified till the sFlow service is restarted. At least one interface has to be configured for an IP address to be assigned to the agent.

The following information describes the configuration steps for sFlow in EX series switches:
  • Configure the IP address of the collector:
[edit protocols sflow]
user@switch# set collector 10.204.32.46


Note: You can configure a maximum of 4 collectors.
  • Configure the UDP port of the collector. The default UDP port assigned is 6343.
[edit protocols sflow]
user@switch# set collector udp-port 5600
  • Enable sFlow technology on a specific interface:
[edit protocols sflow]
user@switch# set interfaces ge-0/0/0.0


NOTE: You cannot enable sFlow technology on a Layer 3 VLAN-tagged interface.
NOTE: You cannot enable sFlow technology on a LAG interface. sFlow technology can be enabled on the member interfaces of the LAG.
  • Specify how often the sFlow agent polls the interface:
[edit protocols sflow]
user@switch# set polling-interval 20


NOTE: The polling interval can be specified as a global parameter also. Specify 0 if you do not want to poll the interface.
  • Specify the rate at which packets must be sampled:
[edit protocols sflow]
user@switch# set sample-rate 1000

Check the results of the configuration:

user@switch# show
sflow {
polling-interval 20;
sample-rate 1000;
collector 10.204.32.46;
interfaces ge-0/0/0.0;
}

Note: The collector can be emulated with a linux/unix system and the sflow packets can be captured using the tcpdump on the linux interface.

sFlow Diagram
Modification History:
2020-01-04: Added collector information

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search