Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

sFlow

From Wikipedia, the free encyclopedia
A network packet standard

sFlow, short for "sampled flow", is an industry standard forpacket export at Layer 2 of theOSI model. sFlow was originally developed by InMon Corp.[1] It provides a means for exporting truncated packets, together with interface counters for the purpose of network monitoring. Maintenance of the protocol is performed by the sFlow.org consortium,[2] the authoritative source of the sFlow protocol specifications. The current version of sFlow is v5.

Operation

[edit]

sFlow uses mandatorysampling to achievescalability[3] and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher).[4] sFlow is supported by multiple network device manufacturers[5] andnetwork management software vendors.[6]

An sFlow system consists of multiple devices performing two types of sampling: random sampling ofpackets[7] orapplication layer operations,[8] and time-based sampling of counters.[7] The sampled packet/operation and counter information, referred to asflow samples andcounter samples respectively, are sent assFlow datagrams to a central server running software that analyzes and reports on network traffic; thesFlow collector.[9]

Flow samples

[edit]

Based on a defined sampling rate, an average of 1 out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.[10]

Counter samples

[edit]

A polling interval defines how often the network device sends interface counters. sFlow counter sampling is more efficient thanSNMP polling when monitoring a large number of interfaces.[11]

sFlow datagrams

[edit]

The sampled data is sent as aUDP packet to the specified host and port. Theofficial port number for sFlow is port 6343.[12] The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow samples results in a slight reduction of the effective sampling rate.

The UDP payload contains thesFlow datagram. Each datagram provides information about the sFlow version, the originating device’sIP address, a sequence number, the number of samples it contains and one or more flow and/or counter samples.

sFlow versions

[edit]
VersionComment
v1Initial version
v2(Unknown)
v3Adds support forextended_url information.[13]
v4Adds support BGP communities.[13]
v5Several protocol enhancements.[14] This is the current version, which is globally supported.

Related technologies

[edit]

A well known alternative isNetFlow[15] (see below). Moreover, depending on the IT resources available it could be possible to perform full packet captures[16] using dedicated network taps (which are then subsequently analysed).


NetFlow, IPFIX

[edit]
  • NetFlow andIPFIX are flow export protocols that aim at aggregating packets intoflows. After that, flow records are sent to a collection point for storage and analysis.[15] sFlow, however, has no notion offlows or packet aggregation at all.
  • sFlow allows for exporting packet data chunks and interface counters, which are non-typical features of flow export protocols. Note however that (recent)IPFIX developments provide a means for exportingSNMPMIB variables[17] and packet data chunks.[18]
  • While flow export can be performed with 1:1 sampling (i.e., considering every packet), this is typically not possible with sFlow, as it was not designed to do so. Sampling forms an integral part of sFlow, aiming to provide scalability for network-wide monitoring.[19]

See also

[edit]

References

[edit]
  1. ^"InMon: SFlow".
  2. ^"sFlow.org - Making the Network Visible". sFlow.org. Retrieved2016-03-09.
  3. ^Jedwab, Jonathan; Phaal, Peter; Pinna, Bob (March 1992)."Traffic Estimation for the Largest Sources on a Network, Using Packet Sampling with Limited Storage"(PDF).HP Labs. Retrieved2016-03-09.
  4. ^Jasinska, Elisa (December 2006)."sFlow, I can feel your traffic"(PDF).Amsterdam Internet Exchange (AMS-IX). Retrieved2016-03-09.
  5. ^"sFlow Products: Network Equipment". sFlow.org. Retrieved2016-03-09.
  6. ^"sFlow Products: sFlow Collectors". sFlow.org. Retrieved2016-03-09.
  7. ^abPhaal, Peter; Lavine, Marc (July 2004)."sFlow Version 5". sFlow.org. Retrieved2014-06-26.
  8. ^Phaal, Peter; Jordan, Robert (July 2010)."sFlow Host Structures". sFlow.org. Retrieved2010-10-23.
  9. ^"Traffic Monitoring using sFlow"(PDF). sFlow.org. 2003. Retrieved2010-10-23.
  10. ^Phaal, Peter; Panchen, Sonia (2002)."Packet Sampling Basics". sFlow.org. Retrieved2010-10-23.
  11. ^Liu, G.; Neufeld, N. (December 2009)."Management of the LHCb network based on SCADA system"(PDF).CERN. Retrieved2010-10-23.
  12. ^"Port Numbers".IANA. Retrieved2010-10-23.
  13. ^abPhaal, Peter; Panchen, Sonia; McKee, Neil (September 2001). "sFlow Datagram Format".InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks.IETF.doi:10.17487/RFC3176.RFC3176. Retrieved2014-06-20.
  14. ^"sFlow Version 5". sFlow.org. Retrieved2014-06-20.
  15. ^abHofstede, Rick; Celeda, Pavel; Trammell, Brian; Drago, Idilio; Sadre, Ramin; Sperotto, Anna; Pras, Aiko (2014)."Flow Monitoring Explained: From Packet Capture to Data Analysis with NetFlow and IPFIX"(PDF).IEEE Communications Surveys & Tutorials.16 (4):2037–2064.doi:10.1109/COMST.2014.2321898.S2CID 14042725.
  16. ^"Packet capture". sFlow.org. Retrieved2019-07-13.
  17. ^"Exporting MIB Variables using the IPFIX Protocol".IETF. Retrieved2014-06-19.
  18. ^"IP Flow Information Export (IPFIX) Entities".IANA. Retrieved2014-06-19.
  19. ^"Scalability and accuracy of packet sampling". sFlow.org. Retrieved2014-06-19.

External links

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=SFlow&oldid=1146666807"
Category:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp