Overview
Packet Flow Sampling
The packet flow sampling mechanism carried out by each sFlow Instance ensures that any packet
observed at a Data Source has an equal chance of being sampled, irrespective of the packet flow(s)
to which it belongs.
Packet flow sampling is accomplished as follows:
1.
When a packet arrives on an interface, the Network Device makes a filtering decision to
determine whether the packet should be dropped.
2.
If the packet is not filtered (dropped), a destination interface is assigned by the switching/
routing function.
3.
At this point, a decision is made on whether or not to sample the packet. The mechanism
involves a counter that is decremented with each packet. When the counter reaches zero a
sample is taken.
4.
When a sample is taken, the counter indicating how many packets to skip before taking the
next sample is reset. The value of the counter is set to a random integer where the sequence of
random integers used over time is the Sampling Rate.
Packet flow sampling results in the generation of Packet Flow Records. A Packet Flow Record
contains information about the attributes of a packet flow, including:
•
Information on the packet itself — a packet header, packet length, and packet encapsulation.
•
Information about the path the packet took through the device, including information relating
to the selection of the forwarding path.
Counter Sampling
The primary objective of the counter sampling is to, in an efficient way, periodically export
counters associated with Data Sources. A maximum sampling interval is assigned to each sFlow
Instance associated with a Data Source.
Counter sampling is accomplished as follows:
1.
The sFlow Agent keep a list of counter sources being sampled.
2.
When a Packet Flow Sample is generated, the sFlow Agent examines the list of counter
sources and adds counters to the sample datagram, least recently sampled first.
Counters are only added to the datagram if the sources are within a short period, 5 seconds
say, of failing to meet the required sampling interval.
3.
Periodically, say every second, the sFlow Agent examines the list of counter sources and sends
any counters that need to be sent to meet the sampling interval requirement.
The set of counters is a fixed set defined in Section 5 of the document entitled "sFlow Version 5"
available from sFlow.org (http://www.sflow.org).
Usage Notes
Although the switch hardware has the capability to sample packets on any port, to ensure that
CPU utilitization is not compromised, the number of sFlow samplers that can be configured per
switch or stack of switches is limited to a maximum of 32. There is no limitation on the number of
pollers that can be configured.
Under certain circumstances, the switch will drop packet samples that the sFlow implementation
is not able to count and therefore cannot correctly report sample_pool and drops fields of flow
samples sent to the sFlow Collector. Under heavy load, this sample loss could be significant and
could therefore affect the accuracy of the sampling analysis.
sFlow Configuration
SecureStack C3 Configuration Guide 28-3