- Integrated Systems
- About Us
- Integrated Systems
- About Us
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
05-28-2011 11:24 AM
sFlow on the 6120 switches - both flow and counter sampling?
RIck has been delving into sFlow switch capabilities:
I have been looking at the behaviour/characteristics of sFlow on some A and E series HP Networking switches. To get a feel for the rest of the "sFlow ecosystem" and see if the warts I've found there are any better/worse than anyone else's I've been looking to kick the tires on some competitors' switches. I've come across one, used in a competitor's blade chassis, (thank you BCS CSL for access) which is
*massively* buggy - to the point of probably being in violation of being able to say they support sFlow. (sFlow is a registered
trademark) However, before I go much further I want to make sure that there isn't too much glass in the HP House. So...
I can see from the current quickspecs (though not the manuals, which appear to be out of date on www.hp.com) that the 6120 switch "supports sFlow." However, as I cannot find configuration information in the manuals, and have no access to a 6120 switch at the moment, I cannot verify that it supports *both* counter *and* flow sampling*.
Can someone confirm that the 6120 blade switch supports both counter and flow sampling via sFlow?
I suppose a similar question for any of the other HP-branded blade I/O modules - do they claim sFlow support and is it "complete?"
thanks, and happy benchmarking
The HPN 6120XG should support both flow sampling and counter pooling sFlow mechanisms. Configuration steps can be found below:
Hope it helps.
Unfortunately, I don't have HW access, as this would be the perfect resource.
Others looking at sFlow capabilities in their networks? Here is a little primer on the technologies.
NetFlow and sFlow are "Flow" technologies supported by some routers and switches. They consist of two elements. The first is a Flow generator, a switch or router which has NetFlow or sFlow reporting technology activated. The device then sends a steady stream of packets over the network containing information such as source and destination IP address, protocols and interfaces. A single Flow generator will typically send out as little as one packet every ten seconds or as much as 50 packets per second, depending on its configuration, number of ports, and amount of traffic flowing through it.
The other element is the Flow collector which receives the data from one or more Flow generators. The collector stores the information coming from the Flow generators and provides the administrator with reporting and analysis.
As the Flow collector creates its archive of traffic details, a front-end uses this data to provide the network administrator with details on who are the top talkers on a link, who they are communicating with, what protocol/application they are using and how long the connections last. This information can then be used for capacity planning, usage control, charge back, security and incident resolution.
Packet analyzers are an alternative to Flow technologies and, in fact, provide greater detail. However, packet analyzers also consume more resources. Because Flow technology can typically provide the information necessary to resolve 85 percent of incidents that would otherwise require the use of packet analyzers, packet analyzers become less important, though not completely obsolete.
NetFlow started as a proprietary technology developed by Cisco Systems. It is included in Cisco's Internetwork Operating System (IOS), which comes embedded in its network hardware. The most widely deployed is version 5; however, v7 and v9 are becoming increasingly popular. Recently, the Internet Engineering Task Force released a proposed standard called IP Flow Information eXport (IPFIX), which is based on NetFlow v9's data export format. (Further details on the specification are available at www.ietf.org/html.charters/ipfix-charter.html) Vendors supporting NetFlow include Cisco, Enterasys Networks, Extreme Networks, Foundry Networks, Juniper Networks, Riverstone Networks (recently acquired by Lucent) and Packeteer .
Like NetFlow, sFlow is a push technology that sends reports to a collector. But, while NetFlow is a software based technology, sFlow uses a dedicated chip that is built into the hardware. This approach removes the load from the router or switch's CPU and memory. Originally developed by InMon Corp., sFlow products have been available since 2002.
Alcatel, Allied Telesis, Extreme Networks, Foundry Networks, HP, Hitachi, Juniper Networks, NEC and a few others have devices with sFlow chips. sFlow isn't nearly as widely deployed as NetFlow so fewer collectors are available. The most current version is Version 5; however, Versions 2 and 4 are most widely deployed at this time. Further details on the standard can be found at www.sflow.org.
sFlow is a sample-only technology where every X packet is sampled, the length noted, the majority of the packet is discarded and off it goes to the collector. Because the technology is sample based, accurate representation of 100 percent of the traffic per interface is nearly impossible. Complex algorithms have been proposed to statistically manipulate the collected data to represent total traffic with a probability of accuracy.