Comware Based

Re: Configuring sFlow or Netstream on interface Vlan-interface

 
SOLVED
Go to solution
aroman
Occasional Advisor

Configuring sFlow or Netstream on interface Vlan-interface

Hi,
We are trying to configure sFlow or Netstream on an interface Vlan-interface on a Comware v7-based switch in order to send traffic samples to an sFlow/Netstream collector, but it seems the commands are not available:

<hpe>sys
System View: return to User View with Ctrl+Z.
[hpe]int vlan 1
[hpe-Vlan-interface1]s?
  save              Save current configuration
  security-logfile  Security log file configuration
  service           Specify the service slot
  show              Alias for 'display'
  shutdown          Shut down the interface
[hpe-Vlan-interface1]ip ?
  address             Set the IP address of an interface
  binding             Bind the interface with a VPN instance
  forward-broadcast   IP forward-broadcast configuration
  forwarding-table    IP forwarding table
  irdp                Enable the ICMP Router Discovery Protocol
  mtu                 Set the ip MTU of the interface
  policy-based-route  Specify a policy
  source              Source binding function
  verify              Verify packets

***

How can we configure sFlow or Netstream on this interface Vlan-interface?

If it is not possible, we would need to configure it on 2x 100 Gbps physical interfaces configured as trunks allowing 4094 VLANs, and the sFlow/Netstream collector is connected via a single 1 Gbps interface. Therefore, the amount of sample traffic might be overwhelming for the sFlow/Netstream collector. We would like to know if there is a way to restrict to get sFlow or Netstream traffic samples only for a set of VLANs of the trunk (instead of all VLANs allowed in the trunk)

Thanks in advance

4 REPLIES 4
Ivan_B
HPE Pro
Solution

Re: Configuring sFlow or Netstream on interface Vlan-interface

Hi @aroman !

You can configure sFlow only on physical interfaces, SVIs are not supported.

Unfortunately you can't make sFlow to selectively sample certain VLANs. It's not so flexible.

In order to control the amount of data copied to the collector you can use 'sflow sampling rate <rate>' command where <rate> can be value between 1000 and 100000 and defines the number of packets out of which flow sampling will sample a packet on the interface. 

As for the Netstream, it's a little bit different, but AFAIK only Comware-based routers support it. Could you clarify what is your device and I'll take a look if Netstream is supported there. In overall, unlike sFlow, Netstream has an ability to filter matching traffic with ACL. The interface-level command is 'ip netstream { inbound | outbound } filter acl <ipv4-acl-number>' 

 

 

 

I am an HPE employee

Accept or Kudo

aroman
Occasional Advisor

Re: Configuring sFlow or Netstream on interface Vlan-interface

Hi @Ivan_B ,

Thanks a lot for your answer. We are looking to configure sFlow or Netstream on an interface Vlan-interface on an HPE 5950 switch running Comware Version 7.1.070, Release 6301

Ivan_B
HPE Pro

Re: Configuring sFlow or Netstream on interface Vlan-interface

In this case 5950 is an exception from other switches and supports both sFlow and Netstream. One important note - Netstream and sFlow are mutually exclusive. You cannot enable both on the same port.

I think this guide will be very helpful - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00078383en_us It's got configuration guidance and examples for both sampling protocols. Please, pay attention that not all 5950 support Netstream:

NeStream is not available on the following switches:
HPE FlexFabric 5950 32QSFP28 switch (JH321A)
HPE FlexFabric 5950 32QSFP28 TAA-compliant switch (JH322A)

Also on supported switches it has certain limitations:

- After you enable NetStream on an HPE FlexFabric 5950 4-slot switch (JH404A) or HPE FlexFabric 5950 48SFP28 8QSFP28 switch (JH402A), the two Gigabit SFP ports on the back panel become unavailable.
- NetStream is not available on the two Gigabit SFP ports on the back panel of the HPE FlexFabric 5950 4-slot switch (JH404A) or HPE FlexFabric 5950 48SFP28 8QSFP28 switch (JH402A).

But good news is that 5950's Netstream implementation also has 'ip netstream filter' command, so maybe in your particular case it will be more suitable than sFlow.

And as we discussed above you can't sample traffic on Vlan-interfaces, only physical ports.

 

I am an HPE employee

Accept or Kudo

aroman
Occasional Advisor

Re: Configuring sFlow or Netstream on interface Vlan-interface

Thansk again @Ivan_B , unfortunately precisely the switch model where we need to configure this is HPE FlexFabric 5950 32QSFP28 switch (JH321A), and we need to configure it on an interface Vlan-interface (not on a physical interface). The physical interface is a trunk that has several VLANs permitted, but we only need to get traffic samples from 2 of them