Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

sFlow Technology Overview

Use Feature Explorer to confirm platform and release support for specific features.

The sFlow technology is a monitoring technology for high-speed switched or routed networks. sFlow monitoring technology collects samples of network packets and sends them in a UDP datagram to a monitoring station called a collector. You can configure sFlow technology on a device to monitor traffic continuously at wire speed on all interfaces simultaneously. You must enable sFlow monitoring on each interface individually; you cannot globally enable sFlow monitoring on all interfaces with a single configuration statement. Junos OS supports the sFlow technology standard described in RFC 3176, InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks (see http://faqs.org/rfcs/rfc3176.html).

sFlow technology implements the following sampling mechanisms:

  • Packet‑based sampling—Packet‑based sampling randomly samples approximately one out of every specified number of ingress packets. Sampling can be applied at the interface level, where all ingress packets are eligible for sampling, or through ingress firewall or user‑defined filters, where only packets matching specific filter terms are eligible for sampling. For each sampled packet, only the first 128 bytes are sent to the sFlow collector. The sample includes Ethernet, IP, transport‑layer headers, and additional application‑level headers when present. Although packet‑based sampling might not capture infrequent packet flows, most traffic flows are observed over time, allowing the collector to build an accurate representation of overall network activity. You can configure packet‑based sampling by specifying an ingress sample‑rate.

  • Time-based sampling—Samples interface statistics (counters) at a specified interval from an interface enabled for sFlow technology. Statistics such as Ethernet interface errors are captured. You configure time-based sampling when you specify a polling interval.

    Interface statistics are the source of time-based sampling. Time-based sampling provides statistical data in the output of the show interface statistics command. If you clear the interface statistics using the command clear interfaces statistics, time-based sampling displays the reset values.

  • Adaptive sampling— Dynamically adjusts the sampling rate based on traffic conditions. The sFlow agent monitors the overall incoming traffic rate and provides feedback to the interfaces to adapt their sampling rate.

Benefits of sFlow Technology

  • sFlow can be used by software tools like a network analyzer to continuously monitor tens of thousands of switch or router ports simultaneously.

  • Because sFlow uses network sampling (forwarding one packet from n number of total packets) for analysis, it is not resource intensive (for example processing, memory and more). The sampling is done at the hardware application-specific integrated circuits (ASICs) and, hence, it is simple and more accurate.