SFlow
Encyclopedia
sFlow is a technology for monitoring network
, wireless
and
host
devices.
The sFlow.org consortium is the authoritative source for the sFlow protocol specifications: previous version of sFlow, including RFC 3176, have been deprecated.
to achieve scalability
and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher). sFlow is supported by multiple network device manufacturers and network management
software vendors.
An sFlow system consists of multiple devices performing two types of sampling: random sampling of packets or application layer
operations, and time-based sampling of counters. The sampled packet/operation and counter information, referred to as flow samples and counter samples respectively, are sent as sFlow datagrams to a central server running software
that analyzes and reports on network traffic; the sFlow collector.
polling when monitoring a large number of interfaces.
packet to the specified host and port. The official port number for sFlow is port 6343. The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow samples is a slight reduction in the effective sampling rate.
The UDP payload contains the sFlow datagram. Each datagram provides information about the sFlow version, the originating device’s IP address
, a sequence number, how many samples it contains and one or more flow and/or counter samples.
Computer networking device
'Computer networking devices are units that mediate data in a computer network. Computer networking devices are also called network equipment, Intermediate Systems or InterWorking Unit...
, wireless
IEEE 802.11
IEEE 802.11 is a set of standards for implementing wireless local area network computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee . The base version of the standard IEEE 802.11-2007 has had subsequent...
and
host
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
devices.
The sFlow.org consortium is the authoritative source for the sFlow protocol specifications: previous version of sFlow, including RFC 3176, have been deprecated.
Operation
sFlow uses samplingSampling (statistics)
In statistics and survey methodology, sampling is concerned with the selection of a subset of individuals from within a population to estimate characteristics of the whole population....
to achieve scalability
Scalability
In electronics scalability is the ability of a system, network, or process, to handle growing amount of work in a graceful manner or its ability to be enlarged to accommodate that growth...
and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher). sFlow is supported by multiple network device manufacturers and network management
Network management
Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems....
software vendors.
An sFlow system consists of multiple devices performing two types of sampling: random sampling of packets or application layer
Application layer
The Internet protocol suite and the Open Systems Interconnection model of computer networking each specify a group of protocols and methods identified by the name application layer....
operations, and time-based sampling of counters. The sampled packet/operation and counter information, referred to as flow samples and counter samples respectively, are sent as sFlow datagrams to a central server running software
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....
that analyzes and reports on network traffic; the sFlow collector.
Flow samples
Based on a defined sampling rate, an average of 1 out of N packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.Counter samples
A polling interval defines how often the network device sends interface counters. sFlow counter sampling is more efficient than SNMPSimple Network Management Protocol
Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor...
polling when monitoring a large number of interfaces.
sFlow datagrams
The sampled data is sent as a UDPUser Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
packet to the specified host and port. The official port number for sFlow is port 6343. The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow samples is a slight reduction in the effective sampling rate.
The UDP payload contains the sFlow datagram. Each datagram provides information about the sFlow version, the originating device’s IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
, a sequence number, how many samples it contains and one or more flow and/or counter samples.