请输入您要查询的百科知识:

 

词条 SFlow
释义

  1. Operation

      Flow samples    Counter samples    sFlow datagrams  

  2. sFlow versions

  3. Related technologies

      NetFlow, IPFIX  

  4. See also

  5. References

  6. External links

{{Lowercase|sFlow}}

sFlow, short for "sampled flow", is an industry standard for packet export at Layer 2 of the OSI model. It provides a means for exporting truncated packets, together with interface counters for the purpose of network monitoring. Maintenance of the protocol is performed by the sFlow.org consortium,[1] the authoritative source of the sFlow protocol specifications. The current version of sFlow is v5.

Operation

sFlow uses mandatory sampling to achieve scalability[2] and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher).[3] sFlow is supported by multiple network device manufacturers[4] and network management software vendors.[5]

An sFlow system consists of multiple devices performing two types of sampling: random sampling of packets[6] or application layer operations,[7] and time-based sampling of counters.[6] The sampled packet/operation and counter information, referred to as flow samples and counter samples respectively, are sent as sFlow datagrams to a central server running software that analyzes and reports on network traffic; the sFlow collector.[8]

Flow samples

Based on a defined sampling rate, an average of 1 out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.[9]

Counter samples

A polling interval defines how often the network device sends interface counters. sFlow counter sampling is more efficient than SNMP polling when monitoring a large number of interfaces.[10]

sFlow datagrams

The sampled data is sent as a UDP packet to the specified host and port. The official port number for sFlow is port 6343.[11] The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow samples results in a slight reduction of the effective sampling rate.

The UDP payload contains the sFlow datagram. Each datagram provides information about the sFlow version, the originating device’s IP address, a sequence number, the number of samples it contains and one or more flow and/or counter samples.

sFlow versions

VersionComment
v1Initial version
v2(Unknown)
v3Adds support for extended_url information.[12]
v4Adds support BGP communities.[12]
v5Several protocol enhancements.[13] This is the current version, which is globally supported.

Related technologies

There are several other technologies that appear to be similar to sFlow, usually due to the word "flow" in their name, such as NetFlow and OpenFlow. These technologies are however fundamentally different from sFlow and several key differences can be identified:[14]

NetFlow, IPFIX

  • NetFlow and IPFIX are flow export protocols that aim at aggregating packets into flows. After that, flow records are sent to a collection point for storage and analysis.[14] sFlow, however, has no notion of flows or packet aggregation at all.
  • sFlow allows for exporting packet data chunks and interface counters, which are non-typical features of flow export protocols. Note however that (recent) IPFIX developments provide a means for exporting SNMP MIB variables[15] and packet data chunks.[16]
  • While flow export can be performed with 1:1 sampling (i.e., considering every packet), this is typically not possible with sFlow, as it was not designed to do so. Sampling forms an integral part of sFlow, aiming to provide scalability for network-wide monitoring.[17]

See also

  • NetFlow
  • Network Management
  • Packet analyzer
  • RMON

References

1. ^{{cite web | url = http://www.sflow.org/ | title = sFlow.org - Making the Network Visible | publisher = sFlow.org | accessdate = 2016-03-09}}
2. ^{{cite web | url = http://www.hpl.hp.com/techreports/92/HPL-92-35.pdf | title = Traffic Estimation for the Largest Sources on a Network, Using Packet Sampling with Limited Storage | first1 = Jonathan | last1 = Jedwab | first2 = Peter | last2 = Phaal | first3 = Bob | last3 = Pinna |date=March 1992 | publisher = HP Labs | accessdate = 2016-03-09}}
3. ^{{cite web | url = https://events.ccc.de/congress/2006/Fahrplan/attachments/1137-sFlowPaper.pdf | title = sFlow, I can feel your traffic | first = Elisa | last = Jasinska |date=December 2006 | publisher = Amsterdam Internet Exchange (AMS-IX) | accessdate = 2016-03-09}}
4. ^{{cite web | url = http://www.sflow.org/products/network.php | title = sFlow Products: Network Equipment | publisher = sFlow.org | accessdate = 2016-03-09}}
5. ^{{cite web | url = http://www.sflow.org/products/collectors.php | title = sFlow Products: sFlow Collectors | publisher = sFlow.org | accessdate = 2016-03-09}}
6. ^{{cite web | url = http://www.sflow.org/sflow_version_5.txt | title = sFlow Version 5 | first1 = Peter | last1 = Phaal | first2 = Marc | last2 = Lavine |date=July 2004 | publisher = sFlow.org | accessdate = 2014-06-26}}
7. ^{{cite web | url = http://www.sflow.org/sflow_host.txt | title = sFlow Host Structures | first1 = Peter | last1 = Phaal | first2 = Robert | last2 = Jordan |date=July 2010 | publisher = sFlow.org | accessdate = 2010-10-23}}
8. ^{{cite web | url = http://www.sflow.org/sFlowOverview.pdf | title = Traffic Monitoring using sFlow | year = 2003 | publisher = sFlow.org | accessdate = 2010-10-23}}
9. ^{{cite web | url = http://www.sflow.org/packetSamplingBasics/index.htm | title = Packet Sampling Basics | first1 = Peter | last1 = Phaal | first2 = Sonia | last2 = Panchen | year = 2002 | publisher = sFlow.org | accessdate = 2010-10-23}}
10. ^{{cite web | url = http://cdsweb.cern.ch/record/1216160/files/LHCb-CONF-2009-047.pdf | title = Management of the LHCb network based on SCADA system | first1 = G. | last1 = Liu | first2 = N. | last2 = Neufeld |date=December 2009 | publisher = CERN | accessdate = 2010-10-23}}
11. ^{{cite web | url = http://www.iana.org/assignments/port-numbers | title = Port Numbers | publisher = IANA | accessdate = 2010-10-23}}
12. ^{{cite IETF| title = InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks| rfc = 3176| sectionname = sFlow Datagram Format| last1 = Phaal| first1 = Peter| last2 = Panchen| first2 = Sonia| last3 = McKee| first3 = Neil|date=September 2001| publisher = IETF| accessdate = 2014-06-20}}
13. ^{{cite web | url = http://sflow.org/sflow_version_5.txt | title = sFlow Version 5 | publisher = sFlow.org | accessdate = 2014-06-20}}
14. ^{{cite journal| last = Hofstede| first = Rick| last2 = Celeda| first2 = Pavel| last3 = Trammell| first3 = Brian| last4 = Drago| first4 = Idilio| last5 = Sadre| first5 = Ramin| last6 = Sperotto| first6 = Anna| last7 = Pras| first7 = Aiko| title = Flow Monitoring Explained: From Packet Capture to Data Analysis with NetFlow and IPFIX| url = | journal = IEEE Communications Surveys & Tutorials| volume = 16| issue = 4| pages = 2037–2064| doi = 10.1109/COMST.2014.2321898| year = 2014}}
15. ^{{cite web | url = http://tools.ietf.org/html/draft-ietf-ipfix-mib-variable-export | title = Exporting MIB Variables using the IPFIX Protocol | publisher = IETF | accessdate = 2014-06-19}}
16. ^{{cite web | url = https://www.iana.org/assignments/ipfix/ipfix.xhtml | title = IP Flow Information Export (IPFIX) Entities | publisher = IANA | accessdate = 2014-06-19}}
17. ^{{cite web | url = http://blog.sflow.com/2009/05/scalability-and-accuracy-of-packet.html | title = Scalability and accuracy of packet sampling | publisher = sFlow.org | accessdate = 2014-06-19}}

External links

  • Official site
  • Differences between Sflow vs Netflow
{{DEFAULTSORT:Sflow}}

2 : Network management|Computer network analysis
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/13 19:54:26