Fortinet black logo

CLI Reference

switch-controller sflow

switch-controller sflow

Use this command to configure the sFlow collector. sFlow, a network monitoring protocol, is typically used to provide an overall traffic flow picture of your network in order to identify areas on the network that might impact performance and throughput.

With sFlow, you can export truncated packets and interface counters. You usually operate sFlow agents on switches, routers, and firewalls in your network, collect traffic data from all of them, and use a collector to show traffic flows and patterns. FortiSwitch implements sFlow version 5 and supports trunks and VLANs.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

The sFlow collector is a central server running software that analyzes and reports on network traffic. The sampled packets and counter information, referred to as flow samples and counter samples, respectively, are sent as sFlow datagrams to a collector. Upon receiving the datagrams, the sFlow collector provides real-time analysis and graphing to indicate the source of potential traffic issues. sFlow collector software is available from a number of third-party software vendors. You must configure a FortiGate policy to transmit the samples from the FortiSwitch unit to the sFlow collector.

sFlow can monitor network traffic in two ways:

  • Flow samples: Based on a defined sampling rate, an average of one out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.
  • Counter samples: A polling interval in seconds defines how often the network device sends interface counters. sFlow counter sampling can be more efficient than SNMP polling when monitoring a large number of interfaces.

To configure these sampling rates and polling intervals, see the sFlow entries under config switch-controller managed-switch.

These sFlow samples are sent directly from the FortiSwitch to a collector via a FortiGate policy. This policy needs to be manually configured.

note icon Because sFlow is CPU intensive, Fortinet does not recommend high rates of sampling for long periods.

Please note that these options are not to be confused with the config system sflow command, which is used for FortiGate (i.e. not FortiSwitch) sFlow agents to send sFlow datagrams to an sFlow collector.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config switch-controller sflow

New config command.

Configure FortiSwitch sFlow settings, including the the IP address of the collector to send traffic to, and on what port.

config switch-controller sflow
    set collector-ip {ipv4 address}   Collector IP.
    set collector-port {integer}   SFlow collector port (0 - 65535). range[0-65535]
end

Additional information

The following section is for those options that require additional explanation.

collector-ip <ip>

Enter the IP address of the sFlow collector that sFlow agents should send sFlow datagrams to.

collector-port <port>

Enter the UDP port number to use for sending sFlow datagrams. Change this setting only if required by your sFlow collector or your network configuration. Set the range between 0 - 65535. The default is 6343.

switch-controller sflow

Use this command to configure the sFlow collector. sFlow, a network monitoring protocol, is typically used to provide an overall traffic flow picture of your network in order to identify areas on the network that might impact performance and throughput.

With sFlow, you can export truncated packets and interface counters. You usually operate sFlow agents on switches, routers, and firewalls in your network, collect traffic data from all of them, and use a collector to show traffic flows and patterns. FortiSwitch implements sFlow version 5 and supports trunks and VLANs.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

The sFlow collector is a central server running software that analyzes and reports on network traffic. The sampled packets and counter information, referred to as flow samples and counter samples, respectively, are sent as sFlow datagrams to a collector. Upon receiving the datagrams, the sFlow collector provides real-time analysis and graphing to indicate the source of potential traffic issues. sFlow collector software is available from a number of third-party software vendors. You must configure a FortiGate policy to transmit the samples from the FortiSwitch unit to the sFlow collector.

sFlow can monitor network traffic in two ways:

  • Flow samples: Based on a defined sampling rate, an average of one out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.
  • Counter samples: A polling interval in seconds defines how often the network device sends interface counters. sFlow counter sampling can be more efficient than SNMP polling when monitoring a large number of interfaces.

To configure these sampling rates and polling intervals, see the sFlow entries under config switch-controller managed-switch.

These sFlow samples are sent directly from the FortiSwitch to a collector via a FortiGate policy. This policy needs to be manually configured.

note icon Because sFlow is CPU intensive, Fortinet does not recommend high rates of sampling for long periods.

Please note that these options are not to be confused with the config system sflow command, which is used for FortiGate (i.e. not FortiSwitch) sFlow agents to send sFlow datagrams to an sFlow collector.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config switch-controller sflow

New config command.

Configure FortiSwitch sFlow settings, including the the IP address of the collector to send traffic to, and on what port.

config switch-controller sflow
    set collector-ip {ipv4 address}   Collector IP.
    set collector-port {integer}   SFlow collector port (0 - 65535). range[0-65535]
end

Additional information

The following section is for those options that require additional explanation.

collector-ip <ip>

Enter the IP address of the sFlow collector that sFlow agents should send sFlow datagrams to.

collector-port <port>

Enter the UDP port number to use for sending sFlow datagrams. Change this setting only if required by your sFlow collector or your network configuration. Set the range between 0 - 65535. The default is 6343.