sFlow
sFlow is a method of monitoring the traffic on your network to identify areas on the network that may impact performance and throughput. FortiGate supports sFlow v5. sFlow collector software is available from a number of third-party software vendors. For more information about sFlow, see www.sflow.org.
The packet information that the FortiGate's sFlow agent collects depends on the interface type:
-
On an internal interface, when the interface receives packets from devices with private IP addresses, the collected information includes the private IP addresses.
-
On an external, or WAN, interface, when the interface receives to route to or from the internet, the collected information includes the IP address of the WAN interface as the source or destination interface, depending on the direction of the traffic. It does not include IP addresses that are NATed on another interface.
sFlow datagrams contain the following information:
- Packet headers, such as MAC, IPv4, and TCP
- Sample process parameters, such as rate and pool
- Input and output ports
- Priority (802.1p and ToS)
- VLAN (802.1Q)
- Source prefixes, destination prefixes, and next hop addresses
- BGP source AS, source peer AS, destination peer AS, communities, and local preference
- User IDs (TACACS, RADIUS) for source and destination
- Interface statistics (RFC 1573, RFC 2233, and RFC 2358)
Configuring sFlow
sFlow can be configured globally, then on traffic VDOMs and individual interfaces.
When configuring sFlow on a VDOM, the collector can be specified, or the collector that is configured globally can be used.
sFlow is supported on some interface types, such as physical, VLAN, and aggregate. It is not supported on virtual interfaces, such as VDOM link, IPsec, GRE, or SSL. When configuring sFlow on an interface, the rate that the agent samples traffic, the direction of that traffic, and the frequency that the agent sends sFlow datagrams to the sFlow collector can be specified. If sFlow is configured on the VDOM that the interface belongs to, the agent sends datagrams to the collector configured for the VDOM. Otherwise, the datagrams are sent to the collector that is configured globally.
Configuring sFlow for an interface disables NP offloading for all traffic on that interface.
To configure sFlow globally:
config system sflow set collector-ip <ipv4_address> set collector-port <port> set source-ip <ipv4_address> set interface-select-method {auto | sdwan | specify} set interface <interface> end
collector-ip <ipv4_address> |
The IPv4 address of the sFlow collector that sFlow agents added to interface (default = 0.0.0.0). |
collector-port <port> |
The UDP port number used for sending sFlow datagrams (0 - 65535, default = 6343). Only configured this option if required by the sFlow collector or your network configuration. |
source-ip <ipv4_address> |
The source IPv4 address that the sFlow agent used to send datagrams to the collector (default = 0.0.0.0). If this option is not configured, the FortiGate uses the IP address of the interface that it sends the datagram through. |
interface-select-method {auto | sdwan | specify} |
How the outgoing interface to reach the server is selected (default = auto). |
interface <interface> |
The outgoing interface used to reach the server. This option is only available when |
To configure sFlow for a VDOM:
config vdom edit <vdom> config system vdom-sflow set vdom-sflow {enable | disable} set collector-ip <ipv4_address> set collector-port <port> set source-ip <ipv4_address> set interface-select-method {auto | sdwan | specify} set interface <interface> end next end
vdom-sflow {enable | disable} |
Enable/disable the sFlow configuration for the current VDOM (default = disable). |
collector-ip <ipv4_address> |
The IPv4 address of the sFlow collector that sFlow agents added to interface (default = 0.0.0.0). If this option is not configured, the global setting will be used. |
collector-port <port> |
The UDP port number used for sending sFlow datagrams (0 - 65535, default = 6343). Only configured this option if required by the sFlow collector or your network configuration. If this option is not configured, the global setting will be used. |
source-ip <ipv4_address> |
The source IPv4 address that the sFlow agent used to send datagrams to the collector (default = 0.0.0.0). If this option is not configured, the FortiGate uses the IP address of the interface that it sends the datagram through. |
interface-select-method {auto | sdwan | specify} |
How the outgoing interface to reach the server is selected (default = auto). |
interface <interfae> |
The outgoing interface used to reach the server. This option is only available when |
To configure sFlow on an interface:
config system interface edit <interface> set sflow-sampler {enable | disable} set sample-rate <integer> set polling-interval <integer> set sample-direction {tx | rx | both} next end
sflow-sampler {enable | disable} |
Enable/disable sFlow on this interface (default = disable). |
sample-rate <integer> |
The average number of packets that the agent lets pass before taking a sample (10 - 99999, default = 2000). Setting a lower rate will sample a higher number of packets, increasing the accuracy or the sampling data, but also increasing the CPU and network bandwidth usage. The default value is recommended. |
polling-interval <integer> |
The amount of time that the agent waits between sending datagrams to the collector, in seconds (1 - 255, default = 20). Setting a higher value lowers the amount of data that the agent sends across the network, but makes the collector's view of the network less current. |
sample-direction {tx | rx | both} |
The direction of the traffic that the agent collects (default = both). |