Fortinet white logo
Fortinet white logo

Administration Guide

sFlow

sFlow

sFlow is a method of monitoring the traffic on your network to identify areas on the network that may impact performance and throughput. With sFlow you can export truncated packets and interface counters. The FortiSwitch unit implements sFlow version 5 and supports trunks and VLANs.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to sFlow collectors for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

The sFlow collector is a central server running software that analyzes and reports on network traffic. The sampled packets and counter information, referred to as flow samples and counter samples, respectively, are sent as sFlow datagrams to collectors. Upon receiving the datagrams, the sFlow collectors provide real-time analysis and graphing to indicate the source of potential traffic issues. sFlow collector software is available from a number of third-party software vendors.

Configuring sFlow

Configuration consists of the following steps:

  1. Configuring sFlow agents
  2. Configuring the interfaces

Configuring sFlow agents

Starting in FortiSwitchOS 7.0.0, you can configure multiple collectors.

Using the GUI:
  1. Go to Switch > sFlow.
  2. Click Add.
  3. Enter the collector name, IPv4 address, and port number.
    The collector port number is the destination port number for sFlow UDP packets. The default value is 6343.
  4. Click Apply.
Using the CLI:

config system sflow

config collectors

edit <collector_name>

set ip <collector_IPv4_address>

set port <0-65535>

next

end

end

For example:

config system sflow

config collectors

edit collector1

set ip 20.20.20.0

set port 200

next

end

end

Configuring the interfaces

To configure sFlow on a port:

  • Enable sFlow on the port (CLI only).
  • Set the sample rate (CLI only). An average of one out of count packets is randomly sampled. The rate ranges from 0-99999; the default is 512. NOTE: The sample rate is 0-65535 on the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, and FS-148F-FPOE models.
  • Set the direction for capturing the traffic (CLI only). sFlow can capture the ingress traffic (RX), the egress traffic (TX), or both (the default).
  • Set the polling interval, which defines how often the switch sends interface counters to the collector. The range of values is 1-255 and default is 30.
Using the GUI:
  1. Go to Switch > Interfaces.
  2. Select one or more ports or a trunk to update and then click Edit.
  3. Under sFlow, select Polling Interval.
  4. In the Interval (Seconds) field, enter the number of seconds to use for the polling interval.
  5. Click Update to save the changes.
Using the CLI:

config switch interface

edit <port>

set packet-sampler {enabled | disabled}

set packet-sample-rate <count>

set sample-direction {rx | tx | both}

set sflow-counter-interval <interval>

next

end

For example:

config switch interface

edit "port20"

set packet-sampler enabled

set packet-sample-rate 4

set sflow-counter-interval 3

set snmp-index 58

next

end

NOTE: Ensure that you can use the exec command ping collector_ip_address to ping the collector from the FortiSwitch unit. Then, use the built-in sniffer to trace sFlow packets (diag sniff packet <vlan_interface_name> "udp port 6343").

Checking the sFlow configuration

Use the following command to display the sFlow configuration:

get system sflow

sFlow

sFlow

sFlow is a method of monitoring the traffic on your network to identify areas on the network that may impact performance and throughput. With sFlow you can export truncated packets and interface counters. The FortiSwitch unit implements sFlow version 5 and supports trunks and VLANs.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to sFlow collectors for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

The sFlow collector is a central server running software that analyzes and reports on network traffic. The sampled packets and counter information, referred to as flow samples and counter samples, respectively, are sent as sFlow datagrams to collectors. Upon receiving the datagrams, the sFlow collectors provide real-time analysis and graphing to indicate the source of potential traffic issues. sFlow collector software is available from a number of third-party software vendors.

Configuring sFlow

Configuration consists of the following steps:

  1. Configuring sFlow agents
  2. Configuring the interfaces

Configuring sFlow agents

Starting in FortiSwitchOS 7.0.0, you can configure multiple collectors.

Using the GUI:
  1. Go to Switch > sFlow.
  2. Click Add.
  3. Enter the collector name, IPv4 address, and port number.
    The collector port number is the destination port number for sFlow UDP packets. The default value is 6343.
  4. Click Apply.
Using the CLI:

config system sflow

config collectors

edit <collector_name>

set ip <collector_IPv4_address>

set port <0-65535>

next

end

end

For example:

config system sflow

config collectors

edit collector1

set ip 20.20.20.0

set port 200

next

end

end

Configuring the interfaces

To configure sFlow on a port:

  • Enable sFlow on the port (CLI only).
  • Set the sample rate (CLI only). An average of one out of count packets is randomly sampled. The rate ranges from 0-99999; the default is 512. NOTE: The sample rate is 0-65535 on the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, and FS-148F-FPOE models.
  • Set the direction for capturing the traffic (CLI only). sFlow can capture the ingress traffic (RX), the egress traffic (TX), or both (the default).
  • Set the polling interval, which defines how often the switch sends interface counters to the collector. The range of values is 1-255 and default is 30.
Using the GUI:
  1. Go to Switch > Interfaces.
  2. Select one or more ports or a trunk to update and then click Edit.
  3. Under sFlow, select Polling Interval.
  4. In the Interval (Seconds) field, enter the number of seconds to use for the polling interval.
  5. Click Update to save the changes.
Using the CLI:

config switch interface

edit <port>

set packet-sampler {enabled | disabled}

set packet-sample-rate <count>

set sample-direction {rx | tx | both}

set sflow-counter-interval <interval>

next

end

For example:

config switch interface

edit "port20"

set packet-sampler enabled

set packet-sample-rate 4

set sflow-counter-interval 3

set snmp-index 58

next

end

NOTE: Ensure that you can use the exec command ping collector_ip_address to ping the collector from the FortiSwitch unit. Then, use the built-in sniffer to trace sFlow packets (diag sniff packet <vlan_interface_name> "udp port 6343").

Checking the sFlow configuration

Use the following command to display the sFlow configuration:

get system sflow