sFlow
sFlow is a method of monitoring the traffic on your network to identify areas on the network that may impact performance and throughput. With sFlow you can export truncated packets and interface counters. The FortiSwitch unit implements sFlow version 5 and supports trunks and VLANs.
sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to sFlow collectors for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.
The sFlow collector is a central server running software that analyzes and reports on network traffic. The sampled packets and counter information, referred to as flow samples and counter samples, respectively, are sent as sFlow datagrams to collectors. Upon receiving the datagrams, the sFlow collectors provide real-time analysis and graphing to indicate the source of potential traffic issues. sFlow collector software is available from a number of third-party software vendors.
Configuring sFlow
Configuration consists of the following steps:
Configuring sFlow agents
Starting in FortiSwitchOS 7.0.0, you can configure multiple collectors.
Using the GUI:
- Go to Switch > sFlow.
- Click Add.
- Enter the collector name, IPv4 address, and port number.
The collector port number is the destination port number for sFlow UDP packets. The default value is 6343. - Click Apply.
Using the CLI:
config system sflow
config collectors
edit <collector_name>
set ip <collector_IPv4_address>
set port <0-65535>
next
end
end
For example:
config system sflow
config collectors
edit collector1
set ip 20.20.20.0
set port 200
next
end
end
Configuring the interfaces
To configure sFlow on a port:
- Enable sFlow on the port (CLI only).
- Set the sample rate (CLI only). An average of one out of
count
packets is randomly sampled. The rate ranges from 0-99999; the default is 512. NOTE: The sample rate is 0-65535 on the FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, and FS-148F-FPOE models. - Set the direction for capturing the traffic (CLI only). sFlow can capture the ingress traffic (RX), the egress traffic (TX), or both (the default).
- Set the polling interval, which defines how often the switch sends interface counters to the collector. The range of values is 1-255 and default is 30.
Using the GUI:
- Go to Switch > Interfaces.
- Select one or more ports or a trunk to update and then click Edit.
- Under sFlow, select Polling Interval.
- In the Interval (Seconds) field, enter the number of seconds to use for the polling interval.
- Click Update to save the changes.
Using the CLI:
config switch interface
edit <port>
set packet-sampler {enabled | disabled}
set packet-sample-rate <count>
set sample-direction {rx | tx | both}
set sflow-counter-interval <interval>
next
end
For example:
config switch interface
edit "port20"
set packet-sampler enabled
set packet-sample-rate 4
set sflow-counter-interval 3
set snmp-index 58
next
end
NOTE: Ensure that you can use the exec command ping collector_ip_address
to ping the collector from the FortiSwitch unit. Then, use the built-in sniffer to trace sFlow packets (diag sniff packet <vlan_interface_name> "udp port 6343"
).
Checking the sFlow configuration
Use the following command to display the sFlow configuration:
get system sflow