sflow Agent Contents 14-1

Similar documents
Configuring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:

H3C S12500 sflow Configuration Examples

This document describes the sampled flow (sflow) feature and configuration steps to implement sflow.

Audit report and analyse overview. Audit report user guide v1.1

Multimedia Traffic Control with IP Multicast (IGMP)

Interface Utilization vs. Flow Analysis

FlowMonitor for WhatsUp Gold v16.3 User Guide

Avi Networks Technical Reference (16.3)

sflowtrend-pro InMon Corp.

sflow ( Agent Software Description

Lesson 2-3: The IEEE x MAC Layer

H3C SecBlade NetStream Card Configuration Examples

Implementing Access Lists and Prefix Lists

Configuring RMON. Understanding RMON CHAPTER

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

Configuring sflow. About sflow. sflow Agent

Content Switching Module with SSL Commands

Group Configuration Mode Commands

Avaya ExpertNet Lite Assessment Tool

Chapter 13 Configuring BGP4

Configuring Traffic Storm Control

Quality of Service (QoS): Managing Bandwidth More Effectively

Configuring NetFlow and NetFlow Data Export

Using NetFlow Sampling to Select the Network Traffic to Track

Configuring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to

Configuring Advanced Radio Settings on the WAP371

Connectionless and Connection-Oriented Protocols OSI Layer 4 Common feature: Multiplexing Using. The Transmission Control Protocol (TCP)

SIP System Features. SIP Timer Values. Rules for Configuring the SIP Timers CHAPTER

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Contents. RMON commands 1

HP 6125G & 6125G/XG Blade Switches

Provisioning: Working with Pre-Configuration

9. Wireshark I: Protocol Stack and Ethernet

HP 6125 Blade Switch Series

CTS2134 Introduction to Networking. Module 09: Network Management

Managing Caching Performance and Differentiated Services

Configuring DHCP Snooping

Performance of UMTS Radio Link Control

Software Update C.09.xx Release Notes for the HP Procurve Switches 1600M, 2400M, 2424M, 4000M, and 8000M

ProSAFE 8-Port 10-Gigabit Web Managed Switch Model XS708Ev2 User Manual

Appendix A Remote Network Monitoring

Configuring Data Collection Manager

MatrixDTLS Developer s Guide

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

IPv6 Commands: ipv6 h to ipv6 mi

ProSAFE 8-Port and 16-Port 10-Gigabit Ethernet Web Managed Switch Models XS708Ev2 and XS716E User Manual

SIP System Features. Differentiated Services Codepoint CHAPTER

NetFlow and NetFlow Data Export.

IP Packet Switching. Goals of Todayʼs Lecture. Simple Network: Nodes and a Link. Connectivity Links and nodes Circuit switching Packet switching

Configuring NetFlow. Feature History for Configuring NetFlow. Release This feature was introduced.

The Transport Layer. Part 1

Lecture 9: Internetworking

II. Principles of Computer Communications Network and Transport Layer

Advanced Application Reporting USER GUIDE

Configuring Traffic Storm Control

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

HP 5920 & 5900 Switch Series

LinkProof Recommended OID for SNMP Monitoring

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

GSS Administration and Troubleshooting

Configuring IP Addressing

This chapter provides information to configure sflow.

Using NetFlow Sampling to Select the Network Traffic to Track

Chapter 3 Review Questions

airhaul Nexus sb3010

Lecture (11) OSI layer 4 protocols TCP/UDP protocols

ipv6 hello-interval eigrp

set active-probe (PfR)

ACCESS 4.0 Addendum. Product Manual

HP0-Y16. ProCurve Network Immunity Solutions. Download Full Version :

Oct 2007 Version 1.01

CMSC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. October 30, 2018

Version 2.1 User Guide 08/2003

AT&T SD-WAN Network Based service quick start guide

Week 2 / Paper 1. The Design Philosophy of the DARPA Internet Protocols

Managing NCS User Accounts

SNMP Activation Procedure for Harris Constellation Radios

Switch Memory and Configuration

Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection

ProCurve Manager Plus 2.3

4 rd class Department of Network College of IT- University of Babylon

Error Control Techniques for Interactive Low-bit Rate Video Transmission over the Internet.

Configuring Port-Based and Client-Based Access Control (802.1X)

Lecture 3: The Transport Layer: UDP and TCP

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

MARQUE : REFERENCE : CODIC : NETGEAR GSS108E-100EUS NOTICE

Chapter 3 Managing System Settings

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

FlexNetViewer HD Management Utility

WAP551 Wireless-N Access Point with PoE

Chapter 8 Configuring OSPF

SIP System Features. SIP Timer Values. Rules for Configuring the SIP Timers CHAPTER

APPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE

TCP/IP. Chapter 5: Transport Layer TCP/IP Protocols

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

DRG-Series. Digital Radio Gateway. Hytera DMR IP (Tier-2) Digital Radio Supplement

User Datagram Protocol

Application Note Creating a Composite Report For Managed Hosts 12-Oct-2016 Revision 1.0 Compiled by: Larry Balon

OUTLINE. NSLS-II control system environment Monitoring goals Splunk and Splunk Apps Unix, Nagios, Snort sflow and Cacti Putting it all together

NetFlow Multiple Export Destinations

Transcription:

14 sflow Agent Contents Overview..................................................... 14-2 Flow Sampling by the sflow Agent........................... 14-2 Counter Polling by the sflow Agent........................... 14-3 sflow Receiver............................................ 14-4 Configuring sflow Receiver Instances......................... 14-4................ 14-7 Manually Configuring sflow Receiver Instances Using the Web Browser Interface.................................. 14-8 Manually Activating Flow Sampling.......................... 14-11 Manually Activating Counter Polling......................... 14-14 14-1

Overview Overview The Procurve Wireless Edge Services xl Module contains an sflow agent. The sflow agent samples traffic, treating the traffic that arrives on each adopted RP radio as a separate flow. In other words, the module s sflow agent monitors each radio much as a switch might monitor each physical interface. The sflow agent forwards traffic information to an sflow collector. Another term for an sflow collector is an sflow receiver. For the rest of this chapter, this guide will use the term sflow receiver. The agent can create six separate instances for each flow, and forward the information for each instance to a different sflow receiver. The Wireless Edge Services xl Module supports the two sampling mechanisms of sflow, which are designed to work together to produce an accurate picture of network traffic: flow sampling counter polling An advantage of the module s sflow capabilities is that the picture not only details how much traffic radios handle, but also the types of traffic and the devices that generate it. Flow Sampling by the sflow Agent Traffic analysis techniques differ in the way that agents collect and process traffic. Some techniques have the agent copy all traffic to the receiver, but this strategy can create prohibitive overhead. with other techniques, the agent groups traffic into flows, summarizes information about each flow, and sends the summary to the collector. However, this approach requires the agent to inspect all traffic and consumes significant resources within the agent. The sflow technology, rather than requiring the agent to inspect every packet that passes through, uses sample-based profiling. That is, the agent inspects approximately every nth packet from each data source available to sflow. The sampling algorithm is designed to give a high certainty that the sampled traffic mirrors the total traffic within a small margin of error. 14-2

Overview On the Wireless Edge Services xl Module, data sources are RP radios, and n, the packet sampling rate, is configurable per-radio and sampling instance (up to six per radio). In other words, the module orders radios to send approximately every nth packet to the module s sflow agent to be sampled, packaged, and sent to the sflow receiver or receivers. Note Only 802.11 data frames are sampled. The sflow agent does not sample management and control frames such as beacons. The sflow agent packages samples into small datagrams which include, among other information: sampled packets headers The agent decrypts an encrypted header before sampling it. sampled packets inbound or outbound interface For a wireless network, the inbound interface is the radio. information about the how sampled packets are being forwarded The extra information in the datagram helps an sflow receiver to create a detailed, as well as accurate and up-to-date, picture of network activity. An advantage of sflow is that datagrams are nonetheless compact and do not require a large amount of network bandwidth. The sampled packets are approximately 7 percent of the original packet size, and several samples can fit in a single datagram. The same datagrams that include packet samples can also include counters reported by polled radios (see Counter Polling by the sflow Agent on page 14-3). Since only some packets are sampled, sflow creates very little overhead. For example, if you set the sampling rate to one packet in 100, flow sampling only adds about.7 percent overhead. The module uses datagram version 5, and the default datagram size is 1400 bytes. (The size is configurable although you should usually accept the default. See Manually Configuring sflow Receiver Instances Using the Web Browser Interface on page 14-8 for more information.) Counter Polling by the sflow Agent In addition to sampling approximately every nth packet, the Wireless Edge Services xl Module s sflow agent can sample the counters tracked by radios. These counters include traffic statistics such as the number of inbound frames, outbound frames, and retransmitted frames. 14-3

Overview Counter polling works with flow sampling to create a more comprehensive picture of network traffic. The counters for total traffic supplement the more detailed information collected for samples. The sflow agent obtains the counters by periodically polling radios. The agent polls radios as needed to fill datagrams most efficiently. However, you can configure the maximum time that can elapse before a radio must be polled. sflow Receiver The sflow receiver, which receives samples from agents all over the network, combines and analyzes the samples to produce a picture of network activity. This picture can be quite detailed. For example, the sflow receiver can determine not only how much traffic the Wireless Edge Services xl Module s RP radios are handling, but also which devices are contributing to that traffic and which are contributing most. Capabilities vary among sflow receivers; some uses for sflow include: establishing a baseline picture of network activity against which later activity can be compared and analyzed for signs of security breaches monitoring congestion and other Quality of Service (QoS) issues auditing and billing for network usage finding and diagnosing network problems An sflow receiver can effectively monitor a large network because sflow s sampling techniques extract only the necessary data from the traffic streams on each data source, consuming minimal device and network resources in the process. This approach shifts the burden of data manipulation and analysis from the sflow agent to the sflow receiver. In addition, the receiver can generate an accurate picture of network traffic even when agents sample a relatively small percentage of traffic. An example of an sflow receiver is ProCurve Manager Plus (PCM Plus). Configuring sflow Receiver Instances As described above, an sflow agent forwards datagrams to an sflow receiver. Each relationship between an agent and a receiver is called a receiver instance. Often the receiver uses the SNMP protocol to contact the agent, reserve a receiver instance, a configure sflow. Alternatively, receiver instances can be set up on the agent itself. 14-4

Overview The Wireless Edge Services xl Module can accommodate up to six sflow receivers. The module s receiver instances can be configured in one of three ways: 1. The sflow receiver contacts the module s agent and uses SNMP to reserve and configure a receiver instance (only instances 4, 5, and 6). The sflow receiver reserves the instance by writing its owner string into that instance on the sflow receiver table. The receiver also configures a receiver timeout value for itself. The agent counts down the receiver timeout; when the timeout nears expiration, the sflow receiver can reset the timeout to a higher value if it wants to retain control of the instance. But if the receiver no longer needs samples from the agent, it allows the timeout to expire. The agent erases the sflow receiver s owner string and allows another sflow receiver to claim the instance. When the sflow receiver reserves a receiver instance, it also configures one or both of two types of sflow instances. One type allows the receiver to receive flow samples, and the other allows it to receive counters from polled radios. When an sflow receiver automatically configures sflow, all settings are controlled through the sflow receiver s management software, including settings for flow sampling rates and counter polling intervals. You must ensure that the sflow receiver can contact the Wireless Edge Services xl Module via SNMP, but you do not need to complete any steps to set up sflow. (See SNMP Support on page 2-24 of Chapter 2: Configuring the ProCurve Wireless Edge Services xl Module.) 2. You configure the instance manually through the command line interface (CLI). Use this (or the next) option when the sflow receiver cannot configure the receiver instance itself. You might also choose this option for increased security. You control to which sflow receivers the Wireless Edge Services xl Module forwards datagrams. See Appendix A: ProCurve Wireless Services xl Module Command Line Reference. 3. You configure the instance manually through the Web browser interface (only instances 4, 5, and 6). As with the CLI option, use this option when the sflow receiver cannot configure the receiver instance itself or when you want more control. 14-5

Overview You must specify all settings, including the sflow receiver s IP address and port, as well as owner string and timeout. To enable packet sampling or counter polling, you must configure an available sflow instance of the appropriate type. Then match the instance to the receiver instance. This chapter focuses on configuring sflow manually through the Web browser interface. 14-6

Configuring sflow Using the Web Browser Interface The Wireless Edge Services xl Module s sflow agent is enabled by default. If your sflow receiver (sometimes called an sflow collector) can control the agent through SNMP, you do not need to configure the module further. You can check the module s sflow agent and verify that it is compatible with your sflow receiver s SNMP capabilities. Select Special Features > sflow > Agent. Figure 14-1. Special Features > sflow > Agent Screen 14-7

In order to manage an sflow agent, an sflow receiver must know how the agent implements sflow. The screen displays this information about the agent: sflow MIB Version the agent s MIB version. The MIB specifies how the agent extracts and bundles sampled data, and the sflow receiver must support the agent s MIB. The Wireless Edge Services xl Module s MIB version is 1.3, so your sflow collector s version must also be at least 1.3. Organization HP. The sflow receiver must also know the organization to identify the implementation of sflow on this agent. Revision the Wireless Edge Services xl Module s current software image. Address Type the protocol version for IP addresses. Address the Wireless Edge Services xl Module s management IP address. You should always configure a static address on the management interface when implementing sflow. If your sflow receiver cannot configure the Wireless Edge Services xl Module s sflow agent, you must configure sflow manually. Complete the following tasks to configure the Wireless Edge Services xl Module to act as an sflow agent: 1. Configure up to three sflow receiver instances through the Web browser interface. From the CLI, you can configure three more sflow receiver instances. 2. Configure flow sampling instances for RP radios: a. To control where the agent sends this radio s samples, match the flow sampling instances to receiver instances. b. Specify how frequently radios sample packets. 3. Configure counter polling instances for RP radios: a. To control where the agent sends this radio s counters, match the counter polling instances to receiver instances. b. Specify how frequently radios are polled for the counters. Manually Configuring sflow Receiver Instances Using the Web Browser Interface The Wireless Edge Services xl Module can forward sflow datagrams to up to six sflow receivers. For example, it could report to a PCM Plus server, to an Intrusion Detection System/Intrusion Prevention System (IDS/IPS), and to a server running a billing application. 14-8

Each receiver has its own receiver instance. Many receivers can configure the instance automatically. If you decide to configure instances manually, you can configure three receiver instances (1, 2, and 3) only through the CLI. (See Appendix A: ProCurve Wireless Services xl Module Command Line Reference.) The other receiver instances (4, 5, and 6), you can configure through the Web browser interface. When you specify the receiver manually, you must configure a variety of settings that the sflow receiver would otherwise configure itself. These settings include not only the receiver s IP address and port, but also how the module s sflow agent packages the samples. Follow these steps: 1. Select Special Features > sflow and select the Receiver tab. Figure 14-2. Special Features > sflow > Receiver Screen 2. The three receiver instances available for configuration through the Web browser interface are listed by index number (4, 5, and 6). Highlight one of the instances. 3. Click the Edit button. The Receiver Configuration screen is displayed. 14-9

Figure 14-3. Receiver Configuration Screen 4. In the Owner field, enter a string to identify the sflow receiver. 5. In the Time Out field, specify a value in seconds from 1 to 999999999 (roughly 31 years). The timeout reserves this receiver instance for the specified receiver for the set amount of time. Generally, when you configure an sflow receiver instance manually, you should set the timeout very high (to days or weeks). All settings in the instance are erased when the timeout expires, and you do not want to reconfigure the instance frequently. Always set a timeout. If you attempt set the timeout field to 0, your settings are immediately lost. 6. In the Maximum Datagram Size field, enter the maximum size of an sflow datagram in bytes. The valid range is from 800 to 1400 bytes, and the default is 1400. The primary reason to lower the size would be that devices between the Wireless Edge Services xl Module have low MTUs, but you do not want them to fragment the datagram. 7. In the Receiver Address field, enter the sflow receiver s IP address. 8. In the Receiver Port field, accept the default port (6343) or enter the UDP port used by this receiver. The valid range is from 1 to 65535. 14-10

9. From the 802.11 Map drop-down menu, choose how the module s sflow agent creates the sample. The default setting is Unchanged; the module creates the sample as specified by the 802.11 extensions to sflow. For example, it includes the 802.11 header. If your sflow receiver does not support the 802.11 extension, select Convert to Ethernet from the drop-down menu. The module s sflow agent then packages 802.11 samples to appear as Ethernet samples. Note that some receivers, such as PCM Plus, automatically set this option to match their capabilities. 10. Click the OK button. The value in the Time Out field begins to decrement immediately. When the timeout reaches zero, the Wireless Edge Services xl Module erases the Owner and Receiver Address fields and returns all other fields to their default settings. Set the Time Out value high enough that the module can implement sflow without frequent reconfiguration. Manually Activating Flow Sampling The Wireless Edge Services xl Module s sflow agent creates six separate sampling instances for each of its adopted RP radios. By default, however, flow sampling is disabled on all instances. To view the configuration for flow sampling, select Special Features > sflow and select the Flow Sampling tab. The screen lists every radio adopted by this module. The Data Source column lists each radio s index number and name. As you can see in Figure 14-4, each radio is listed three times: once for each of the three flow sampling sflow instances that are available for configuration through the Web browser interface. At factory defaults, the sampling instances have not been mapped to receiver instances and the sampling rate is 0 in other words, flow sampling is disabled. 14-11

Figure 14-4. Special Features > sflow > Flow Sampling Screen The Wireless Edge Services xl Module s sflow agent begins sampling a flow when either of two conditions are met: An sflow receiver contacts the module s sflow agent and claims an open flow sampling instance (the Receiver Instance column displays 0). In this case, the receiver configures the sampling rate. You map the flow sampling sflow instance to a manually configured receiver instance. In this case, you set the sampling rate. Follow these steps to enable flow sampling: 1. Select Special Features > sflow and select the Flow Sampling tab. 2. Select one of the sflow instances on the radio for which you want to sample the traffic. 3. Click the Edit button. The Flow Sampling Configuration screen is displayed. This screen displays the radio in question in the Data Source field. The sflow Instance field indicates which of the six instances for this radio you are configuring. (You cannot alter the number for the sflow instance. To configure a different instance number, return to the main screen and select that instance instead.) 14-12

Figure 14-5. Flow Sampling Configuration Screen 4. From the Receiver Instance drop-down menu, choose the receiver index number associated with the sflow receiver to which the module should send the samples. To easily track which settings apply to a specific sflow collector, match the sflow instance number to the receiver instance number. However, matching the numbers is not mandatory. Although you can choose one and only receiver for each flow, you can map multiple flows, even on the same radio, to the same receiver. For example, you could map different sflow instances to the same receiver, but choose a different sampling rate for the flows. 5. Enter a value between 50 and 65535 in the Packet Sampling Rate field. The value determines how often the radio sends the sflow agent a packet to be sampled. In other words, the radio sends every nth packet, and n is the value entered in the Packet Sampling Rate field. For example, if you enter 100, the radio sends one percent of the packets to be sampled. The accuracy of a sample increases as the absolute number of samples increases. One general guideline is to set the rate so that the radio sends about one sample per second. To determine the necessary rate, consider roughly how much traffic the radio typically handles. For example, if the radio handles about 1000 packets a second, you can set the rate to 1000. On the other hand, if the radio, on average, handles only 100 packets a second, it must sample traffic more frequently to achieve the same accuracy; set the rate to 100. 14-13

Of course, the activity on a radio changes over time, so there are no absolute rules for determining the best sampling rate. 6. Optionally, alter the value in the Maximum Header Size field to set the amount of data (in bytes) included in a sample. The module samples the specified number of bytes. For example, if you set the Maximum Header Size to 100, the module places the first 100 bytes of every sampled frame in a datagram. The value should match the size of the frame and packet header so that the entire header is forwarded. The valid range is from 100 to 128 bytes, and the default is 128. 7. Click the OK button. 8. Click the Save link to copy the configuration to the startup-config. Manually Activating Counter Polling In addition to sampling specific packets, an sflow agent can gather statistics about overall traffic flow, including: the number of inbound packets the number of outbound packets the number of retransmission attempts the number of transmission failures the number of packet errors The agent periodically polls its data sources for these statistics; for the Wireless Edge Services xl Module, the data sources are its RP radios. The module maintains six separate counter polling (sflow) instances for each radio. You can view the three configurable from the Web browser interface in the Special Features > sflow > Counter Polling screen. 14-14

Figure 14-6. Special Features > sflow > Counter Polling Screen The separate instances allow the agent to report counters to up to six sflow receivers. By default, counter polling is disabled: the instances are not mapped to receivers and the polling interval is set to 0. The sflow agent begins polling radios when either of the following occurs: An sflow receiver contacts the module s sflow agent and claims an available counter polling sflow instance. (An instance is available if the receiver instance is set to 0.) The receiver controls the configuration and sets the polling interval. You manually set a polling interval greater than 0 in a counter polling sflow instance. You also associate the polling sflow instance with a manually configured sflow receiver instance. To manually activate counter polling on a radio, follow these steps: 1. Select Special Features > sflow and select the Counter Polling tab. 2. Select one of the instances on the radio that you want to poll. 14-15

3. Click the Edit button. The Counter Polling Configuration screen is displayed. For the Data Source, the screen displays the index and name of the radio that the module s agent polls. The sflow Instance shows which of the six instances you are currently configuring. Figure 14-7. Counter Polling Configuration 4. Select 4, 5, or 6 from the Receiver Instance drop-down menu. The Wireless Edge Services xl Module s sflow agent sends the counters for this radio to the sflow collector associated with the selected instance. You can map this sflow instance to any receiver instance, even if that receiver is already mapped to another instance on this radio. 5. Enter a value between 20 and 65535 in the Interval field. This is the maximum length, in seconds, between polls on this radio. A lower value mandates more frequent polling. As always, balance the greater accuracy offered by frequent polling with the extra overhead. 6. Click the OK button. 7. Click the Save link to copy the configuration to the startup-config. 14-16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback