Sflow 與 Netflow 主要目的都是分析流量,主要差別在於
sflow 使用 sample 取樣, 最小取樣 取決於交換器功能,最小 512 封包取一封包當樣本,多的話 可設定到 10000封包取一個樣本
Netflow 可以最高可以設定到 1:1 ,整個流量 導往分析軟體。
詳細設定請參考附件
Cisco netflow 啟動設定參考
p classless
ip route 20.1.1.1 255.255.255.255 Null0
ip route 171.69.1.129 255.255.255.255 10.0.101.1
ip flow-export version 5
ip flow-export destination 10.42.42.1 9991
ip flow-sampling-mode packet-interval 100
!
簡單說明 幾個觀念
先設定 Agent IP ... 通常就是 Switch 的IP 位址。
# Configure the IP address of the AC as 3.3.3.1.
<AC> system-view
[AC] sflow agent ip 3.3.3.1
指定接收伺服器 IP 位址
# Specify sFlow collector ID 2, IP address 3.3.3.2, the default port number, and description of netserver for the sFlow collector.
[AC] sflow collector 2 ip 3.3.3.2 description netserver
設定啟動介面 封包擷取頻率 以及封包擷取目的
[AC] interface wlan-ess 1 ==>切換 介面 (交換器實體介面或是無線網路 WLAN-ESS 虛擬介面 )
[AC-WLAN-ESS1] sflow counter interval 120 ==>每120 秒 傳送一次sflow 封包
# Specify sFlow collector 2 for counter sampling.
[AC-WLAN-ESS1] sflow counter collector 2 ==> Sflow 傳送目的地
[AC-WLAN-ESS1] sflow sampling-rate 4000 ==> Sflow 每四千的封包擷取一個 sample
[AC-WLAN-ESS1] sflow flow collector 2
驗證 sflow 是否有啟動
[AC-WLAN-ESS1] display sflow
sFlow Version: 5
sFlow Global Information:
Agent IP:3.3.3.1(CLI)
Source Address:
Collector Information:
ID IP Port Aging Size Description
1 6343 0 1400
2 3.3.3.2 6543 N/A 1400 netserver
3 6343 0 1400
4 6343 0 1400
5 6343 0 1400
6 6343 0 1400
7 6343 0 1400
8 6343 0 1400
9 6343 0 1400
10 6343 0 1400
sFlow Port Information:
Interface CID Interval(s) FID MaxHLen Rate Mode Status
WLAN-ESS1 2 120 2 128 4000 Random Active
WLAN-DBSS1:6 2 120 2 128 4000 Random Active
部分 交換器 可以使用 下列指令觀看
[hp]_hide
[hp]_hidecmd
Now you enter a hidden command view for developer's testing, some commands may
affect operation by wrong use, please carefully use it with our engineer's
direction.
Display sflow statistics 可以觀看 sflow 封包傳送狀態
網路上 查的隱藏指令參考資料,資料來源 http://guolc.blogspot.jp/2013/05/hp-h3c-some-hidden-commands.html
Depending on your device it will unlock different options :
On the 7500 Switch:
_bgp_display_debuginfo_detail Cancel current setting
_debugging Specify the slot number
_device Display device information
_display Display current system information
_exp_memfail_malloc Display current system information
_fib Specify FIB configuration information
_igmp-static-group Generate many group membership protocol
specific static-group routes
_ip-check-source IP
_memory Memory operations
_mld-static-group Generate many group membership protocol
specific static-group routes
_remove Display device program debugging
information
_reset Reset operation
_terminal Settings of terminal
_test Test trap send
_write Write register
On the 7500 Wireless Access Controller:
_debugging Display device program debugging information
_display Display current system information
_fib Specify FIB configuration information
_memory Memory operations
_reset Reset operation
_terminal Settings of terminal
_test Test trap send
_write Write register
On the 5500-SI Switch:
_debugging Display device program debugging information
_display Display driver modules information
_fib Specify FIB configuration information
_memory Memory operations
_reset Reset operation
_terminal Settings of terminal
_test Test trap send
_write Write register