We use the below, and I measured the reported traffic a few times, sending exactly 1g / 10g files between a known source and destination; it was pretty accurate. You must use routed ports, SVI’s require netflow – which is not an option for you.
feature sflow sflow counter-poll-interval 30 sflow collector-ip 10.x.x.x vrf default source 10.x.x.x.x sflow collector-port 6344 (match the NFSEN listening port) sflow agent-ip x.x.x.x (this switch’s loopback match the source/vrf above) sflow data-source interface Ethernet1/51 sflow data-source interface Ethernet1/52 its Bi-directional so we only do north facing ports in leaf/spine then the matching entry on NFSEN’s conf file is: %sources = ( ‘HOSTNAME’ => { 'port' => '6344', 'IP' => '10.x.x.x, 'col' => '#0000ff', 'type' => 'sflow' } ); From: Satish Patel <satish....@gmail.com> Sent: Wednesday, March 20, 2019 1:23 PM To: Tim Stevenson (tstevens) <tstev...@cisco.com> Cc: Nick Cutting <ncutt...@edgetg.com>; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 9300 sflow performance This message originated from outside your organization. Thanks Tim, Here is the output of show hardware rate-limiter. ( i believe it's 40k) This is my first time dealing with SFLOW, Can you share some configuration parameter i should use for best practice would be great, What is 1-in-N sample actually? I am planning to use mgmt0 interface for SFLOW and its 1G so i assume it will handle all the flow. do you seeing any concern there? # show hardware rate-limiter Units for Config: packets per second Allowed, Dropped & Total: aggregated since last clear counters Module: 1 R-L Class Config Allowed Dropped Total +------------------+--------+---------------+---------------+-----------------+ L3 glean 100 0 0 0 L3 mcast loc-grp 3000 0 0 0 access-list-log 100 0 0 0 bfd 10000 0 0 0 exception 50 0 0 0 fex 3000 0 0 0 span 50 0 0 0 dpss 6400 0 0 0 sflow 40000 25134089890 0 25134089890 On Wed, Mar 20, 2019 at 12:07 PM Tim Stevenson (tstevens) <tstev...@cisco.com<mailto:tstev...@cisco.com>> wrote: > > Yes, this is 1st gen. The SFLOW/SPAN restriction should not apply there. > > Re: 60Gbps/24Mpps and SFLOW, SFLOW does not do aggregation of stats for flows > in the switch like netflow does - it's just 1-in-n packet sampling. As such, > the value of "n" should be high enough that both the switch & the collector > are not overburdened. Note that we will rate limit SFLOW copies to the CPU so > that's the first 'bottleneck'. If you end up tail-dropping samples, the > statistical validity of your sampled set goes out the window, so you want to > ensure that 1-in-n is a number that does not hit that rate limiter. > > I don't have a 1st gen switch handy to see what the defaults are for that > value. It should show up in 'sh hardware rate-limiter'. In 9300-EX with 9.2.2 > it's 40Kpps. > > Beyond that, you also want to make sure the collector is able to consume > everything coming from all sflow enabled switches without dropping, for the > same reason mentioned above. > > Hope that helps, > Tim > > > -----Original Message----- > From: Satish Patel <satish....@gmail.com<mailto:satish....@gmail.com>> > Sent: Wednesday, March 20, 2019 8:40 AM > To: Nick Cutting <ncutt...@edgetg.com<mailto:ncutt...@edgetg.com>> > Cc: Tim Stevenson (tstevens) <tstev...@cisco.com<mailto:tstev...@cisco.com>>; > cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > Subject: Re: [c-nsp] Nexus 9300 sflow performance > > We have cisco Nexus9000 C9396PX > > 60 Gbs is data traffic, and 24Mpps ( packet per second ) not sure how > to convert it into flows. Could you please share your sflow > configuration if you don't mind? > > I had nfsen in past with 8CPU / 4GB memory but it was damn slow :( > but it could be me.. i will set up again and see if it worth it or > not. > > On Wed, Mar 20, 2019 at 11:34 AM Nick Cutting > <ncutt...@edgetg.com<mailto:ncutt...@edgetg.com>> wrote: > > > > Good point. We waited for the second Gen > > > > Regarding 60 Gbs, isn’t that is the data traffic, not the flows or sampled > > flows levels? > > > > Our NFSEn box is centos > > > > 4 vCPU and 4 GBrams > > > > Collecting flows from maybe only 30 devices, about 20Gbs and 3k flows per > > sec. > > > > -----Original Message----- > > From: Tim Stevenson (tstevens) > > <tstev...@cisco.com<mailto:tstev...@cisco.com>> > > Sent: Wednesday, March 20, 2019 11:20 AM > > To: Nick Cutting <ncutt...@edgetg.com<mailto:ncutt...@edgetg.com>>; Satish > > Patel <satish....@gmail.com<mailto:satish....@gmail.com>>; > > cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > > Subject: RE: [c-nsp] Nexus 9300 sflow performance > > > > This message originated from outside your organization. > > > > Make sure you distinguish between N9300 (1st generation) and > > N9300-EX/FX/FX2 (2nd generation). The SFLOW + SPAN limitation applies only > > to the latter. It's also on the latter that Netflow is supported, which can > > run concurrently with SPAN sessions. > > > > Tim > > > > -----Original Message----- > > From: cisco-nsp > > <cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>> > > On Behalf Of Nick Cutting > > Sent: Wednesday, March 20, 2019 6:19 AM > > To: Satish Patel <satish....@gmail.com<mailto:satish....@gmail.com>>; > > cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > > Subject: Re: [c-nsp] Nexus 9300 sflow performance > > > > We use sflow on 9300's, no performance hit - but you cannot use span > > sessions at the same time. > > > > Newer code revisions support netflow, without the SPAN session limitation, > > although we have not tried netflow on the 9300 yet. > > > > For a collector We use NFSEN - opensource, and quite a big install base, > > and it seems to handle a lot of flows. > > > > It supports sflow and netflow as we have a mix, just make sure you add the > > sflow option at build time as it’s a bit funky old linux to add it after. > > > > > > > > -----Original Message----- > > From: cisco-nsp > > <cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>> > > On Behalf Of Satish Patel > > Sent: Wednesday, March 20, 2019 8:21 AM > > To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > > Subject: [c-nsp] Nexus 9300 sflow performance > > > > This message originates from outside of your organisation. > > > > Folks, > > > > I have L3 Nexus 9300 switch which is running 60Gbps traffic on ISP > > interface so I’m planning to run sflow on that specific interference to get > > flow. > > > > Does it going to create any performances issue on switch? > > > > Can I run sflow on Layer 3 LACP interface? > > > > Can anyone suggest free open source sflow collector? > > > > Sent from my iPhone > > _______________________________________________ > > cisco-nsp mailing list > > cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > > https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> > > archive at > > http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/> > > > > _______________________________________________ > > cisco-nsp mailing list > > cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> > > https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> > > archive at > > http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/> _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/