19.1.3 sFlow packet-format
This section describes sFlow packets (flow sample and counter sample) that the Switch sends to a collector. The format used to send the packets to a collector is defined in RFC 3176. The following figure shows the sFlow packet format.
|
|
![[Figure Data]](./GRAPHICS/ZU214040.GIF)
In the Switch, flow samples and counter samples are not stored in a single sFlow packet at the same time.
- <Structure of this section>
(1) sFlow headers
The following table describes information set in the sFlow header.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
Version number |
sFlow packet version (Versions 2 and 4 are supported.) |
OK |
|
Address type |
IP type of the agent (where 1 is IPv4, and 2 is IPv6) |
OK |
|
Agent IP address |
Agent IP address |
OK |
|
Sequence number |
Number incremented each time an sFlow packet is generated |
OK |
|
Generation time |
Time in milliseconds since the switch started |
OK |
|
Number of samples |
Number of sampled (flow and counter) packets contained in the signal. (n+m is set in the "Diagram 19-4 sFlow Packet Format.") |
OK |
Legend: OK: Supported
(2) Flow sample
Flow sample is the format used to retrieve packets from among the received packets that are to be forwarded to another switch or sent to the Switch at a specified sampling interval for transmission to a collector. However, the Switch does not support flow samples for packets destined for the Switch. In addition to the monitored packets, the flow sample also collects information that is not included in the packets (incoming interface, outgoing interface, and so on) for detailed network monitoring. The following figure shows the flow sample format.
|
|
![[Figure Data]](./GRAPHICS/ZU214050.GIF)
(a) Flow sample header
The following table describes the information set in the flow sample header.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
sequence_number |
Number incremented each time a flow sample is generated |
OK |
|
source_id |
The SNMP Interface Index, which indicates the source on a switch from which the flow sample was created (receiving interface) |
OK # |
|
sampling_rate |
Sampling rate of flow samples |
OK |
|
sample_pool |
Total number of packets arriving at an interface |
OK |
|
drops |
Total number of discarded flow samples Set 0 fixed in this machine. |
OK |
|
input |
SNMP Interface Index of the receiving interfaces If the interface is unknown, 0 is set. |
OK # |
|
output |
SNMP Interface Index of outgoing interfaces Set to 0 if the sending interface is unknown |
OK # |
Legend: OK: Supported, NG: Not supported.
#: The table below shows SNMP Interface Index (subsequent ifindex) for the Switch depending on the sampling position.
|
Item |
Receive (Ingress) |
Send (Egress) |
|---|---|---|
|
source_id |
Ifindex of the receiving interfaces |
Ifindex of outgoing interfaces |
|
input |
Ifindex of the receiving interfaces |
Fixed value of 0 |
|
output |
Fixed value of 0 |
Ifindex of outgoing interfaces |
(b) Basic data format
There are three basic data format types (header, IPv4, and IPv6), but only one can be set. By default, the header type is set as the basic data type. If you want to use the IPv4 type or the IPv6 type, use a configuration command to change the setting. The following tables describe the formats.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
packet_information_type |
Basic data format type (header type is 1) |
OK |
|
header_protocol |
Header protocol number (ETHERNET is 1) |
OK |
|
frame_length |
Length of the original packet |
OK |
|
header_length |
Length of a packet as sampled (default length is 128) |
OK |
|
header<> |
Contents of the sampled packet |
OK |
Legend: OK: Supported
Note: This format is used if a packet cannot be analyzed as an IP packet.
|
Configuration items |
Description |
Support* |
|---|---|---|
|
packet_information_type |
Basic data format type (IPv4 type is 2) |
OK |
|
length |
Length of the IPv4 packet |
OK |
|
protocol |
IP protocol type (f where 6 is TCP and 17 is UDP, for example) |
OK |
|
src_ip |
Source IP address |
OK |
|
dst_ip |
Destination IP address |
OK |
|
src_port |
Source port number |
OK |
|
dst_port |
Destination port number |
OK |
|
tcp_flags |
TCP flag |
OK |
|
TOS |
IP TOS (type of service) |
OK |
Legend: OK: Supported
#: If a frame with two or more VLAN Tag is the target, it is not collected in sFlow datagram.
|
Configuration items |
Description |
Support*1 |
|---|---|---|
|
packet_information_type |
Basic data format type (IPv6 type is 3) |
OK |
|
length |
Length of the IPv6 packet excluding the lower layers |
OK |
|
protocol |
IP protocol type (f where 6 is TCP and 17 is UDP, for example) |
OK |
|
src_ip |
Source IP address |
OK |
|
dst_ip |
Destination IP address |
OK |
|
src_port |
Source port number |
OK |
|
dst_port |
Destination port number |
OK |
|
tcp_flags |
TCP flag |
OK |
|
priority |
Priority #2 |
OK |
Legend: OK: Supported
#1: If a frame with a VLAN Tag that is 2 or more stages is subject to processing, the data is not collected in sFlow packetsI will.
#2: The Switch collects traffic classes.
(c) Extended data format
There are five types of extended data formats: switch type, router type, gateway type, user type, and URL type. By default, the Switch collects all extended data formats, but only the extended formats that can be collected are sent to the collector. This format can be changed by using the configuration file. The following tables describe the formats.
|
Extended data type |
Description |
Supported |
|---|---|---|
|
Switch type |
Collects switch information (such as VLAN information). |
OK |
|
Router type |
Collects router information (such as NextHop). |
NG #1 |
|
Gateway type |
Collects gateway information (such as AS the number). |
NG #1 |
|
User type |
Collects user information (such as TACACS or RADIUS information). |
OK #2 |
|
URL type |
Collects URL information. |
OK #2 |
Legend: OK: Supported, NG: Not supported.
1 Although a configuration can be specified, it is not actually collected because the conditions to be collected are not satisfied.
#2: If a VLAN-tagged frame with multiple tiers is the target, information is not collected in sFlow packets.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
extended_information_type |
Extended data format type (switch type is 1) |
OK |
|
src_vlan |
802.1Q VLAN ID of a received packet |
OK #1 |
|
src_priority |
802.1p priority of a received packet |
OK #1 |
|
dst_vlan |
802.1Q VLAN ID of a received packet |
NG #2 |
|
dst_priority |
802.1p priority of a sent packet |
NG #2 |
Legend: OK: Supported, NG: Not supported.
#1: For outgoing packets sent by the Switch, the information for outgoing packets is set.
#2: Fixed at 0 because the value is not supported.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
extended_information_type |
Extended data format type (user type is 4) |
OK |
|
src_user_len |
Length of the user name of the source |
OK |
|
src_user<> |
User name of the source |
OK |
|
dst_user_len |
Destination User Name Length |
NG # |
|
dst_user<> |
User name of the destination |
NG # |
Legend: OK: Supported, NG: Not supported.
#: Fixed at 0 because the item is not supported
|
Configuration items |
Description |
Supported |
|---|---|---|
|
extended_information_type |
Extended data format type (URL type is 5) |
OK |
|
url_direction |
URL information source (The source address is 1, and the destination address is 2.) 2 fixed is set in this equipment. |
OK |
|
url_len |
URL length |
OK |
|
url<> |
Contents of the URL |
OK |
Legend: OK: Supported
(3) Counter sample
A counter sample sends interface statistics (number of arrived packets and number of errors). Also, the format to be sent to a collector is determined according to the interface type. The following figure shows the counter sample format.
|
|
![[Figure Data]](./GRAPHICS/ZU214060.GIF)
(a) Counter sample header
The following table describes the information set in the counter sample header.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
sequence_number |
Number incremented each time a counter sample is generated |
OK |
|
source_id |
The SNMP Interface Index, which indicates the source (specific port) on a switch for the counter sample |
OK |
|
sampling_interval |
Interval at which counter samples are sent to a collector |
OK |
Legend: OK: Supported
(b) Counter sample type
The counter sample types reflect interface types and are collected according to this classification. The following table describes the items set for counter sample type.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
GENERIC |
General statistics (counters_type is set to 1) |
NG #1 |
|
ETHERNET |
Ethernet statistics (counters_type is set to 2) |
OK |
|
TOKENRING |
Token ring statistics (counters_type is set to 3) |
NG #1 |
|
FDDI |
FDDI statistics (counters_type is set to 4) |
NG #1 |
|
100BaseVG |
VG statistics (counters_type is set to 5) |
NG #1 |
|
WAN |
WAN statistics (counters_type is set to 6) |
NG #1 |
|
VLAN |
VLAN statistics (counters_type is set to 7) |
NG #2 |
Legend: OK: Supported, NG: Not supported.
#1: This interface type is not supported by the Switch.
#2: The Switch does not support VLAN statistics.
(c) Counter sample information
Counter sample information to be collected varies according to the counter sample type. Except for VLAN statistics, information is sent according to the statistics used by MIBs. The following table describes items set as counter sample information.
|
Configuration items |
Description |
Supported |
|---|---|---|
|
GENERIC |
General statistics (see RFC 2233) |
NG |
|
ETHERNET |
Ethernet statistics (see RFC 2358) |
OK # |
|
TOKENRING |
Token ring statistics (see RFC 1748) |
NG |
|
FDDI |
FDDI statistics (see RFC 1512) |
NG |
|
100BaseVG |
VG statistics (see RFC 2020) |
NG |
|
WAN |
WAN statistics (see RFC 2233) |
NG |
|
VLAN |
VLAN statistics (see RFC 3176) |
NG |
Legend: OK: Supported, NG: Not supported.
#: Among the Ethernet statistics, ifDirection and dot3StatsSymbolErrors cannot be collected.