InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks
RFC 3176
Document | Type |
RFC - Informational
(September 2001; No errata)
Was draft-phaal-sflow-montraffic (individual)
|
|
---|---|---|---|
Authors | Sonia Panchen , Neil McKee , Peter Phaal | ||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 3176 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group P. Phaal Request for Comments: 3176 S. Panchen Category: Informational N. McKee InMon Corp. September 2001 InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract This memo defines InMon Coporation's sFlow system. sFlow is a technology for monitoring traffic in data networks containing switches and routers. In particular, it defines the sampling mechanisms implemented in an sFlow Agent for monitoring traffic, the sFlow MIB for controlling the sFlow Agent, and the format of sample data used by the sFlow Agent when forwarding data to a central data collector. Table of Contents 1. Overview ..................................................... 2 2. Sampling Mechanisms .......................................... 2 2.1 Sampling of Switched Flows ............................... 3 2.1.1 Distributed Switching .............................. 4 2.1.2 Random Number Generation ........................... 4 2.2 Sampling of Network Interface Statistics ................. 4 3. sFlow MIB .................................................... 5 3.1 The SNMP Management Framework ............................ 5 3.2 Definitions .............................................. 6 4. sFlow Datagram Format ........................................ 14 5. Security Considerations ...................................... 25 5.1 Control .................................................. 26 5.2 Transport ................................................ 26 5.3 Confidentiality .......................................... 26 6. References ................................................... 27 7. Authors' Addresses ........................................... 29 Phaal, et al. Informational [Page 1] RFC 3176 InMon Corporation's sFlow September 2001 8. Intellectual Property Statement .............................. 30 9. Full Copyright Statement ..................................... 31 1. Overview sFlow is a technology for monitoring traffic in data networks containing switches and routers. In particular, it defines the sampling mechanisms implemented in an sFlow Agent for monitoring traffic, the sFlow MIB for controlling the sFlow Agent, and the format of sample data used by the sFlow Agent when forwarding data to a central data collector. The architecture and sampling techniques used in the sFlow monitoring system are designed to provide continuous site-wide (and network- wide) traffic monitoring for high speed switched and routed networks. The design specifically addresses issues associated with: o Accurately monitoring network traffic at Gigabit speeds and higher. o Scaling to manage tens of thousands of agents from a single point. o Extremely low cost agent implementation. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand alone probe) and a central data collector, or sFlow Analyzer. The sFlow Agent uses sampling technology to capture traffic statistics from the device it is monitoring. sFlow Datagrams are used to immediately forward the sampled traffic statistics to an sFlow Analyzer for analysis. This document describes the sampling mechanisms used by the sFlow Agent, the SFLOW MIB used by the sFlow Analyzer to control the sFlow Agent, and the sFlow Datagram Format used by the sFlow Agent to send traffic data to the sFlow Analyzer. 2. Sampling Mechanisms The sFlow Agent uses two forms of sampling: statistical packet-based sampling of switched flows, and time-based sampling of network interface statistics. Phaal, et al. Informational [Page 2] RFC 3176 InMon Corporation's sFlow September 2001 2.1 Sampling of Switched Flows A flow is defined as all the packets that are received on one interface, enter the Switching/Routing Module and are sent to another interface. In the case of a one-armed router, the source and destination interface could be the same. In the case of a broadcast or multicast packet there may be multiple destination interfaces. The sampling mechanism must ensure that any packet involved in a flow has an equal chance of being sampled, irrespective of the flow toShow full document text