InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks
RFC 3176
| Document | Type |
RFC - Informational
(September 2001; No errata)
Was draft-phaal-sflow-montraffic (individual)
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 3176 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group P. Phaal
Request for Comments: 3176 S. Panchen
Category: Informational N. McKee
InMon Corp.
September 2001
InMon Corporation's sFlow: A Method for Monitoring Traffic in
Switched and Routed Networks
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This memo defines InMon Coporation's sFlow system. sFlow is a
technology for monitoring traffic in data networks containing
switches and routers. In particular, it defines the sampling
mechanisms implemented in an sFlow Agent for monitoring traffic, the
sFlow MIB for controlling the sFlow Agent, and the format of sample
data used by the sFlow Agent when forwarding data to a central data
collector.
Table of Contents
1. Overview ..................................................... 2
2. Sampling Mechanisms .......................................... 2
2.1 Sampling of Switched Flows ............................... 3
2.1.1 Distributed Switching .............................. 4
2.1.2 Random Number Generation ........................... 4
2.2 Sampling of Network Interface Statistics ................. 4
3. sFlow MIB .................................................... 5
3.1 The SNMP Management Framework ............................ 5
3.2 Definitions .............................................. 6
4. sFlow Datagram Format ........................................ 14
5. Security Considerations ...................................... 25
5.1 Control .................................................. 26
5.2 Transport ................................................ 26
5.3 Confidentiality .......................................... 26
6. References ................................................... 27
7. Authors' Addresses ........................................... 29
Phaal, et al. Informational [Page 1]
RFC 3176 InMon Corporation's sFlow September 2001
8. Intellectual Property Statement .............................. 30
9. Full Copyright Statement ..................................... 31
1. Overview
sFlow is a technology for monitoring traffic in data networks
containing switches and routers. In particular, it defines the
sampling mechanisms implemented in an sFlow Agent for monitoring
traffic, the sFlow MIB for controlling the sFlow Agent, and the
format of sample data used by the sFlow Agent when forwarding data to
a central data collector.
The architecture and sampling techniques used in the sFlow monitoring
system are designed to provide continuous site-wide (and network-
wide) traffic monitoring for high speed switched and routed networks.
The design specifically addresses issues associated with:
o Accurately monitoring network traffic at Gigabit speeds and higher.
o Scaling to manage tens of thousands of agents from a single point.
o Extremely low cost agent implementation.
The sFlow monitoring system consists of an sFlow Agent (embedded in a
switch or router or in a stand alone probe) and a central data
collector, or sFlow Analyzer.
The sFlow Agent uses sampling technology to capture traffic
statistics from the device it is monitoring. sFlow Datagrams are
used to immediately forward the sampled traffic statistics to an
sFlow Analyzer for analysis.
This document describes the sampling mechanisms used by the sFlow
Agent, the SFLOW MIB used by the sFlow Analyzer to control the sFlow
Agent, and the sFlow Datagram Format used by the sFlow Agent to send
traffic data to the sFlow Analyzer.
2. Sampling Mechanisms
The sFlow Agent uses two forms of sampling: statistical packet-based
sampling of switched flows, and time-based sampling of network
interface statistics.
Phaal, et al. Informational [Page 2]
RFC 3176 InMon Corporation's sFlow September 2001
2.1 Sampling of Switched Flows
A flow is defined as all the packets that are received on one
interface, enter the Switching/Routing Module and are sent to another
interface. In the case of a one-armed router, the source and
destination interface could be the same. In the case of a broadcast
or multicast packet there may be multiple destination interfaces.
The sampling mechanism must ensure that any packet involved in a flow
has an equal chance of being sampled, irrespective of the flow to
Show full document text