How to adjust sampled sFlow and Netflow


#1

Guys

Most customers are using sampled netflow/sFlow not un-sampled, so we also need to support it. The reason customer is using sampled netflow/sFlow is huge traffic volume of routers/switches. The router/switch will be overloaded if there is no sampling to netflow/sFlow generation, so almost customers are using sampled netflow/sFlow in live network.
Though there is no exact guideline about sampling ratio of netflow/sFlow, enterprise customer is using 1,024 sampling ratio and ISP/IDC customers are using over than 4,096 sampling ratio.

Unfortunately, I can’t find any sampling option for netflow/sFlow configuration. The version that I’m using is 6.2.2. In my humble opinion, we need to add sampling ratio option to netflow/sFlow configuration.

Let me know if you need anything.

Regards,
Jaeseog


#2

sFlow support was recently added in 6.2.

Here is a link to the release notes.
https://docs.extrahop.com/6.2/customers/eda-eca-release-notes/


#3

Yes, I know and I already checked sFlow reporting in customer site. What I found is the sFlow data of EDA is huge different from actual live data because we don’t support sampled sFlow/netflow configuration.

What I’m requesting is that we need to add new feature, sampling option, to sFlow/netflow functionality because most customer never use un-sampled sFlow/netflow in their network.

When router/switch did 1,024 sampled sFlow/netflow, one of 1,024 packets will be selected to make sFlow/netflow. Although 1,023 packets are ignored to sFlow/netflow, there is no problem regarding to accuracy of sFlow/netflow data. :slight_smile:

Currently we don’t support sampled sFlow/netflow, so I think this feature is very useful but we can’t use it in live network because un-sampled sFlow/netflow is useless.

Please review the following blog if possible.

Regards,
Jaeseog


#4

sFlow is sampled by definition. As such, the values are multiplied by the sampling rate. Have you compared ExtraHop metrics to a different sFlow collector? It’s possible that you’re observing the limitation of sampling in general.

We do not support sampled NetFlow today, though we may do so in the future depending on user demand.


#5

Sampled NetFlow would be great to see, as some Cisco devices will only allow sampled flow. Could the lack of support for Sampled NetFlow be the reason that I am able to see Flow Records, but no actual data coming from my ASA?