[c-nsp] Nexus 9300 sflow performance

Nick Cutting ncutting at edgetg.com
Wed Mar 20 13:34:53 EDT 2019 

We use the below, and I measured the reported traffic a few times, sending exactly 1g / 10g files between a known source and destination; it was pretty accurate.
You must use routed ports, SVI’s require netflow – which is not an option for you.

feature sflow
sflow counter-poll-interval 30
sflow collector-ip 10.x.x.x vrf default source 10.x.x.x.x
sflow collector-port 6344 (match the NFSEN listening port)
sflow agent-ip x.x.x.x (this switch’s loopback match the source/vrf above)
sflow data-source interface Ethernet1/51
sflow data-source interface Ethernet1/52

its Bi-directional so we only do north facing ports in leaf/spine

then the matching entry on NFSEN’s conf file is:

%sources = (
‘HOSTNAME’       => { 'port' => '6344', 'IP' => '10.x.x.x, 'col' => '#0000ff', 'type' => 'sflow' }
);
From: Satish Patel <satish.txt at gmail.com>
Sent: Wednesday, March 20, 2019 1:23 PM
To: Tim Stevenson (tstevens) <tstevens at cisco.com>
Cc: Nick Cutting <ncutting at edgetg.com>; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Nexus 9300 sflow performance

This message originated from outside your organization.

Thanks Tim,

Here is the output of show hardware rate-limiter. ( i believe it's 40k)

This is my first time dealing with SFLOW, Can you share some
configuration parameter i should use for best practice would be great,
What is 1-in-N sample actually?

I am planning to use mgmt0 interface for SFLOW and its 1G so i assume
it will handle all the flow. do you seeing any concern there?


# show hardware rate-limiter

Units for Config: packets per second
Allowed, Dropped & Total: aggregated since last clear counters


Module: 1
R-L Class Config Allowed Dropped Total
+------------------+--------+---------------+---------------+-----------------+
L3 glean 100 0 0 0
L3 mcast loc-grp 3000 0 0 0
access-list-log 100 0 0 0
bfd 10000 0 0 0
exception 50 0 0 0
fex 3000 0 0 0
span 50 0 0 0
dpss 6400 0 0 0
sflow 40000 25134089890 0 25134089890

On Wed, Mar 20, 2019 at 12:07 PM Tim Stevenson (tstevens)
<tstevens at cisco.com<mailto:tstevens at cisco.com>> wrote:
>
> Yes, this is 1st gen. The SFLOW/SPAN restriction should not apply there.
>
> Re: 60Gbps/24Mpps and SFLOW, SFLOW does not do aggregation of stats for flows in the switch like netflow does - it's just 1-in-n packet sampling. As such, the value of "n" should be high enough that both the switch & the collector are not overburdened. Note that we will rate limit SFLOW copies to the CPU so that's the first 'bottleneck'. If you end up tail-dropping samples, the statistical validity of your sampled set goes out the window, so you want to ensure that 1-in-n is a number that does not hit that rate limiter.
>
> I don't have a 1st gen switch handy to see what the defaults are for that value. It should show up in 'sh hardware rate-limiter'. In 9300-EX with 9.2.2 it's 40Kpps.
>
> Beyond that, you also want to make sure the collector is able to consume everything coming from all sflow enabled switches without dropping, for the same reason mentioned above.
>
> Hope that helps,
> Tim
>
>
> -----Original Message-----
> From: Satish Patel <satish.txt at gmail.com<mailto:satish.txt at gmail.com>>
> Sent: Wednesday, March 20, 2019 8:40 AM
> To: Nick Cutting <ncutting at edgetg.com<mailto:ncutting at edgetg.com>>
> Cc: Tim Stevenson (tstevens) <tstevens at cisco.com<mailto:tstevens at cisco.com>>; cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Nexus 9300 sflow performance
>
> We have cisco Nexus9000 C9396PX
>
> 60 Gbs is data traffic, and 24Mpps ( packet per second ) not sure how
> to convert it into flows. Could you please share your sflow
> configuration if you don't mind?
>
> I had nfsen in past with 8CPU / 4GB memory but it was damn slow :(
> but it could be me.. i will set up again and see if it worth it or
> not.
>
> On Wed, Mar 20, 2019 at 11:34 AM Nick Cutting <ncutting at edgetg.com<mailto:ncutting at edgetg.com>> wrote:
> >
> > Good point. We waited for the second Gen
> >
> > Regarding 60 Gbs, isn’t that is the data traffic, not the flows or sampled flows levels?
> >
> > Our NFSEn box is centos
> >
> > 4 vCPU and 4 GBrams
> >
> > Collecting flows from maybe only 30 devices, about 20Gbs and 3k flows per sec.
> >
> > -----Original Message-----
> > From: Tim Stevenson (tstevens) <tstevens at cisco.com<mailto:tstevens at cisco.com>>
> > Sent: Wednesday, March 20, 2019 11:20 AM
> > To: Nick Cutting <ncutting at edgetg.com<mailto:ncutting at edgetg.com>>; Satish Patel <satish.txt at gmail.com<mailto:satish.txt at gmail.com>>; cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> > Subject: RE: [c-nsp] Nexus 9300 sflow performance
> >
> > This message originated from outside your organization.
> >
> > Make sure you distinguish between N9300 (1st generation) and N9300-EX/FX/FX2 (2nd generation). The SFLOW + SPAN limitation applies only to the latter. It's also on the latter that Netflow is supported, which can run concurrently with SPAN sessions.
> >
> > Tim
> >
> > -----Original Message-----
> > From: cisco-nsp <cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>> On Behalf Of Nick Cutting
> > Sent: Wednesday, March 20, 2019 6:19 AM
> > To: Satish Patel <satish.txt at gmail.com<mailto:satish.txt at gmail.com>>; cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> > Subject: Re: [c-nsp] Nexus 9300 sflow performance
> >
> > We use sflow on 9300's, no performance hit - but you cannot use span sessions at the same time.
> >
> > Newer code revisions support netflow, without the SPAN session limitation, although we have not tried netflow on the 9300 yet.
> >
> > For a collector We use NFSEN - opensource, and quite a big install base, and it seems to handle a lot of flows.
> >
> > It supports sflow and netflow as we have a mix, just make sure you add the sflow option at build time as it’s a bit funky old linux to add it after.
> >
> >
> >
> > -----Original Message-----
> > From: cisco-nsp <cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>> On Behalf Of Satish Patel
> > Sent: Wednesday, March 20, 2019 8:21 AM
> > To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> > Subject: [c-nsp] Nexus 9300 sflow performance
> >
> > This message originates from outside of your organisation.
> >
> > Folks,
> >
> > I have L3 Nexus 9300 switch which is running 60Gbps traffic on ISP interface so I’m planning to run sflow on that specific interference to get flow.
> >
> > Does it going to create any performances issue on switch?
> >
> > Can I run sflow on Layer 3 LACP interface?
> >
> > Can anyone suggest free open source sflow collector?
> >
> > Sent from my iPhone
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> > archive at http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> > archive at http://puck.nether.net/pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>

More information about the cisco-nsp mailing list