ExtremeCloud IQ- Site Engine & Extreme Management Center

 View Only
Expand all | Collapse all

Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

Stephane Grosjean

Stephane Grosjean07-03-2018 10:38

  • 1.  Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 07:24
    Hello everybody

    I would like to configure the Extreme Switches (x440-G2, with version 22.4) to sending sflow/netflow data direct to the Extreme Analytics. I heard this is now possible without having a flowcollector enginge like PV FC-180 installed. Is this true? Because I couldn't find any referenced documentation to this. Thank you very much for your feedback.

    Best regards, Yves


  • 2.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 07:34
    Hello, I have made this working in my lab using Analytics 8.1.1EA2 and it is possible,. Some manual actions are needed on XMC but after that it can work. You could run into problems due to ACL limitations on the X440G2 but it can work.


  • 3.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 07:38
    Hi Oskar, I have the same Analytics version running. Do you have a configuration example or a documentation of this? Thank you.



  • 4.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:04
    Ok, some file editing is needed now to make it work.
    On XMC, copy sflow,pol.
    cp /usr/local/Extreme_Networks/NetSight/appdata/Purview/Fingerprints/sflow.pol /tftpboot/

    On Analytics, edit file /opt/appid/conf/appidconfig.xml and change interfaces to be like:
    [i]

    [i]



    Restart analytics or appid after this.

    On XMC go to analytics, configuration and on your engine add an application telemetry source (the switch) and enforce.



  • 5.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:04
    Hi Oskar, it's me again. Are we talking here about sflow+ ? Because my workmate said, it has to run with sflow+ and not only with sflow.


  • 6.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:04
    sflow together with a mirror config.

    TestAnalytics.1 # sh sflow
    SFLOW Global Configuration
    Global Status: enabled
    Polling interval: 60
    Sampling rate: 1024
    Maximum cpu sample limit: 2000
    SFLOW Configured Agent IP: 10.116.3.89 Operational Agent IP: 10.116.3.89
    Collectors
    Collector IP 10.116.2.209, Port 6343, VR "VR-Default"

    SFLOW Port Configuration
    Port Status Sample-rate Subsampling Sflow-type
    Config / Actual factor Ingress / Egress
    1 enabled 1024 / 1024 1 enabled / disabled
    2 enabled 1024 / 1024 1 enabled / disabled
    TestAnalytics.2 # sh mirror

    DefaultMirror (Disabled)
    Description: Default Mirror Instance, created automatically
    Mirror to port: -

    EAN (Enabled)
    Description:
    Mirror to remote IP: 10.116.2.209 VR : VR-Default
    From IP : 10.116.3.89 Ping check: Off
    Status : Up

    Mirrors defined: 2
    Mirrors enabled: 1 (Maximum 4)
    HW filter instances used: 0 (Maximum 128)



  • 7.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:14
    I don't have a sflow.pol file.
    And how/where can I add a "application telemetry source"?

    What do I have to configure on the switch side?

    Thank you


  • 8.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:17
    You add the app telemetry source under flow sources.
    Maybe the sflow.pol file is only created once you do a first enforce.
    On the switch I think all should be configured by Analytics.


  • 9.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 02-28-2018 08:23
    Okay, found it, thx.
    I did an enforce (without adding a telemetry source) but the file isn't there yet.

    I guess I have to test it first in the lab, before I add a switch to the Analytics on customer site. Because I have no idea how business critical this is.


  • 10.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 03-02-2018 13:55
    I tried it with "Application Telemetry Source" (I guess this is for SFlow+).
    But I got the following errors when I add the source Switch.

    -> if {! $OverallResult} {
    2018-03-02 15:51:52,183 INFO [stdout] Script failed : configure access-list sflow.pol any ingress
    2018-03-02 15:51:52,185 INFO [stdout] .
    2018-03-02 15:51:52,185 INFO [stdout] Error: ACL install operation failed - filter hardware full for vlan *, port *
    2018-03-02 15:51:52,185 INFO [stdout] * switchname.14 #
    2018-03-02 15:51:52,188 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] Error in step 2 of enabling SFlow+ source for 10.37.1.52
    2018-03-02 15:51:52,192 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] javax.script.ScriptException:
    *** Script Error ***
    Die command issued: Script failed : configure access-list sflow.pol any ingress
    .
    Error: ACL install operation failed - filter hardware full for vlan *, port *
    * switchname.14 #

    --> I've already run this command: "configure access-list vlan-acl-precedence shared" and rebooted the switch.

    The configuration is a default setup.



  • 11.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 03-02-2018 15:39
    Have the same problem on X440-G2:
    Error: ACL install operation failed - filter hardware full for vlan *, port *


  • 12.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 03-02-2018 15:39
    this is a known CR, that will be fixed (if not already)


  • 13.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 03-12-2018 07:07
    Try to configure the access-list width to double.
    The command to do this is:

    configure access-list width double



  • 14.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 04-06-2018 08:02
    Hi Oscar,

    I've also test this, but gets the same error as Yves & Bernhard. I've used 22.4.1.4-patch1-2, but we're also working with Policy enabled. So couldn't run the command:

    configure access-list width double slot 1

    WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.


  • 15.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 04-06-2018 09:22
    Hello everybody: I got the following information: To use an ExtremeSwitching X440-G2 switch as an Application Telemetry source for ExtremeAnalytics, install firmware version 22.4.1.4-patch2-5 or higher.


  • 16.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 04-06-2018 10:13
    Hi Yves,

    Ok thanks for the information. The firmware 22.4.1.4-patch2-5 isn't yet available at the partner portal of Extreme Networks?

    Kind Regards,
    Kevin.


  • 17.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 04-24-2018 06:20
    Hello Kevin, 22.4.1.4-patch2-5 is a private patch and is not publically available. You can get this patch by opening a case.
    22.5 will also contain the fix once it is available (expected end of May).


  • 18.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

    Posted 04-24-2018 06:24
    Hi Oscar,

    Ok thanks for the information, I will contact Extreme GTAC.

    Kind Regards,
    Kevin.


  • 19.  RE: Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)