Sending flow data from a switch direct to ExtremeAnalytics (without a flowcollector engine)

  • 1
  • 2
  • Question
  • Updated 3 weeks ago
  • Answered
Hello everybody

I would like to configure the Extreme Switches (x440-G2, with version 22.4) to sending sflow/netflow data direct to the Extreme Analytics. I heard this is now possible without having a flowcollector enginge like PV FC-180 installed. Is this true? Because I couldn't find any referenced documentation to this. Thank you very much for your feedback.

Best regards, Yves
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb

Posted 5 months ago

  • 1
  • 2
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
Hello, I have made this working in my lab using Analytics 8.1.1EA2 and it is possible,. Some manual actions are needed on XMC but after that it can work. You could run into problems due to ACL limitations on the X440G2 but it can work.
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Hi Oskar, I have the same Analytics version running. Do you have a configuration example or a documentation of this? Thank you.
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
Ok, some file editing is needed now to make it work.
On XMC, copy sflow,pol.
cp /usr/local/Extreme_Networks/NetSight/appdata/Purview/Fingerprints/sflow.pol /tftpboot/

On Analytics, edit file /opt/appid/conf/appidconfig.xml and change interfaces to be like:

<Interfaces>

    <Interface name="eth0" method="pmmap" SwitchType="ERSPAN"/>

  </Interfaces>

Restart analytics or appid after this.

On XMC go to analytics, configuration and on your engine add an application telemetry source (the switch) and enforce.
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Hi Oskar, it's me again. Are we talking here about sflow+ ? Because my workmate said, it has to run with sflow+ and not only with sflow.
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
sflow together with a mirror config.

TestAnalytics.1 # sh sflow
SFLOW Global Configuration
Global Status: enabled
Polling interval: 60
Sampling rate: 1024
Maximum cpu sample limit: 2000
SFLOW Configured Agent IP: 10.116.3.89 Operational Agent IP: 10.116.3.89
Collectors
Collector IP 10.116.2.209, Port 6343, VR "VR-Default"

SFLOW Port Configuration
Port      Status           Sample-rate         Subsampling       Sflow-type        
                       Config   /  Actual      factor        Ingress  /  Egress    
1         enabled     1024      /  1024         1          enabled   /  disabled
2         enabled     1024      /  1024         1          enabled   /  disabled
TestAnalytics.2 # sh mirror 

DefaultMirror   (Disabled)
    Description:    Default Mirror Instance, created automatically
    Mirror to port: -

EAN   (Enabled)
    Description:    
    Mirror to remote IP: 10.116.2.209       VR        : VR-Default
    From IP            : 10.116.3.89        Ping check: Off
    Status             : Up

Mirrors defined:          2 
Mirrors enabled:          1 (Maximum 4)
HW filter instances used: 0 (Maximum 128)
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
I don't have a sflow.pol file.
And how/where can I add a "application telemetry source"?

What do I have to configure on the switch side?

Thank you
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
You add the app telemetry source under flow sources. 
Maybe the sflow.pol file is only created once you do a first enforce. 
On the switch I think all should be configured by Analytics.
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Okay, found it, thx.
I did an enforce (without adding a telemetry source) but the file isn't there yet.

I guess I have to test it first in the lab, before I add a switch to the Analytics on customer site. Because I have no idea how business critical this is.
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
I tried it with "Application Telemetry Source" (I guess this is for SFlow+).
But I got the following errors when I add the source Switch.

-> if {! $OverallResult} {
2018-03-02 15:51:52,183 INFO [stdout] Script failed : configure access-list sflow.pol any ingress
2018-03-02 15:51:52,185 INFO [stdout] .
2018-03-02 15:51:52,185 INFO [stdout] Error: ACL install operation failed - filter hardware full for vlan *, port *
2018-03-02 15:51:52,185 INFO [stdout] * switchname.14 #
2018-03-02 15:51:52,188 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] Error in step 2 of enabling SFlow+ source for 10.37.1.52
2018-03-02 15:51:52,192 ERROR [com.enterasys.netsight.appid.server.webapps.monitor.AppIdDwr] javax.script.ScriptException:
*** Script Error ***
Die command issued: Script failed : configure access-list sflow.pol any ingress
.
Error: ACL install operation failed - filter hardware full for vlan *, port *
* switchname.14 #


--> I've already run this command: "configure access-list vlan-acl-precedence shared" and rebooted the switch.

The configuration is a default setup.
Photo of Bernhard Gruenwald

Bernhard Gruenwald

  • 250 Points 250 badge 2x thumb
Have the same problem on X440-G2:
Error: ACL install operation failed - filter hardware full for vlan *, port *
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,562 Points 10k badge 2x thumb
this is a known CR, that will be fixed (if not already)
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
Try to configure the access-list width to double.
The command to do this is:

 configure access-list width double 
Photo of Kevin Beyers

Kevin Beyers

  • 80 Points 75 badge 2x thumb
Hi Oscar,

I've also test this, but gets the same error as Yves & Bernhard. I've used 22.4.1.4-patch1-2, but we're also working with Policy enabled. So couldn't run the command:

configure access-list width double slot 1

WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.
Photo of Yves Haslimann

Yves Haslimann

  • 898 Points 500 badge 2x thumb
Hello everybody: I got the following information: To use an ExtremeSwitching X440-G2 switch as an Application Telemetry source for ExtremeAnalytics, install firmware version 22.4.1.4-patch2-5 or higher.
Photo of Kevin Beyers

Kevin Beyers

  • 80 Points 75 badge 2x thumb
Hi Yves,

Ok thanks for the information. The firmware 22.4.1.4-patch2-5 isn't yet available at the partner portal of Extreme Networks?

Kind Regards,
Kevin.
Photo of OscarK

OscarK, ESE

  • 7,732 Points 5k badge 2x thumb
Hello Kevin, 22.4.1.4-patch2-5 is a private patch and is not publically available. You can get this patch by opening a case. 
22.5 will also contain the fix once it is available (expected end of May).
(Edited)
Photo of Kevin Beyers

Kevin Beyers

  • 80 Points 75 badge 2x thumb
Hi Oscar,

Ok thanks for the information, I will contact Extreme GTAC.

Kind Regards,
Kevin.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
Hi,

Just to let you know I'm running into this same problem using firmware version:

22.5.1.7

EMC = 8.1.3.65

Error is:

An error has occurred while adding a flow source to the selected engine. See details below for more information.
 
javax.script.ScriptException: *** Script Error *** Die command issued: Script failed : * POC.17 # configure access-list telemetry.pol any ingress . Error: ACL install operation failed - filter hardware full for vlan *, port * * POC.18 # -> if {! $OverallResult} 

Am also running policy on this X440G2 switch, so setting the double width I get the following message:

* POC.1 # configure access-list width double
WARNING: Configuration of double width access-list is not supported when Policy is enabled. Slots will remain in Single width mode.


If I disable policy I can then run the access-list width double command, but when I re-enable policy I then get the following error:

* POC.4 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
ERROR: Hardware resources could not be reserved for Policy (count 0).
Note that Policy cannot be enabled when double width access-list is configured or operational.

Previously upgraded from version 22.4.1.4-patch1-2

Post mentions this being fixed in version 22.5, so not sure what I am doing wrong or how to fix / get this working?

Seen this command that could be used to adjust ACL usage, but not sure exactly the syntax to use that would help:

configure policy resource-profile default profile-modifier [no-mac|no-ipv4|no-ipv6] enable

I've tried removing no-ipv6, but no difference?

Many thanks.
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,700 Points 10k badge 2x thumb
A fresh x440G2 (default config) should use only 1 slice.

X440G2-24p-10G4.1 # show access-list usage acl-slice port 1

Ports 1-28

Stage: INGRESS

Slices:          Used: 1  Available: 7

Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  4) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  5) Rules:   Used:      0  Available:    256

Virtual Slice  * (physical slice  6) Rules:   Used:      0  Available:    256

Virtual Slice  7 (physical slice  7) Rules:   Used:     10  Available:    246 system

Stage: EGRESS

Slices:          Used: 0  Available: 4

Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    128

Stage: LOOKUP

Slices:          Used: 0  Available: 4

Virtual Slice  * (physical slice  0) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  1) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  2) Rules:   Used:      0  Available:    128

Virtual Slice  * (physical slice  3) Rules:   Used:      0  Available:    128

Stage: EXTERNAL



Telemetry + Policy should leave you with 1 slice free.

You could try disabling diffserv examination and dot1p examination and turn off port qos (config port <p> qosprofile none).  If all else fails, you can reduce policy to just L2 rules via:

 

                config policy resource-profile default profile-modifier no-ipv4 enable

 

This will require disable/enable policy but will effectively reserve/consume only 2 slices (instead of 4) for policy.

Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,700 Points 10k badge 2x thumb
btw, you are not using double width ACL, right? You should not.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
Thanks Stephane, shall try this out and post back. I haven't got double width enabled. I did try it, but removed it as I couldn't enable policy.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
So I've tried all the above and removed all the QoS config I can, but still the ACL slices will not budge, so no idea what's using them?

Think the only way I'm going to be able to straighten it out I think is wipe the switch and start again.


Thanks for all your effort anyway.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,700 Points 10k badge 2x thumb
that's certainly a wise decision, playing all around with the ACL config as you did, you may have some leftovers.

Make sure CoS is disabled in Policy Manager, like that:

Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
For what its worth I tried added these commands to minimize use of the ACL slices:

configure access-list vlan-acl-precedence shared
configure access-list rule-compression port-counters shared

But made no difference?