Header Only - DO NOT REMOVE - Extreme Networks

ExtremeXOS sFlow Version

  • 7 January 2014
  • 5 replies

Userlevel 4
Create Date: Aug 7 2012 6:10AM

Am I right in saying sFlow version 5 does not support egress traffic?

We're using solarwinds to monitor our extreme networks infrastructure but the software does not monitor egress traffic.

I'm also a little confused by netflow and sflow and the difference.

Any info on this subject is most helpful

Ian (from Ian_Broadway)

5 replies

Userlevel 4
Create Date: Aug 8 2012 12:14PM

Hi Ian,

Not sure if the switches are not producing egress packets for Sflow.. that would sound weird to me tbh.. but I never checked it. as I'm using the sflow purely for the DDoS logging of traffic.

The biggest difference between netflow and Sflow is that Sflow samples traffic ( 1 in 8000 packets for example) where netflow is showing all the flows.

(from Erik_Bais)
Hi Ian,

Regarding your question: does sFlow version 5 support egress traffic?

Answer, yes you should be able to report on egress traffic.

NetFlow, IPFIX and possibly sFlow exporting switches generally collect flows/packets as they ingress an interface. To determine 'outbound' utilization on an interface, the ingress metered flow needs to be exported with the proper destination or egress interface. Outbound utilization is reported using ingress metered flows. Confused?

The bottom line: verify with a wireshark or a flow collector that the ingress/egress interfaces in the flow are different or just call plixer and we'll help you figure this out. If you decide to export IPFIX instead, here's the IPFIX configuration. Hopefully this helps you.

I've got sometime this morning so I'll digress a bit on the NetFlow vs. sFlow point that Erik made. Many feel as he does that the two are similar. I agree, they both contain the letters f-l-o-w. 🙂 See sFlow Vs. NetFlow:
NetFlow was developed by Cisco back in 1996. IMO they really didn't invent it because I was working with a technology called securefast back in 1990 when I worked at Cabltron (ahhhh, those were great days) and it was VERY similar to NetFlow. Anyway, despite claims of being standards, NetFlow and sFlow are both proprietary. IPFIX is the only recognized IETF standard for flow technologies. IPFIX which is basically NetFlow v10 builds flows based on a tuple found within matching packets but, sFlow only samples packets and exports counters similar to SNMP. SFlow is not a flow technology at all.

IPFIX can also be used for sampling packets. Read up on PSAMP if anyone is interested and IPFIX can also be used to export SNMP counters. IPFIX is far more powerful and flexible than sFlow.

Not to weigh in on which is better, but I believe Sflow was 1st released by LANnet, an Israeli Switch company big over their and in Europe. LANnet was bought by Lucent Technologies to replace the Bay Networks Line when Bay was bought by their competitor Nortel.(became part of the 'Cajun" product line)...all of which are now part of Avaya. Extreme was a big partner to Avaya while Avaya vacillated between using partners and any focus on their 'own' data products (they were a voice company). Extreme incorporated features to be complementary to Avaya as the preferred partner when Avaya could not sell their own...
Sflow is only supported in either direction when using the latest release of XOS.
Userlevel 1
I have the same issue with solarwinds Netflow not showing egress traffic. The traffic seems to be there but unsure which is the source and destination. Egress always shows 0% but I see the IP from the other side. Is this a SFLOW to NETFLOW issue? If SFLOW is only supported on one side, how would you change it?

Thank you,