Though NetFlow is in the name, NetFlow Analyzer works with quite a number of other flow formats including sFlow, jFlow, NetStream, and IPFIX. This blog will give you a brief overview of sFlow technology and guide you on how to use NetFlow Analyzer with sFlow from HP ProCurve devices.
What is sFlow?
sFlow is a monitoring technology that allows you to capture the traffic data from a switched or routed network so you can gain complete visibility into the use of network bandwidth. This data helps with performance optimization, accounting and billing for usage, defense against security threats, capacity planning, and much more.
sFlow datagrams are exported based on sampling, which makes the impact on the device CPU/Memory and available bandwidth is minimal. Based on a defined sampling rate, one out of N packets (where N is the sampling rate) is captured and sent to the NetFlow analyzer for traffic analysis. Though this type of sampling is usually accurate, it’s not always 100% correct.
sFlow analysis with NetFlow Analyzer
NetFlow Analyzer supports any device capable of exporting NetFlow, sFlow, or other compatible flows, which are completely vendor-dependent. You can check out the list of flow formats and devices that NetFlow Analyzer supports here.
HP ProCurve and sFlow
Just like Cisco has NetFlow and other vendors have their flow formats, some vendors use sFlow. HP ProCurve devices are capable of exporting sFlow datagrams, which can be used for bandwidth monitoring and traffic analysis. NetFlow Analyzer is capable of analyzing these sFlow datagrams to give you the traffic statistics on each active port.
Exporting sFlow on HP ProCurve devices can be configured using two different methods. On older HP device models or older OSs, you can enable sFlow exporting by logging in to the router and configuring it directly.
On new HP devices, sFlow can only be enabled through SNMP. To make sFlow configuration on HP devices simple, NetFlow Analyzer provides scripts to enable or disable sFlow exporting, which we’ll cover below.
sFlow enable utility
The script to enable sFlow exporting, called sFlowEnable.bat for Windows and sFlowEnable.sh for Linux, can be found in the <\AdventNet\ME\NetFlow\troubleshooting> directory.
Use the script as follows:
SFlowEnable.bat switchIp snmpPort snmpWriteCommunity collectorIP collectorPort samplingRate
Example:
C:\AdventNet\ME\NetFlow\troubleshooting>sFlowEnable.bat 192.168.188.30 161 public 192.168.133.1 9996 4096
Once sFlow exporting is enabled on your HP devices, the NetFlow Analyzer server will receive the packets and automatically generate reports. You also need to ensure that no ACLs or firewalls block the NetFlow packets (on UDP 9996), and that even the software firewalls on the server are allowing the packets to reach the NetFlow Analyzer installation.
After enabling sFlow exporting on your HP devices, you’ll want to make sure you’re getting accurate traffic statistics about them in NetFlow Analyzer.
For this, we suggest setting the sampling rate to 4096 based on observations from various setups and from our existing customers’ feedback. Most other sFlow collectors on the market suggest a sampling rate of 256, which means more exported sFlow datagrams. With a sampling rate of 4096, the device will not be overloaded from sampling a large number of datagrams and exporting them to NetFlow Analyzer.
Next, you need to verify the sFlow receiver timeout. This determines how long sFlow exporting remains active on the exporting device. When the value has expired, sFlow exporting becomes disabled on the device, forcing you to re-enable it. Due to this, we recommend setting the sFlow receiver timeout to the maximum possible value of 2,147,483,647 seconds—that’s 68 years! The command that needs to be used on HP devices to set the sFlow receiver timeout is:
setmib sFlowRcvrOwner.1 -D NetFlow Analyzer IP sFlowRcvrTimeout.1 -i 2147483647
sFlow disable utility
In case you want to export sFlow to a different server or stop the flows for whatever reason, NetFlow Analyzer provides a script to disable sFlow exporting on HP devices.
The script to disable sFlow exporting, called sFlowDisable.bat for Windows or sFlowDisable.sh for Linux, can be found in the <\AdventNet\ME\NetFlow\troubleshooting> directory. Use the script as follows:
SFlowDisable.bat switchIp snmpPort snmpWriteCommunity
Example:
C:\AdventNet\ME\NetFlow\troubleshooting>sFlowDisable.bat 192.168.188.30 161 private
Go ahead and try our 30-day trial to see for yourself how well NetFlow Analyzer works with sFlow and HP devices.
Hello, Can we enable netflow/IP accounting on HP 5900 switch ?
Pingback: Get smart – use NetFlow Analyzer for sFlow from HP ProCurve … | Management Business Wisdom