[ixpmanager] Sflow peer to peer Cisco
Mario Klobucar
Mario.Klobucar at srce.hr
Fri Apr 5 15:56:20 IST 2024
Hi Nick,
Thanks for answer.
I was talking to local support and things are (maybe) getting more
difficult.
Look like new FX2 9k3 are on Cisco ASIC so this Broadcom hack cannot help.
If I get something useful from local support I can share on the list.
Best
Mario
-----Original Message-----
From: Nick Hilliard (INEX) <nick at inex.ie>
Sent: 5. travnja 2024. 13:45
To: INEX IXP Manager Users Mailing List <ixpmanager at inex.ie>
Cc: Mario Klobucar <Mario.Klobucar at srce.hr>
Subject: Re: [ixpmanager] Sflow peer to peer Cisco
Hi Mario,
The normal operating mode for sflow on production networks would be to
enable it for ingress traffic only so that each frame is sampled only once.
Unfortunately, Cisco only supports simultaneous ingress+egress sflow on
NXOS, and there's no way to configure this to be ingress-only in the regular
CLI.
> https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw
> /104x/config-guides/cisco-nexus-9000-series-nx-os-system-management-co
> nfiguration-guide-release-104x/m-configuring-sflow-10x.html#id_71910
> "When you enable sFlow for an interface, it is enabled for both ingress
and egress. You cannot enable sFlow for only ingress or only egress."
The difficulty with this is that the sflow protocol doesn't contain a field
for the flow direction. There are approaches for guessing the direction
using certain heuristics, but this would be just a guess and there are
corner cases where there doesn't work reliably.
There are other problems too, e.g. there's only a single sampling rate per
platform, not per interface.
If the N9300 is a broadcom platform, which I think it is, you might be able
to use the broadcom shell hack detailed on the ixp manager docs page:
https://docs.ixpmanager.org/features/sflow/#cisco-switches
For this, you would need to work out the mapping between the internal
platform interface names and the cisco CLI interface names, and you'd also
need to create some script to manually reset all peering edge ports on a
switch every time the device was rebooted. This is inherently a fragile
process, and if it's not done correctly, then you'll end up with duplicated
traffic in the RRD graphing store.
It would be straightforward for Cisco to fix this problem by creating a CLI
command to specify the sflow sampling direction, either on a global or a
per-interface basis.
Nick
Mario Klobucar via ixpmanager wrote on 05/04/2024 08:01:
> Hi
>
> In our new tender for CIX equipment one of possible vendor/solution is
> Cisco 9k3.
>
> But I see some limitations https://docs.ixpmanager.org/features/sflow/
> for Cisco.
>
> Is there some "new" experience, knowledge, workaround for this limitations
?
>
> Best
>
> Mario
>
>
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here:
> https://www.inex.ie/mailman/listinfo/ixpmanager
>
More information about the ixpmanager
mailing list