SFlow lets administrators reliably and statistically measure their networks’ performance and traffic impact of all connected applications, users, servers, switches, routers and storage switches. IT managers need visibility into the traffic flowing through their networks. Without this insight, they rely heavily on guesswork for performance problem resolution and capacity planning. Legacy measurement tools are also usually prohibitively expensive, lack scalability to today’s gigabit speeds, drain network hardware productivity, and increase software and hardware ownership costs. A new IETF draft standard, RFC 3176, addresses all these limitations to traditional traffic monitoring and forensic network analysis through network packet sampling. The informational RFC also is marketed under the name “sFlow” by the industry trade organization sflow.org. RFC 3176 lets administrators reliably and statistically measure their networks’ performance and traffic impact of all connected applications, users, servers, switches, routers and storage switches. SFlow monitors and proactively helps administrators adjust network traffic patterns in complex enterprise, metropolitan service provider and high-performance computing environments with thousands of nodes and significant bandwidth requirements. Instead of deploying cost-prohibitive probes throughout the network, the sFlow agent is embedded in the network switch or router ASIC and samples the network traffic. The sFlow management information base controls the sFlow agent, which captures, formats and forwards the packet samples to a central RFC 3176 data collector creating a datagram. By statistically sampling network traffic, network administrators gain a system-wide view of the traffic, network security and application traffic sources throughout the network. With typical data gathering, RFC 3176 doesn’t add significant network load, which is in contrast to software-based proprietary vendor approaches to traffic monitoring. The only sFlow packet sampling work done in software on the device is a few simple lookups, marshalling data into a datagram and queuing the datagram for transmission. Datagram delivery When a packet is sampled, its header is extracted and placed into an sFlow datagram or detailed map of the packet’s network journey, which includes header, I/O source, destination and interface statistics. This datagram then is sent immediately to the sFlow Collection Server, a central data collector and analyzer. One collection server can gather datagrams from more than 20,000 switch ports, decoding the packet headers and other information to present detailed Layer 2 to Layer 7 usage statistics. Because the datagram immediately is sent to the collection server, memory requirements are extremely small and bounded, meaning that complex memory management software is unnecessary. This lets the sampling standard be implemented in simple Layer 2 switches to high-end core routers without requiring additional memory or CPU. A new view of the net SFlow fundamentally changes network traffic management. Configuration and control decisions are driven from statistical, quantitative and detailed information on which applications and users are using the network and for what purpose. RFC 3176 also can help eliminate rogue traffic from entering the growing number of wireless access points or combine with FreeBSD intrusion-detection systems such as Snort to offer yet another level of traffic monitoring for keeping a network secure from edge to edge and not just in select areas. In addition to root cause analysis, RFC 3176 is also useful for application capacity planning, viewing network-wide traffic patterns and even network security to determine past and present rogue traffic patterns. Such data gathering also provides excellent detail, including MAC layer statistics, for billing applications. For more information about data gathering algorithms, go to www.sflow.org, where you’ll find white papers and demonstrations of RFC 3176 illustrating traffic-monitoring and application-accounting implementations. RFC 3176 is available in several leading vendors’ switches and routers, and there is a growing number of software applications that take advantage of sFlow’s traffic monitoring and network security enhancing capabilities. Panchen is director of marketing at InMon, and Stein is director of corporate marketing at Foundry Networks. They can be reached at sonia_panchen@inmon.com and adam@foundrynet.com. Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe