About sFlow

Since businesses rely on network services for mission critical applications, small changes in network usage can impact network performance and reliability. As a result, these changes can also impact a business’ ability to conduct key business functions and increase the cost of maintaining network services. 


Figure 11-7 - Overview of sFlow


sFlow provides the visibility into network usage and active routes on the network by providing the data required to effectively control and manage network usage. This ensures that network services provide a competitive edge to the business.

A few examples of sFlow applications include the following:

  • Detecting, diagnosing, and fixing network problems
  • Real-time congestion management
  • Understanding application mixes such as P2P, Web, DNS
  • Usage accounting for billing
  • Audit trail analysis to identify unauthorized network activity and trace sources of Denial of Service (DoS) attacks
  • Route profiling and optimizing peers
  • Trending and capacity planning

sFlow is an open source sampling tool providing constant traffic flow information on all enabled interfaces simultaneously. sFlow data is sent to a collector that formats the data into charts and graphs while recording and identifying trends on the network. You can use this information for troubleshooting a network, perform diagnostics, and analysis of data.

The sFlow agent on the switch samples packets from data flows and forwards headers of the sample packet to a collector at regular intervals. You can specify the number of packets to sample from the total packets which is called the sample rate. The packets are stored and sent to the collector at an interval that you can configure on the switch. This is called the polling interval. You can sample different types of packets such as frames sent to the CPU or interfaces of the switch, routed packets, flooded packets, and multicast packets. However, the following packet types are not sampled by sFlow:

  • LACP frames
  • LLDP frames
  • IGMP packets
  • Ethernet PAUSE frames
  • Frames with CRC errors
  • PIM_HELLO packets
  • Packets dropped by ACLs
  • Packets dropped as a result of VLAN violations
  • Routed packets with IP options or MTU violations