30:. sFlow was originally developed by InMon Corp. It provides a means for exporting truncated packets, together with interface counters for the purpose of network monitoring. Maintenance of the protocol is performed by the sFlow.org consortium, the authoritative source of the sFlow protocol specifications. The current version of sFlow is v5.
118:
for sFlow is port 6343. The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow
89:
Based on a defined sampling rate, an average of 1 out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.
251:, considering every packet), this is typically not possible with sFlow, as it was not designed to do so. Sampling forms an integral part of sFlow, aiming to provide scalability for network-wide monitoring.
203:(see below). Moreover, depending on the IT resources available it could be possible to perform full packet captures using dedicated network taps (which are then subsequently analysed).
233:
sFlow allows for exporting packet data chunks and interface counters, which are non-typical features of flow export protocols. Note however that (recent)
736:
554:
800:
227:
223:
99:
115:
98:
A polling interval defines how often the network device sends interface counters. sFlow counter sampling is more efficient than
712:
584:
58:
367:
241:
65:
operations, and time-based sampling of counters. The sampled packet/operation and counter information, referred to as
226:. After that, flow records are sent to a collection point for storage and analysis. sFlow, however, has no notion of
645:
Hofstede, Rick; Celeda, Pavel; Trammell, Brian; Drago, Idilio; Sadre, Ramin; Sperotto, Anna; Pras, Aiko (2014).
360:
111:
756:
39:
598:
333:"Traffic Estimation for the Largest Sources on a Network, Using Packet Sampling with Limited Storage"
523:
130:, a sequence number, the number of samples it contains and one or more flow and/or counter samples.
708:
57:
An sFlow system consists of multiple devices performing two types of sampling: random sampling of
669:
266:
51:
47:
646:
62:
661:
588:
580:
InMon
Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks
271:
188:
Several protocol enhancements. This is the current version, which is globally supported.
647:"Flow Monitoring Explained: From Packet Capture to Data Analysis with NetFlow and IPFIX"
126:. Each datagram provides information about the sFlow version, the originating device’s
77:
to a central server running software that analyzes and reports on network traffic; the
23:
501:
794:
732:
577:
Phaal, Peter; Panchen, Sonia; McKee, Neil (September 2001). "sFlow
Datagram Format".
332:
50:
speeds and higher). sFlow is supported by multiple network device manufacturers and
673:
601:
578:
550:
43:
665:
408:
687:
127:
387:
27:
433:
785:
476:
296:
621:
339:
261:
215:
200:
455:
119:
samples results in a slight reduction of the effective sampling rate.
593:
234:
219:
530:
276:
238:
222:
are flow export protocols that aim at aggregating packets into
46:
and is, for this reason, applicable to high speed networks (
640:
638:
331:
Jedwab, Jonathan; Phaal, Peter; Pinna, Bob (March 1992).
780:
310:
22:, short for "sampled flow", is an industry standard for
524:"Management of the LHCb network based on SCADA system"
247:
While flow export can be performed with 1:1 sampling (
102:
polling when monitoring a large number of interfaces.
709:"Exporting MIB Variables using the IPFIX Protocol"
427:
425:
757:"Scalability and accuracy of packet sampling"
733:"IP Flow Information Export (IPFIX) Entities"
8:
654:IEEE Communications Surveys & Tutorials
237:developments provide a means for exporting
114:packet to the specified host and port. The
572:
570:
454:Phaal, Peter; Jordan, Robert (July 2010).
592:
432:Phaal, Peter; Lavine, Marc (July 2004).
311:"sFlow.org - Making the Network Visible"
137:
288:
522:Liu, G.; Neufeld, N. (December 2009).
500:Phaal, Peter; Panchen, Sonia (2002).
7:
786:Differences between Sflow vs Netflow
368:Amsterdam Internet Exchange (AMS-IX)
388:"sFlow Products: Network Equipment"
409:"sFlow Products: sFlow Collectors"
14:
359:Jasinska, Elisa (December 2006).
244:variables and packet data chunks.
477:"Traffic Monitoring using sFlow"
361:"sFlow, I can feel your traffic"
180:Adds support BGP communities.
110:The sampled data is sent as a
1:
230:or packet aggregation at all.
122:The UDP payload contains the
199:A well known alternative is
817:
666:10.1109/COMST.2014.2321898
73:respectively, are sent as
801:Computer network analysis
26:export at Layer 2 of the
16:A network packet standard
502:"Packet Sampling Basics"
456:"sFlow Host Structures"
38:sFlow uses mandatory
195:Related technologies
116:official port number
267:Network Management
54:software vendors.
52:network management
48:gigabit per second
622:"sFlow Version 5"
482:. sFlow.org. 2003
434:"sFlow Version 5"
192:
191:
168:Adds support for
63:application layer
808:
768:
767:
765:
764:
753:
747:
746:
744:
743:
729:
723:
722:
720:
719:
705:
699:
698:
696:
695:
688:"Packet capture"
684:
678:
677:
660:(4): 2037–2064.
651:
642:
633:
632:
630:
629:
618:
612:
611:
609:
608:
596:
594:10.17487/RFC3176
574:
565:
564:
562:
561:
547:
541:
540:
538:
537:
528:
519:
513:
512:
510:
509:
497:
491:
490:
488:
487:
481:
473:
467:
466:
464:
463:
451:
445:
444:
442:
441:
429:
420:
419:
417:
416:
405:
399:
398:
396:
395:
384:
378:
377:
375:
374:
365:
356:
350:
349:
347:
346:
337:
328:
322:
321:
319:
318:
307:
301:
300:
293:
152:Initial version
138:
816:
815:
811:
810:
809:
807:
806:
805:
791:
790:
777:
772:
771:
762:
760:
755:
754:
750:
741:
739:
731:
730:
726:
717:
715:
707:
706:
702:
693:
691:
686:
685:
681:
649:
644:
643:
636:
627:
625:
620:
619:
615:
606:
604:
576:
575:
568:
559:
557:
549:
548:
544:
535:
533:
526:
521:
520:
516:
507:
505:
499:
498:
494:
485:
483:
479:
475:
474:
470:
461:
459:
453:
452:
448:
439:
437:
431:
430:
423:
414:
412:
407:
406:
402:
393:
391:
386:
385:
381:
372:
370:
363:
358:
357:
353:
344:
342:
335:
330:
329:
325:
316:
314:
309:
308:
304:
295:
294:
290:
285:
272:Packet analyzer
258:
212:
206:
197:
136:
108:
106:sFlow datagrams
96:
94:Counter samples
87:
79:sFlow collector
75:sFlow datagrams
71:counter samples
36:
17:
12:
11:
5:
814:
812:
804:
803:
793:
792:
789:
788:
783:
776:
775:External links
773:
770:
769:
748:
724:
700:
679:
634:
613:
566:
551:"Port Numbers"
542:
514:
492:
468:
446:
421:
400:
379:
351:
323:
302:
297:"InMon: SFlow"
287:
286:
284:
281:
280:
279:
274:
269:
264:
257:
254:
253:
252:
245:
231:
211:
210:NetFlow, IPFIX
208:
196:
193:
190:
189:
186:
182:
181:
178:
174:
173:
166:
162:
161:
158:
154:
153:
150:
146:
145:
142:
135:
134:sFlow versions
132:
124:sFlow datagram
107:
104:
95:
92:
86:
83:
35:
32:
15:
13:
10:
9:
6:
4:
3:
2:
813:
802:
799:
798:
796:
787:
784:
782:
781:Official site
779:
778:
774:
758:
752:
749:
738:
734:
728:
725:
714:
710:
704:
701:
689:
683:
680:
675:
671:
667:
663:
659:
655:
648:
641:
639:
635:
623:
617:
614:
603:
600:
595:
590:
586:
582:
581:
573:
571:
567:
556:
552:
546:
543:
532:
525:
518:
515:
503:
496:
493:
478:
472:
469:
457:
450:
447:
435:
428:
426:
422:
410:
404:
401:
389:
383:
380:
369:
362:
355:
352:
341:
334:
327:
324:
312:
306:
303:
298:
292:
289:
282:
278:
275:
273:
270:
268:
265:
263:
260:
259:
255:
250:
246:
243:
240:
236:
232:
229:
225:
221:
217:
214:
213:
209:
207:
204:
202:
194:
187:
184:
183:
179:
176:
175:
172:information.
171:
167:
164:
163:
159:
156:
155:
151:
148:
147:
143:
140:
139:
133:
131:
129:
125:
120:
117:
113:
105:
103:
101:
93:
91:
84:
82:
80:
76:
72:
68:
64:
60:
55:
53:
49:
45:
41:
33:
31:
29:
25:
21:
761:. Retrieved
751:
740:. Retrieved
727:
716:. Retrieved
703:
692:. Retrieved
682:
657:
653:
626:. Retrieved
616:
605:. Retrieved
579:
558:. Retrieved
545:
534:. Retrieved
517:
506:. Retrieved
495:
484:. Retrieved
471:
460:. Retrieved
449:
438:. Retrieved
413:. Retrieved
403:
392:. Retrieved
382:
371:. Retrieved
354:
343:. Retrieved
326:
315:. Retrieved
305:
291:
248:
205:
198:
170:extended_url
169:
123:
121:
109:
97:
88:
85:Flow samples
78:
74:
70:
67:flow samples
66:
56:
37:
19:
18:
759:. sFlow.org
690:. sFlow.org
624:. sFlow.org
504:. sFlow.org
458:. sFlow.org
436:. sFlow.org
411:. sFlow.org
390:. sFlow.org
313:. sFlow.org
44:scalability
42:to achieve
763:2014-06-19
742:2014-06-19
718:2014-06-19
694:2019-07-13
628:2014-06-20
607:2014-06-20
560:2010-10-23
536:2010-10-23
508:2010-10-23
486:2010-10-23
462:2010-10-23
440:2014-06-26
415:2016-03-09
394:2016-03-09
373:2016-03-09
345:2016-03-09
317:2016-03-09
283:References
160:(Unknown)
128:IP address
34:Operation
28:OSI model
795:Category
674:14042725
256:See also
144:Comment
141:Version
40:sampling
340:HP Labs
262:NetFlow
216:NetFlow
201:NetFlow
59:packets
672:
24:packet
670:S2CID
650:(PDF)
527:(PDF)
480:(PDF)
364:(PDF)
336:(PDF)
235:IPFIX
228:flows
224:flows
220:IPFIX
20:sFlow
737:IANA
713:IETF
602:3176
585:IETF
555:IANA
531:CERN
277:RMON
249:i.e.
239:SNMP
218:and
100:SNMP
69:and
662:doi
599:RFC
589:doi
242:MIB
185:v5
177:v4
165:v3
157:v2
149:v1
112:UDP
61:or
797::
735:.
711:.
668:.
658:16
656:.
652:.
637:^
597:.
587:.
583:.
569:^
553:.
529:.
424:^
366:.
338:.
81:.
766:.
745:.
721:.
697:.
676:.
664::
631:.
610:.
591::
563:.
539:.
511:.
489:.
465:.
443:.
418:.
397:.
376:.
348:.
320:.
299:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.