MarketSFlow
Company Profile

SFlow

sFlow, short for "sampled flow", is a standard for packet export at Layer 2 of the OSI model. sFlow was originally developed by InMon Corp. It provides a means for exporting truncated packets, together with interface counters for the purpose of network monitoring. Maintenance of the protocol is performed by the sFlow.org consortium, the authoritative source of the sFlow protocol specifications. The current version of sFlow is v5.

Operation
sFlow uses mandatory sampling to achieve scalability and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher). sFlow is supported by multiple network device manufacturers and network management software vendors. An sFlow system consists of multiple devices performing two types of sampling: random sampling of packets or application layer operations, and time-based sampling of counters. Flow samples Based on a defined sampling rate, an average of 1 out of n packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy. Counter samples A polling interval defines how often the network device sends interface counters. sFlow counter sampling is more efficient than SNMP polling when monitoring a large number of interfaces. sFlow datagrams The sampled data is sent as a UDP packet to the specified host and port. The official port number for sFlow is port 6343. The lack of reliability in the UDP transport mechanism does not significantly affect the accuracy of the measurements obtained from an sFlow agent. If counter samples are lost then new values will be sent when the next polling interval has passed. The loss of packet flow samples results in a slight reduction of the effective sampling rate. The UDP payload contains the sFlow datagram. Each datagram provides information about the sFlow version, the originating device’s IP address, a sequence number, the number of samples it contains and one or more flow and/or counter samples. == sFlow versions ==
Related technologies
A well known alternative is NetFlow (see below). Moreover, depending on the IT resources available it could be possible to perform full packet captures using dedicated network taps (which are then subsequently analysed). NetFlow, IPFIX NetFlow and IPFIX are flow export protocols that aim at aggregating packets into flows. After that, flow records are sent to a collection point for storage and analysis. and packet data chunks. • While flow export can be performed with 1:1 sampling (i.e., considering every packet), this is typically not possible with sFlow, as it was not designed to do so. Sampling forms an integral part of sFlow, aiming to provide scalability for network-wide monitoring. ==See also==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com