sales@fastnetmon.com

Support

Free Trial
FastNetMon - Comprehensive Solution For DDoS Security

FastNetMon Advanced configuration with Huawei sFlow v5

Home FastNetMon Advanced Technical Documentation FastNetMon Advanced configuration with Huawei sFlow v5
Contents

In thus guide you will learn how to configure sFlow v5 on Huawei switches or routers with FastNetMon Advanced

First of all you need to enable sFlow v5 globally:

sflow enable

Then you need to configure IP for sFlow v5 agent, it will use this IP to send data to FastNetMon:

sflow agent ip 10.1.10.1

After that you need to create sFlow v5 collector configuration:

sflow collector 1 ip <FastNetMon Server IP> port 6343

And then finally enable sFlow v5 configuration for particular interface (usually, upstream facing interfaces for incoming DDoS detection):

interface 40GE0/0/2
sflow counter-sampling collector 1
 sflow flow-sampling collector 1
 sflow flow-sampling rate 1000
 sflow flow-sampling max-header 256

On some platforms (like CE6851-48S6Q-HI) instead of "flow-sampling" you need to use just "sampling".

For some platforms (like CE6851-48S6Q-HI) you will need to enable sampling for interface explicitly:

 sflow sampling inbound
 sflow sampling outbound

We add export of first 256 bytes to address issue with too short packet export by default.

To ensure that configuration is correct you can use following command:

dis sflow

Example output:

sFlow Version 5 Information:
--------------------------------------------------------------------------
Collector Information:

   Collector ID: 1
     IP Address: 10.0.0.1
 Address family: IPV4
   Vpn-instance: NA
           Port: 6343
  Datagram size: 1400
       Time out: NA
    Description: NA
--------------------------------------------------------------------------
Port on slot 0 Information:

Interface: 40GE0/0/2
 Flow-sample collector: 1            Counter-sample collector  : 1
 Flow-sample rate(1/x): 256          Counter-sample interval(s): 10
 Flow-sample maxheader: 256
 Flow-sample direction: IN,OUT

You can check global sFlow configuration this way:

dis sflow slot 0

Example output:

sFlow Version 5 Information:
--------------------------------------------------------------------------
Collector Information:

   Collector ID: 1
     IP Address: 10.0.0.1
 Address family: IPV4
   Vpn-instance: NA
           Port: 6343
  Datagram size: 1400
       Time out: NA
    Description: NA

There is one more command to ensure that sFlow v5 data is coming out:

dis sflow statistics

Example output:

sFlow Version 5 statistic Information:
--------------------------------------------------------------------------
Collector 1 Current sample sequence: 2506298
--------------------------------------------------------------------------
Port on slot 0 statistic Information:

Interface: 40GE0/0/2
Flow-sample sequence    : 8229787   Counter-sample sequence : 14577
Flow-sample inbound pool: 1494319872 Flow-sample outbound pool: 612505856