14.04.2019

FastNetMon Advanced sFlow configuration

You may find sFlow protocol in wide range of switches. Some models of routers also offer it as option. One of the key benefits of sFlow is an ability to detect DDoS in few seconds.

You can enable sFlow support in FastNetMon with few easy steps.

Enable sFlow plugin:

sudo fcli set main sflow enable

Specify port / ports for sFlow capture (6343 is default port):

sudo fcli set main sflow_ports 6343

Specify interface for listening (0.0.0.0 is default):

sudo fcli set main sflow_host 0.0.0.0

Apply changes and restart FastNetMon:

sudo fcli commit

After that you have to configure sFlow on sFlow agent’s side (switch, router, server) to configured port and host.

We have our own guides for configuring sFlow:

According to amount of traffic in network we suggest following sampling rates:

BandwidthSampling rate
100 Mbit500
1 Gbit1000
10 Gbit2000

After finishing configuration from agent’s side, you may check that FastNetMon receives data using our counters:

sudo fcli show system_counters|grep sflow

It’s very important to keep reasonable sampling rate for accurate bandwidth calculation. In some cases during traffic spikes switches can increase sampling rate over value specified in configuration. FastNetMon has an option to expose sampling rate for each router. You can enable it this way:

sudo fcli set main sflow_track_sampling_rate enable
sudo fcli commit

After enabling this option, you can check sampling rate for each device and line card this way:

sudo fcli show sflow_sampling_rates