(diagram from Open vSwitch)
The recent integration of sFlow traffic monitoring in the Open vSwitch extends the visibility into virtual servers, ensuring data center visibility and control.
Note: The Open vSwitch demonstrates how to integrate the reference sFlow agent code with a virtual switch or network adapter. Integrating sFlow requires minimal support in the "fast path" requiring only packet sampling and packet counters.
The following lines, added to the Open vSwitch configuration file (ovs-vswitchd.conf), configure sampling packets at 1-in-512, polling counters every 20 seconds and sending sFlow to an analyzer (10.0.0.50) over UDP using the default sFlow port (6343):
sflow.<bridgename>.agent = eth0
sflow.<bridgename>.host = 10.0.0.50:6343
sflow.<bridgename>.sampling = 512
sflow.<bridgename>.polling = 20
sflow.<bridgename>.header = 128
Note: Type "man ovs-vswitchd.conf" for a full list of configuration options. A previous posting discussed the selection of sampling rates.
The following screen capture, from the free sFlowTrend application, demonstrates the visibility provided by sFlow in the Open vSwitch:
All traffic is visible, traffic between virtual machines, and from the virtual machines to the outside world. In addition, sFlow is able to report on all the protocols on the network (note the layer 2, TCP and IPv6 flows in the chart), as well as information on VLANs and layer 2 priorities that is essential for managing switched traffic.
The second screen capture shows a bandwidth trend for a virtual adapter on the vSwitch:
The second screen capture shows a bandwidth trend for a virtual adapter on the vSwitch:
This type of interface trending is a staple of network management, but obtaining the information is challenging in virtual environments. While SNMP is typically used to obtain this information from network equipment, servers are much less likely to be managed using SNMP and so SNMP polling is often not an option. In addition, there may be large numbers of virtual ports associated with each physical switch port. In a virtual environment with 10,000 physical switch ports you might need to monitor as many as 200,000 virtual ports. Even if SNMP agents were installed on all the servers, SNMP polling does not scale well to large numbers of interfaces. The integrated counter polling mechanism built into sFlow provides scalable monitoring of the utilization of every switch port in the network, both physical and virtual, quickly identifying problems wherever they may occur in the network.
Download Open vSwitch and sFlowTrend to evaluate the benefits of visibility in the virtualization layer.
Finally, the Open vSwitch also supports the OpenFlow to allow centralized control of switch forwarding. The combination of sFlow and OpenFlow in the vSwitches delivers visibility and control of the network edge.
Feb. 15, 2011 Update: The configuration steps shown in this article are no longer correct, more recent versions of the Open vSwitch use the ovs-vsctl command instead. The easiest way to manage the sFlow configuration of an Open vSwitch is to install the open source Host sFlow agent which will automatically manage sFlow settings in the Open vSwitch. For recent information on the Open vSwitch, click on the vSwitch label below.
Finally, the Open vSwitch also supports the OpenFlow to allow centralized control of switch forwarding. The combination of sFlow and OpenFlow in the vSwitches delivers visibility and control of the network edge.
Feb. 15, 2011 Update: The configuration steps shown in this article are no longer correct, more recent versions of the Open vSwitch use the ovs-vsctl command instead. The easiest way to manage the sFlow configuration of an Open vSwitch is to install the open source Host sFlow agent which will automatically manage sFlow settings in the Open vSwitch. For recent information on the Open vSwitch, click on the vSwitch label below.
Hi,i use this configuration:
ReplyDeletei have ovs(192.168.100.2) installed in my openstack controller (192.168.100.246).
i have sflow trend installed in monitoring host (192.168.100.110)
2 vms are running with vnet interface.
sflow..agent = eth0
sflow..host = 192.168.100.110:6343
in sflow trend i configure switch with 192.168.100.2 address
but, this configuration doesn't work, sflow trend doesn't detect any thing.
there is something wrong with all this?
You also need to enable sFlow on each bridge in OVS and set sampling and polling rates.
ReplyDeleteSee:
http://openvswitch.org/?page_id=215
The easiest way to configure sFlow is to install the Host sFlow agent:
http://host-sflow.sourceforge.net
The Host sFlow agent will automatically configure sFlow on the Open vSwitch. It will also export CPU/memory/disk counters from all the virtual machines that will be displayed in sFlowTrend along with the network data from the vSwitch.
I use only one ovs switch, how can i enabling sflow in ovs.
ReplyDeletein my configuration, i set sampling and polling rate.
i think my problem is that when i execute "tcpdump -ni eth1 udp port 6343", no traffic is being sent.
I apply this configuration
COLLECTOR_IP=192.168.100.110
COLLECTOR_PORT=6343
AGENT_IP=eth0
HEADER_BYTES=128
SAMPLING_N=64
POLLING_SECS=10
then
ovs-vsctl -- --id=@sflow create sflow agent=eth0 target=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" header=${HEADER_BYTES} sampling=64 polling=10 -- set bridge br0 sflow=@sflow
there is a problem with the configuration of OVS?
If you ping 192.168.100.110 from the OVS box, does it succeed? Are you sure that the 192.168.100.110 is on eth1? The packets could be going out eth0.
ReplyDeleteWhat output do you get when you list the sFlow configuration?
ovs-vsctl list sflow
ovs-vsctl list bridge br0
Are you sure that br0 is correct? On xenserver/xcp it would be xenbr0.
sFlow needs to be enabled on every bridge listed by "ovs-vsctl list bridge" to ensure all traffic is monitored. The Host sFlow agent automatically maintains the Open vSwitch sFlow settings for you, updating the configuration as bridges are added and removed.
ping 192.168.100.110 from host where ovs is installed (192.168.100.246 = eth0 ip address), succeed.
ReplyDeleteovs-vsctl list sflow shows me the configuration of sflow and br0 exists and is listed!
This comment has been removed by the author.
ReplyDeleteAre there any firewalls between the OVS box and sFlowTrend that would block UDP port 6343 traffic from OVS? The iptables on either box could be blocking the traffic.
ReplyDeleteThe sFlow agent address has been set to eth0, so sFlowTrend should see sFlow arriving from an sFlow agent with IP address = 192.168.100.110 (eth0)
ReplyDeletei disable firewall and open udp port 6343 in sFlow Trend host.
ReplyDeleteovs-vsctl list sflow
ReplyDelete_uuid : eb7becee-7436-41e6-8467-abee3dd28a32
agent : "eth0"
external_ids : {}
header : 128
polling : 10
sampling : 64
targets : ["192.168.100.110:6343"]
ovs-vsctl list-br
br0
tcpdump -ni eth0 udp port 6343 dosen't show any traffic
What does the command "ovs-vsctl list bridge" show?
ReplyDeleteWhat is the output of ifconfig?
If there are no ports defined on for br0 then you won't expect to see any sFow data.
ovs-vsctl list bridge shows only br0.
ReplyDeletevnet (virtual interface of vm) are attached to br0.
ifconfig show br0 with ip address (192.168.100.2)
i use br0 as an openstack bridge, and i don't know if i have to apply more rules in iptables or some thing else to permit udp:6343 traffic?
Tries to use the loopback as collector, I had problems to configure the collector in a vlan. I solved it using loopback and iptables rule.
DeleteFor example:
COLLECTOR_IP=127.0.0.1
COLLECTOR_PORT=9990
AGENT_IP=lo
----
Test:
tcpdump -ni lo udp port 6343
Is there any analyzer like nfdump -r ( for netflow) for Sflow to view the data at command line
ReplyDeleteYes - try sflowtool
Delete