Fabric Visibility on Arista EOS Central describes how to use industry standard sFlow instrumentation in Arista switches to deliver real-time flow analytics. This article describes the steps needed to integrate flow analytics into CloudVision.
Log into the CloudVision node and run the following cvp_install_fabricview.sh script as root:
#!/bin/sh
# Install Fabric View on CloudVision Portal (CVP)
VER=`wget -qO - http://inmon.com/products/sFlow-RT/latest.txt`
wget http://www.inmon.com/products/sFlow-RT/sflow-rt-$VER.noarch.rpm
rpm --nodeps -ivh sflow-rt-$VER.noarch.rpm
/usr/local/sflow-rt/get-app.sh sflow-rt fabric-view
ln -s /cvpi/jdk/bin/java /usr/bin/java
sed -i '/^# http.hostname=/s/^# //' /usr/local/sflow-rt/conf.d/sflow-rt.conf
echo "http.html.redirect=./app/fabric-view/html/" >> /usr/local/sflow-rt/conf.d/sflow-rt.conf
cat <<EOT > /etc/nginx/conf.d/locations/sflow-rt.https.conf
location /sflow-rt/ {
auth_request /aeris/auth;
proxy_buffering off;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Prefix /sflow-rt/;
proxy_set_header Host \$host;
proxy_pass http://localhost:8008/;
proxy_redirect ~^http://[^/]+(/.+)\$ /sflow-rt\$1;
}
EOT
systemctl restart nginx.service
firewall-cmd --zone public --add-port=6343/udp --permanent
firewall-cmd --reload
systemctl enable sflow-rt.service
systemctl start sflow-rt.service
wget http://www.inmon.com/products/sFlow-RT/cvp-eapi-topology.py
chmod +x cvp-eapi-topology.py
echo "configure and run cvp-eapi-topology.py"
Edit the cvp-api-topology.py script to specify CVP_USER and CVP_PASSWORD (and EAPI_USER and EAPI_PASSWORD if they differ). Now run the script to discover the physical topology and post it to Fabric View:./cvp-eapi-topology.pyNote: The script needs to be run any time the physical topology changes, or you can run the script periodically using cron.
Flow analytics requires sFlow to be enabled on all the switches, sending the data to the CloudVision node. This can be accomplished using a CloudVision configlet to push the configuration to switches. For example the following configuration enables sFlow on all switch ports and sends the data to CloudVision node 10.0.0.98:
sflow sample 20000 sflow polling-interval 30 sflow destination 10.0.0.98 sflow source-interface Management1 sflow runOptionally, follow the steps in Arista EOS telemetry to enhance the sFlow telemetry stream from the switches with detailed CPU, memory, disk, and host network statistics.
Finally, access the Fabric View web interface at https://cloudvision/sflow-rt/ using your CloudVision login credentials.
A number of applications are available for sFlow-RT. Writing Applications describes how to use sFlow-RT's APIs to extend or modify existing applications or develop new applications. In addition, there are also many sFlow-RT related articles on this blog. For example, Arista eAPI describes how to automatically push controls based on flow measurements, describing automated DDoS mitigation as a use case. Other use cases include: traffic engineering, traffic accounting, anomaly detection, intrusion detection, FIB optimization, targeted packet capture etc.
No comments:
Post a Comment