Figure 1 shows the packet processing pipeline of a Broadcom ASIC. The pipeline consists of a number of linked hardware tables providing bridging, routing, access control list (ACL), and ECMP forwarding group functions. Operations teams need to be able to proactively monitor table utilizations in order to avoid performance problems associated with table exhaustion.
Broadcom's sFlow specification, sFlow Broadcom Switch ASIC Table Utilization Structures, leverages the industry standard sFlow protocol to offer scaleable, multi-vendor, network wide visibility into the utilization of these hardware tables.
The following output from the open source sflowtool command line utility shows the raw table measurements (this is in addition to the extensive set of measurements already exported via sFlow by ExtremeXOS):
bcm_asic_host_entries 4 bcm_host_entries_max 8192 bcm_ipv4_entries 0 bcm_ipv4_entries_max 0 bcm_ipv6_entries 0 bcm_ipv6_entries_max 0 bcm_ipv4_ipv6_entries 9 bcm_ipv4_ipv6_entries_max 16284 bcm_long_ipv6_entries 3 bcm_long_ipv6_entries_max 256 bcm_total_routes 10 bcm_total_routes_max 32768 bcm_ecmp_nexthops 0 bcm_ecmp_nexthops_max 2016 bcm_mac_entries 3 bcm_mac_entries_max 32768 bcm_ipv4_neighbors 4 bcm_ipv6_neighbors 0 bcm_ipv4_routes 0 bcm_ipv6_routes 0 bcm_acl_ingress_entries 842 bcm_acl_ingress_entries_max 4096 bcm_acl_ingress_counters 68 bcm_acl_ingress_counters_max 4096 bcm_acl_ingress_meters 18 bcm_acl_ingress_meters_max 8192 bcm_acl_ingress_slices 3 bcm_acl_ingress_slices_max 8 bcm_acl_egress_entries 36 bcm_acl_egress_entries_max 512 bcm_acl_egress_counters 36 bcm_acl_egress_counters_max 1024 bcm_acl_egress_meters 18 bcm_acl_egress_meters_max 512 bcm_acl_egress_slices 2 bcm_acl_egress_slices_max 2The sflowtool output is useful for troubleshooting and is easy to parse with scripts.
A convenient way to run sflowtool is to use Docker:
docker run -p 6343:6343/udp sflow/sflowtool
Ethernet Fabric Visibility
Ethernet Fabrics: Extreme Networks ExtremeFabric |
Fabric View solves the visibility challenge by using the industry standard sFlow instrumentation built into data center switches. Fabric View represents the fabric as if it were a single large chassis switch, treating each leaf switch as a line card and the spine switches as the backplane. The result is an intuitive tool that is easily understood by anyone familiar with traditional networks.
A demonstration can be run using Docker:
docker run --entrypoint /sflow-rt/run_demo.sh -p 8008:8008 sflow/fabric-viewAccess the web interface on port 8008.
The first chart shows the largest TCP/UDP flows traversing the fabric (calculated from a continues stream of packet samples received from all the switches in the fabric). The chart updates every second, providing a real-time view of traffic crossing the fabric.
The last two charts are based on the hardware/table utilization statistics that are now implemented in ExtremeXOS, trending the maximum utilization of each table across all the switches in the fabric.
sFlow-RT
FabricView is one of a number of applications developed for sFlow-RT. Examples include: DDoS mitigation, Internet routing using top of rack switches, and other articles on this blog.The sFlow-RT analytics engine receives a continuous telemetry stream from sFlow Agents embedded in network devices, hosts and applications and converts them into actionable metrics, accessible through APIs. Applications can be external, written in any language that supports HTTP/REST calls, or internal, using sFlow-RT's embedded JavaScript/ECMAScript.