tag:blogger.com,1999:blog-1978652979840829013.comments2024-02-13T07:05:41.069-08:00sFlowPeterhttp://www.blogger.com/profile/00856599914190257147noreply@blogger.comBlogger1121125tag:blogger.com,1999:blog-1978652979840829013.post-45002911375614458752024-02-13T04:23:18.422-08:002024-02-13T04:23:18.422-08:00Nice approach! Thank you again! I will try to impl...Nice approach! Thank you again! I will try to implementAlexandre Nanohttps://www.blogger.com/profile/09046589796945516952noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-66652633935197290702024-01-10T07:32:05.838-08:002024-01-10T07:32:05.838-08:00The key to low-resource flow analytics is defining...The key to low-resource flow analytics is defining low cardinality flow metrics that can be efficiently handled by a time series database (small storage requirement, fast queries). With the elastiflow/elasticsearch route, you are storing full detail flows and rolling up at query time, however, it does have the advantage that details are kept for forensic queries. A hybrid approach can be useful, getting sFlow-RT to report anomalies to elasticsearch and metrics to Grafana, e.g. <a href="https://blog.sflow.com/2020/04/monitoring-ddos-mitigation.html" rel="nofollow">Monitoring DDoS mitigation</a> Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-22655053547622753732024-01-10T04:46:48.447-08:002024-01-10T04:46:48.447-08:00Really impressive, and low-resource consumer! I...Really impressive, and low-resource consumer! I'm currently using Grafana + elasticsearch + elastiflow but it's a pain. Alexandre Nanohttps://www.blogger.com/profile/09046589796945516952noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-85256160042609368812023-10-20T10:08:52.522-07:002023-10-20T10:08:52.522-07:00The ddos-protect application only supports filteri...The ddos-protect application only supports filtering / dropping based on destination IP addresses (and TCP/UDP ports, ICMP type, fragmentation). Typically in a DDoS attack there are large numbers of attackers so it is impractical to filter based on sources. However, it is possible with sFlow-RT/BGP Flowspec. You would need to write your own controller, or modify ddos-protect, see <a href="https://blog.sflow.com/2017/07/real-time-ddos-mitigation-using-sflow.html" rel="nofollow">Real-time DDoS mitigation using sFlow and BGP FlowSpec</a>Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-4938757038686314372023-08-20T08:46:39.978-07:002023-08-20T08:46:39.978-07:00I haven't used ONOS in a while, so I can't...I haven't used ONOS in a while, so I can't be of much help. The error relates to the onos.py script - have you followed documentation (<a href="https://wiki.onosproject.org/display/ONOS/Mininet+and+onos.py+workflow" rel="nofollow">Mininet and onos.py workflow</a>)?Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-16911434442414570522023-08-20T03:33:16.143-07:002023-08-20T03:33:16.143-07:00when i am running this command its shows an error
...when i am running this command its shows an error<br /><br />ubuntuu@ubuntuu-virtual-machine:~/sdn-onos/onos$ sudo mn --custom ~/onos/tools/dev/mininet/onos.py,sflow-rt/extras/sflow.py --link tc,bw=10 --controller onos,1 --topo tree,2,2<br />[sudo] password for ubuntuu: <br />--------------------------------------------------------------------------------<br />Caught exception. Cleaning up...<br /><br />Exception: could not find custom file: /home/ubuntuu/onos/tools/dev/mininet/onos.py<br />--------------------------------------------------------------------------------<br /><br /><br />can you please help me syrahhttps://www.blogger.com/profile/16496023746260510428noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-88480234061176284732023-08-20T03:23:52.588-07:002023-08-20T03:23:52.588-07:00Hi Peter its unable to complete this
ubuntuu@ubu...Hi Peter its unable to complete this <br /><br />ubuntuu@ubuntuu-virtual-machine:~$ ./sflow-rt/start.sh -Dscript.file=../ddos.js<br />2023-08-20T14:28:40+05:00 INFO: Starting sFlow-RT 3.0-1686<br />2023-08-20T14:28:42+05:00 INFO: Version check, 3.0-1688 available<br />2023-08-20T14:28:42+05:00 INFO: Listening, sFlow port 6343<br />2023-08-20T14:28:42+05:00 INFO: Listening, HTTP port 8008<br />2023-08-20T14:28:42+05:00 INFO: ../ddos.js started<br />2023-08-20T14:28:42+05:00 INFO: app/mininet-dashboard/scripts/metrics.js started<br /><br />can you please help me to sort out this.<br />syrahhttps://www.blogger.com/profile/16496023746260510428noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-31914547687152004462023-06-17T21:12:59.511-07:002023-06-17T21:12:59.511-07:00The sflow-rt/containerlab project is designed for ...The <a href="https://github.com/sflow-rt/containerlab" rel="nofollow">sflow-rt/containerlab</a> project is designed for performance monitoring experiments, generating realistic sFlow telemetry from typical data center topologies. To do this it uses a linux container type with FRR as the routing engine and host-sflow as the sFlow agent, using kernel forwarding and kernel instrumentation so that the containerlab topology handles reasonable traffic levels and generates accurate telemetry.<br /><br />I am not sure that these labs are a useful basis for other network operating systems since they tend to perform poorly under containerlab since they don't use the native Linux dataplane.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-57100261043806836802023-06-17T14:10:33.430-07:002023-06-17T14:10:33.430-07:00Thanks for the nice blog. Could you please provide...Thanks for the nice blog. Could you please provide more details on how the evpn.yml file's image type : sflow/clab-iperf3 is read by Containerlab or how the yml is basically parsed? I see it points to a docker file but are those already defined for, say, sflow/prometheus ? A bit confused about how to change the image for leaf/spine to, say any other virtual image, for example Cisco NXOS virtual? ThanksRajesh Dawadihttps://www.blogger.com/profile/07282498148475476345noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-8681464076118644112023-04-26T09:27:09.185-07:002023-04-26T09:27:09.185-07:00Jason, I hope you will consider also supporting sF...Jason, I hope you will consider also supporting sFlow. The sFlow packet samples provide detailed visibility into tunneled traffic (VxLAN, GRE, etc) as well as streaming interface counters. OVS has had sFlow support since version 1.0.<br /><br />The Host sFlow agent mentioned in this article is widely deployed on open source NOS platforms and is easily integrated - most recently included in latest version of VyOS, see <a href="https://blog.sflow.com/2023/03/vyos-with-host-sflow-agent.html" rel="nofollow">VyOS with Host sFlow agent</a>Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-80901900500201667912023-04-26T08:11:52.471-07:002023-04-26T08:11:52.471-07:00I'm happy to note that the IPFix Export config...I'm happy to note that the IPFix Export configuration available in PC 2022.9 and AOS 6.6 does not require any additional license!Jason Burnshttps://www.blogger.com/profile/12503228110213573582noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-78211253490157315732023-04-26T08:11:07.382-07:002023-04-26T08:11:07.382-07:00Peter, it's been a little while but I haven...Peter, it's been a little while but I haven't forgotten about this! With the release of AOS 6.6 and Prism Central 2022.9, Nutanix has support for configuring up to 5 IPFix export destinations. You can find the APIs for adding IPFix Export at developers.nutanix.com in the Networking namespace.Jason Burnshttps://www.blogger.com/profile/12503228110213573582noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-23532190456754889342023-03-05T10:18:47.061-08:002023-03-05T10:18:47.061-08:00you run mininet with root privilege you should ins...you run mininet with root privilege you should install mininet to use it with root privilege<br />use this commande to install mininet and use it with root privilege<br />sudo pip install mininetdjouamaa hocinehttps://www.blogger.com/profile/04618875089232684149noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-1337746767274618852023-03-05T10:15:53.156-08:002023-03-05T10:15:53.156-08:00This comment has been removed by the author.djouamaa hocinehttps://www.blogger.com/profile/04618875089232684149noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-12465484054050832752022-12-06T05:13:56.285-08:002022-12-06T05:13:56.285-08:00Hi Peter, I created a custom mininet script & ...Hi Peter, I created a custom mininet script & placed it in ~/mininet/custom directory. I have also installed floodlight as a controller and sflow-rt with mininet -dashboard. I am running Mininet version 2.3.1b1, python3 version 3.8.10<br /><br />from mininet.net import Mininet<br />from mininet.cli import CLI<br />from mininet.log import setLogLevel, info<br />from mininet.topo import Topo<br />from mininet.node import RemoteController<br />import pdb<br />import time<br />import sys<br /><br />sys.path.insert(0,'/home/rishabh/sflow-rt/extras')<br />import sflow<br />from mininet.util import customClass<br />from mininet.link import TCLink<br /><br />execfile('/home/rishabh/sflow-rt/extras/sflow.py')<br />link = customClass({'tc':TCLink}, 'tc,bw=10')<br /><br />def myNet():<br /> <br /> net = Mininet(topo=None,build=False,link=link)<br /> <br /> info( '*** Adding controller\n')<br /> net.addController('c0', controller=RemoteController,ip="127.0.0.1",port=6653)<br /> <br /> info( '*** Adding hosts\n')<br /> h1=net.addHost('h1')<br /> h2=net.addHost('h2')<br /> h3=net.addHost('h3')<br /> h4=net.addHost('h4')<br /> h5=net.addHost('h5')<br /> h6=net.addHost('h6')<br /> h7=net.addHost('h7')<br /> h8=net.addHost('h8')<br /> h9=net.addHost('h9')<br /> h10=net.addHost('h10')<br /> <br /> info( '*** Adding switch\n' )<br /> s1=net.addSwitch('s1')<br /> s2=net.addSwitch('s2')<br /> s3=net.addSwitch('s3')<br /> s4=net.addSwitch('s4')<br /> s5=net.addSwitch('s5')<br /> <br /> info( '*** Creating links\n' )<br /> net.addLink(s1,s2)<br /> net.addLink(s2,s3)<br /> net.addLink(s3,s4)<br /> net.addLink(s4,s5)<br /> <br /> net.addLink(h1,s1)<br /> net.addLink(h2,s1)<br /> <br /> net.addLink(h3,s2)<br /> net.addLink(h4,s2)<br /> <br /> net.addLink(h5,s3)<br /> net.addLink(h6,s3)<br /> <br /> net.addLink(h7,s4)<br /> net.addLink(h8,s4)<br /> <br /> net.addLink(h9,s5)<br /> net.addLink(h10,s5)<br /> <br /> info( '*** Starting network\n')<br /> net.start()<br /> <br /> info( '*** Running CLI\n' )<br /> CLI( net )<br /><br /> info( '*** Stopping network' )<br /> net.stop()<br /><br /><br />if __name__ == '__main__':<br /> setLogLevel( 'info' )<br /> myNet()<br /><br />sflow-rt is running on a new tab and when i run the command "sudo python3 ./second.py" i get the error message as:<br />Traceback (most recent call last):<br /> File "./second.py", line 1, in <br /> from mininet.net import Mininet<br />ModuleNotFoundError: No module named 'mininet'<br />Rishabh_vyashttps://www.blogger.com/profile/08375562638987398227noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-11331432495473613062022-08-18T09:39:12.799-07:002022-08-18T09:39:12.799-07:00Thanks, Peter. Let me explore the hsflow route as ...Thanks, Peter. Let me explore the hsflow route as suggested.PV Patilhttps://www.blogger.com/profile/12644036814441358648noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-317855181387300882022-08-18T09:14:10.173-07:002022-08-18T09:14:10.173-07:00One option to consider is disabling sFlow on OVS a...One option to consider is disabling sFlow on OVS and installing the <a href="https://sflow.net/" rel="nofollow">Host sFlow</a> agent instead. You would need to enable the psample{} and dent{} modules.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-29865306094787749612022-08-18T07:12:37.795-07:002022-08-18T07:12:37.795-07:00Transit delay and queuing measurements are made in...Transit delay and queuing measurements are made in hardware by the switch ASIC. If the measurements are supported by the hardware then they should be included as metadata with the PSAMPLE messages. I don't believe that the OVS sFlow agent currently supports the export of these measurements, but it wouldn't be too hard to add.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-11718937983453030082022-08-18T00:21:25.999-07:002022-08-18T00:21:25.999-07:00Hi Peter,
any idea if sFlow Transit Delay Structur...Hi Peter,<br />any idea if sFlow Transit Delay Structures can be enabled on an open vSwitch agent too? <br />If yes, minimum OVS version and any working examples of the config (ovs-vsctl command and OVS setup) to get this working?<br />I see on OVS mailing lists that they have added psample support (https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385860.html); however, didn't see these extendedTypes in flow_samples. Neither could I find the options in OVS's sFlow table.<br />TIA! PV Patilhttps://www.blogger.com/profile/12644036814441358648noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-45178711015949872512022-07-21T20:22:13.502-07:002022-07-21T20:22:13.502-07:00Ping doesn't generate enough packets to be sam...Ping doesn't generate enough packets to be sampled. Try<br />h1 ping -f h5<br />or<br />h1 iperf h5Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-39572948708824442952022-07-21T19:50:35.989-07:002022-07-21T19:50:35.989-07:00Hi Peter,
Thanks for you reply.
I am performing h...Hi Peter,<br /><br />Thanks for you reply.<br />I am performing h1 ping h5 in the mininet termial. And I waited for a minute, but unfortunately, I can only get "[]" when I access /flows/json.<br />I am using sflow-rt 3.0 by the way.<br /><br />Do you know what accounts for this ?Shiwenhttps://www.blogger.com/profile/08518026603148495290noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-71532598330661320042022-07-21T05:04:56.468-07:002022-07-21T05:04:56.468-07:00Flows are only logged after the activeTimeout (60 ...Flows are only logged after the activeTimeout (60 seconds in your example), so you won't expect the /flows/json query to generate results until a minute after the flows have started. The activeFlows query gives you a real-time view of the flows as they happen and should give immediate results.<br /><br />The /agents/json query can be used to verify that you are receiving sFlow packet samples.Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-89374506198789919772022-07-21T04:59:48.404-07:002022-07-21T04:59:48.404-07:00Hi Peter,
I think I am having the same issue. I w...Hi Peter,<br /><br />I think I am having the same issue. I would like to use sflow-rt to collect flows for real-time ddos detection. I am stucking at collecting the input for my algorithm. Do you have any suggestions?Shiwenhttps://www.blogger.com/profile/08518026603148495290noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-31207508868767208642022-07-21T04:56:37.677-07:002022-07-21T04:56:37.677-07:00Mininet flow analytics with custom scripts<a href="https://blog.sflow.com/2019/06/mininet-flow-analytics-with-custom.html" rel="nofollow">Mininet flow analytics with custom scripts</a>Peterhttps://www.blogger.com/profile/00856599914190257147noreply@blogger.comtag:blogger.com,1999:blog-1978652979840829013.post-49718961116703110622022-07-21T04:33:37.412-07:002022-07-21T04:33:37.412-07:00Hi Peter. I'm running mininet topology via a p...Hi Peter. I'm running mininet topology via a python script. How can i include sflow in the python scriptFarrugiaahttps://www.blogger.com/profile/12618000083519163254noreply@blogger.com