Re: [host-sflow-discuss] hsflowd - packet samplling

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Adam,

I think it would probably work if you installed Open vSwitch and then added
the ethernet and wireless interfaces to it.  I have done that sort of thing
for testing sFlow.  For example,  on a regular Linux OS with interface eth0:

ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ifconfig eth0 0
ifconfig br0 10.0.0.9/24

ovs-vsctl show
ovs-dpctl show

As long as the bridge defaults to "learning mode" then this will behave as
expected.  But then of course you will also have the power to add OpenFlow
rules to do whatever crazy thing you want:
http://blog.sflow.com/2013/11/udp-packet-replication-using-open.html

And to turn on sFlow packet-sampling you just have to do this:
service hsflowd start
service sflowovsd start

But if you'd rather wait until we get the nflog feature into hsflowd,  it
should only be a few days away.

Neil

------
Neil McKee
InMon Corp.
http://www.inmon.com

On Thu, May 28, 2015 at 6:05 AM, Adam Pavlidis <ada...@gm...>
wrote:

>
>
>
> Try configuring the ULOG feature,  as described here:
>> http://blog.sflow.com/2010/12/ulog.html
>>
>> If your OS is a recent one,  then this won't work because ULOG was
>> subsumed into netfilter/NFLOG.   I am working on adding the NFLOG feature
>> this week,  though it's not clear that we will be able to get the
>> kernel-based sampling this way,  so there might be a performance hit.
>>
>>
> I currently use Ubuntu 14.04, but i will give it a try
>
>
> For packet-samples you should use the sampling.<speed> settings in
>> hsflowd.conf.  Such as:
>>
>> sampling.100M = 500
>> sampling.1G = 1000
>>
>
>
> I don't know if i understood the concept correctly, please correct me if i
> am wrong.
>
> For packet sampling, is it necessary for hsflowd to work either, with
> ULOG, or with netfilter/NFLOG?
>
> Or does the configuration above enable the hsflowd to perform packet
> sampling regardless?
> If that is the case, i was unsuccessful (after i modified the .conf file).
>
>
>
>> If you run Linux hypervisors,  then enabling sFlow in Open vSwitch will
>> also give you the packet-samples (with efficient kernel-based sampling).
>> The easiest way to configure that is just to run the sflowovsd daemon
>> alongside hsflowd on the hypervisor.
>>
>>
> Unfortunately the machines in question are not VMs running on Linux
> HyperVisor.
> My goal is to monitor traffic on nodes that communicate directly via
> wireless, so sampling the OvS is not an option
>
> I know this i probably a question for ovs-discuss, but if i may veer
> slightly, do you know if i could use Open vSwitch and its sFlow agent to
> sample the wireless interface?
> (perhaps by adding the wireless iface on a logical bridge and sampling
> that bridge, or if that will reserve the wireless iface and make it
> unusable by the node perhaps mirror the traffic to bridge and sample the
> mirrored traffic)
>
> Thank you for all your help on the matter
>