Menu
▾
▴
Re: [host-sflow-discuss] hsflowd - packet samplling
|
From: Adam P. <ada...@gm...> - 2015-06-04 20:48:20
|
I will try it out, thank you very much for all your help and detailed instructions. On Thu, Jun 4, 2015 at 10:31 PM, Neil McKee <nei...@in...> wrote: > Adam, > > I checked in the changes to make NFLOG an option for hsflowd > packet-sampling too. If you want to try it, here are the steps. To > avoid confusion it's probably best to do it on a server that is not > already sending sFlow from the Open vSwitch: > > # probably need this rpm > yum install libnfnetlink-devel > > # build from sources (trunk) > cd host-sflow-code > svn up > make NFLOG=yes > make install > > # configure iptables > MOD_STATISTIC="-m statistic --mode random --probability 0.0025" > NFLOG_CONFIG="--nflog-group 5 --nflog-prefix SFLOW" > sudo iptables -I INPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG > sudo iptables -I OUTPUT -j NFLOG $MOD_STATISTIC $NFLOG_CONFIG > > # add these lines to /etc/hsflowd.conf > nflogGroup = 5 > nflogProbability = 0.0025 > > # and restart > sudo service hsflowd restart > > Neil > > > ------ > Neil McKee > InMon Corp. > http://www.inmon.com > > > On Fri, May 29, 2015 at 9:19 AM, Adam Pavlidis <ada...@gm...> > wrote: > > That seems very useful, i will try it right away. > > > > Again, thank you very much for all your help > > > > > > > > On Thu, May 28, 2015 at 6:36 PM, Neil McKee <nei...@in...> > wrote: > >> > >> Adam, > >> > >> I think it would probably work if you installed Open vSwitch and then > >> added the ethernet and wireless interfaces to it. I have done that > sort of > >> thing for testing sFlow. For example, on a regular Linux OS with > interface > >> eth0: > >> > >> ovs-vsctl add-br br0 > >> ovs-vsctl add-port br0 eth0 > >> ifconfig eth0 0 > >> ifconfig br0 10.0.0.9/24 > >> > >> ovs-vsctl show > >> ovs-dpctl show > >> > >> As long as the bridge defaults to "learning mode" then this will behave > as > >> expected. But then of course you will also have the power to add > OpenFlow > >> rules to do whatever crazy thing you want: > >> http://blog.sflow.com/2013/11/udp-packet-replication-using-open.html > >> > >> And to turn on sFlow packet-sampling you just have to do this: > >> service hsflowd start > >> service sflowovsd start > >> > >> But if you'd rather wait until we get the nflog feature into hsflowd, > it > >> should only be a few days away. > >> > >> Neil > >> > >> > >> > >> ------ > >> Neil McKee > >> InMon Corp. > >> http://www.inmon.com > >> > >> On Thu, May 28, 2015 at 6:05 AM, Adam Pavlidis <ada...@gm...> > >> wrote: > >>> > >>> > >>> > >>> > >>>> Try configuring the ULOG feature, as described here: > >>>> http://blog.sflow.com/2010/12/ulog.html > >>>> > >>>> If your OS is a recent one, then this won't work because ULOG was > >>>> subsumed into netfilter/NFLOG. I am working on adding the NFLOG > feature > >>>> this week, though it's not clear that we will be able to get the > >>>> kernel-based sampling this way, so there might be a performance hit. > >>>> > >>> > >>> I currently use Ubuntu 14.04, but i will give it a try > >>> > >>> > >>>> For packet-samples you should use the sampling.<speed> settings in > >>>> hsflowd.conf. Such as: > >>>> > >>>> sampling.100M = 500 > >>>> sampling.1G = 1000 > >>> > >>> > >>> > >>> I don't know if i understood the concept correctly, please correct me > if > >>> i am wrong. > >>> > >>> For packet sampling, is it necessary for hsflowd to work either, with > >>> ULOG, or with netfilter/NFLOG? > >>> > >>> Or does the configuration above enable the hsflowd to perform packet > >>> sampling regardless? > >>> If that is the case, i was unsuccessful (after i modified the .conf > >>> file). > >>> > >>> > >>>> > >>>> If you run Linux hypervisors, then enabling sFlow in Open vSwitch > will > >>>> also give you the packet-samples (with efficient kernel-based > sampling). > >>>> The easiest way to configure that is just to run the sflowovsd daemon > >>>> alongside hsflowd on the hypervisor. > >>>> > >>> > >>> Unfortunately the machines in question are not VMs running on Linux > >>> HyperVisor. > >>> My goal is to monitor traffic on nodes that communicate directly via > >>> wireless, so sampling the OvS is not an option > >>> > >>> I know this i probably a question for ovs-discuss, but if i may veer > >>> slightly, do you know if i could use Open vSwitch and its sFlow agent > to > >>> sample the wireless interface? > >>> (perhaps by adding the wireless iface on a logical bridge and sampling > >>> that bridge, or if that will reserve the wireless iface and make it > unusable > >>> by the node perhaps mirror the traffic to bridge and sample the > mirrored > >>> traffic) > >>> > >>> Thank you for all your help on the matter > >> > >> > > > |
