No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for sFlow

Licensing Requirements and Limitations for sFlow

Involved Network Elements

The switch needs to work with an sFlow server.

Licensing Requirements

The sFlow IPv6 function is controlled by a license. By default, this function is disabled on newly purchased CE12800 and CE12800E series switches. To use the sFlow IPv6 function, apply for and purchase the license from the equipment supplier.

Version Requirements

Table 14-3 Products and minimum version supporting sFlow

Product Model

Minimum Version Required

CE12804/CE12808/CE12812

V100R002C00

CE12816

V100R003C00

CE12804S/CE12808S

V100R005C00

CE12800E (configured with FD-X series cards)

V200R005C00

Feature Limitations

Restrictions of using sFlow with other features

Table 14-4 Restrictions of using sFlow with other features

Feature

Use Precautions

NetStream

sFlow and NetStream cannot be configured on the same LPU in a VS.

Mirroring

  • On the CE12800E (configured with FD-X series cards):
    • Flow sampling conflicts with port mirroring, and they cannot be configured on the same interface. Flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • Mirrored packets cannot be sampled.
  • On a CE12800:
    • When inbound flow sampling is configured to use snoop resources, port mirroring and inbound flow sampling can be configured on the same interface, and inbound port mirroring and outbound flow sampling can also be configured on the same interface. Outbound flow sampling conflicts with outbound MQC-based traffic mirroring and outbound VLAN mirroring. After outbound flow sampling is configured on an interface, do not configure any outbound MQC-based traffic mirroring or outbound VLAN mirroring to contain this interface. If the outbound flow sampling and outbound mirroring functions (outbound MQC-based traffic mirroring or outbound VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.
    • When inbound flow sampling is not configured to use snoop resources, port mirroring and flow sampling cannot be configured on the same interface, and flow sampling conflicts with MQC-based traffic mirroring, simplified traffic mirroring, and VLAN mirroring. After flow sampling is configured on an interface, do not configure any MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring to contain this interface. If the flow sampling and mirroring functions (MQC-based traffic mirroring, simplified traffic mirroring, or VLAN mirroring) are configured on the same interface, they cannot take effect simultaneously.

TRILL

sFlow cannot sample TRILL packets.

MPLS

sFlow cannot sample IP packets encapsulated in MPLS packets.

VLAN

The switch still performs sFlow sampling for packets discarded in VLAN check.

VXLAN

sFlow cannot sample inner tag information of VXLAN packets.

BFD

In V200R003C00 and later versions, after sFlow sampling is configured on the CE-L36CQ-FD, CE-L36CQ-FG, CE-L36CQ-FD1, CE-L36CQ-SD, CE-L36LQ-FD, CE-L24LQ-FD, CE-L16CQ-FD, CE-L12CQ-FD, CE-L48XS-FG, CE-L08CF-FG1, and CE-L48XS-FD1, and FD-X cards, BFD packets sampled by sFlow cannot be exported.

VPN

  • When sFlow sampling is configured for outbound Layer 3 traffic between VPNs, routing information cannot be collected.
  • When a main interface and its Layer 3 sub-interfaces are in different VPNs and sFlow is configured on the main interface, the traffic passing through the Layer 3 sub-interface can be sampled. Routing information about the main interface is collected, but routing information about the Layer 3 interface is not collected.

VPLS

VPLS packets cannot be sampled.

QoS

sFlow sampling is on the basis of original packets. After the forwarding behavior is modified (for example, policy routing is applied) or information about the packets to be forwarded is modified (for example, ACL or QoS is applied), the modification cannot be shown in the sFlow statistics.

Local attack defense

  • Since V200R001C00, the card sends sampled packets to the CPU for processing. When the CPU usage of the card exceeds 65%, the card decreases the CAR value of sampled packets sent to the CPU to 1000 pps. As a result, some sampled packets to be sent to the CPU are discarded, decreasing the flow sampling ratio. When the CPU usage falls below 65%, the card increases the CAR value of sampled packets by 500 pps every 20 seconds until the CAR value is restored to the original setting.
  • The CE-L36CQ-FD, CE-L36CQ-FG, CE-L36CQ-FD1, CE-L36CQ-SD, CE-L36LQ-FD, CE-L24LQ-FD, CE-L16CQ-FD, CE-L12CQ-FD, CE-L48XS-FG, CE-L08CF-FG1, and CE-L48XS-FD1 cards support flow sampling in enhanced mode. In this mode, sampled packets are not sent to the CPU for processing.

Stack

Do not configure sFlow on an inter-chassis Eth-Trunk of a stack. If you configure sFlow on an inter-chassis Eth-Trunk, the statistics collection result of the sFlow Collector will be inaccurate.

sFlow use restrictions

  • In the sFlow sampling service, there may be a difference of 5% or lower between collected statistics and actual traffic statistics.

  • Do not configure sFlow on an inter-card Eth-Trunk. If you configure sFlow on an inter-card Eth-Trunk, the statistics collection result of the sFlow Collector will be inaccurate.
  • When sFlow sampling ratio is set to a small value, many sampled packets will be sent to the CPU, causing a high CPU usage and affecting the other services. If the CPU is overloaded, sampled packets are discarded.

  • The source VLAN information is not recorded in outbound sFlow sampling. In packet statistics, the source VLAN information is recorded as 0. The destination VLAN information is not recorded in inbound sFlow sampling. In packet statistics, the destination VLAN information is recorded as 0.

  • When sFlow counter sampling is configured, the switch does not count the number of discarded packets in Output traffic statistics on interfaces.

  • When sampling Layer 3 packets, the switch needs to look up the routing table, causing a high CPU usage.
  • When the CE12800 samples outgoing packets, the inbound interface is recorded as an invalid interface.
  • When counter sampling is configured on a Layer 2 sub-interface, sampling statistics are the same as the statistics collected on the main interface.

  • For the CE12800E that has FD-X series cards installed, when sFlow sampling is configured for incoming multicast, broadcast, and unknown unicast packets, the packet statistics do not contain outbound interface information. When sFlow sampling is configured for incoming known unicast packets, the packet statistics contain outbound interface information. If the outbound interface is a sub-interface, the packet statistics are about the main interface corresponding to this sub-interface.

  • In V100R005C00 and V100R005C10, the enhanced mode is recommended when the collector is located on the network connected to a service port. In the enhanced mode, the switch sends sFlow packets to the collector through service cards. In V100R006C00 and later versions, the switch determines to send sFlow packets through service cards or management port based on the routing information on the collector.

  • If the sFlow sampling ratio in V200R001C00 or later version is less than 4096, after the version is downgraded to a version earlier than V200R001C00, the sFlow sampling ratio is automatically set to 4096.

  • The switch cannot forward sFlow packets after VXLAN or MPLS encapsulation. Therefore, do not send sFlow packets to the collector through a VXLAN or MPLS tunnel when sFlow sampling is configured.

  • On a CE12800E that has an FD-X series card installed, after sFlow sampling is configured in the outbound direction, packets forwarded at Layer 3 can be sampled, and the original Layer 2 header information in packets is collected.
  • Restrictions in enhanced mode:

    • The following cards support flow sampling in enhanced mode: CE-L36CQ-FD, CE-L36CQ-FG, CE-L36CQ-FD1, CE-L36CQ-SD, CE-L36LQ-FD, CE-L24LQ-FD, CE-L16CQ-FD, CE-L12CQ-FD, CE-L48XS-FG, CE-L08CF-FG1, and CE-L48XS-FD1.
    • The maximum rate at which the switch sends sFlow packets is 300 kpps.
    • The switch cannot send sFlow packets through the management interface.
    • The exported sFlow packets do not carry IPv6 routing information.
    • When sFlow sampling is configured on a physical interface, an Eth-Trunk, or an Eth-Trunk member interface, the switch can sample packets on Layer 3 and Layer 2 sub-interfaces. The interface index in the sampled packets is the index of the physical interface or Eth-Trunk.

    • When inbound flow sampling is configured on an interface, only the inbound interface information is displayed in the statistics. When outbound flow sampling is configured on an interface, only the outbound interface information is displayed in the statistics.

    • In a fast stack upgrade or downgrade scenario, when a stack is downgraded from V200R005C00 or a later version to V200R003C00, interfaces on the standby device enter the Error-Down state.

  • Restrictions in non-enhanced mode:

    • When an sFlow Collector is located on the network connected to the management interface, the switch sends sFlow packets to the sFlow Collector through the management interface. The maximum rate of sFlow packets for the LPU is 1600 pps and for the chassis is 5000 pps. If the switch sends sFlow packets through an interface card, the maximum rate at which the service card sends sFlow packets is 1600 pps.
    • In V200R003C00 and earlier versions, when sFlow sampling is configured in the inbound direction of a physical interface, an Eth-Trunk, or an Eth-Trunk member interface, the switch cannot sample packets on Layer 3 or Layer 2 sub-interfaces. When sFlow sampling is configured in the outbound direction of a physical interface, an Eth-Trunk, or an Eth-Trunk member interface, the switch can sample packets on Layer 3 and Layer 2 sub-interfaces. The interface index in the sampled packets is the index of the physical interface or Eth-Trunk, and the routing information on Layer 3 and Layer 2 sub-interfaces cannot be collected.

    • In V200R005C00 and later versions, when sFlow sampling is configured on a physical interface, an Eth-Trunk, or an Eth-Trunk physical member interface, the switch can sample packets on Layer 3 and Layer 2 sub-interfaces. The interface index in the sampled packets is the index of the physical interface or Eth-Trunk, and the routing information on Layer 3 and Layer 2 sub-interfaces cannot be collected.

    • When sFlow sampling is configured for incoming multicast, broadcast, and unknown unicast packets, the packet statistics do not contain outbound interface information. When sFlow sampling is configured for incoming known unicast packets, the following events occur:
      • If the outbound interface is a Layer 3 main interface, the packet statistics contain outbound interface information.
      • If the outbound interface is a Layer 3 sub-interface, the packet statistics are about the Layer 3 main interface corresponding to this sub-interface.
      • If the outbound interface is an interface of other types, the packet statistics do not contain outbound interface information.
  • On some cards, if the traffic rate exceeds a half of maximum bandwidth, that is, 120 Gbit/s, outbound sFlow sampling ratio is inaccurate. The difference for original flow rate x is 1 - (240 - x)/x. The cards involved include CE-L48GT-EA, CE-L48GT-EC, CE-L48GS-EA, CE-L48GS-EC, CE-L24XS-BA, CE-L24XS-EA, CE-L48XS-BA, CE-L48XS-EA, and CE-L24LQ-EA.

  • On a CE12800 switch, the following services are in descending order of priority: M-LAG unidirectional isolation, MQC (traffic policing, traffic statistics, and packet filtering), querying the outbound interface of packets with specified 5-tuple information, source MAC address, and destination MAC address, local VLAN mirroring, sFlow, NetStream, and statistics on the VLANIF interface or Layer 3 sub-interface. When the services are configured on an interface in the outbound direction, the service with the highest priority takes effect. For example, when both packet filtering and statistics on the VLANIF interface are configured on the VLANIF interface, packet filtering takes effect.

    For sFlow and NetStream, the preceding limitations apply to all interfaces in V100R005C10 and earlier versions and only Layer 3 and Layer 2 sub-interfaces in V100R006C00 and later versions.

  • Configuring outbound sFlow sampling is not recommended because it will lower the forwarding capability of the switch.

Restrictions on the use of NetStream, sFlow, and port mirroring on Eth-Trunk and its Layer 3 sub-interfaces, Layer 2 sub-interfaces, and member interfaces

Table 14-5 Restrictions on the use of sFlow, NetStream, and port mirroring on Eth-Trunk and its Layer 3 sub-interfaces, Layer 2 sub-interfaces, and member interfaces

Interface with sFlow Configured

Eth-Trunk

Layer 3 Sub-interface

Layer 2 Sub-interface

Member Interface

Eth-Trunk

  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N
  • sFlow: Y
  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N

Layer 2 sub-interface of an Eth-Trunk

  • sFlow: Y
  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N
  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N

Member interface of an Eth-Trunk

  • sFlow: N
  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N
  • sFlow: N
  • NetStream: N
  • Port mirroring: N
  • sFlow and NetStream cannot be configured on the same LPU in a VS.
  • sFlow and port mirroring cannot be configured together on the same interface.

N: indicates that this function cannot be configured. Y: indicates that this function can be configured.

Since V100R005C00, sFlow can be configured on Eth-Trunk member interfaces.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 30671

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next