sFlow is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points.
sFlow is an embedded technology – it is implemented through dedicated hardware chips embedded in the router/switch. A software component, called the sFlow agent, runs as a part of the network management software, again within the device.
sFlow, in spite of its name, is a packet-sampling technology, rather than a “flow-sampling” technology. An IP flow is defined as a series of IP packets moving from a source to a destination, through a particular port. While technologies like NetFlow and J-Flow sample a part of each IP flow, sFlow samples 1 in N of each packet passing through the interface, irrespective of the flow. Both random and time-based sampling of packets and applications are carried out. While packet sampling might not sample each flow, sFlow does provide results with quantifiable accuracy, especially with regards to video streaming and other traffic-heavy applications.
sFlow’s sampling process is performed by the switching/routing ASICs, thereby ensuring wire-speed performances. The sFlow agent then combines the interface counters, flow samples and the forwarding/routing table state associated with each packet into a UDP sFlow datagram. This is then sent to the sFlow collector for collection and analysis.
Flow Monitor traffic monitoring software uses the sFlow data to analyze and manage network traffic and to ensure Quality of Service. By analyzing sFlow data from multiple ports, Flow Monitor is able to provide network-wide visibility. Traffic flow is monitored across ports, aiding in detecting traffic congestion, unauthorized applications and performance issues. Additionally, mapping historical traffic trends and baseline usage helps in proactively identifying and diagnosing network problems/security issues.