How to use our NetworkAnalysis-sFlow service model

On the page

Need some help?

The sFlow plugin allows to monitor the flow generated by an application, a source IP or a destination IP and to generate alerts if defined thresholds are exceeded, it also reports data and performance graphs in the same way as other plugins.

Use cases and best practices for using plugins :

The plugin has been specified to meet specific needs. It presents different fields to be filled in to target bandwidth consumption

Ideally, each instantiated plugin should meet a need, such as measuring the throughput generated by the e-mail service. In this case, the user will fill in the various fields necessary for this measurement (destination IP of the mail server, SMTP port 25...).



SFlow enables real-time traffic monitoring of data networks containing switches and routers. It uses the sampling mechanism in the sFlow Agent software on the switches and routers to monitor traffic and to transmit the sampling data on the input and output ports to the central data collector, also called the sFlow Analyzer.

For more information on sFlow, see RFC 3176.


sFlow Agent

The sFlow Agent periodically samples or polls the interface counters that are associated with a data source of the sampled packets. The data source can be an Ethernet interface, an EtherChannel interface, or a range of Ethernet interfaces. The sFlow Agent queries the Ethernet Port Manager for the respective EtherChannel membership information and also receives notifications from the Ethernet Port Manager for membership changes.

When you enable sFlow sampling, depending on the sample rate and the internal random number of the hardware, input and output packets are sent to the CPU as sFlow sampled packets. The sFlow agent processes the sampled packets and sends an sFlow datagram to the sFlow analyzer. In addition to the original sampled packet, an sFlow datagram includes information about the input port, the output port, and the length of the original packet. An sFlow datagram can have several sFlow samples.

sFlow versions

 Version   Comment
 V1  Initial Version
 V2  (Unknown)
 V3  Adds support for the information expanses
 V4  Adds supporting PMO communities
 V5  Several protocol improvements. This is the current version, which is supported worldwide.

SFlow datagrams

The sampled data is sent as a UDP packet to the specified host and port. The official port number for sFlow is port 6343. Unreliability in the UDP transport mechanism does not significantly affect the accuracy of measurements obtained from an sFlow agent. If the counter samples are lost, new values will be sent when the next sampling interval has passed. The loss of packet flow samples results in a slight reduction of the effective sampling rate.

The UDP payload contains the sFlow datagram. Each datagram provides information about the sFlow version, the IP address of the originating device, a sequence number, the number of samples it contains, and one or more flow and/or counter samples.

Default settings for sFlow

 Settings  Default
 SFlow sampling rate  4096
 SFlow sampling-size  128
 SFlow max datagram-size  1400
 SFlow collector-port  6343
 SFlow counter-poll-interval  20



Network elements (switches and routers) compile statistics on the network flow data they export to collectors. These detailed statistics can include the number of packets and bytes, application ports, IP addresses, QoS fields, the interfaces through which they pass, etc.

The architecture for collecting IP network traffic information is as follows:

  • sFlow exporter: Observes packet data, creates records of monitored network traffic and transmits this data to the sFlow Collector.
  • sFlow Collector: Collects the records sent by the exporter and stores them in a local database.
  • ServiceNav BOX: Retrieves information collected by the sFlow Collector: according to the need entered in the plugin parameters sFlow
  • SNP (Monitoring Platform) allows you to configure the sFlow template to use the data reported by the ServiceNav BOX


Configuring the NetworkAnalysis-sFlow service template

Best practice dictates that the service template  NetworkAnalysis-sFlow must be linked to the switch or router that exports the sFlow data) but you can also link it to any other equipment or an Up System if needed.

After deploying the service NetworkAnalysis-sFlowYou will need to configure the service according to your analysis needs. As a reminder, the plugin has been optimized to monitor the flow generated by an application.

The following mandatory fields must be filled in:

  • Collector Storage: Address of the Collector Storage
  • Allocated bandwidth: Value in the selected unit
  • Unit: Output unit: kbps, Mbps, Gbps
  • Alert threshold: Alert threshold in %
  • Critical threshold: Critical threshold in %
  • Directory name: Path to the directory containing the exports linked to an interface
  • No data status: Status to show in case of no information, e.g. 0 for OK.

Other fields to be filled in according to the target flow to be monitored.

Example of a configuration targeting the throughput generated by a mail server :

The service will provide you with the following information:

  • A status relative to the thresholds set
  • The flow rate generated in the selected unit
  • Performance data
  • Usage metrics in both absolute values and percentages

Metrics in absolute values :

Metrics in percent usage :

Dashboard configuration

After deploying as many NetworkAnalysis-sFlow services as flows to monitor, you can create one or more dashboards to show bandwidth usage by business and be alerted according to set thresholds.

Here's a dashboard example:

This may also be of interest to you


sFlow: Prerequisites and configuration

top list

Networking 'Top' lists


How to use our NetworkAnalysis-NetFlow service template


Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.


While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.