A Look at sFlow

Ever-growing reliance on network services has led to greater importance being given to performance metrics. A protocol that can help manage, administer, and control high-network traffic is a great value-add to everyone involved. This protocol provides the data required to administer the network by sampling packets, ensuring scalability even beyond 100 Gbps without choking the network. The protocol is called sFlow. With the consumed data, an external application or software can manage network performance to meet the need.

sFlow is a multi-vendor, industry-standard packet sampling technology supported by many switches, routers, and other network devices. It is accurate (to some extent, as 1 out of 1000 packets might miss), precise, and scalable (of course). sFlow was created a decade ago but only in recent years have vendors started supporting it. To handle large traffic flows, sFlow is something one can rely on.

SNMP, which has been incorporated in most network devices for a long time, is best suited to handle less network traffic, but it is worth pointing out that an sFlow agent also exports accurate interface counters. In a large enterprise network, pushing the counters with sFlow is more efficient than polling for them with SNMP. Taking the case of ADCs or firewalls, collecting the statistical data required to manage the network should not create overhead on the device. With server performance monitoring system, the counter push mechanism has been recently extended to provide a scalable alternative to SNMP.

Traditional network devices have proprietary software consisting of both the control and the data planes. SDN separates the control plane from the devices and places it in a centralized controller. Devices use sFlow to provide the necessary intelligence (data) to the controllers, which is, in turn, provided to the applications as northbound APIs to compute, apply business logic, make decisions, and control the data flow on the devices through other protocols like OpenFlow.

The main advantage of using sFlow to monitor performance is the scalability it offers when the application requests are high, the logging solutions generate too much data, or traffic is at peak. Monitoring HTTP services using sFlow provides near real-time visibility into application, server, and network performance, and is part of an integrated monitoring system that spans the data center.

F5’s BIG-IP fully supports sFlow (L2–L7). A10’s support for the sFlow standard allows integration of threat metrics with data from a wide range of physical and virtual switches, routers, hosts, and applications. Other major vendors, such as Cisco, Juniper, Brocade, and Arista, ship products with sFlow support.

A centralized sFlow receiver for all devices gives insight into network information and helps in troubleshooting network problems, audit trail analysis, controlling congestion, route profiling, accounting and billing for usage, and more. The sFlow standard supports cloud orchestration by providing unified, cloud-scale visibility that links network, system, and application performance in a single, integrated system. It provides end-to-end, multi-vendor visibility, and emerging industry technologies like OpenFlow and software-defined networking are going to allow networks to automatically adapt to the changing real-time traffic patterns reported by sFlow.


  • NetOps Automation
  • Network Automation
  • Network Infrastructure Automation

About the Author

Ashok Kumar B

Sr. Automation Engineer

More From the Author →

Related Articles

Top 7 Benefits Of An Intelligent Web Application Firewall

| 6 Min Read

Canary Deployment Strategy: Benefits, Constraints And How It Can Be Used For Application Traffic Management

| 5 Min Read

How To Mitigate Log4j Vulnerabilities For F5 Devices Using ADC+

| 3 Min Read