Sampled Flow Tracking

This chapter describes Arista’s implementation of sampled flow tracking, including configuration instructions and command descriptions. Topics covered by this chapter include:

Sampled Flow Tracking Overview

Network administrators require access to flow information that passes through various network elements to analyze and monitor networks. Sampled flow tracking provides access to IP flow information by sampling traffic flows in ingress direction on the interfaces on which it is configured. The samples are then used to create flow records that are exported to the configured collectors in the Internet Protocol Flow Information Export (IPFIX) format.

Sampled flow tracking terminology:
  • Flow tracker: It is a collection of interfaces that collect samples and create flow records. The flow tracker has one or more exporters.
  • Exporter: It sends flow records to one or more collectors.
  • Collector: It receives flow records from one or more exporters.
  • Data record: It contains values of the parameters corresponding to a template record.
  • Template record: It defines the structure and interpretation of fields in a data record. It is an ordered sequence of type and length pairs.
  • Options template record: It is a type of template record that defines the structure and interpretation of fields in a data record, including how to scope the applicability of the data record.

Data records are created based on the following flow key fields: source IP address, destination IP address, IP protocol, source port, destination port, VRF, and VLAN. These records support IPv4 flow data record and IPv6 flow data record.

Sampled flow tracking supports the following options data records:
  • VRF record: mapping of VRF ID to VRF name.
  • Interface record: mapping of interface ID to interface name.
  • Flow key indicator record: mapping of template ID to flow key indicator.
  • Flow tracker record: contains information about configured flow tracker.

Sampled Flow Tracking Limitations

The limitations of Sampled flow tracking are:
  • Sampled flow tracking is active only when sFlow is disabled on the device.
  • Sampled flow tracking does not support export of IPFIX messages over ECMP paths.
  • Sampled flow tracking route simulation is not supported for ECMP paths.

Configuring Sampled Flow Tracking

These sections describe sampled flow tracking configurations.

Configuring Sampled Flow Tracking

Use the flow tracker sampled command to enable sampled flow tracking on a tracker. Each tracker should have a minimum of one exporter configured.

Example

This command enables sampled flow tracking on an interface Eth1 and the flow tracker ftr1.

switch(config)# interface Eth1
switch(config-if-Et1)# flow tracker sampled ftr1

Use the sample command to enable the sample rate for a specific sampled flow tracker. The default sample rate is 1048576.

Example

These commands configure a sample rate of 1024 for the sampled flow tracker.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# sample 1024

Configuring the Sampled Flow Tracker

Use the tracker command to configure a sampled flow tracker for a device.

Example

This command configures a sampled flow tracker named ftr1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1

Use the record export on interval command to configure the interval at which active flow records are exported. The default interval is 300000 milliseconds.

Example

These commands configure an active record interval of 7000 for the exporter exp1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# record export on interval 7000

Use the record export on inactive timeout command to configure the interval at which timed-out inactive flow records are exported. The default interval is 15000 milliseconds.

These commands configure an inactive record interval of 4000 for the exporter exp1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# record export on inactive timeout 4000

Configuring Exporter for Sampled Flow Tracker

Use the exporter command to configure or unconfigure an exporter for a specific tracker.

Example

This command configures exporter exp1 for the specific tracker ftr1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1

Use the collector command to configure the collector for the specific exporter.

Example

These commands configure a collector for the IPv4 address 192.0.2.0 and collector port number 10.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# collector 192.0.2.0 port 10

Use the local interface command to configure the local source interface for the specific exporter.

Example

These commands configure the local source interface ethernet1 for the exporter exp1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# local interface ethernet1

Use the dscp command to configure the DSCP value for the specific exporter. The default DSCP value is 0.

Example

These commands configure a DSCP value of 10 for the exporter exp1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# dscp 10

Use the format ipfix version command to configure the IPFIX version and maximum packet size for the specific exporter. The default IPFIX version is 10 and the default maximum packet size is 9152.

Example

These commands configure an IPFIX version of 10 and a maximum packet size of 854 for the exporter exp1.

switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# format ipfix version 10 max-packet-size 854

Use the template interval command to configure the interval at which templates are exported for the specific exporter. The default template interval is 3600000 milliseconds.

Example

This command configures the interval of 3400000 milliseconds for the exporter exp1.

switch(config-ftr-sampled-tr-exp-ftr1-exp1)# template interval 3400000

Hardware Flow Tracking with IPFIX Export

Hardware flow tracking uses match criteria to collect data from packets based on defined flow profiles. The data collected is sent to an external node called Collector using IPFIX flow export protocol. The flow tracking engine tracks up to 32K flows going through a given set of ports in a switch with IPFIX-capability. Flow tracking is configured on physical interfaces or LAG interfaces. The matching fields in the packet header are:
  • IP source
  • IP destination
  • IP protocol
  • IP protocol’s source port
  • IP protocol’s destination port
The information collected is:
  • Byte count (4 bytes)
  • Packet count (4 bytes)
  • New-learn timestamp
  • Flow start timestamp
  • Flow end timestamp

Configuring Hardware Flow-tracking

This file extract show a hardware flow-tracking configuration.
! Define a loopback interface to act as the local source interface for 
! IPFIX export
int Loopback0
 ip address 1.2.3.4/32

@ Enable IP routing for IPFIX packet to be routed to the collector
ip routing

! The flow tracker definition
flow tracking hardware
   tracker myFtr
      record export on inactive timeout 60000
      record export on interval 30000
      !
      exporter myExporter
         local interface Loopback0
         template interval 5000
         collector 172.28.130.153
   no shutdown

! Flow tracked interface/port
int ethernet48
 flow tracker hardware myFtr
 no shutdown

This command shows general information about hardware flow tracking.

switch# show flow tracking hardware
Flow Tracking Status
  Type: Hardware
  Running: yes
  Tracker: myFtr
    Active interval: 30000ms
    Inactive timeout: 60000ms
    Groups: IPv4, IPv6, VXLANIPv4, VXLANIPv6
    Exporter: myExpoter
      VRF: default
      Local interface: Loopback0 (1.2.3.4)
      Export format: IPFIX version 10, MTU 1500
      DSCP: 0
      Template interval: 5000ms
      Collectors:
        172.28.130.153 port 4739
    Active interfaces:
      Et48

This command shows hardware flow tracking IPFIX template.

switch# show flow tracking hardware ipfix template 
Tracker: myFtr
  Data Template, Group: IPv4, Fields: 16, Template ID: 263
    paddingOctets (210), 4 bytes
    aristaBscanExportReason[E] (1036), 2 bytes
    paddingOctets (210), 38 bytes
    destinationTransportPort (11), 2 bytes
    sourceTransportPort (7), 2 bytes
    protocolIdentifier (4), 1 bytes
    destinationIPv4Address (12), 4 bytes
    sourceIPv4Address (8), 4 bytes
    ingressVRFID (234), 2 bytes
    paddingOctets (210), 1 bytes
    aristaBscanTsNewLearn[E] (1040), 6 bytes
    aristaBscanTsFlowStart[E] (1038), 6 bytes
    aristaBscanTsFlowEnd[E] (1039), 6 bytes
    octetDeltaCount (1), 4 bytes
    packetDeltaCount (2), 4 bytes
    paddingOctets (210), 38 bytes

  Data Template, Group: IPv6, Fields: 17, Template ID: 264
    paddingOctets (210), 4 bytes
    aristaBscanExportReason[E] (1036), 2 bytes
    paddingOctets (210), 9 bytes
    sourceIPv6Address (27), 16 bytes
    paddingOctets (210), 5 bytes
    destinationTransportPort (11), 2 bytes
    sourceTransportPort (7), 2 bytes
    protocolIdentifier (4), 1 bytes
    ingressVRFID (234), 2 bytes
    destinationIPv6Address (28), 16 bytes
    paddingOctets (210), 1 bytes
    aristaBscanTsNewLearn[E] (1040), 6 bytes
    aristaBscanTsFlowStart[E] (1038), 6 bytes
    aristaBscanTsFlowEnd[E] (1039), 6 bytes
    octetDeltaCount (1), 4 bytes
    packetDeltaCount (2), 4 bytes
    paddingOctets (210), 38 bytes

  Data Template, Group: VXLANIPv4, Fields: 16, Template ID: 265
    paddingOctets (210), 4 bytes
    aristaBscanExportReason[E] (1036), 2 bytes
    paddingOctets (210), 38 bytes
    destinationTransportPort (11), 2 bytes
    sourceTransportPort (7), 2 bytes
    protocolIdentifier (4), 1 bytes
    destinationIPv4Address (12), 4 bytes
    sourceIPv4Address (8), 4 bytes
    ingressVRFID (234), 2 bytes
    paddingOctets (210), 1 bytes
    aristaBscanTsNewLearn[E] (1040), 6 bytes
    aristaBscanTsFlowStart[E] (1038), 6 bytes
    aristaBscanTsFlowEnd[E] (1039), 6 bytes
    octetDeltaCount (1), 4 bytes
    packetDeltaCount (2), 4 bytes
    paddingOctets (210), 38 bytes

  Data Template, Group: VXLANIPv6, Fields: 17, Template ID: 266
    paddingOctets (210), 4 bytes
    aristaBscanExportReason[E] (1036), 2 bytes
    paddingOctets (210), 9 bytes
    sourceIPv6Address (27), 16 bytes
    paddingOctets (210), 5 bytes
    destinationTransportPort (11), 2 bytes
    sourceTransportPort (7), 2 bytes
    protocolIdentifier (4), 1 bytes
    ingressVRFID (234), 2 bytes
    destinationIPv6Address (28), 16 bytes
    paddingOctets (210), 1 bytes
    aristaBscanTsNewLearn[E] (1040), 6 bytes
    aristaBscanTsFlowStart[E] (1038), 6 bytes
    aristaBscanTsFlowEnd[E] (1039), 6 bytes
    octetDeltaCount (1), 4 bytes
    packetDeltaCount (2), 4 bytes
    paddingOctets (210), 38 bytes

  Options Template, VRF Mapping, Template ID: 256
    ingressVRFID (234), 4 bytes
    VRFname (236), variable length

  Options Template, Interface Mapping, Template ID: 257
    ingressInterface (10), 4 bytes
    interfaceName (82), variable length

  Options Template, Flow Key, Template ID: 258
    templateId (145), 2 bytes
    flowKeyIndicator (173), 8 bytes

  Options Template, Tracker, Template ID: 259
    observationDomainId (149), 4 bytes
    observationDomainName (300), variable length
    flowActiveTimeout (36), 2 bytes
    flowIdleTimeout (37), 2 bytes
    selectorAlgorithm (304), 2 bytes
    samplingSize (309), 4 bytes
    samplingPopulation (310), 4 bytes
    flowTrackingType (1001), 2 bytes

This command shows hardware flow tracking IPFIX template option-table.

switch# show flow tracking hardware ipfix options-table 
Tracker: myFtr
  Observation domain: myFtr, ID: 1
  Active interval: 5sec
  Inactive timeout: 60sec
  Selector algorithm: random(3)
  Sampling: 1/1
  Flow tracking type: hardware(2)

  VRF Table, Template ID: 256, Scope: ingressVRFID
      VRF ID        VRF Name     
  -------------- --------------- 
        0            default     
        1             vrf1       
        2             vrf2       
        3        fake-management 
        4            vrf500      
     16777215                    

  Interface Table, Template ID: 257, Scope: ingressInterface
     Interface ID    Interface Name 
  ------------------ -------------- 
          0             unknown     
          1            ethernet1    
          2            ethernet2    
          3            ethernet3 
          4            ethernet4    
          5            ethernet5    
          6            ethernet6    
          7            ethernet7    
          8            ethernet8    
          9            ethernet9    
          10           ethernet10   
          11           ethernet11   
          12           ethernet12   
          13           ethernet13   
          14           ethernet14   
          15           ethernet15   
          16           ethernet16   
          17           ethernet17   
          18           ethernet18   
          19           ethernet19   
          20           ethernet20   
          21           ethernet21   
          22           ethernet22   
          23           ethernet23   
          24           ethernet24   
          25           ethernet25   
          26           ethernet26   
          27           ethernet27   
          28           ethernet28   
          29           ethernet29   
          30           ethernet30   
          31           ethernet31   
          32           ethernet32   
          33           ethernet33   
          34           ethernet34   
          35           ethernet35   
          36           ethernet36   
          37           ethernet37   
          38           ethernet38   
          39           ethernet39   
          40           ethernet40   
          41           ethernet41   
          42           ethernet42   
          43           ethernet43   
          44           ethernet44   
          45           ethernet45   
          46           ethernet46   
          47           ethernet47   
          48           ethernet48   
          49           ethernet49   
          50           ethernet50   
          51           ethernet51   
          52           ethernet52   
        53001         ethernet53/1  
        53002         ethernet53/2  
        53003         ethernet53/3  
        53004         ethernet53/4  
        54001         ethernet54/1  
        54002         ethernet54/2  
        54003         ethernet54/3  
        54004         ethernet54/4  
        999001        Management1   
       2000002           Vlan2      
       2000048           Vlan48     
       2000049           Vlan49     
       2000100          Vlan100     
       7000000           VXLAN1     
      1073741823          CPU       
      1073741824        discard     
      2147483648       multicast    

  Flow Keys Table, Template ID: 258, Scope: templateId
     Template ID    Flow Key Indicator 
  ----------------- ------------------ 
         263              0x1f8        
         264              0x3e8        
         265              0x1f8        
         266              0x3e8

Postcard Telemetry

The postcard telemetry gathers per flow telemetry information like path and per hop latency. The path, latency and congestion information for flows at different times help in troubleshooting and monitoring flows. Postcard telemetry samples flows at every switch, aggregates them and sends the samples to a collector with path and latency information using GRE encapsulation. For calculating latency information, switches in the network need to be in PTP sync.

The information collected is:
  • Length of the truncated samples in bytes.
  • 48-bit timestamp.
  • SNMP OID values of Ingress and Egress ports.
  • 16 bit IP payload checksum, uniquely identify the sample of the same packet from different switches at the collector.
  • Sample Rate (Multiplier is 1K).
  • Sample data, packet inclusive of L2 header, truncated to 256 bytes.

Configuring Postcard Telemetry for Collector

All switches have same configuration for postcard telemetry to give correct information to collector and it should enabled with PTP.
switch(config)# monitor telemetry postcard policy
switch(config-tele-postcard-policy)# no disabled
switch(config-tele-postcard-policy)# ingress collection gre source 10.10.10.10 destination 172.16.1.1

switch(config)# interface ethernet1/1
switch(config-if-Et1/1)# telemetry postcard policy profile default
The sample rates can be selected:
  • 16384 Set sample rate to 1 in 16k packets
  • 32768 Set sample rate to 1 in 32k packets
  • 65536 Set sample rate to 1 in 64k packets

This example configures sample policy for matching two different flow sets.

Match Rule 1:
  • Destination IP prefix 10.1.1.0/24 and Source IP prefix 10.2.2.0/24
  • TCP source port number 100 and destination source port number 200
Match Rule 2:
  • Destination IP prefix 172.16.2.0/24
  • Source IP prefix 172.16.3.0/24
switch(config)# monitor telemetry postcard policy
switch(config-tele-postcard-policy)# sample policy mypolicy
switch(config-postcard-sample-policy-mypolicy)# match myrule1 ipv4
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# destination prefix 10.1.1.0/24
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# source prefix 10.2.2.0/24
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# protocol tcp source port 100 destination port 200

switch(config-postcard-sample-policy-mypolicy)# match myrule2 ipv4
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# destination prefix 172.16.2.0/24
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# source prefix 172.16.3.0/24

switch(config-postcard-sample-policy-mypolicy)# profile myprofile
switch(config-postcard-profile-myprofile)# ingress sample policy mypolicy

switch(config)# interface ethernet2/1
switch(config-if-Et1/1)# telemetry postcard policy profile myprofile
These actions can be configured for any match rule, sample at specified rate, sampling all packets, or no sampling for the flow. The last option is the default.
switch(config)# monitor telemetry postcard policy
switch(config-tele-postcard-policy)# sample policy mypolicy
switch(config-postcard-sample-policy-mypolicy)# match myrule1 ipv4
switch(config-postcard-sample-policy-match-mypolicy-myrule1-ipv4)# actions 
switch(config-postcard-sample-policy-actions-mypolicy-myrule1)# sample

Sampling can also be done based on user specified checksum value and mask in TCP/UDP header.

switch(config)# monitor telemetry postcard policy
switch(config-tele-postcard-policy)# ingress sample tcp-udp-checksum value <val> mask <mask>

Show commands

This shows sample rate and collector IP configuration.
switch# show monitor telemetry postcard policy 
Enabled: true
Ingress collection sample rate: 16384
Ingress collection type: GRE
Ingress collection source: 10.10.10.10
Ingress collection destination: 172.16.1.1
This shows information about postcard telemetry sample policies.
switch# show monitor telemetry postcard sample policy 
Sample policy default
Total number of rules configured: 1
match ipv4 ipv4-all-default:
        Actions: sample

Sample policy mypolicy
Total number of rules configured: 3
match ipv4 myrule1:
        Source: 10.2.2.0/24
        Destination: 10.1.1.0/24
        Protocol: tcp
                Source port: 100
                Destination port: 200
match ipv4 myrule2:
        Source: 172.16.2.0/24
        Destination: 172.16.2.0/24
match ipv4 ipv4-all-default:
This shows different profiles configured and interfaces on which profiles are configured and active.
switch# show monitor telemetry postcard policy profiles 
Profiles
Name: default
Sample policy: default
Configured on: Et1/1
Active on: Et1/1

Name: myprofile
Sample policy: mypolicy
Configured on: Et2/1
Active on: Et2/1

switch# show monitor telemetry postcard policy profile myprofile 
Profiles
Name: myprofile
Sample policy: mypolicy
Configured on: Et2/1
Active on: Et2/1

Configuring TCAM Profile for Postcard Telemetry

The postcard telemetry requires the system TCAM profile to have postcard telemetry enabled. This can be achieved by creating a user defined TCAM profile.

The system TCAM profile must have the telemetry postcard policy ipv4 to support postcard telemetry for IPv4 packets. This is applicable for both copied or newly created TCAM profiles.

Creating the User Defined TCAM profile

This adds the postcard telemetry to the default profile.
switch(config)# hardware tcam
switch(config-hw-tcam)# profile <profile name> copy default
switch(config-hw-tcam-profile-<profile>)# feature telemetry postcard policy ipv4 copy
switch(system-feature-source-profile) #
Postcard telemetry is supported for ipv4 bridged and routed packets.
switch(config-hw-tcam-profile-<profile>-feature-<feature>)# packet ipv4 forwarding bridged
switch(config-hw-tcam-profile-<profile>-feature-<feature>)# packet ipv4 forwarding routed
Key size is limited to 160. This is optional for feature copied from the system-feature-source-profile.
switch(config-hw-tcam-profile-<profile>-feature-<feature>)# key size limit 160
This removes the unused features to ensure that the TCAM DB for postcard telemetry gets allocated.
switch(config-hw-tcam-profile-<profile>-feature-<feature>)# exit
switch(config-hw-tcam-profile-<profile>)# no feature mirror ip
switch(config-hw-tcam-profile-<profile>)#

Applying the User Defined TCAM Profile

This sets the profile as the system profile under the hardware tcam mode.
switch(config-hw-tcam)# system profile <profilename>

When the system TCAM profile is changed, it is expected for some of the agents to restart. This removes the unused features to ensure that the TCAM DB for postcard telemetry gets allocated.

Limitations

  • Only IPv4 collector in default VRF is supported.
  • Only IPv4 match rules are supported in sample policy.
  • Postcard telemetry for VXLAN encapsulated packets is not supported.
  • Postcard telemetry for PBR forwarded packets is not supported.
  • Postcard telemetry for packets with IP options are not supported.
  • Postcard telemetry for multi destination packets is not supported.
  • Postcard telemetry for packets dropped or consumed by switch is not supported.
  • DCS-7280 and DCS-7500 platforms can support at most 3 postcard policies.
  • For INT to be enabled, all the other telemetry features must be in disabled state ( e.g.: Sflow, Sampled flow tracking).

Inband Network Telemetry (INT) Support

The Inband Network Telemetry, eXport Data (INT-XD) gathers flow, queue, drop telemetry information like network path, hop latency, queue congestion, drop reasons and more which are used for network monitoring and troubleshooting.

The INT-XD supports:
  • Flow telemetry report generates from flow events. Flow events include new flows, change in the attributes of flow like ingress/egress port or latency. Flow reports include information about the path that packets traverse as well as other telemetry metadata such as hop latency and queue occupancy.
  • Drop reports provide visibility into the impact of packet drops on user traffic. Drop reports include information about the path that packets traversed as well as other telemetry metadata such as drop reason code and queue id.
  • Queue congestion reports are generated from queue-related events, like packets exceeding the queue depth or latency. This provides visibility into the traffic causing and prolonging queue congestion.

Platform Compatibility

The following platforms support the INT-XD feature.
  • DCS-7170-64C-F
  • DCS-7170-64C-R
  • DCS-7170-64C#
  • DCS-7170-64C-M#
  • DCS-7170-32C-F
  • DCS-7170-32C-R
  • DCS-7170-32C#
  • DCS-7170-32C-M-F
  • DCS-7170-32C-M-R
  • DCS-7170-32C-M#
  • DCS-7170-32CD-F
  • DCS-7170-32CD-R
  • DCS-7170-32CD#

configuration

All switches have same configuration for INT-XD and postcard telemetry to give correct information to collector and they are supported only in default profile.
switch(config)# platform barefoot profile default
This command enters the postcard telemetry context to enable the feature.
switch(config)# monitor telemetry postcard int-xd
This command enables the postcard telemerty.
switch(config-tele-postcard-int-xd)# no disabled
This command enables flow report.
switch(config-tele-postcard-int-xd)# report flow
This command configures flow report refresh interval. By default it is set to 5 seconds.
switch(config-tele-postcard-int-xd)# report flow refresh-interval <value> seconds
This command enables drop report.
switch(config-tele-postcard-int-xd)# report drop
This command enables queue report.
switch(config-tele-postcard-int-xd)# report queue
This command configures queue depth threshold. By default it is set to 2 percent.
switch(config-tele-postcard-int-xd)# report queue depth 10 percent
This command configures switch hop latency threshold. By default it is set to 2048 ns.
switch(config-tele-postcard-int-xd)# report queue latency 1024 nanoseconds
This command configures queue report suppression limits. Default value is 1000 reports/sec per queue.
switch(config-tele-postcard-int-xd)# report queue rate-limit 1000 reports-per-second
This command configures unique id of a switch.
switch(config-tele-postcard-int-xd)# device id 25
This command exits the mode to commit the changes.
switch(config-tele-postcard-int-xd)# exit

Show commands

This example shows the mapping between drop reason text and drop reason code.

switch(config)# show platform barefoot int drop codes
Code                     Reason
------  -------------------------------------------------------------
     1    Ingress STP blocked
     2    Ingress invalid VLAN
This command shows the current sequence number of the INT-XD reports. Sequence number is incremented every time an INT-XD report is sent. It shows the sequence number in HEX format.
switch(config)# show platform barefoot registers seqNumber

Limitations

  • Specific flow watchlist to filter flows is not supported in this release.
  • A 5-tuple of outer header is used for tracking the flows.
  • Collector reachability through overlay networks is not supported.
  • Packets punted to the CPU are not exported to the collector.
  • Collector reachability over non default vrf is not supported.
  • Collector reachability via out of band management port is not supported.
  • Only unicast packet tail drops are exported to collectors.
  • INT reports are sent to a single collector reachable via IPv4.

Sampled Flow Tracking configuration Examples

This section describes the command configurations required to configure sampled flow tracking.

Sampled Flow Tracking Basic configuration

The following commands enable a basic configuration.

  1. Enable configuration mode for the sampled flow tracking on a device.
    switch(config)# flow tracking sampled
  2. Configure a sampled flow tracker for a device.
    switch(config-flow-tracking-sampled)# tracker ftr1
  3. Configure an exporter for the specific tracker.
    switch(config-ftr-sampled-tr-ftr1)# exporter exp1
  4. Configure the collector for the specific exporter.
    switch(config-ftr-sampled-tr-ftr1-exp-exp1)# collector 172.31.22.131
  5. Configure the local source interface ethernet1 for the specific exporter.
    switch(config-ftr-sampled-tr-ftr1-exp-exp1)# local interface ethernet1
  6. Enable sampled flow tracking.
    switch(config-ftr-sampled-tr-ftr1-exp-exp1)# no shutdown
  7. Configure the interface ethernet2 for the specific exporter.
    switch(config)# interface ethernet2
  8. Configure the sampled flow tracker on interface ethernet2.
    switch(config)# interface ethernet2
    switch(config-if-Et2)# flow tracker sampled ftr1

Sampled Flow Tracking commands

clear flow tracking sampled counters

The clear flow tracking sampled counters command clears the flow tracking counters for all trackers, a specified tracker, or a specified tracker and exporter.

Command Mode

Privileged EXEC

Command Syntax

clear flow tracking sampled counters [tracker tracker_name [exporter exporter_name]]

Parameters
  • tracker tracker_name Specifies the flow tracker.
  • exporter exporter_name Specifies the exporter.

Example

This command clears the flow counters for the tracker ftr1 and exporter exp1.
switch# clear flow tracking sampled counters tracker ftr1 exporter exp1
switch#

collector

The collector command configures a collector to receive flow records from a specified exporter.

The no collector and default collector commands remove the configured collector from running-config.

Command Mode

Sampled Flow Tracking Exporter configuration

Command Syntax

collector {ipv4_address | ipv6_address} [port port_number]

no collector {ipv4_address | ipv6_address} [port port_number]

default collector {ipv4_address | ipv6_address} [ port port_number ]

Parameters
  • ipv4_addressSpecifies the IPv4 address of the collector.
  • ipv6_addressSpecifies the IPv6 address of the collector.
  • port port_number Specifies the port number for the collector. Values range from 1 to 65535. The default value is 4739.

Example

These commands configure a collector for the IPv4 address 192.0.2.0 and collector port number 10.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# collector 192.0.2.0 port 10
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# exit
switch(config-ftr-sampled-tr-ftr1)# exit
switch(config-flow-tracking-sampled)# exit
switch(config)#

dscp

The dscp command configures the Differentiated Services Code Point (DSCP) value for a specific exporter.

The no dscp and default dscp commands reset the DSCP value to the default of 0.

Command Mode

Sampled Flow Tracking Exporter configuration

Command Syntax

dscp dscp_value

no dscp dscp_value

default dscp dscp_value

Parameters

dscp_value the DSCP value assigned to the exporter. Value ranges from 0 to 63. Default value is 0.

Example

These commands configure a DSCP value of 10 for the exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# dscp 10 
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# exit 
switch(config-ftr-sampled-tr-ftr1)# exit
switch(config-flow-tracking-sampled)# exit
switch(config)#

exporter

The exporter command places the switch in sampled flow tracking exporter configuration mode for the specified exporter and creates the exporter if it does not yet exist.

The no exporter and default exporter commands remove the specific exporter from running-config.

Command Mode

Sampled Flow Tracking Tracker configuration

Command Syntax

exporter exporter_name

no exporter exporter_name

default exporter exporter_name

Parameters

exporter_name the name of the exporter.

Example

These commands create exporter exp1 for the flow tracker ftr1 and place the switch in configuration mode for that exporter.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)#exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)#

flow tracker sampled

The flow tracker sampled command configures an interface to be part of a flow tracker. An interface can belong to only one flow tracker.

The no flow tracker sampled and default flow tracker sampled commands remove the specified interface from the specified tracker.

Command Mode

Interface-ethernet configuration

Command Syntax

flow tracker sampled tracker_name

no flow tracker sampled tracker_name

default flow tracker sampled tracker_name

Parameters

tracker_name the name of the flow tracker to which the interface is to be added.

Example

This command configures interface ethernet 1 to participate in the flow tracker ftr1.
switch(config)# interface ethernet 1
switch(config-if-Et1)# flow tracker sampled ftr1
switch(config-if-Et1)#

flow tracking sampled

The flow tracking sampled command places the switch in sampled flow tracking configuration mode. Sampled flow tracking configuration mode is a group-change mode; changes made in a group-change mode are saved by exiting the mode.

The no flow tracking sampled and default flow tracking sampled commands remove all sampled flow tracking configuration from running-config.

Command Mode

Global configuration

Command Syntax

flow tracking sampled

no flow tracking sampled

default flow tracking sampled

commands Available in Sampled Flow Tracking configuration Mode

  • abortexits mode without saving changes
  • exitexits mode and saved changes
  • sampleconfigures sample parameters
  • shutdown (sampled flow tracking) enables or disables sampled flow tracking
  • trackerconfigures a flow tracker

Example

This command places the switch in the sampled flow tracking configuration mode.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)#

format ipfix version

The format ipfix version command configures the IPFIX version and maximum packet size for a specific exporter.

The no format ipfix version and default format ipfix version commands remove the previously configured IPFIX version and the maximum packet size value from running-config.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

format ipfix version ipfix_version [max-packet-size max-packet-size value]

no format ipfix version ipfix_version [max-packet-size]

default format ipfix version ipfix_version [max-packet-size]

Parameters
  • ipfix_version the IPFIX version. Default value is 10.
  • max-packet-size max-packet-size value the IPFIX maximum packet size. Value ranges from 512 to 65472. Default value is 9152.

Example

These commands configure an IPFIX version of 10 and a maximum packet size of 854 for the exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# format ipfix version 10 max-packet-size 854

local interface

The local interface command configures the local source interface for the specific exporter.

The no local interface and default local interface commands remove the local interface for the specific exporter from running-config.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

local interface interface

no local interface

default local interface

Parameters

interface Interface type and numbers. Options include:
  • ethernet eth_num displays the information of the specified ethernet interface. The value ranges from 1 to 64.
  • Loopback lb_num displays the information of the specified loop back interface. The value ranges from 0 to 2100.
  • Management m_num displays the information of the specified Management interface. The management port number ranges from 1 to 2.
  • Port-Channel pc_num displays the interface or sub-interface information of the specified port channel. The interface and sub-interface values of port channel ranges from 1-1000 and 1-2000, 1-4094 respectively.
  • Tunnel t_num displays the information of the specified tunnel. The value ranges from 0 to 255.
  • Vlan vlan_num displays the information of the specified VLAN interface. The value ranges from 1 to 4094.

Example

These commands configure the local source interface ethernet1 for the exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# local interface ethernet1

record export on inactive timeout

The record export on inactive timeout command configures the interval at which inactive flow records time out and are exported for a flow tracker.

The no record export on inactive timeout and default record export on inactive timeout commands remove the timeout interval from running-config.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

record export on inactive timeout timeout_value

no record export on inactive timeout

default record export on inactive timeout

Parameters

timeout_value the flow record inactive export timeout value in milliseconds. Value ranges from 3000 to 900000. The default value is 15000 milliseconds.

Example

These commands configure an inactive record interval of 6000 for the exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# record export on inactive timeout 6000

record export on interval

The record export on interval command configures the interval at which active flow records are exported for a flow tracker.

The no record export on interval and default record export on interval commands remove the interval from running-config.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

record export on interval interval_value

no record export on interval

default record export on interval

Parameters

interval_value the flow record export interval in milliseconds. Value ranges from 5000 to 36000000. The default value is 300000 milliseconds.

Example
  • These commands configure an active record interval of 9000 for the exporter exp1.
    switch(config)# flow tracking sampled
    switch(config-flow-tracking-sampled)# tracker ftr1
    switch(config-ftr-sampled-tr-ftr1)# exporter exp1
    switch(config-ftr-sampled-tr-ftr1-exp-exp1)# record export on interval 9000

sample

The sample command enables the sample rate for a specific sampled flow tracker.

The no sample and default sample commands remove the sample rate configured for a specific sampled flow tracker from running-config.

Command Mode

Sampled Flow configuration

Command Syntax

sample sample_rate

no sample

default sample

Parameters

sample_rate the sample flow tracking rate to be assigned for a sampled flow tracker. Value ranges from 1024 to 16777216. Default value is 1048576.

Example

These commands configure a sample rate of 2056 for the sampled flow tracker.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# sample 2056

show flow tracking sampled

The show flow tracking sampled tracker command displays information about the status of a specific tracker and the status of a specified exporter within that tracker. If no tracker is specified in the command, then all information about all trackers is displayed.

Command Mode

EXEC

Command Syntax

show flow tracking sampled [tracker tracker_name [exporter exporter_name]]

Parameters
  • tracker tracker_name the specific flow tracker.
  • exporter exporter_name the specific exporter within the tracker.

Example

This command displays the status information of the tracker ftr1 and the exporter exp1.
switch# show flow tracking sampled tracker ftr1 exporter exp1
Flow tracking status
 Type: Sampled
 Running: yes
 Sample rate: 1024
 Tracker: ftr1
 Active interval: 30000ms
 Inactive timeout: 120000ms
 Groups: IPv4, IPv6
 Exporter: exp1
 VRF: default
 Local interface: Management1 (172.30.150.179)
 Export format: IPFIX version 10, MTU 1500
 DSCP: 48
 Template interval: 3600000ms
 Collectors:
 172.31.22.131 port 4739
 Active interfaces:
 Et1

show flow tracking sampled counters

The show flow tracking sampled counters command displays information about the flow tracking counters of a specific tracker and the counters of a specified exporter within that tracker.

Command Mode

EXEC

Command Syntax

show flow tracking sampled counters [tracker tracker_name [exporter exporter_name]]

Parameters
  • tracker tracker_name the specific flow tracker.
  • exporter exporter_name the specific exporter within the tracker.

Example

This command displays the flow tracking counter information of the tracker ftr1 and the exporter exp1.
switch# show flow tracking sampled counters tracker ftr1 exporter exp1  
Tracker: ftr1
  1 flows, 22 RX packets
  Flows created: 1, expired: 0
  Group: IPv4
  1 flows, 22 RX packets
  Group: IPv6
  0 flows, 0 RX packets
  Exporter: exp1 (IPFIX)
  Collector: 172.31.24.133 port 4739
  52 messages, last sent 0:00:27 ago
  0 flow records
  2350 options data records, last sent 0:00:27 ago
  6 templates, last sent 0:12:27 ago
  Collector: 172.31.22.131 port 4739
  52 messages, last sent 0:00:27 ago
  0 flow records
  2350 options data records, last sent 0:00:27 ago
  6 templates, last sent 0:12:27 ago

show flow tracking sampled flow-table

The show flow tracking sampled flow-table command displays information about the active flows maintained in the eos.

Command Mode

EXEC

Command Syntax

show flow tracking sampled flow-table [ detail | dst-ip | dst-port | group | interface | protocol | src-ip | src-port | tracker | vlan | vrf ]

Parameters
  • detail displays detailed flow records.
  • dst-ip displays flow records based on destination IPv4 or IPv6 address.
  • dst-port displays flow records based on a specified destination port.
  • group displays flow records based on IPv4 or IPv6 flow groups.
  • interface displays flow records based on ingress interface.
  • protocol displays flow records based on the flow IP protocol.
  • src-ip displays flow records based on source IPv4 or IPv6 address.
  • src-port displays flow records based on a specified source port.
  • tracker displays flow records based on flow tracker.
  • vlan displays flow records based on a specified flow VLAN ID.
  • vrf displays flow records based on flow VRF.
Examples
  • This command displays information about the active flows on the device.
    switch# show flow tracking sampled flow-table  
    Tracker: ftr1, Flows: 1
     Group: IPv4, Flows: 1
     VRF  VLAN   Source        Destination   Protocol   Start Time            Pkts   Bytes
     ---- ------ ------------- ------------- ---------- --------------------- ------ ------
     red  42     10.10.1.1:0   10.20.1.2:0   UDP        2019-04-18 15:06:50    7      700
  • This command displays detailed information about the active flows on the device.
    switch# show flow tracking sampled flow-table detail  
    Tracker: ftr1, Flows: 1
      Group: IPv4, Flows: 1
      Flow: UDP 10.10.1.1:0 - 10.20.1.2:0, VRF: red, VLAN: 42
      Start time: 2019-04-18 15:06:50.268734, Last packet time: 2019-04-18 15:07:03.607900
      Packets: 15, Bytes: 1500, TOS: 0, TCP flags: none
      Source MAC: 001c.73ee.bfe4, Destination MAC: 001c.7374.3b85
      Ingress Interface: 'ethernet1', Egress VLAN: routed, Egress Interface: CPU
      Next hop: unknown, BGP next hop: unknown (AS unknown), Source AS: unknown
      Source prefix length: 24, Destination prefix length: 32

show flow tracking sampled ipfix options-table

The show flow tracking sampled ipfix options-table command displays information about the sampled IPFIX options table available.

Command Mode

EXEC

Command Syntax

show flow tracking sampled ipfix options-table tracker [flow-key | flow-tracker | interface | vrf]

Parameters
  • tracker displays the output for a specific flow tracker.
  • flow-key displays the flow keys options table.
  • flow-tracker displays the flow tracker options table.
  • interface displays the interface options table.
  • vrf displays the VRF options table.

Example

This command displays the sampled IPFIX options table for the tracker ftr1.
 switch# show flow tracking sampled ipfix options-table  
Tracker: ftr1
  Observation domain: ftr1, ID: 1
  Active interval: 30sec
  Inactive timeout: 120sec
  Selector algorithm: random(3)
  Sampling: 1/1024
  Flow tracking type: sampled(1)
  VRF Table, Template ID: 256, Scope: ingressVRFID
  VRF ID VRF Name
  -------------- --------
  0 default
  1 red
  16777215 
  Interface Table, Template ID: 257, Scope: ingressInterface
  Interface ID Interface Name
  ------------------ ----------------
  0 unknown
  3013 ethernet1
  3014 ethernet2
 
  1073741823 CPU
  1073741824 discard
  1074029945 ethernet3/36/1.1
  1074292089 ethernet3/36/1.2
  2147483648 multicast
  Flow Keys Table, Template ID: 258, Scope: templateId
  Template ID Flow Key Indicator
  ----------------- ------------------
  261 0x7f
  262 0x7f

show flow tracking sampled ipfix template

The show flow tracking sampled ipfix template command displays information about the exported IPFIX data templates and options templates.

Command Mode

EXEC

Command Syntax

show flow tracking sampled ipfix template [data | options | tracker]

Parameters
  • data displays the data templates.
  • options displays the flow options template.
  • tracker displays the flow tracker template.

Example

This command displays the sampled IPFIX options table for the tracker ftr1.
switch# show flow tracking sampled ipfix template
Tracker: ftr1
  Data Template, Group: IPv4, Fields: 26, Template ID: 261
    ingressVRFID (234), 4 bytes
    vlanId (58), 2 bytes
    sourceIPv4Address (8), 4 bytes
    destinationIPv4Address (12), 4 bytes
    protocolIdentifier (4), 1 bytes
    sourceTransportPort (7), 2 bytes
    destinationTransportPort (11), 2 bytes
    sourceMacAddress (56), 6 bytes
    postDestinationMacAddress (57), 6 bytes
    octetDeltaCount (1), 8 bytes
    packetDeltaCount (2), 8 bytes
    flowStartMilliseconds (152), 8 bytes
    flowEndMilliseconds (153), 8 bytes
    flowEndReason (136), 1 bytes
    tcpControlBits (6), 2 bytes
    ingressInterfaceType (368), 4 bytes
    ingressInterface (10), 4 bytes
    postVlanId (59), 2 bytes
    egressInterface (14), 4 bytes
    ipClassOfService (5), 1 bytes
    bgpSourceAsNumber (16), 4 bytes
    bgpDestinationAsNumber (17), 4 bytes
    bgpNextHopIPv4Address (18), 4 bytes
    ipNextHopIPv4Address (15), 4 bytes
    sourceIPv4PrefixLength (9), 1 bytes
    destinationIPv4PrefixLength (13), 1 bytes

<-------OUTPUT OMITTED FROM EXAMPLE-------->

shutdown (sampled flow tracking)

The shutdown command disables sampled flow tracking for the specific exporter.

The no shutdown command enables sampled flow tracking for the specific exporter.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

shutdown

no shutdown

default shutdown

Example

These commands enable sampled flow tracking for the specific exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# local interface ethernet1
switch(config-ftr-sampled-tr-ftr1-exp-exp1)# no shutdown

template interval

The template interval command configures the interval at which templates are exported for a specific exporter. The default template interval is 3600000 milliseconds.

The no template interval and default template interval commands reset the interval rate to the default.

Command Mode

Sampled Flow Tracking configuration

Command Syntax

template interval interval

no template interval

default template interval

Parameters

interval the interval rate in milliseconds. The value ranges between 5000 and 3600000 milliseconds. The default rate is 3600000 milliseconds.

Example

This command configures the interval of 3400000 milliseconds for the exporter exp1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)# tracker ftr1
switch(config-ftr-sampled-tr-ftr1)# exporter exp1
switch(config-ftr-sampled-tr-exp-ftr1-exp1)# template interval 3400000

tracker

The tracker command configures a sampled flow tracker for a device.

The no tracker and default tracker commands remove the sampled flow tracker from the running config.

Command Mode

Sampled Flow configuration

Command Syntax

tracker tracker_name

no tracker tracker_name

default tracker tracker_name

Parameters

tracker_name the flow tracker name.

Example

These commands configure the sampled flow tracker ftr1.
switch(config)# flow tracking sampled
switch(config-flow-tracking-sampled)#tracker ftr1