F5 Logo MyF5
Search
  1. MyF5 Home
  2. External Monitoring of BIG-IP Systems: Implementations
  3. Monitoring BIG-IP System Traffic with sFlow
Manual Chapter : Monitoring BIG-IP System Traffic with sFlow

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Monitoring BIG-IP System Traffic with sFlow

Overview: Configuring network monitoring with sFlow

sFlow
 is an industry-standard technology for monitoring high-speed switched networks. You can configure the BIG-IP system to poll internal data sources and send data samples to an sFlow receiver. You can then use the collected data to analyze the traffic that traverses the BIG-IP system. This analysis can help you understand traffic patterns and system usage for capacity planning and charge back, troubleshoot network and application issues, and evaluate the effectiveness of your security policies.

Task summary

Perform these tasks to configure performance monitoring of the BIG-IP system using an sFlow device.

Adding a performance monitoring sFlow receiver

Gather the IP addresses of the sFlow receivers that you want to add to the BIG-IP system configuration. You can use IPv4 and IPv6 addresses.
You can add an sFlow receiver to the BIG-IP system only if you are assigned either the Resource Administrator or Administrator user role. 
Add an sFlow receiver to the BIG-IP system when you want to use the receiver to monitor system performance.
  1. On the Main tab, click
    System
    sFlow
    Receiver List
    .
    The sFlow screen opens.
  2. Click
    Add
    .
    The New Receiver properties screen opens.
  3. In the
    Name
     field, type a name for the sFlow receiver.
  4. In the
    Address
     field, type the IPv4 or IPv6 address on which the sFlow receiver listens for UDP datagrams.
    The IP address of the sFlow receiver must be reachable from a self IP address on the BIG-IP system.
  5. From the
    State
     list, select
    Enabled
    .
  6. Click
    Finished
    .

Setting global sFlow polling intervals and sampling rates for data sources

You can configure the global sFlow polling intervals and sampling rates for data sources on the BIG-IP system, only if you are assigned either the Resource Administrator or Administrator user role.
You can configure separate sFlow global polling intervals for the system, VLANs, interfaces, and HTTP profiles, and separate sFlow global sampling rates for VLANs and HTTP profiles.
sFlow will only transmit traffic samples for VLANs that are not part of VLAN groups.
  1. On the Main tab, click
    System
    sFlow
    Global Settings
    .
    The sFlow screen opens.
  2. In the Name column, click a type of data source.
    The properties screen for that type of data source opens.
  3. In the
    Polling Interval
     field, type the maximum interval in seconds between polling by the sFlow agent.
  4. In the
    Sampling Rate
     field, type the ratio of packets observed to the number of samples you want the BIG-IP system to generate.
    For example, a sampling rate of 2000 specifies that one sample will be randomly generated for every 2000 packets observed.
  5. Click
    Update
    .
  6. Repeat this procedure to set the global polling interval and sampling rate for the other types of data sources.
    You cannot configure sampling rates for the system or interface data sources.

Setting the sFlow polling interval and sampling rate for a VLAN

You can configure the sFlow polling interval and sampling rate for a specific VLAN, only if you are assigned either the Resource Administrator or Administrator user role.
Change the sFlow settings for a specific VLAN when you want the traffic flowing through the VLAN to be sampled at a different rate than the global sFlow settings on the BIG-IP system.
sFlow will only transmit traffic samples for VLANs that are not part of VLAN groups.
  1. On the Main tab, click
    Network
    VLANs
    .
    The VLAN List screen opens.
  2. In the Name column, click the relevant VLAN name.
    The New VLAN screen opens.
  3. From the
    Polling Interval
     list, select
    Specify
    , and type the maximum interval in seconds between polling by the sFlow agent of this VLAN.
  4. From the
    Sampling Rate
     list, select
    Specify
    , and type the ratio of packets observed at this VLAN to the samples you want the BIG-IP system to generate.
    For example, a sampling rate of 2000 specifies that 1 sample will be randomly generated for every 2000 packets observed.
  5. Click
    Update
    .

Setting the sFlow polling interval and sampling rate for a profile

You can configure the sFlow polling interval and sampling rate for an HTTP profile, only if you are assigned either the Resource Administrator or Administrator user role.
Change the sFlow settings for a specific HTTP profile when you want the traffic flowing through the virtual server (to which the profile is assigned) to be sampled at a different rate than the global sFlow settings on the BIG-IP system.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Services
    HTTP
    .
    The HTTP profile list screen opens.
  2. Click the name of a profile.
  3. From the
    Polling Interval
     list, select
    Specify
    , and type the maximum interval in seconds between polling by the s Flow agent of this profile.
  4. From the
    Sampling Rate
     list, select
    Specify
    , and type the ratio of packets observed at the virtual server associated with this profile to the samples you want the BIG-IP system to generate.
    For example, a sampling rate of 2000 specifies that one sample will be randomly generated for every 2000 packets observed.
  5. Click
    Update
    .

Setting the sFlow polling interval for an interface

You can configure the sFlow polling interval for a specific interface, only if you are assigned either the Resource Administrator or Administrator user role.
Change the sFlow settings for a specific interface when you want the traffic flowing through the interface to be sampled at a different rate than the global sFlow settings on the BIG-IP system.
  1. On the Main tab, click
    Network
    Interfaces
    Interface List
    .
    The Interface List screen displays the list of interfaces on the system.
  2. In the Name column, click an interface number.
    This displays the properties of the interface.
  3. From the
    Polling Interval
     list, select
    Specify
    , and type the maximum interval in seconds between polling by the sFlow agent of this interface.
  4. Click the
    Update
     button.

Viewing sFlow data sources, polling intervals, and sampling rates

You can view details about the data sources that the BIG-IP system can poll for information to send to your sFlow receivers. For example, you can view current polling intervals and sampling rates, or determine if you want to add or remove specific data sources.
  1. On the Main tab, click
    System
    sFlow
    Data Sources
    .
    The sFlow Data Sources HTTP screen opens. You can view information about the virtual server that is the data source.
  2. On the menu bar, click
    Data Sources
    , and select
    Interfaces
    .
    The sFlow Data Sources HTTP screen opens. You can view information about the interface that is the sFlow data source.
  3. On the menu bar, click
    Data Sources
    , and select
    System
    .
    The sFlow Data Sources HTTP screen opens. You can view information about the system that is the sFlow data source.
  4. On the menu bar, click
    Data Sources
     and select
    VLAN
    .
    =The sFlow Data Sources HTTP screen opens. You can view information about the VLAN that is the sFlow data source.

sFlow receiver settings

This table names and describes the sFlow receiver settings in the Configuration utility.
Control
Default
Description
Name
no default
Specifies a name for the sFlow receiver.
Address
no default
Specifies the IP address on which the sFlow receiver listens for UDP datagrams.
Port
6343
Specifies the port on which the sFlow receiver listens for UDP datagrams. The default value is the standard sFlow port.
Maximum Datagram Size
1400
Specifies the maximum size in bytes of the UDP datagram the sFlow receiver accepts.
State
Disabled
Specifies whether the sFlow receiver is enabled or disabled.

sFlow global settings

This table names and describes the sFlow global settings in the Configuration utility.
Control
Default
Description
Name
Based on the resource you select.
Specifies the type of resource for which you are setting the global sFlow polling interval or sampling rate, for example, interface or vlan.
Polling Interval
10
Specifies the maximum interval in seconds between polling by the sFlow agent of monitored data sources on the BIG-IP system.
When multiple sFlow receivers are configured on the BIG-IPsystem, only the lowest, non-zero
Polling Interval
 setting is used for polling for all configured sFlow receivers. Therefore, if you delete the sFlow receiver with the lowest, non-zero poll interval, the system computes a new poll interval, based on the configured sFlow receivers, and uses that polling interval for all configured sFlow receivers.
Sampling Rate
1024
Specifies the ratio of packets observed to the number of samples you want the BIG-IP system to generate. For example, a sampling rate of 2000 specifies that one sample will be randomly generated for every 2000 packets observed.

sFlow counters and data

This table names and categorizes the sFlow counters and informational data that the BIG-IP system sends to sFlow receivers. Note that the resource type corresponds to the value in the
Name
 column on the sFlow global settings screen. The table also includes the source of the data and an example value.
Counter name (resource type)
Source
Example value
ifIndex (interface)
interface_stat.if_index
64 (You can map this value to an interface name by using
snmpwalk
 to query
ifTable
, for example,
snmpwalk -v 2c -c public localhost ifTable
.)
ifIndex (vlan)
ifc_stats.if_index
112 (You can map this value to a VLAN name by using
snmpwalk
 to query
ifTable
, for example,
snmpwalk -v 2c -c public localhost ifTable
.)
networkType (interface)
Enumeration derived from the IANAifType-MIB (
http://www.iana.org/assignments/ianaiftype-mib
)
6
networkType (vlan)
Enumeration derived from the IANAifType-MIB (
http://www.iana.org/assignments/ianaiftype-mib
)
6
ifDirection (interface)
Derived from MAU MIB (RFC 2668) 0 = unknown, 1=full-duplex, 2=half-duplex, 3 = in, 4=out
1
ifDirection (vlan)
Derived from MAU MIB (RFC 2668) 0 = unknown, 1=full-duplex, 2=half-duplex, 3 = in, 4=out
1
ifStatus (interface)
Bit field with the following bits assigned: bit 0 = ifAdminStatus (0 = down, 1 = up), bit 1 = ifOperStatus (0 = down, 1 = up)
3
ifStatus (vlan)
Bit field with the following bits assigned: bit 0 = ifAdminStatus (0 = down, 1 = up), bit 1 = ifOperStatus (0 = down, 1 = up)
3
ifInOctets (interface)
interface_stat.counters.bytes_in
9501109483
ifInOctets (vlan)
ifc_stats.hc_in_octets
107777746
ifInUcastPkts (interface)
interface_stat.counters.pkts_in - interface_stat.counters.mcast_in - interface_stat.rx_broadcast
54237438
ifInUcastPkts (vlan)
ifc_stats.hc_in_ucast_pkts
202314
ifInMulticastPkts (interface)
interface_stat.counters.mcast_in
72
ifInMulticastPkts (vlan)
ifc_stats.hc_in_multicast_pkts
343987
ifInBroadcastPkts (interface)
interface_stat.rx_broadcast
211
ifInBroadcastPkts (vlan)
ifc_stats.hc_in_broadcast_pkts
234
ifInDiscards (interface)
interface_stat.counters.drops_in
13
ifInDiscards (vlan)
ifc_stats.in_discards
13
ifInErrors (interface)
interface_stat.counters.errors_in
0
ifInErrors (vlan)
ifc_stats.in_errors
0
ifInUnknownProtos (interface)
Unknown counter
4294967295
ifInUnknownProtos (vlan)
ifc_stats.in_unknown_protos
0
ifOutOctets (interface)
interface_stat.counters.bytes_out
9655448619
ifOutOctets (vlan)
ifc_stats.hc_out_octets
107777746
ifOutUcastPkts (interface)
interface_stat.counters.pkts_out - interface_stat.counters.mcast_out - interface_stat.tx_broadcast
10838396
ifOutUcastPkts (vlan)
ifc_stats.hc_out_ucast_pkts
202314
ifOutMulticastPkts (interface)
interface_stat.counters.mcast_out
72
ifOutMulticastPkts (vlan)
ifc_stats.hc_out_multicast_pkts
343987
ifOutBroadcastPkts (interface)
interface_stat.tx_broadcast
211
ifOutBroadcastPkts (vlan)
ifc_stats.hc_out_broadcast_pkts
234
ifOutDiscards (interface)
interface_stat.counters.drops_out
8
ifOutDiscards (vlan)
ifc_stats.out_discards
13
ifOutErrors (interface)
interface_stat.counters.errors_out
0
ifOutErrors (vlan)
ifc_stats.out_errors
0
ifPromiscuousMode (interface)
Always set to 2 (false)
2
ifPromiscuousMode (vlan)
Always set to 2 (false)
2
ifSpeed (interface)
An estimate of the current bandwidth of the interface in bits per second
1000000000
ifSpeed (vlan)
Unknown gauge
0
5s_cpu (system)
cpu_info_stat.five_sec_avg.user +cpu_info_stat.five_sec_avg.nice +cpu_info_stat.five_sec_avg.system +cpu_info_stat.five_sec_avg.iowait +cpu_info_stat.five_sec_avg.irq +cpu_info_stat.five_sec_avg.softirq +cpu_info_stat.five_sec_avg.stolen
(This value is the average system CPU usage in the last five seconds.)
1m_cpu (system)
cpu_info_stat.one_min_avg.user + cpu_info_stat.one_min_avg.nice + cpu_info_stat.one_min_avg.system + cpu_info_stat.one_min_avg.iowait + cpu_info_stat.one_min_avg.irq + cpu_info_stat.one_min_avg.softirq + cpu_info_stat.one_min_avg.stolen
(This value is the average system CPU usage in the last one minute.)
5m_cpu (system)
cpu_info_stat.five_min_avg.user +cpu_info_stat.five_min_avg.nice +cpu_info_stat.five_min_avg.system +cpu_info_stat.five_min_avg.iowait +cpu_info_stat.five_min_avg.irq +cpu_info_stat.five_min_avg.softirq +cpu_info_stat.five_min_avg.stolen
(This value is the average system CPU usage in the last five minutes.)
total_memory_bytes (system)
tmm_stat.memory_total
5561647104 (This value is the total tmm memory in bytes.)
free_memory_bytes (system)
tmm_stat.memory_total - tmm_stat.memory_used (free tmm memory in bytes)
5363754680 (This value is the free tmm memory in bytes.)
method_option_count (http)
[profile_http_stat.options_reqs]
100
method_get_count (http)
[profile_http_stat.get_reqs]
100
method_head_count (http)
[profile_http_stat.head_reqs]
100
method_post_count (http)
[profile_http_stat.post_reqs]
100
method_put_count http)
[profile_http_stat.put_reqs]
100
method_delete_count (http)
[profile_http_stat.delete_reqs]
100
method_trace_count (http)
[profile_http_stat.trace_reqs]
100
method_connect_count (http)
[profile_http_stat.connect_reqs]
100
method_other_count (http)
[counters.number_reqs - (counters.options_reqs + counters.get_reqs + counters.head_reqs + counters.post_reqs + counters.put_reqs + counters.delete_reqs + counters.trace_reqs + counters.connect_reqs )]
20
status_1XX_count (http)
[profile_http_stat.resp_1xx.cnt]
100
status_2XX_count (http)
[profile_http_stat. resp_2xx_cnt]
80
status_3XX_count (http)
[profile_http_stat. resp_3xx_cnt]
5
status_4XX_count (http)
[profile_http_stat. resp_4xx_cnt]
1
status_5XX_count (http)
[profile_http_stat. resp_5xx_cnt]
2
status_other_count (http)
[profile_http_stat.resp_other]
100

sFlow HTTP Request sampling data types

This table names and categorizes the sFlow HTTP Request sampling data types that the BIG-IP system sends to sFlow receivers.
Data type
Description
sampleType_tag
A numeric value that indicates the type of traffic being sampled.
sampleType
The name of the type of traffic being sampled.
sampleSequenceNo
An integer that increments with each flow sample generated per
sourceid
.
sourceId
A decimal representation in which the type of sFlow data source is indicated by one of these bytes:
  • 0 = ifIndex
  • 1 = smonVlanDataSource
  • 2 = entPhysicalEntry
  • 3 = entLogicalEntry
Bytes 1-3 contain the relevant index value. On the BIG-IP system, this is the vs-index (for virtual servers) or if-index (for interfaces/vlans).
meanSkipCount
The configured HTTP request sampling rate.
samplePool
The total number of packets that could have been sampled, that is, the number of packets skipped by the sampling process, plus the total number of samples.
dropEvents
The number of times the BIG-IP system detected that a packet marked to be sampled was dropped due to lack of resources.
inputPort
The if-index of the VLAN that the sampled packet was received on. The value of this field in combination with
outputPort
 indicates the service direction.
outputPort
The if-index of the VLAN that the sampled packet was sent out on. The value of this field in combination with
inPort
 indicates the service direction.
1073741823 is used when the VLAN ID is unknown.
flowBlock_tag
An sFlow standard structure ID as defined here:
http://www.slfow.org/developers/steructurs.php
. The value is in this format: Enterprise:Format, for example, 0:1.
extendedType
A string representation of the
flowBlock_tag
.
proxy_socket4_ip_protocol
The IP protocol used for communications between the BIG-IP system and the pool member that handled the traffic. The value is an integer, for example, TCP =6 and UDP =17.
proxy_socket4_local_ip
The internal IP address of the BIG-IP system.
proxy_socket4_remote_ip
The IP address of the pool member that handled the traffic.
proxy_socket4_local_port
The internal port on the BIG-IP system.
proxy_socket4_remote_port
The internal port of the pool member that handled the traffic.
socket4_ip_protocol
The IP protocol used for communications between the BIG-IP system and the client represented by an integer, for example, TCP =6 and UDP=17.
socket4_local_ip
The external IP address the BIG-IP system uses to communicate with the client.
socket4_remote_ip
The IP address of the client.
socket4_local_port
The external port the BIG-IP system uses to communicate with the client.
socket4_remote_port
The port of the client.
flowSampleType
The type of traffic being sampled.
http_method
The HTTP method in the request header that was sampled.
http_protocol
The version of the HTTP protocol in the request header that was sampled.
http_uri
The URI in the request header that was sampled.
http_host
The host value in the request header that was sampled.
http_referrer
The referrer value in the request header that was sampled.
http_useragent
The User-Agent value in the request header that was sampled.
http_xff
The X-Forwarded-For value in the request header that was sampled.
http_authuser
The identity of the user in the request header as stated in
RFC 1413
.
http_mime-type
The Mime-Type of response sent to the client.
http_req_bytes
The length of the request that was sampled in bytes.
http_bytes
The length of the response that was sampled in bytes.
http_duration_uS
The duration of the communication between the BIG-IP system and the HTTP server/pool member in microseconds.
http_status
The HTTP status code in the response that was sampled.
This is an example of IPv4 HTTP Request sampling data: 
startDatagram =================
datagramSourceIP 10.0.0.0
datagramSize 376
unixSecondsUTC 1370017719
datagramVersion 5
agentSubId 3
agent 192.27.88.20
packetSequenceNo 16
sysUpTime 1557816000
samplesInPacket 1
startSample -------------------
sampleType_tag 0:1
sampleType FLOWSAMPLE
sampleSequenceNo 1
sourceId 3:2
meanSkipCount 1
samplePool 1
dropEvents 0
inputPort 352
outputPort 1073741823
flowBlock_tag 0:2102
extendedType proxy_socket4
proxy_socket4_ip_protocol 6
proxy_socket4_local_ip 10.1.0.0
proxy_socket4_remote_ip 10.1.0.0
proxy_socket4_local_port 40451
proxy_socket4_remote_port 80
flowBlock_tag 0:2100
extendedType socket4
socket4_ip_protocol 6
socket4_local_ip 10.0.0.0
socket4_remote_ip 10.0.0.0
socket4_local_port 80
socket4_remote_port 40451
flowBlock_tag 0:2206
flowSampleType http
http_method 2
http_protocol 1001
http_uri /index.html
http_host 10.10.10.250
http_referrer http://asdfasdfasdf.asdf
http_useragent curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 
 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
http_authuser Aladdin
http_mimetype text/html; charset=UTF-8
http_request_bytes 340
http_bytes 8778
http_duration_uS 1930
http_status 200
endSample   ----------------------
endDatagram ======================

sFlow VLAN sampling data types

This table names and categorizes the sFlow VLAN sampling data types that the BIG-IP system sends to sFlow receivers.
Data type
Description
sampleType_tag
A numeric value for the type of traffic being sampled.
sampleType
The name of the type of traffic being sampled.
sampleSequenceNo
An integer that increments with each flow sample generated per
sourceid
.
sourceId
A decimal value in which the type of sFlow data source is indicated by one of the bytes:
  • 0 = ifIndex
  • 1 = smonVlanDataSource
  • 2 = entPhysicalEntry
  • 3 = entLogicalEntry
Bytes 1-3 contain the relevant index value. On the BIG-IP system, this is the vs-index (for virtual servers) and the if-index (for interfaces/VLANs).
meanSkipCount
The configured packet sampling rate.
samplePool
The total number of packets that could have been sampled, that is, the number of packets skipped by the sampling process, plus the total number of samples.
dropEvents
The number of times the BIG-IP system detected that a packet marked to be sampled was dropped due to lack of resources.
inputPort
The if-index of the VLAN that the sampled packet was received on. The value of this field in combination with
outputPort
 indicates the service direction.
outputPort
The if-index of the VLAN that the sampled packet was sent out on. The value of this field in combination with
inPort
 indicates the service direction.
1073741823 is used when the VLAN ID is unknown.
flowBlock_tag
An sFlow standard structure ID as defined here:
http://www.slfow.org/developers/steructurs.php
, and in this format: Enterprise:Format, for example, 0:1.
flowSampleType
The type of traffic being sampled.
headerProtocol
A numeric value for the type of header.
sampledPacketSize
The size in bytes of the packet that was sampled.
strippedBytes
The number of octets removed from the packet before extracting the header octets.
headerLen
The length of the header in bytes.
headerBytes
The exact bytes extracted from the header.
IPSize
The size of the packet that was sampled including the IP header.
ip.tot_len
The original length of the packet before sampling.
srcIP
The source IP address of the sampled packet.
dstIP
The destination IP address of the sampled packet.
IPProtocol
The protocol used to send the packet.
IPTOS
A numeric value representing the type of service.
IPTTL
The time to live of the IP address in the header of the packet that was sampled.
TCPSrcPort or UDPSrcPort
The port the client uses for communication with the BIG-IP system.
TCPDstPort or UDPDstPort
The port the BIG-IP system uses for communication with the client.
TCPFlags
A decimal representation of the TCP header flags in the sampled packet.
This value is sent only when the sampled traffic is TCP.
extendedType
A string representation of the
flowBlock_tag
.
in_vlan
A numeric ID for the 8021.1Q VLAN ID of the incoming frame.
in_priority
A numeric value that represents the 802.1p priority of the incoming frame.
out_vlan
A numeric ID for the 8021.1Q VLAN ID of the outgoing frame.
out_priority
A numeric value that represents the 802.1p priority of the outgoing frame.
This is an example of IPv4 VLAN sampling data: 
startDatagram =============================================
datagramSourceIP 10.0.0.0
datagramSize 180
unixSecondsUTC 1370016982
datagramVersion 5
agentSubId 2
agent 192.27.88.20
packetSequenceNo 1
sysUpTime 1557079000
samplesInPacket 1
startSample -----------------------------------------------
sampleType_tag 0:1
sampleType FLOWSAMPLE
sampleSequenceNo 1
sourceId 0:352
meanSkipCount 128
samplePool 38
dropEvents 0
inputPort 352
outputPort 1073741823
flowBlock_tag 0:1
flowSampleType HEADER
headerProtocol 1
sampledPacketSize 66
strippedBytes 0
headerLen 64
headerBytes 00-01-D7-E6-8A-03-00-50-56-01-10-0E-08-00-45-00-00-
 34-D8-A4-40-00-40-06-39-10-0A-0A-0A-02-0A-0A-0A-FA-9D-77-00-50-
 33-97-00-00-EA-00-5D-80-80-10-00-FA-AF-B0-00-00-01-01-08-0A-44-
 4B-27-FA-67-51
dstMAC 0001d7e68a03
srcMAC 00505601100e
IPSize 52
ip.tot_len 52
srcIP 10.0.0.0
dstIP 10.0.0.1
IPProtocol 6
IPTOS 0
IPTTL 64
TCPSrcPort 40311
TCPDstPort 80
TCPFlags 16
flowBlock_tag 0:1001
extendedType SWITCH
in_vlan 3195
in_priority 0
out_vlan 0
out_priority 0
endSample   ---------------------------------------------------
endDatagram   =================================================

Implementation result

You now have an implementation in which the BIG-IP® system periodically sends data samples to an sFlow receiver, and you can use the collected data to analyze the performance of the BIG-IP system.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information