Solved

hsflowd cannot send sample on Cumulux VX 3.3!


I have used Cumulus VX to evaluate switch monitor using hsflowd. When configure as suggest from:
https://docs.cumulusnetworks.com/display/DOCS/Monitoring+System+Statistics+and+Network+Traffic+with+...

My setting is:

cat /etc/hsflowd.conf

# hsflowd configuration file
sflow {
DNSSD = off
agent = eth0
polling = 30
sampling = 512

sampling.100M = 100
sampling.1G = 1000
sampling.10G = 10000
sampling.40G = 40000

collector {
ip = 192.168.81.1
udpport = 6343
}
}

The hsflowd start success but with error:

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1

and when i wireshark, it show nothing.

I have search in the forum and there is only one URL mention about this problem:

https://getsatisfaction.cumulusnetworks.com/cumulus/topics/couldnt-get-flow-in-nfsen-from-cumulusvx

i do as this link suggest:

sudo iptables -I FORWARD -j NFLOG --nflog-group 1 --nflog-prefix SFLOW

but the problem is not gone, still have the log:

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1

3 replies

Did you check that iptables is counting packets against that rule, using "iptables --list --verbose" ?

You might have to set the iptables rule against the "INPUT" chain instead.

The error message is just warning that it will apply the full 1-in-N sampling to the packets it gets here.

To see more details, run hsflowd like this:

sudo service hsflowd stop
sudo hsflowd -ddd 2>&1 | grep NFLOG

and look for messages like this one:
https://github.com/sflow/host-sflow/blob/hsflowd-1/src/Linux/readPackets.c#L640-L644

Neil

Hi, thank for your support.

I have do some test and figure out, the error above is when i setting it run with systemctl start hsflowd@mgmt. When start hsflod with systemctl start hsflowd, it not show these errors. And one more thing, even it show

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1

It still sent the sflow packet to my collector. So i wonder what these errors is about? I still new to iptables and monitor by sflow so i need to dig more about when i have time.
OK. Glad you found the reason. Let me know if you think we need to change anything in the systemd service file for hsflowd.

The log message just means that hardware ASIC packet-sampling was not configured (which is going to happen every time on the VX platform because of course there is no ASIC!). So hsflowd now assumes it will receive every packet and should retrofit the 1:N packet sampling in software instead:
https://github.com/sflow/host-sflow/blob/hsflowd-1/src/Linux/hsflowd.c#L1384-L1392

That software-sampling happens here:
https://github.com/sflow/host-sflow/blob/hsflowd-1/src/Linux/readPackets.c#L711-L712

Neil

P.S. If you really need VX to perform better you could try configuring iptables nflog to do the random sampling for you in the kernel, and then tell hsflowd what probability you configured. Like this:
https://github.com/sflow/host-sflow/blob/hsflowd-1/src/Linux/scripts/hsflowd.conf#L96-L103

In that case hsflowd will adjust it's user-space software-sampling accordingly:
https://github.com/sflow/host-sflow/blob/hsflowd-1/src/Linux/hsflowd.c#L1447-L1452

But I don't know if this will actually run cooler or not. It probably depends on what your hypervisor is doing.

Reply