This area will help fast track you in planning, setting up and managing NetFlow in your environment. NetFlow is an embedded instrumentation within Cisco IOS Software to characterize network operation.

Network specialists of various levels within an organization need to be able to report on traffic traversing sites, key links and data centers without deploying probes. They use NetFlow Auditor powered by DigiToll’s unique methods of collection to capture and analyze every NetFlow record with aggregation options and small footprint real-time and long-term storage. From Telco to SME you will recognize the superior reliability and performance of the DigiToll NetFlow Auditing solutions, as well as the management benefits offered.

Configure sFlow - HP Procurve

HP Procurve latest series

USe the PCM+ to configure if more than one Flow export can be enabled.

sFlow can be enabled only through SNMP for the new HP Procurves via PCM+ or Manually of only a single flow export is supported such as in the 2610 series otherwise PCM+ "cannibalises" the flows as it can only support 1 flow export.

Everytime the switch reboots, you will have to rerun the manual config so it is necessary to write a small script to frequently update the timeout.

The HP software used for managing switches is a called ProCurve Manager (PCM) it "assigns" the first sFlow collector to itself via SNMP read/write. Therefore if you have a switch capable of a single sFlow export (such as 2610) the PCM will configure the Procurve to direct all flows to itself and not allow you to change the sFlow destination to NetFlow Auditor. Unless you manage it manually.

You can use something like http://net-snmp.sourceforge.net/ to walk/set the mib or yum install snmp-utils on Centos/RH

10.11.12.13 is the IP address of the HP Procurve
public is the default community string
0a090807 - Convert your IP (eg 10.9.8.7) to Hex http://www.ipaddresslocation.org/convertip.php
6343 – Netflow Auditor default sFlow Port. Remember to enable it in Configuration > Devices > UDP Ports
auditor – An owner must be specified to try to claim the sFlowRcvrTable
100000000 – The time remaining in seconds before the sflow sampler is freed. This is approximately 27 hours. Therefore you need to create a cron job to reset each of the single flows exporters periodically but in anycase it must be reset before the timer reaches 0!

Sampling Rate: NetFlow Auditor can scale very effectively with collection so sampling rates can be excluded or low. Other collectors in the market have trouble with scaling and require sflow sampling to be configured to 4096 as example. There are cases where such sampling is useful but even sampling rates of 50 can limit identification of issues.
10 – Example sample can be any value. Commonly used are 0,10,50,256,4096. This must be set on each interface and a corresponding sampling for the device set in NetFlow Auditor. 0 means no sampling.

snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.6.1 x:0a090807
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.2.1 s: auditor
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.3.1 i: 100000000
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.7.1 i: 6343

For each interface
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.1.1 i: 10
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.2.1 i: 10
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.3.1 i: 10


snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 i: 1
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.2.1 i: 1
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.3.1 i: 1


NB: IF YOU DON’T KEEP RESETTING TIMER ON EACH PROCURVE THE sFLOW WILL STOP.
100000000 – The time remaining in seconds before the sflow sampler is freed. This is approximately 27 hours.
Therefore you need to create a cron job to reset each of the single flows exporters periodically but in anycase it must be reset before the timer reaches 0!


Create a script that resets each Device every couple of hours. E.g.:
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.3.1 i: 100000000
snmpset -v1 -c public 10.11.12.14 1.3.6.1.4.1.14706.1.1.4.1.3.1 i: 100000000

In some of the Procurves you can set it to the maximum seconds which equate to approximately 68 years. E.g.:
snmpset -v1 -c public 10.11.12.13 1.3.6.1.4.1.14706.1.1.4.1.3.1 i: 2147483647

HP Procurve Switch 5400, 3500, 2600 or 8200 series (K code)

Configuring sFlow directly on the CLI.
Enter the Config mode:
    Configure destination collector
      sflow <1-3> NetFlowAuditor-IP-address Default-sFlow-UDP-Port
        <1-3> refers to the sFlow instance
        6343 is the Default-sFlow-UDP-Port on the NetFlow Auditor Collector. This can be changed if required Configuration->Devices->UDP-Port.
        eg: sflow 1 destination 10.10.10.1 6343

    Sampling Activation
      sflow <1-3> sampling Number-of-sampled-packets
      eg: sflow 1 sampling all 100

    Polling Activation
      sflow <1-3> polling N
        N is the number of interval (in seconds) between polling intervals. Do not set greater than 60
      eg: sflow 1 polling all 60

Remember to save the Configuration

HP Procurve Switch 5400zl, 3500yl and 6200yl


HP Procurve Switch 2800 or 5300 series

    2800 Series must be running Software Revision I.08.105 and Firmware (ROM) version I.08.07
    5300 Series must be running Software Revision E.10.37 or higher