BCMLT.0> lt list -d MIRROR_PORT_ENCAP_SFLOW
MIRROR_PORT_ENCAP_SFLOW
Description: The MIRROR_PORT_ENCAP_SFLOW logical table is used to specify
per-port sFlow encapsulation sample configuration.
11 fields (1 key-type field):
SAMPLE_ING_FLEX_RATE
Description: Sample ingress flex sFlow packet if the generated sFlow random
number is greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_EGR_RATE
Description: Sample egress sFlow packet if the generated sFlow random number is
greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_ING_RATE
Description: Sample ingress sFlow packet if the generated sFlow random number is
greater than the threshold. A lower threshold leads to
higher sampling frequency.
SAMPLE_ING_FLEX_MIRROR_INSTANCE
Description: Enable to copy ingress flex sFlow packet samples to the ingress
mirror member using the sFlow mirror instance configuration.
SAMPLE_ING_FLEX_CPU
Description: Enable to copy ingress flex Continue reading
var user = 'onos';
var password = 'rocks';
var onos = '192.168.123.1';
var controls = {};
setFlow('udp_reflection',
{keys:'ipdestination,udpsourceport',value:'frames'});
setThreshold('udp_reflection_attack',
{metric:'udp_reflection',value:100,byFlow:true,timeout:2});
setEventHandler(function(evt) {
// don't consider inter-switch links
var link = topologyInterfaceToLink(evt.agent,evt.dataSource);
if(link) return;
// get port information
var port = topologyInterfaceToPort(evt.agent,evt.dataSource);
if(!port) return;
// need OpenFlow info to create ONOS filtering rule
if(!port.dpid || !port.ofport) return;
// we already have Continue reading
sudo mn --custom ~/onos/tools/dev/mininet/onos.py,sflow-rt/extras/sflow.py \The screen capture above shows the network topology in the ONOS web user interface.
--link tc,bw=10 --controller onos,1 --topo tree,2,2
mininet-onos> iperf h1 h3The screen capture above shows top flows, busiest Continue reading
baselineCreate(name,window,sensitivity,repeat);Where:
var status = baselineCheck(name,value);Where:
sudo mn --custom=sflow-rt/extras/sflow.py --link tc,bw=10 \In the screen capture above you can clearly see the large flow traversing switches, s4, s3, s2, s1, s9, s13, and s15 in a tree topology. The network was created using the following command:
--topo torus,3,3 --switch ovsbr,stp=1 --test iperf
sudo mn --custom sflow-rt/extras/sflow.py --link tc,bw=10 \The screen capture above shows a large flow traversing switches s1, s2, s3, and s4 in a linear topology. The network was created using the following command:
--topo tree,depth=4,fanout=2 --test iperf
sudo mn --custom sflow-rt/extras/sflow.py --link tc,bw=10 \It's also easy to create Custom Topologies. The following command creates the example custom topology, topo-2sw-2host.py, that ships with Mininet:
--topo linear,4 --test iperf
sudo mn --custom ~/mininet/custom/topo-2sw-2host.py,sflow-rt/extras/sflow.py Continue reading
<?php
header('Content-Type: text/plain');
if(isset($_GET['labels'])) {
$keys = htmlspecialchars($_GET["labels"]);
}
$vals = htmlspecialchars($_GET["values"]);
if(isset($keys)) {
$cols = $keys.','.$vals;
} else {
$cols = $vals;
}
$key_arr = explode(",",$keys);
$result = file_get_contents('http://localhost:8008/table/ALL/'.$cols.'/json');
$obj = json_decode($result,true);
foreach ($obj as $row) {
unset($labels);
foreach ($row as $cell) {
if(!isset($labels)) {
$labels = 'agent="'.$cell['agent'].'",datasource="'.$cell['dataSource'].'"';
}
$name = $cell['metricName'];
$val = $cell['metricValue'];
if(in_array($name,$key_arr)) {
$labels .= Continue reading
wget --no-check-certificate https://github.com/sflow/host-sflow/releases/download/v2.0.17-1/hsflowd-opx_2.0.17-1_amd64.debThe sFlow agent requires very little configuration, automatically monitoring all switch ports using the following default settings:
sudo dpkg -i hsflowd-opx_2.0.17-1_amd64.deb
Link Speed | Sampling Rate | Polling Continue reading |
---|
curl -X PUT -H 'Content-Type:application/json' --data '["[iptables]","-A FORWARD --in-interface swp+ -d 10.10.100.10 -p udp --sport 53 -j DROP"]' -k -u 'cumulus:CumulusLinux!' https://10.0.0.52:8080/acl/ddos1ACLs are sent as a JSON encoded array of strings. Each string will be written as a line in a file stored under /etc/cumulus/acl/policy.d/ - See Cumulus Linux: Netfilter - ACLs. For example, the rule above will be written to the file 50rest-ddos1.rules with the following Continue reading
#!/bin/shEdit the cvp-api-topology.py script to Continue reading
# Install Fabric View on CloudVision Portal (CVP)
VER=`wget -qO - http://inmon.com/products/sFlow-RT/latest.txt`
wget http://www.inmon.com/products/sFlow-RT/sflow-rt-$VER.noarch.rpm
rpm --nodeps -ivh sflow-rt-$VER.noarch.rpm
/usr/local/sflow-rt/get-app.sh sflow-rt fabric-view
ln -s /cvpi/jdk/bin/java /usr/bin/java
sed -i '/^# http.hostname=/s/^# //' /usr/local/sflow-rt/conf.d/sflow-rt.conf
echo "http.html.redirect=./app/fabric-view/html/" >> /usr/local/sflow-rt/conf.d/sflow-rt.conf
cat <<EOT > /etc/nginx/conf.d/locations/sflow-rt.https.conf
location /sflow-rt/ {
auth_request /aeris/auth;
proxy_buffering off;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Prefix /sflow-rt/;
proxy_set_header Host \$host;
proxy_pass http://localhost:8008/;
proxy_redirect ~^http://[^/]+(/.+)\$ /sflow-rt\$1;
}
EOT
systemctl restart nginx.service
firewall-cmd --zone public --add-port=6343/udp --permanent
firewall-cmd --reload
systemctl enable sflow-rt.service
systemctl start sflow-rt.service
wget http://www.inmon.com/products/sFlow-RT/cvp-eapi-topology.py
chmod +x cvp-eapi-topology.py
echo "configure and run cvp-eapi-topology.py"
docker run -p 6343:6343/udp -p 8008:8008 sflow/flow-trendThe simplest way to run the software is using the docker. Configure network devices to send standard sFlow telemetry to Flow Trend. Access the web user interface on port 8008.
docker run -p 6343:6343/udp -p 8008:8008 sflow/vizceralThe Docker image also contains demo data based on Netflix's public cloud infrastructure:
docker run -e "RTPROP=-Dviz.demo=yes" -p 8008:8008 sflow/vizceralIn this case, the detailed view shows messages flowing between microservices running in the Amazon public cloud. Similar visibility could be obtained by deploying Host sFlow agents with associated modules for web and application servers and modifying sflow/vizceral to present the application transaction flows. In private data centers, sFlow support in load balancers (F5, A10) provides visibility into interactions between application tiers. See Microservices for more information on Continue reading
var user = "cumulus";
var password = "CumulusLinux!";
var thresh = 10000;
var block_minutes = 1;
setFlow('udp_target',{keys:'ipdestination,udpsourceport',value:'frames'});
setThreshold('attack',{metric:'udp_target', value:thresh, byFlow:true, timeout:10});
function restCmds(agent,cmds) {
for(var i = 0; i < cmds.length; i++) {
let msg = {cmd:cmds[i]};
http("https://"+agent+":8080/nclu/v1/rpc",
"post","application/json",JSON.stringify(msg),user,password);
}
}
var controls = {};
var id = 0;
setEventHandler(function(evt) {
var key = evt.agent + ',' + evt.flowKey;
if(controls[key]) return;
var ifname = metric(evt.agent,evt.dataSource+".ifname")[0].metricValue;
if(!ifname) return;
var now = (new Date()).getTime();
var name = 'ddos'+id++;
var [ip,port] = evt.flowKey.split(',');
var cmds = [
'add acl ipv4 '+name+' drop udp source-ip any source-port '+port+' dest-ip '+ip+' dest-port any',
Continue reading