sFlow for APs
This release introduces support for sFlow, an industry standard for traffic monitoring, that allows you to monitor your network by providing traffic information to perform traffic monitoring. The information provided by sFlow enables you to detect security breeches, troubleshoot network issues, monitor congestion, and perform traffic profiling.
Perform Traffic Monitoring: For compliance or network planning, sFlow provides information such as the source and destination of traffic. Currently, the Application Visibility and Control feature can provide the type of application in use, such as HTTP video, but it cannot provide the URL of the video site. With sFlow, you can obtain the URL to determine if it is in compliance with company policy.
Troubleshooting network issues and congestion control: Network problems are usually associated with certain traffic patterns such as a surge in traffic, especially a particular type of traffic. This information can help you drill down to the root cause of a surge. Also using sFlow, you can identify congested WLAN connections and associated network conversations.
Network planning: By examining historical traffic patterns and trends, you can plan your network infrastructure. In addition, sFlow contains routing information so you can use it to analyze routes and consequently realign your network more effectively.
Security: You can use sFlow to detect security attacks that are usually indicated by unique traffic patterns such as a spike in DNS requests.
In this release, sFlow is available from the command line interface for APs as well as from the Supplementary CLI tool in HiveManager. See "Supplemental CLI Tool Support".
sFlow is not supported on the following devices: AP110, AP120, AP121, AP141.
The basic component of sFlow is an sFlow instance which consists of sample packet header information, a packet sampling rate, and counter polling intervals that are associated with an sFlow data source. By sampling the traffic to capture header information of some of the packets, sFlow can reveal useful information, such as the source and destination of traffic data. In the 6.2r1 release, the data source, or sFlow agent, is a located on an AP radio or Ethernet port. Two instances are supported simultaneously and each instance operates independently. For example, you can assign one instance to a physical radio on an AP and the second instance to the second radio on the same AP. In addition to an sFlow agent, every sFlow implementation requires an sFlow application, which collects, analyzes, and displays the sFlow data. Since sFlow is an industry-standard, it is supported by third-party applications, such as Wireshark (www.wireshark.com), SolarWinds (www.solarwinds.com), or sFlowTrend (www.inmon.com). See "Displaying sFlow Application Settings" for information about the sFlow sample types that are provided by the third-party applications.