Retrieving raw values from SFlow-RT

[Magreth]

Hi,

I just started using this tool, it's great and I am interested to explore more. 

I have a problem in using URIs that ends with json e.g 127.0.0.1:8008/metric/10.0.0.4/max:load_five/json . I expected this to give me a json file with some values(or even properties with null values) but I am getting only [{"metricName":"max:load_five"}]. The html version gives me a graph with a blue line flat at 0, the same result with 127.0.0.1:8008/metric/ALL/ddos/html even if I use ping flood as illustrated here. Please help me understand why I am getting blue line straight at 0? and why the json reply is empty?

Thank you in advance for your support

Magreth

[Peter Phaal]

In both cases there is no data that matches your query.

In the first case when you query load_five you are asking for the 5 minute server load average. This metrics is only available if you have installed Host sFlow agents (http://host-sflow.sourceforge.net/) on your switches / servers.

In the second case it means that the ddos flow definition you created doesn't match any traffic. This is probably because you are probably using the following example?

http://blog.sflow.com/2013/05/controlling-large-flows-with-openflow.html

The syntax for applying address groups changed (see last comment on above link). You need to modify your flow definition to use the new group:ipsource:{name} syntax. There are other more recent examples on blog.sflow.com that you might want to look at.

[Magreth]

Thank you Peter for your support. I understand the first case, but I still have issues with the second case (not sure if I understand this "group:ipsource:{name} syntax" in your comment). Here are the steps I followed:

1. Install sFlow-RT

2. Start mininet (with three switches) and opendaylight controller.

2. configure sflow monitoring in each switch (running in mininet) by 

sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0  target=\"192.168.2.13:6343\" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow

3. Flow definition in the host running sflow-RT (which is the 192.168.2.13 host)

curl -H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport', value:'bytes', log:true}" http://127.0.0.1:8008/flow/tcp/json

curl -H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport', value:'bytes', log:true}" http://127.0.0.1:8008/flow/icmp/json

4. Send ping from 10.0.0.4 to 10.0.0.1(sudo ping 10.0.0.1 -i .05 )

I can see metrics names, all with value 1979 ( localhost:8008/metrics/json) and also flows ( localhost:8008/flows/json) but why the graphs are not showing anything more than a straight blue line at 0? Is there anything I am doing wrong?

Thanks in advance for your support.

Magreth

[Peter Phaal]

An ICMP packet doesn't have tcpsourceport,tcpdestination port attributes. Try modifying your icmp flow definition to use keys: 'ipsource,ipdestination,icmptype'

If you run an iperf test you should see tcp flows.

[Magreth Mushi]

That was a big oversight! I forgot ICMP is not TCP! I will change that.

Thanks Peter.

Sent from my mobile device.

--
You received this message because you are subscribed to a topic in the Google Groups "sFlow-RT" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sflow-rt/SQM-jRbv430/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sflow-rt+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Magreth]

Thank you Peter, it worked fine!