How to get tcprtt

[Sara Escribano]

Hi everyone, I am starting with sFlow and I can't get the parameter tcprtt when I'm defining my flow.

The first I did was define my flow like this:

curl-H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport,tcpwindow', value:'bytes', log:true}" http://127.0.0.1:8008/flow/tcpbueno/json

Once done this, in sFlow I can see the information I defined while I'm transmitting packages between 2 namespaces. Everything is okay like this because all TCP information is included in TCP section (at Defining flows, https://sflow-rt.com/define_flow.php).

But when I add tcprtt (just below that TCP section I talked about) that is included in TCP Info section, writing the PUT like this:

curl-H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport,tcpwindow,tcprtt', value:'bytes', log:true}" http://127.0.0.1:8008/flow/tcpbueno/json

This way, no infomation is shown on sFlow. How can I get RTT using sFlow???

Thanks in advance

[Peter Phaal]

The extended_tcp_info can only be filled in at the end point of a TCP connection (i.e. by host). The Host sFlow (sflow.net) agent on Linux can be configured to populate this structure:

https://blog.sflow.com/2016/10/network-performance-monitoring.html

The TCP Info (https://sflow-rt.com/define_flow.php#tcpinfo) information is attached to packet samples. The metrics are directional (as indicated by the tcpdirection field) so you will typically need to filter on tcpdirection or flip flow keys based on tcpdirection, e.g. to track tcprtt by country:

setFlow('tcp_rtt_country', {keys:'country:[if:tcpdirection:sent:ipdestination:ipsource]', value:'tcprtt', t:20);

[Peter Phaal]

Please don't drop the mailing list.

The following article provides some background with examples using curl:

https://blog.sflow.com/2013/08/restflow.html

In your case curl http://127.0.0.1:8008/flow/tcp/json is retrieving the flow definition you created. To retrieve flow data you need to use:

curl http://127.0.0.1:8008/metric/ALL/tcp/json

or:

curl http://127.0.0.1:8008/activeflows/ALL/tcp/json

Note: You need to set the -Dgeo.country=resources/config/GeoLite2-Country.mmdb system property in order for the country: function to succeed. Otherwise you could use the following flow definition to report by ip address:

curl -H "Content-Type:application/json" -X PUT --data '{keys:"if:tcpdirection:sent:ipdestinacion:ipsource", value:"tcprtt", t:20}' http://127.0.0.1:8008/flow/tcp/json

On Wed, Nov 7, 2018 at 1:02 AM Sara Escribano <sara.escri...@gmail.com> wrote:

Hi again!

But I'm not using Javascript, I'm doing everything by shell and I'm having several troubles transcripting setFlow functions to shell (because I have no idea), but above all things, how do I have to introduce that tcp_rtt_country, because I tried:

curl -H "Content-Type:application/json" -X PUT --data "{keys:'country:[if:tcpdirection:sent:ipdestinacion:ipsource]', value:'tcprtt', t:20}" http://127.0.0.1:8008/flow/tcp/json  

and GET it with

curl http://127.0.0.1:8008/flow/tcp/json 

And I obtained this:

Of course, it has to be wrong because I want the tcprtt value, not a string saying "tcprtt" or something like that. I want to remark I have no idea about this and I only want to get latency, jitter and wrong packets from a flow

Do you know where did I make the mistake?

Thanks in advance :)

 

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Peter Phaal]

Please don't drop the group in your replies.

You can verify the flow keys that sFlow-RT is decoding:

curl http://127.0.0.1:8008/flowkeys/json

to see if you are getting the tcprtt value:

curl http://127.0.0.1:8008/flowkeys/json | grep tcprtt

The only sFlow agent that I am aware of that exports this information is the Host sFlow (https://sflow.net/) agent. Are you using Host sFlow (with the tcp module enabled)? If you are using Mininet then you won't be receiving the tcprtt data since Open vSwitch can't provide this data since it isn't an end point for the tcp connections.

You might find the REST API browser helpful:

http://localhost:8008/api/

This allows you to use forms to try out the REST API and generate curl commands.

On Thu, Nov 8, 2018 at 3:18 AM Sara Escribano <sara.escri...@gmail.com> wrote:

Hi Peter,

I'm really bocked with this cause I've tried all the possibilities and none of them is giving me the tcprtt parameter, I tried the next commands:

1) The one you wrote to me:

curl -H "Content-Type:application/json" -X PUT --data '{keys:"if:tcpdirection:sent:ipdestinacion:ipsource", value:"tcprtt", t:20}' http://127.0.0.1:8008/flow/tcp/json

2) I changed ipdestinacion for ipdestination cause I supposed it was a mistake.

3) Also I changed the order of the comas, cause in the only example something happened on sflow, the first coma was a double coma and the second coma was a single coma, like this:

curl -H "Content-Type:application/json" -X PUT --data "{keys:'if:tcpdirection:sent:ipdestination:ipsource', value:'tcprtt', t:20}" http://127.0.0.1:8008/flow/tcp/json

The answer for these 3 commands was the same, was this one (nothing from the flow):

4) As I got something using the next command:

curl -H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport', value:'bytes', log:true}" http://127.0.0.1:8008/flow/tcp/json

I decided to change the parameter value:'bytes' for value:'tcprtt' like this:

curl -H "Content-Type:application/json" -X PUT --data "{keys:'ipsource,ipdestination,tcpsourceport,tcpdestinationport', value:'tcprtt', log:true}" http://127.0.0.1:8008/flow/tcp/json

And I got nothing:

So at the end, I have no idea about why is going wrong, and the links you sent me, besides being awesome to understand sFlow, don't answer my doubts because they don't teach me how to write the commands and why are the commands like that (I mean, I don't understand why should I use double commas or just single commas, or where should I write the parameter tcprtt if there are like 100 possibilities).

Could you help me? I've been 2 weeks looking for information, I only want to measure the latency, the jitter and the number of lost packets, that's why I need the tcprtt parameter.

Sorry for the inconvenience and thanks in advance.

[Peter Phaal]

Wireshark is capturing all the TCP packets, re-creating the state of each TCP connection, and calculating round trip times. 

The approach sFlow takes is different. Instead of trying re-create the state based on packets observed in the network, the TCP state maintained by the end hosts is exported by sFlow agents running on the hosts. The Host sFlow agent (hsflowd) makes use of the Linux kernel tcp_diag interface to gather performance metrics relating to packets captured on the host.

https://blog.sflow.com/2016/10/network-performance-monitoring.html

https://blog.sflow.com/2016/05/berkeley-packet-filter-bpf.html

I don't believe hsflowd is namespace aware in it's packet sampling and tcp performance metric functionality. If you wan't to experiment with hsflowd, install it on your host under the root namespace and it should be able to give you performance metrics for connections to / from the host.

On Tue, Nov 13, 2018 at 12:43 AM Sara Escribano <sara.escri...@gmail.com> wrote:

Hi again!

I'm not using mininet and I tried to capture traffic with Wireshark in order to see if there was possible to get the RTT in my virtual workspace. I have this interfaces involved:

To be more clear, this is my topology:  

And I want to measure the latency from one namespace to another, so I have to measure it on ovs. Wireshark can show me the RTT but sFlow can't do so.

(I am creating traffic TCP between them). So if Wireshark gets it but sFlow doesnt, I dont know what is going wrong.

Thanks in advance.