I am evaluating replacing our traditional SNMP-based interface metrics collection with an sflow-based solution. I'm using a Cisco 3k as a testing switch. For testing, I just enabled sflow collection on a single port-channel like so:
sflow sampling-rate : 4096
sflow max-sampled-size : 128
sflow counter-poll-interval : 20
sflow max-datagram-size : 1400
sflow collector-ip : 192.168.1.11 , vrf : default
sflow collector-port : 6343
sflow agent-ip : 172.16.2.13
sflow data-source interface port-channel1
When comparing the metrics information to our existing SNMP information, I get wildly different numbers. To make thinks easier, I pulled both the SNMP counters and the sflow metrics simultaneously and received this:
SNMP:
IF-MIB::ifInOctets.369098752 = Counter32: 2465535836
IF-MIB::ifOutOctets.369098752 = Counter32: 3786122594
SFLOW
sflow_ifoutoctets{agent="172.16.2.13",datasource="369098752",,ifindex="369098752",ifname="port-channel1",ifspeed="20G"} 7039.657893397139
sflow_ifinoctets{agent="172.16.2.13",datasource="369098752",ifindex="369098752",ifname="port-channel1",ifspeed="20G"} 130994.45094944764
I pulled some of the superfluous info out, but as you can see not only are the numbers not even close, but sflow is showing a decimal point? On a hunch I also collected 4-5 datapoints and converting the raw SNMP counters to rates to see if sflow is doing the math for me, but no joy.
Any advice would be helpful.