Juniper EVPN-VXLAN Data center Sflow
Fa'amatalaga Taua
This document serves as a detailed guide for configuring sFlow telemetry on Junos devices within an Apstra-managed data center fabric. It explains the objectives of integrating sFlow with Apstra Flow application, outlines the necessary configuration procedures, and provides example CLI commands to support implementation. This document is intended for network engineers and administrators who are deploying or managing Apstra-based data center fabrics and require visibility into traffic flows for performance monitoring, capacity planning, and anomaly detection using Apstra Flow application.
Fofo Faamanuiaga
This document describes the benefits of using SFlow for monitoring networks and it also demonstrates how to apply sFlow technology to existing Juniper Validated Design (JVD), such as the 3-Stage Data Center Design with Juniper Apstra (JVD). While there are many applications that can collect and visualize data from SFlow capable device, this document highlights the use of Juniper Apstra sFlow to monitor traffic on a 3-stage Fabric that was deployed with Juniper Apstra.
The solution discussed in this document can also be extended to other Juniper Data Center designs such as 5-stage, collapsed Fabric and AI/ML Juniper validated designs.
With network flow monitoring, network engineers and administrators can troubleshoot application issues across a DC fabric that supports distributed, cloud-native, virtualized, and containerized workloads.
SFlow technology
sFlow is a packet-sampling–based telemetry technology supported on most Juniper devices. It provides real-time visibility into network traffic by exporting sampled packets and interface statistics to a centralized collector using UDP. Juniper’s implementation of sFlow complies to RFC 3176. The sampling is performed at the hardware application-specific integrated circuits (ASICs) , simplifying the monitoring process and making it more accurate.
Using sFlow technology offers several key benefits for network operators, especially in large-scale, high-performance environments. Here are some of the main advantage:
- Network Visibility: sFlow provides real-time, packet-level visibility across the entire network without overwhelming the device CPU or memory.
- Sampling Flexibility: O le sampling rate on sFlow can be configured as needed.
- Traffic Analysis: sFlow enables continuous monitoring of traffic flows, interface statistics, and application usage.
- Proactive Capacity planning: sFlow helps network operator to forecast bandwidth needs by analyzing the traffic trends.
- Client and Server Flow visibility: sFlow provides detailed insights into client server interaction providing critical information on ports, protocols and IP addresses. This visibility helps detect unauthorized access and identifies unexpected traffic flows.
Juniper QFX switches support sFlow version 5, the most widely adopted and standardized version of the protocol as defined in RFC 3176. sFlow v5 is compatible with most open-source and commercial collectors such as, Elastic Flow, Grafana (via exporters) and Juniper Apstra.
Apstra Flow benefits
Apstra Flow delivers deep, real-time visibility into data center traffic by leveraging sFlow telemetry across a fabric. It enables proactive monitoring by, analyzing flow paths, application usages, and hotspots in the network Apstra Flow visualizes traffic flows, identifies anomalies, and correlates network behavior with intent-based policies. This empowers network operators to maintain optimal performance, reduce mean time to resolution (MTTR), and ensure policy compliance across multi-vendor environments—all from a single, unified interface.
Key features of Apstra Flow include:
- Integrated with Apstra Analytics Dashboard: Linking Apstra Flow with the Apstra Telemetry dashboard, provides users access to flow data alongside real-time telemetry which provides useful information when you are troubleshooting.
- Intent-Based Flow Visualization: Aligns flow data with Apstra’s intent-based policies, allowing users to validate traffic paths and ensure compliance with the design intent.
- Enhanced Operational Efficiency: Offers centralized visibility and analytics, streamlining network operations and supporting proactive decision-making.
- Support for Multi-vendor and multi-flow protocols: Apstra Flow collector supports sFlow, Net Flow v1, v5, v6, v7, v9, IPFIX, and IFA information elements (IEs). These IEs contain attribute values that are related to the observed network traffic. The Apstra Flow collector supports IEs from many vendors and multiple networking technologies.
This document outlines the configuration of sFlow on Juniper devices using Juniper Apstra, and details the deployment of Juniper Apstra Flow for telemetry and monitoring.
Use Case And Reference Architecture
This document demonstrates the use of sFlow in the 3-Stage Data Center Design with Juniper Apstra (JVD). The reference architecture shown below in Figure 1: 3-stage Reference design with Juniper Apstra Flow uses Juniper switches to form the ERB architecture managed by Apstra. For purposes of this document, the sFLOW flows are monitored using Apstra Flow application.
Fa'aaliga: Apstra Flow is a feature in the Apstra Premium tier licensing plan. This feature is available only if the customer is already an Apstra premium customer. For Apstra licensing information, refer to the Juniper Licensing User Guide. Please contact Juniper account representative for more information.
Ata 1: 3-stage Reference design with Juniper Apstra Flow
Juniper Hardware and Software components
For this solution, the Juniper products and software versions are listed below. The listed architecture is the recommended base representation for the validated solution. As part of a complete solutions suite, we routinely swap hardware devices with other models during iterative use case testing. Each platform also goes through the same tests for each specified version of Junos OS.
Juniper Hardware Components
The following switches have been tested and validated to work with the 3-Stage Fabric with Juniper Apstra JVD in the following roles:
Laulau 1: Validated Devices and Positioning.
| Validated Devices and Positioning | |||
| Fofo | Server Leaf Switches | Border Leaf Switches | Ivitua |
| 3-stage EVPN/VXLAN (ERB) | QFX5120- 48Y-8C | QFX5130- 32CD | QFX5220- 32CD |
| QFX5110- 48S | QFX5700 | QFX5120- 32C | |
| — | ACX7100- 48L | — | |
| — | ACX7100- 32C | — | |
| — | PTX10001- 36MR | — | |
*marked are baseline devices.
Laulau 2: Juniper Qualified Software.
|
Juniper Software |
|
| Juniper Products | Software or Image version |
| Junos OS Evolved & Junos OS image | 23.4R2-S5 |
| Juniper Apstra | 6.0.0-189 |
| Juniper Apstra Flow | 6.0.0 |
Configuration Walkthrough
For the purposes of this use case, the baseline Juniper devices are listed in Table 3: 3-Stage Data center baseline devices. This document focuses on the configuration of sFlow on Juniper devices with the Apstra Flow application. Apstra Flow can be extended to other vendor devices that support sFlow technology to visualize network traffic flow.
Laulau 3: 3-Stage Data Center Baseline Devices.
| Juniper Devices | Matafaioi |
| QFX5220-32CD | Ivitua |
| QFX5120-48Y | Server Leaf |
| QFX5130-32CD | Border Leaf |
Mea e mana'omia muamua
Use Apstra to deploy the 3-stage EVPN VXLAN datacenter following the guidelines outlined in the 3-Stage Data Center Design with Juniper Apstra JVD. For the purposes of this use case, the following devices were configured:
- Three QFX5120-48Y (Junos) as server leaf
- Two QFX5130-32CD (Junos OS Evolved) as border leaf
- Two QFX5220-32CD (Junos OS Evolved) as Spine
sFlow technology on Juniper switches
Juniper QFX switches implements sFlow using a distributed architecture that is designed for scalable and efficient traffic monitoring. The sFlow system comprises two primary components:
- Embedded sFlow Agent: Located within the switch. This agent is responsible for managing the sampling process and preparing data for export.
- External sFlow Collector: A remote system that receives and analyzes the sampled data exported by the switch.
When sFlow is enabled, the embedded agent begins sampling packets and collecting interface statistics. Each Packet Forwarding Engine (PFE) on the switch includes dedicated subagents that perform the actual sampling. These subagents forward the sampled packets and statistics to the main sFlow agent.
The sFlow agent aggregates this data and formats it into UDP datagrams, which are then transmitted to the configured external sFlow collectors. These datagrams contain enriched flow information, including packet headers, interface details, and traffic metadata, enabling comprehensive network visibility and analysis. For more information on Platform specific sFlow behaviour refer to the fa'amatalaga for each platform.
Fa'aaliga: Upto 4 collectors can be configured on Juniper switches.
Juniper QFX switches support sFlow version 5, which is the most widely adopted and standardized version of the protocol as defined in RFC 3176. sFlow v5 is compatible with most open-source and commercial collectors like, Elastic Flow, Grafana (via exporters) and Juniper Apstra.
Configuring sFlow on Juniper devices
For the purposes of this document, sFlow was configured on Junos OS and Junos OS Evolved devices using Apstra configures. Juniper Apstra provides a standard sFlow configlet, which can be customized to align with the specific requirements of the devices deployed within the fabric.
Fa'aaliga: Export of sFlow data using management instance is not supported in Junos OS Evolved Release 23.4R2-S5.
A static route must be configured on Junos OS switches since sFlow export uses management instances.
Configuration of sFlow on Juniper switches
To configure sflow, the revenue port (or WAN port) on the switches were used to connect to the sFlow collector as shown in Test Topology. The collector is directly connected to the fabric on one of the leaf switch and the default Apstra underlay policy will advertise that route into the fabric, thus making it reachable from every fabric switch.
The configuration also includes setting the sFlow agent ID (usually the collector’s management IP), defining the collector IP and UDP port (e.g., 6343), and specifying polling and sampling intervals. Interfaces intended for monitoring must be explicitly included. A property set can be defined to parameterize the collector IP. The source IP in below config provides the collector the device’s management IP to indicate the source of the sflow record from the device.
SNMP needs to configured so that Apstra Flow can render the interface names, refer section Flow Enrichment for more details.
Fa'aaliga: The polling interval and sampling rate should be carefully configured based on the specific monitoring requirements and the volume of traffic in the network.
For the purposes of this lab a separate revenue/WAN port was used to send SFlow traffic towards the collector.
Configlet can be created using Apstra by logging to Apstra UI and navigating to Design > Configlet and then click on create configlet. Configlet can also be imported as shown below in Ata 2: Import Configlet. For more information on creating configlet refer Apstra guide.
Fa'aaliga: Configlet should be thoroughly tested and validated in a non-production environment before being applied to Live data center network. Since Apstra does not verify the syntax or correctness of configlet, no warnings or errors will be generated during commit—even if issues exist.
Ata 2: Import Configlet
Below is configlet snippet for Junos switches. Note that the collector Ip can be configured as parameters that can be set using Property sets.
To add Property Sets in Apstra, navigate to Design > Property sets. Create a property set for the collector IP address as below. Ensure property set is also imported into the Blueprint by navigating to Blueprints > <blueprint-name> > Staged > Catalog then click on import Property set.
Ata 3: Property set for collector IP
To configure the configlet in the 3-stage Data center Blueprint, login to Apstra. Navigate to Blueprints > <blueprint-name> <Staged > Physical then click on configlet as shown below.
Ata 4: Adding sFlow configlet to Apstra
On the next screen add the configlet as shown below. Alternatively configlet can be also imported from Blueprints <blueprint-name> > Staged > Catalog.
After importing the configlet into Apstra, the configlet is assigned to the switches by selecting the Hostname option to filter devices and selecting the non-EVO Junos switches only as shown below in Figure 5 : Assigning configlet to non-EVO leaf switches.
Ata 5: Assigning configlet to non-EVO leaf switches
Flow Enrichment
To display the enriched interface information on Apstra Flow Dashboard, SNMP will also need to be configured so as to identify the interface name rather than interface index ID as shown Figure 6 : Apstra Flow Dashboard showing Flows with Interface Index ID. A SNMP community string is required to be configured on Juniper switches (for both EVO and non-EVO switches) and . For more information on configuring the device and the Apstra flow collector refer the Apstra Flow user guide for steps to configure SNMP. A standard configlet is also available in Apstra for configuring sFlow which can be customized and configured on the switches.
Ata 6: Apstra Flow Dashboard showing Flows with Interface Index ID
On the Apstra Flow collector (as will be discussed later), SNMP community should match the SNMP community that is configured on the switches.
Once all the sFlow configlet is applied and after checking the rendered config by navigating in Apstra to Blueprints > <blueprint-name> > Staged > Physical and selecting the Topology and clicking on switches to checked rendered config as shown in below Figure 7: Viewing rendered config.
Ata 7: Viewing rendered config
If the sFLOW config is rendered correctly for each device in the topology then commit the configuration by navigating in Apstra to Blueprints > <blueprint-name> > Uncommitted, then commit the configuration.
Apstra Flow Deployment
For the purposes of this document, Apstra Flow version 6.0.0 is deployed following the Apstra Flow User guide which provides step by step instructions for deploying Apstra Flow and adding collector into Apstra. A single node deployment was setup.
Fa'aaliga: To determine the appropriate Virtual Machine (VM) size for Apstra Flow, refer to the user guide which outlines scaling recommendations based on the number of devices to be managed, refer the Apstra sizing guide instructions.
Apstra Flow: Viewing Flow Dashboards
Once sFlow configuration is committed, the device begins exporting flow data to the Apstra Flow collector, which decodes and visualizes the traffic in the Apstra Flow dashboards.
Fa'aaliga: While Apstra Flow provides insights into traffic behavior and flow analytics, it is based on sampled sFlow data and does not deliver precise bandwidth utilization metrics. For accurate interface-level performance data, it is recommended to use Apstra Flow in conjunction with the Apstra Telemetry dashboard. This combined approach ensures both deep flow-level visibility and reliable real-time utilization metrics, supporting more informed operational decisions and troubleshooting.
Apstra Flow uses the browser date and time to display flows on the user Interface. This setting is setup by default and can be viewed by navigating from Apstra Flow UI left hand pane click on the menu (three horizontal lines) scroll to Management > Dashboards Management > Advanced Setting. In case of the Apstra Flow server that was setup using VMware Vsphere, NTP was setup to sync the time on the server and on Juniper Switches under [edit system ntp], refer the Junos NTP fa'amaumauga mo nisi fa'amatalaga.
Integrate Apstra Flow data with Apstra Telemetry
To quickly access flow data dashboard Apstra telemetry analytics, flow data can be linked into Apstra Analytics, refer to these laasaga for more information. This quick access to the Flow Dashboard provides access to data during troubleshooting and analysis of flows.
Fa'aaliga: To achieve multi-tenancy in Apstra Flow 5.1.0, it is recommended to deploy multiple Apstra Flow instances (collectors and UI) and exporting flows from each data center or Apstra blueprint switches to these dedicated Apstra Flow instances which ensures data isolation and tenant-specific visibility. Please contact respective Juniper account representative for more information.
Apstra Flow: OpenSearch Discover
After sFlow is configured on the devices, log onto Apstra Flow and click on the ‘Discover’ application from the OpenSearch Dashboard. This allows users to view and analyze the flow records fields and to apply filters to search based on certain flow attributes. This can be used to determine if flow data is reaching Apstra Flow and to explore the fields on a flow record for set filters.
Ata 8: Apstra Flow – OpenSearch Dashboard Discover to view and analyze flow records
Apstra Flow Dashboards
Once the Apstra sFlow collector receives sFlows, these can then be visualized from Apstra flow using wide variety of standard Dashboards. Apstra guide covers information on dashboards that can be used for viewing. This document will touch upon some of the key dashboards that users can use to validate sFlow setup and for visualizing flows with examples to best understand these dashboards.
Flow Exporter
As a first step ensure all devices configured for sFlow are shown as flow exporter on Apstra Flow Dashboard. Click on the left panel and select OpenSearch Dashboards >> Dashboard to access the list of Dashboards.
Ata 9: Dashboard option provides a list of Dashboard that can be selected
On the next screen a list of standard Dashboards that are shipped with the Apstra Flow are available. Here click on Flow: Flow Exporters to check all devices configured for sFlow are exporting sFlow.
Ata 10: List of pre-set Dashboards available in Apstra Flow.
On the next screen all the Flow exporters or devices configured to send sFlows are visible as Flow Exporters that send flows to Apstra Flow.
Ata 11: Juniper Switches as Flow Exporter
Flow Records
I view the Flow records this dashboard can be used to analyze all flow records from each flow exporter.
Ata 12: Flow Records to view sFlow records.
Fa'afeso'ota'i
Interfaces is a Dashboard tab that can be used to view the interfaces that generate traffic. To ensure Apstra Flow displays the Interface name and not the SNMP Index apply the flow enrichment configuration as discussed in Flow Enrichment.
The Interfaces dashboard will provide a glimpse of the traffic generated from the ingress and egress interfaces.
Ata 13: Ingress and Egress Interfaces for each flow exporter.
Top-N Dashboard
The Top-N Dashboard provides an overview of Top services, Talkers, Apps and Clients and top conversations. In the below figure Figure 14: Top Services flowing through the Data Center Fabric the top services are shown. To persist the filter use the drop down fields within the dashboard to filter or use the “Add filter” to persist filter while navigating to other tabs.
Fa'aaliga: The “Search” bar at the top doesn’t persist while navigating to other tabs.
Ata 14: Top Services flowing through the Data Center Fabric.
In the above dashboards some of the services are pointed out that show different Applications generating flows such as VMware NSX-T and Juniper Paragon Active Assurance. These examples will be further discussed in terms of the other dashboards to explain Apstra Flow. The test agents used for Paragon Active Assurance reside on the host that are connected the data center leaf switches. Similarly the Virtual Machines (VMs) reside on the ESXi servers that are connected to the leaf switches.
Fa'aaliga: VMware NSX-T setup is outside the scope of this document. There is a dedicated JVDE document that explains the setup and integration of VMware NSX-T inline mode with Juniper Apstra, refer the 3-stage NSX-T integration JVDE.
The Juniper Paragon Active Assurance application (PAA) is a programmable test and service assurance solution using software-based and traffic-generating Test Agents, easily used and delivered from the cloud as a SaaS solution or deployed on-premise in NFV environments. For the purposes of this lab an on-premise deployment of Paragon Active Assurance was used and is outside scope of this use case. The purpose of this deployment was to create different traffic flows to demonstrate Apstra Flow capabilities. A user guide can be used to setup Paragon Active Assurance, refer the Paragon Active Assurance fa'amaumauga. For more information, please contact respective Juniper account representative for more information.
Client and Server Flows
Navigating to Top Conversations as shown in Figure 15: Top Conversations showing Clients and servers shows the Clients and Servers that are generating these flows.
Mai le example below, the geneve tunnels are the result of ICMP pings from a VM that is connected to one of the server leaf switches to another VM that resides in another data center. Similarly the traffic between Paragon Active Assurance Test Agents shows the service and conversation between the Client Test Agent that resides within the data center that is connected to the server leaf and the server Test Agent that resides in another data center.
Ata 15: Top Conversations showing Clients and servers.
The flows can be visualized and continuing with the NSX-T example from above the flows shown below Figure 16 : Flows from Client to server on the Flows tab provide a visual of the flows. Here filters can be used to filter out the interested flows.
Ata 16: Flows from Client to server.
As discussed in this section, the various Apstra Flow dashboards offer an at-a-glance, in-depth view of flows and services operating within the data center fabric. The primary objective of this document is to ensure that flow data is successfully exported to Apstra Flow and that users understand the configuration for sFlow and accessing the Apstra Flow dashboard. This document complements the official Apstra User Guide and Apstra Flow User Guide, which serve as the starting point for users to begin working with sFlow. By following this document, users can expand their understanding of Apstra Flow and leverage it effectively for flow monitoring and operational visibility.
Test Objectives
As has been discussed in this document, the objective is to qualify sFlow functionality using Apstra Flow feature in Apstra.
The Juniper Switches discussed in this document are deployed as ERB architecture with EVPN VXLAN data center network, refer to the 3-stage EVPN VXLAN JVD document. The goal is to ensure the design is well-documented and will produce a reliable, predictable deployment for the customer.
Test Goals
The test goals for this JVD extension document are to validate:
- 3-stage JVD blueprint deployment
- incremental config pushes/provisioning using Apstra configlet
- Telemetry/Analytics validation
- performance/convergence characterization
- failure mode analysis
- verification of host traffic
- sFlow operation validation checks on each device
- Apstra Flow dashboard validation against network traffic
From Apstra Flow validation perspective below are the test goals:
- Build Apstra Flow and collector
- Apply license on Apstra Flow.
- Apply SFLOW configuration on the switches including SNMP community that’s required to be configured on the Juniper Switches and the collector.
- Validate SFLOW with Apstra Flow and verify by simulating a SFLOW flow on the dashboards:
- Flow Exporter Dashboard to validate all switches are sending sFlow traffic
- Flow Records to view the sFlow record fields.
- Top-N dashboards for Conversations between Client and Servers (Internal and External destinations)
- Top-N dashboards for Services
- Top-N dashboards for Client to server flow
Test Non-Goals
The JVDE qualification does not include the following:
- DCI (setup and basic test as there will be separate JVD for DCI)
- Pulega VRF
- Apply pristine configs to devices
Results Summary And Analysis
The test report details all the validations performed for the purposes of this qualification.
Test Topology
Ata 17: 3-stage Design with Apstra Flow Topology
Platforms Tested
Table 1 lists the platforms and Junos OS release that were tested for this initial qualification
Platforms, Controllers, and Roles
| Tag | Matafaioi | Fa'ata'ita'iga | OS | Linecard | RE | ie | VC | Helper/DU T | Fa'amatalaga Faaopoopo |
| R0 | Spine1 | QFX5220- 128c | JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R1 | Spine2 | QFX5220- 128c | JUNOS EVO | NA | NA | NA | NA | TUT |
| Tag | Matafaioi | Fa'ata'ita'iga | OS | Kata laina | RE | ie | VC | Helper/DU T | Fa'amatalaga Faaopoopo |
| 23.4R2- S5 | |||||||||
| R0 | Spine1 | QFX5220-
32c |
JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R1 | Spine2 | QFX5220-
32c |
JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R0 | Spine1 | QFX5120- 48YM | JUNOS 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R1 | Spine2 | QFX5120- 48YM | JUNOS 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R2 | DC1-SNGL- LEAF1 | QFX5120- 48Y-8C | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R3 | DC1-ESI1-LEAF1 | QFX5120- 48YM-8C | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R4 | DC1-ESI1-LEAF2 | QFX5120- 48YM-8C | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R3 | DC1-ESI2-LEAF1 | QFX5110- 48S | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R4 | DC1-ESI2-LEAF2 | QFX5110- 48S | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R3 | DC1-ESI2-LEAF1 | ACX7100- 48L | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R4 | DC1-ESI2-LEAF2 | ACX7100- 48L | Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R5 | DC1-BRDR- LEAF1 | QFX5120-
32c |
Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R6 | DC1-BRDR- LEAF2 | QFX5120-
32c |
Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R5 | DC1-BRDR- LEAF1 | QFX10002
-36Q |
Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R6 | DC1-BRDR- LEAF2 | QFX10002
-36Q |
Junos 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R5 | DC1-BRDR- LEAF1 | QFX5130-
32cd |
JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R6 | DC1-BRDR- LEAF2 | QFX5130-
32cd |
JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R5 | DC1-BRDR- LEAF1 | QFX5700 | JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R6 | DC1-BRDR- LEAF2 | QFX5700 | JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R5 | DC1-BRDR- LEAF1 | PTX10001- 36MR | JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R6 | DC1-BRDR- LEAF2 | PTX10001- 36MR | JUNOS EVO 23.4R2- S5 | NA | NA | NA | NA | TUT | |
| R9 | External Gateway | MX304 | Junos 23.4R2- S5 | NA | NA | NA | NA | Fesoasoani | External Gateway |
| RT0 | Tgen | Agaga | Spirent OS | NA | NA | NA | NA | Fesoasoani | Access hosts / DHCP Client/server |
Fua
Scale Numbers of hosts and VLANs are presented in the 3 Stage Data Center Desigin with Juniper Apstra..
Fa'amatalaga Fa'atinoga
Longevity Testing
High Level Features
| Fa'aaliga | Node | Fa'amatalaga |
| sFlow via default routing- instance | Meafaigaluega uma | sFlow records are exported to the collector on WAN ports; collector IP address is known via the fabric routing-table |
| Fa'aaliga | Node | Fa'amatalaga |
| Apstra Flow Collector | Meafaigaluega uma | Apstra Flow is used to collect and analyze the sFlow data |
| WAN
fabric port statistics |
Meafaigaluega uma | sFlow records for all the fabric links (i.e. leaf-spine ports) |
| Access port statistics | All Leaves | sFlow records for all host and external gateway access links |
| SNMP
if Index translation |
Meafaigaluega uma | Collector translates interface if Indexes into interface names for easy readability |
| Control Protocol traffic in sFlow Records | Meafaigaluega uma | Control protocol packets are also represented in Apstra Flow |
| IPv4 ma le IPv6 | Meafaigaluega uma | Overlay Host Connectivity |
| Fuafua Sampling Fua faatatau | Meafaigaluega uma | Sampling of 1 out of every N packets. Collector can calculate actual traffic rates based on the samptau taua |
Events and Triggers Test
| Su'ega | Fa'amatalaga |
| Provision the 3 stage blueprint with sflow configlet | Apstra Deployment Step as Documented in JVD |
| Provision External Gateway at Border Leaves and sFlow access port at Leaf1 | Apstra Deployment Step as Documented in JVD |
| Intra-VLAN, Inter-VLAN, Inter-VRF Traffic Validation | Host Emulation via Test Traffic |
| Enable sFlow configuration on Apstra Flow Server and Fabric Devices | Apstra Deployment Step as Documented in JVD |
| Su'ega | Fa'amatalaga |
| Deactivate and Activate sFlow Configuration at Global Level on Apstra Flow Server | Reconvergence and restoration of sFlow |
| sFlow Interface Up/Down from Shell on Apstra Flow Server | Reconvergence and restoration of sFlow |
| Restart sFlow on Apstra Flow Server | Reconvergence and restoration of sFlow |
| Verify if control packets are generated and mirrored to the sFlow collector | sFlow packet inspection |
| sFlow – Router Reboot | Reconvergence and restoration of sFlow |
| sFlow – Restart Routing Process | Reconvergence and restoration of sFlow |
| sFlow – Deactivate and Activate sFlow Interface | Reconvergence and restoration of sFlow |
| Disable sFlow configuration on Apstra Flow Server | Reconvergence and restoration of sFlow |
| sFlow Ingress/Egress Sampling of VXLAN Bridged Traffic at Spine and Leaf Network Ports | sFlow packet inspection |
| sFlow Ingress/Egress Sampling of Host Traffic at Single Access Port | sFlow packet inspection |
| sFlow Ingress/Egress Sampling of Host Traffic at AE Access Port | sFlow packet inspection |
| Verify sFlow IPv4 Datagram Header on Apstra Flow Server | sFlow packet inspection |
| Check sFlow Polling and Sampling Rate on Apstra Flow Server | Accuracy of Collector Reports |
| Longevity Testing | Fa'amautu Fa'atonu |
Taavale Profiles
| Ta'avale Ta'avale | Ituaiga | L4 | Tele o le afifi |
| red_all_p1_to_red_all_p3 | Intra-VLAN | UDP | Random 256-1200 |
| Ta'avale Ta'avale | Ituaiga | L4 | Tele o le afifi |
| red_all_p1_to_red_all_p3_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| blue_all_p1_to_blue_all_p3 | Intra-VLAN | TCP | Random 256-1200 |
| blue_all_p1_to_blue_all_p3_v6 | Intra-VLAN (IPv6) | TCP | Random 256-1200 |
| green_all_p1_to_green_all_p3 | Intra-VLAN | UDP | Random 256-1200 |
| green_sub_p1_to_green_sub_p3 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| red_all_p1_to_red_sub_p4 | Inter-VLAN | TCP | Random 256-1200 |
| red_all_p1_to_red_sub_p4_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| blue_all_p1_to_blue_sub_p3 | Inter-VLAN | UDP | Random 256-1200 |
| blue_all_p1_to_blue_sub_p3_v6 | Inter-VLAN (IPv6) | UDP | Random 256-1200 |
| red_all_p1_to_external_p6 | Inter-VRF | TCP | Random 256-1200 |
| blue_all_p1_to_external_p6 | Inter-VRF | TCP | Random 256-1200 |
| red_all_p2_to_red_all_p5 | Intra-VLAN | UDP | Random 256-1200 |
| red_all_p2_to_red_all_p5_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| blue_all_p2_to_blue_all_p5 | Intra-VLAN | TCP | Random 256-1200 |
| blue_all_p2_to_blue_all_p5_v6 | Intra-VLAN (IPv6) | TCP | Random 256-1200 |
| green_all_p2_to_green_all_p5 | Intra-VLAN | UDP | Random 256-1200 |
| red_sub_p2_to_red_sub_p4 | Intra-VLAN | UDP | Random 256-1200 |
| blue_all_p2_to_blue_sub_p5 | Inter-VLAN | TCP | Random 256-1200 |
| blue_all_p2_to_blue_sub_p5_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| red_all_p2_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| Ta'avale Ta'avale | Ituaiga | L4 | Tele o le afifi |
| blue_all_p2_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| red_all_p3_to_red_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| red_all_p3_to_red_all_p1_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| blue_all_p3_to_blue_all_p1 | Intra-VLAN | TCP | Random 256-1200 |
| blue_all_p3_to_blue_all_p1_v6 | Intra-VLAN (IPv6) | TCP | Random 256-1200 |
| green_all_p3_to_green_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| green_sub_p3_to_green_sub_p1 | Inter-VLAN | UDP | Random 256-1200 |
| blue_sub_p3_to_blue_sub_p5 | Inter-VLAN | TCP | Random 256-1200 |
| blue_sub_p3_to_blue_sub_p5_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| red_all_p3_to_red_sub_p2 | Inter-VLAN | TCP | Random 256-1200 |
| red_all_p3_to_red_sub_p2_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| red_all_p3_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| blue_all_p3_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| red_all_p4_to_red_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| red_all_p4_to_red_all_p1_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| blue_all_p4_to_blue_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| blue_all_p4_to_blue_all_p1_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| green_all_p4_to_green_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| red_sub_p4_to_red_sub_p2 | Inter-VLAN | TCP | Random 256-1200 |
| red_sub_p4_to_red_sub_p2_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| blue_all_p4_to_blue_sub_p5 | Inter-VLAN | UDP | Random 256-1200 |
| Ta'avale Ta'avale | Ituaiga | L4 | Tele o le afifi |
| blue_all_p4_to_blue_sub_p5_v6 | Inter-VLAN (IPv6) | UDP | Random 256-1200 |
| red_all_p4_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| blue_all_p4_to_external_p6 | Inter-VRF | TCP | Random 256-1200 |
| red_all_p5_to_red_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| red_all_p5_to_red_all_p1_v6 | Intra-VLAN (IPv6) | UDP | Random 256-1200 |
| blue_all_p5_to_blue_all_p1 | Intra-VLAN | TCP | Random 256-1200 |
| blue_all_p5_to_blue_all_p1_v6 | Intra-VLAN (IPv6) | TCP | Random 256-1200 |
| green_all_p5_to_green_all_p1 | Intra-VLAN | UDP | Random 256-1200 |
| green_sub_p5_to_green_sub_p1 | Inter-VLAN | TCP | Random 256-1200 |
| blue_sub_p5_to_blue_sub_p3 | Inter-VLAN | TCP | Random 256-1200 |
| blue_sub_p5_to_blue_sub_p3_v6 | Inter-VLAN (IPv6) | TCP | Random 256-1200 |
| red_all_p5_to_red_sub_p2 | Inter-VLAN | UDP | Random 256-1200 |
| red_all_p5_to_red_sub_p2_v6 | Inter-VLAN (IPv6) | UDP | Random 256-1200 |
| red_all_p5_to_external_p6 | Inter-VRF | UDP | Random 256-1200 |
| blue_all_p4_to_external_p6 | Inter-VRF | TCP | Random 256-1200 |
| external_to_red_all_p3 | Inter-VRF | UDP | Random 256-1200 |
| external_to_red_all_p3_V6 | Inter-VRF (IPv6) | UDP | Random 256-1200 |
| external_to_red_sub_p2 | Inter-VRF | TCP | Random 256-1200 |
| external_to_red_sub_p2_V6 | Inter-VRF (IPv6) | TCP | Random 256-1200 |
| external_to_blue_all_p4 | Inter-VRF | UDP | Random 256-1200 |
| Ta'avale Ta'avale | Ituaiga | L4 | Tele o le afifi |
| external_to_blue_all_p4_v6 | Inter-VRF (IPv6) | UDP | Random 256-1200 |
| external_to_blue_sub_p5 | Inter-VRF | TCP | Random 256-1200 |
| external_to_blue_sub_p5_v6 | Inter-VRF (IPv6) | TCP | Random 256-1200 |
Scale And Performance Data
This document may contain key performance indexes (KPIs) used in solution validation. Validated KPIs are multidimensional and reflect our observations in customer networks or reasonably represent solution capabilities. These numbers do not indicate the maximum scale and performance of individual tested devices. For unit-dimensional data on individual SKUs, kindly contact your Juniper Networks representatives.
The Juniper JVD team continuously strives to enhance solution capabilities. Consequently, solution KPIs may change without prior notice. Always refer to the latest JVD test report for up-to-date solution KPIs. For the latest comprehensive test report, please reach out to your Juniper Networks representative.
Fautuaga
It is recommended to use a dedicated revenue or WAN port for exporting sFlow traffic, rather than the management interface. Isolating sFlow traffic from the management plane helps preserve the integrity and performance of out-of-band management operations, especially in production environments.
Apstra Flow provides detailed, low-level packet insights by leveraging sampled sFlow data across the data center fabric.
Apstra Flow injects sample flow traffic it cannot used for precise bandwidth metrics, its strength lies in flow-level analytics, enabling operators to trace traffic paths, identify anomalies, and validate policy compliance. When used in conjunction with the Apstra Telemetry dashboard, network operators can troubleshoot traffic issues using the flow behavior and interface statistics.
Toe Iloilo Tala'aga
Laulau 3: Toe Iloilo Tala'aga
| Aso | Fa'amatalaga |
| Setema 2025 | Initial publish |
Lagolago Tagata Fa'atau
Autasi ma Sales Headquarters
Juniper Networks, Inc.
1133 Innovation Way Sunnyvale, CA 94089 USA Phone: 888 JUNIPER (888.586,4737) or +1.408.745,2000 Fax +1.408.745.2100
www.juniper.net
APAC ma EMEA Headquarters
Juniper Networks International BV
Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands
Telefoni: +31.207.125.700
Fax: +31.207.125.701
Copyright 2025 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Auina atu manatu faaalia i: design-center-comments@juniper.net V1.0/251022
Pepa / Punaoa
 |
Juniper EVPN-VXLAN Data center Sflow [pdf] Tusi Taiala EVPN-VXLAN Data center Sflow, EVPN-VXLAN, Data center, Sflow |