[c-nsp] 6500 Netflow
Ian Cox
icox at cisco.com
Thu Apr 17 13:25:46 EDT 2008
At 07:12 PM 4/17/2008 +0200, Gert Doering wrote:
>Hi,
>
>On Thu, Apr 17, 2008 at 09:43:22AM -0700, Ian Cox wrote:
> > Prior to 12.2(33)SXH netflow on the 6500 was enabled on a global
> > basis. Which is different to all the router platforms where it is
> > enabled on a per interface basis. In 12.2(33)SXH for the 6500 and
> > 12.2(33)SRA for the 7600 NDE was finally changed to be enabled on a
> > per interface basis like other cisco platforms.
>
>This is good news.
>
>I've heard different rumors on the actual implementation, though. So maybe
>you can clarify?
>
>One rumor was that SXH and SR* still have *all* flows in the netflow TCAM,
>and only filter on output, in the RP CPU.
This is not how per interface works. Flows are only created in the
netflow table for interfaces it is enabled on. Interfaces without
netflow enabled drive a null flow mask and this results in no entries
being created in the netflow table for those interfaces. If you
enable nde on an interface this results in a non-null flow mask being
used and an entry being created in the table.
Ian
> Which would mean that this feature
>reduces the amount of data exported to the collectors, and the amount of
>processing needed there to filter wanted/unwanted interfaces (which is good),
>but that it would not reduce netflow TCAM contention, and possibly even
>increase RP CPU load.
>
>The second rumor is that SRC is actually filtering already upon *collection*,
>so that the TCAM usage and RP CPU load would dramatically go down if you
>only have netflow collection enabled on a few interfaces.
>
>
>Soooo... any truth in this?
>
>gert
>--
>USENET is *not* the non-clickable part of WWW!
>
>//www.muc.de/~gert/
>Gert Doering - Munich, Germany gert at greenie.muc.de
>fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
>
More information about the cisco-nsp
mailing list