[c-nsp] Are there any disadvantages to aggressive netflow aging on a 6509?
Nick Hilliard
nick at foobar.org
Mon Jul 4 11:15:35 EDT 2011
On 04/07/2011 15:59, Matthew.Coleman-Hamilton at servicebirmingham.co.uk >
However, my question is whether there are any disadvantages to aggressive
> aging, i.e. am I potentially missing flow information or exporting
> incomplete flow information by moving away from the default settings and
> aging flows quicker?
Correct. Whether this actually matters depends on whether you are using
netflow for billing / graphing information or if you're just using it for
statistical sampling (e.g. measuring relative traffic amounts, detecting
DoS attacks, etc).
You will probably find that this configuration on a pfc3b will work until
about 100kpps / 150kpps of imix traffic. After that, your netflow tcam
will start overflowing.
Nick
More information about the cisco-nsp
mailing list