[nsp] Netflow questions - flow expiry

[Andrew Fort]

Ian Cox wrote:

>> Also, what is the effect of exceeding the 32K limit? "If the number 
>> of MLS entries exceeds 32K, only adjacency statistics might be 
>> available for some flows." What does that mean?
>
>
> The netflow table is comprised of 8 pages of 16k entries each. A hash 
> function is used to place entries into the table and the flow mask 
> determines what bits in the IP header / and/or TCP/UDP header are used 
> as input into the hash function. The table is 128k entries in total, 
> with a 99.99% probability with normal traffic 32k entries will fit 
> into the table for Sup1A, Sup2. (Sup720 uses a different algorithm 
> that is much more effective and can achieve 90k).
>
> Exceeding 32k entries on Sup1A, Sup2 just means there is a higher 
> probability a flow will not fit into the hardware table. You can check 
> the number of packets that statistics are not being recorded for in 
> images higher than 12.1(13)E8 or 12.1(19)E1 via:
>   remote command switch show earl statis | inc NF_FULL
>
>
> Ian

Ian, thanks for the detail. 
As I understand the above, the flows that dont get a hash hit get thrown 
to the MSFC3 traditional IOS netflow table (on Sup720)?  Does the MSFC3 
cope well with a line-rate 1-packet-per-flow condition where the 
overflow situation (worst case, ~30k flows) is continually overflowing 
the hardware table, or can this bring the box to its knees under 
relatively low flowrates?  (as it does on some other boxes).  Is the 
command the same to view the hardware flow table contention level on the 
Sup720?

-af