[nsp] Netflow questions - flow expiry
Ian Cox
icox at cisco.com
Wed Aug 20 06:37:46 EDT 2003
At 05:47 PM 8/20/2003 +1000, Andrew Fort wrote:
...
>Ian, thanks for the detail. As I understand the above, the flows that dont
>get a hash hit get thrown to the MSFC3 traditional IOS netflow table (on
>Sup720)?
Flows that miss in the netflow table do not go to the MSFC3. Statistics are
simply not recorded for these flows just like on Sup2.
>Does the MSFC3 cope well with a line-rate 1-packet-per-flow condition
>where the overflow situation (worst case, ~30k flows) is continually
>overflowing the hardware table, or can this bring the box to its knees
>under relatively low flowrates?
Not with multi-million packet per second situations. We deliberately,
decided not to punt flows that have a miss in the netflow table to the
MSFC3 because it basically causes a DoS to the control plane. The Sup2
works the same way, packets get forwarded by H/W CEF lookup, and H/W
netflow table is used for statistics gathering.
> (as it does on some other boxes). Is the command the same to view the
> hardware flow table contention level on the Sup720?
Sup720 commands are:
ringebu#sh mls netflow table-contention aggregate
Earl in Module 5
Aggregate Netflow CAM Contention Information
=============================================
Netflow Creation Failures : 255709412414
Netflow Hash Aliases : 6
** All failures to create entries since last reboot
ringebu#sh mls netflow table-contention detailed
Earl in Module 5
Detailed Netflow CAM (TCAM and ICAM) Utilization
================================================
TCAM Utilization : 97%
ICAM Utilization : 0%
Netflow TCAM count : 254161
Netflow ICAM count : 1
Netflow Creation Failures : 4078719
Netflow CAM aliases : 0
** All failures in the last aging time
Ian
>-af
More information about the cisco-nsp
mailing list