[nsp] NetFlow and DoS attacks - tuning
Paul Kohler
pkohler at cisco.com
Mon Dec 15 11:56:21 EST 2003
Sampled NetFlow has been released in 12.3(2)T, 12.2(18)S, and 12.0(26)S:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7618.html
In regards to the 7200 that platform received the feature via 12.3(2)T and
12.2(18)S:
http://www.cisco.com/go/fn
Yes, there would be a significant performance benefit. When we did the
performance testing for the paper referenced below Random Sampled NetFlow
had not been released and therefore it wasn't tested. However, to give you
an idea, at that time we did have Sampled NetFlow on the 12000 so you see
that reflected in the testing on the Engine 0/1 linecard Sampled vs
non-Sampled NetFlow. There is a difference of 16 to 4 in additional % CPU
hit above baseline with 1/100 sampling rate. I will be doing some more
performance tests on NetFlow that will include Sampled NetFlow in the
coming months and there will be a corresponding paper.
Paul
At 08:21 AM 12/15/2003, Mark Turpin - ESS Network wrote:
>Paul Kohler (pkohler at cisco.com) wrote on Dec 14, 2003:
>
>PK>In answer to your questions:
>
>i'm slightly curious...
>
>is the real answer the delivery date of sampled netflow feature to
>c7200? will this occur? why hasn't it? would there be no cpu
>benefit? maybe someone more familiar with the sampled nf code could
>inform me of its behavior and why it just wouldn't work?
>
>cheers,
>mark
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list