[nsp] NetFlow and DoS attacks - tuning

Paul Kohler pkohler at cisco.com
Mon Dec 15 11:56:21 EST 2003


Sampled NetFlow has been released in 12.3(2)T, 12.2(18)S, and 12.0(26)S:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7618.html

In regards to the 7200 that platform received the feature via 12.3(2)T and 
12.2(18)S:
http://www.cisco.com/go/fn

Yes, there would be a significant performance benefit. When we did the 
performance testing for the paper referenced below Random Sampled NetFlow 
had not been released and therefore it wasn't tested. However, to give you 
an idea, at that time we did have Sampled NetFlow on the 12000 so you see 
that reflected in the testing on the Engine 0/1 linecard Sampled vs 
non-Sampled NetFlow. There is a difference of 16 to 4 in additional % CPU 
hit above baseline with 1/100 sampling rate. I will be doing some more 
performance tests on NetFlow that will include Sampled NetFlow in the 
coming months and there will be a corresponding paper.

Paul

At 08:21 AM 12/15/2003, Mark Turpin - ESS Network wrote:
>Paul Kohler (pkohler at cisco.com) wrote on Dec 14, 2003:
>
>PK>In answer to your questions:
>
>i'm slightly curious...
>
>is the real answer the delivery date of sampled netflow feature to
>c7200?  will this occur?  why hasn't it?  would there be no cpu
>benefit?  maybe someone more familiar with the sampled nf code could
>inform me of its behavior and why it just wouldn't work?
>
>cheers,
>mark
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list