[nsp] Cisco 7600 MLS Netflow table

[Ian Cox]

At 07:41 AM 3/17/2004 -0800, Steve Francis wrote:
>Ian (or anyone else, Ian seems to have access to this info) - can you 
>share what is the limit of microflow policer flows (not the number of 
>defined policers a box can handle, but the number of distinct flows it can 
>police using the defined police statements) ona Sup II/MSFC2 and Sup 720?

The limit to the number of microflow policing instances is:
                 Maximum Effective
PFC2            128k    32k
PFC3a           128k    50k
PFC3bXL 256k    230k

A flow is considered to be a uni-directional stream, and each entry in the 
netflow table can be policed independently from each other. The maximum 
size of the table is listed, above along with the effective size which is 
how many entries fit with a 99.99% probability since the entries are placed 
into the netflow table using a hash function. The PFc3a and PFc3bXL use a 
more effective hash algorithms than the one used on PFC2.

The netflow table is present on every DFC in the system, so the number of 
flows being policed can be increased by adding more line cards with DFCs, 
but the policers on DFCs only effect traffic that ingress on that line 
card. A system with 3 x DFC3a and Supervisor could micro police up to 4 x 
128k flows, as long as a 1/4 of flows were handled by each of DFCs and 
Supervisor.


>And what happens when there are more flows than that number?

When you have more than number of flows, and entries can not be created in 
the netflow table, the packets are forwarded unpoliced. There are counters 
to display how many packets have been forwarded that netflow entries could 
not be created for.


Ian

>Thx