[c-nsp] 7200 vs. 7600

[Ryan O'Connell]

On 05/10/2004 23:58, Dale W. Carder wrote:

> What is the operational impact of overflowing the netflow table?  I 
> thought that netflow (on the sup2 and 720, which both use CEF) was 
> only used for netflow export, and IIRC, nat.


Certainly I've seen Bad Things (I.e. dropped traffic) on an MSFC2 when 
the netflow table fills up - to track virus propagation on Sup2/MSFC2 
Hybrid networks I've used the trick of turning on NetFlow long enough to 
get the data required, then turning it off again. I don't know about the 
Sup2 in Native mode but on the Sup720 it appears the PFC is responsible 
for exporting NetFlow data to the Supervisor, but it's not actually used 
for switching - just reporting - so there's no impact if the table fills up.

You can increase the amount of NetFlow entries with the "ip flow-cache 
entries" command and although I've never tried, it appears to be 
possible to increase it up to 512k entries (Default is 64k) which is 
certainly more than I can ever see needing particularly using src-dst or 
dst-only. Based on what I'm using at the moment, 512k entries would take 
about 80MB RAM, which might be a problem if you only have 256MB 
installed but should be fine with 512MB.

I'm guessing you completely lose the ability to do NetFlow if you're 
using dCEF720, but it's a while before we'll need that sort of switching 
speed so I'm not going to worry about it now.

> However, purging/expiring too many netflow entries does raise the cpu 
> load of the switch processor (this was the L3Aging process on CatOS, 
> don't recall what it is on IOS).


If it's CatOS that sounds like the MLS table, rather than the Netflow 
table - but I guess purging the Netflow table on the MSFC has a knockon 
effect on the MLS tables on the Supervisor.