[c-nsp] netflow on sup1a
Tim Stevenson
tstevens at cisco.com
Wed Aug 23 20:24:39 EDT 2006
With sup2 & beyond, NF is not used for forwarding and new flow
entries are created entirely in hardware, so the CPU is not in the
"direct path" so to speak.
However, WRT NDE, you may wish to search the archives of this list
for a discussion of NF/NDE scalability, and the tradeoffs involved there.
Tim
At 06:49 PM 8/23/2006 +0100, christian.macnevin at uk.bnpparibas.com opined:
>Well, you can't hope for much more direct than that.
>
>So at what level do we become 'safe'? The sup2? The 720?
>
>
>
>
>Internet
>tstevens at cisco.com
>
>23/08/2006 16:58
>To
>Christian MACNEVIN, cisco-nsp
>cc
>Subject
>Re: [c-nsp] netflow on sup1a
>
>
>
>
>At 02:02 PM 8/23/2006 +0100, christian.macnevin at uk.bnpparibas.com opined:
> >Hello again helpful ones,
> >
> >We're looking at implementing Crannog here, for which we need to tune all
> >of our netflow to its
> >fastest aging timers and export frequency. I've got the lads to test the
> >recommended settings
> >on a few platforms here, and while the 4500 with an onboard NSC did fine,
> >a 6k with sup1A hated
> >it and CPU usage jumped from around 15-20% to peaking at 80. The guys
> >backed out after
> >five minutes of that.
> >
> >The device is running in hybrid mode. The PFC onboard supports Netflow I
> >believe, but I'm wondering
> >if this architecture first punts the packets to the SP before the ASIC
> >sees them or something?
>
>Yes, and it will do it again & again every time a flow, active or
>not, is expired from the h/w to export due to your low aging timers.
>
>Tim
>
>
> >The config they ran (just in CatOS, didn't get to the MSFC):
> >
> >set mls nde <destination> 9991
> >set mls nde version 7
> >set mls agingtime long 64
> >set mls agingtime 32
> >set mls flow full
> >set mls nde enable
> >
> >Cheers
> >Christian
> >
> >
> >This message and any attachments (the "message") is
> >intended solely for the addressees and is confidential.
> >If you receive this message in error, please delete it and
> >immediately notify the sender. Any use not in accord with
> >its purpose, any dissemination or disclosure, either whole
> >or partial, is prohibited except formal approval. The internet
> >can not guarantee the integrity of this message.
> >BNP PARIBAS (and its subsidiaries) shall (will) not
> >therefore be liable for the message if modified.
> >
> >*******************************************************************
> ***************************
> >
> >BNP Paribas Private Bank London Branch is authorised
> >by CECEI & AMF and is regulated by the Financial Services
> >Authority for the conduct of its investment business in
> >the United Kingdom.
> >
> >BNP Paribas Securities Services London Branch is authorised
> >by CECEI & AMF and is regulated by the Financial Services
> >Authority for the conduct of its investment business in
> >the United Kingdom.
> >
> >BNP Paribas Fund Services UK Limited is authorised and
> >regulated by the Financial Services Authority
> >
> >_______________________________________________
> >cisco-nsp mailing list cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>Tim Stevenson, tstevens at cisco.com
>Routing & Switching CCIE #5561
>Technical Marketing Engineer, Catalyst 6500
>Cisco Systems, http://www.cisco.com
>IP Phone: 408-526-6759
>********************************************************
>The contents of this message may be *Cisco Confidential*
>and are intended for the specified recipients only.
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list