[c-nsp] Cisco 6500/7600 netflow questions

Phil Bedard philxor at gmail.com
Mon Nov 13 09:56:36 EST 2006 

That's really the  meat of my question.  With the sampling enabled on  
all of our ingress interfaces, what exactly is being exported?
On the software-based platforms the sampling builds the netflow  
tables, on the 6500/7600 there is the hardware MLS netflow cache  
which is
always active.

Phil


On Nov 13, 2006, at 9:48 AM, Adam Powers wrote:

> Unless you’re trying to cut down on network load from NetFlow  
> packets or you’re collector can’t handle it, you’re better off NOT  
> using sampled NetFlow on the 6500.
>
> To my knowledge (unless something has changed) the 6500 doesn’t  
> actually sample in the same way as that of the GSRs. The cache is  
> fully populated as in “full NetFlow” and then sampled on export.  
> That is, the cache contains all normal NetFlow data (which is what  
> you’re seeing) but the exported records contain only 1 in <whatever>.
>
> There is no performance gain for the 6500. In fact, the process of  
> sampling the cache on export adds additional overhead.
>
> -- 
>
> Adam  Powers
>
>
>
> On 11/13/06 9:32 AM, "Phil Bedard" <philxor at gmail.com> wrote:
>
>>        We are currently using sampled netflow on our 6500/7600s using
>> 12.2SXF and I have a few questions about
>> sampled netflow on those boxes.   My question is what is being
>> populated when the packets are sampled, and at the export
>> interval, what exactly is being exported.   I can do a show ip cache
>> flow (or show mls netflow ip) and see entries with
>> packet counts in the 25-100 range, but none of the flows I see
>> exported have more than 2 packets reported.
>>
>>         Is it sampling packets between export intervals, adding them
>> to a cache to be exported, and then flushes that cache
>> on export?
>>
>> Phil
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>

Phil Bedard
philxor at gmail.com

More information about the cisco-nsp mailing list