[c-nsp] Cisco 6500/7600 netflow questions
Anton Kapela
tk at 5ninesdata.com
Mon Nov 13 13:00:00 EST 2006
> We have some 7600s that are hitting the table entry limit
> fairly often so for full
> export I could see it exporting quite a bit. That export process
> may be what impacts the CPU.
If you add DFC's per-lc, you gain additional netflow cache resources
that the system will use in lue in of the centralized (and shared)
resources of the pfc. Thus, each lc then provides a local pool for
traffic ingressing from those interfaces, reducing the chance that the
'churn' would cause netflow cache insert errors. That is, of course,
assuming you're not transiting something nefarious like 10kpps random
source/dest syn floods and the like.
> The sampling is done on individual interfaces which makes me
> think that it populates some table and every x seconds
> exports that table and flushes it.
It seems likely this is an artifact of insertion failures rather than an
honest bug or some configurable behavior. That is to say, there may be
enough failures/sec that the resulting entry indicates a few packets
which matched before it was expired (and replaced by a new one).
-Tk
More information about the cisco-nsp
mailing list