[c-nsp] [?? Probable Spam] Re: netflow
Adam Powers
apowers at lancope.com
Sat Nov 24 12:29:12 EST 2007
This should help:
http://www.cisco.com/en/US/tech/tk812/technologies_white_paper0900aecd802a0e
b9.shtml
On 11/23/07 4:07 AM, "Gert Doering" <gert at greenie.muc.de> wrote:
> Hi,
>
> On Fri, Nov 23, 2007 at 11:14:16AM +0300, Rivo Tahina RAZAFINDRATSIFA wrote:
>> Thanks to all who answered to this question, we are now testing some
>> of these, I would like to know the additional cpu charge due to the
>> use of netflow on the cisco box.
>
> This very much depends on the traffic characteristic (high number of
> short-lived flows vs. long-lived high-volume flows, etc.) and the type of
> box you have (software-forwarding vs. MLS based, vs. PXF vs. ...).
>
> On 7600s, the actual flow collection is done in the hardware ASICs, and
> doesn't cause any load - but the actual flow *export* can cause notable
> load (>30%) if there is a high number of flows on the box, like "2 Gbit/s
> of short-lived HTTP flows" or "single-flow DNS queries" or such.
>
> On software-forwarding platforms, like the 7200, my gut feeling is "add 10%
> CPU load for netflow". But that *will* vary according to traffic mix.
>
> gert
--
Adam Powers
Chief Technology Officer
Lancope, Inc.
c. 678.725.1028
f. 678.302.8744
e. adam at lancope.com
More information about the cisco-nsp
mailing list