[c-nsp] 6500 Netflow
Richard A Steenbergen
ras at e-gerbil.net
Fri Apr 18 00:30:55 EDT 2008
On Thu, Apr 17, 2008 at 06:49:14PM -0700, Ian Cox wrote:
> Which TCAM is being discussed? FIB, ACL or Netflow TCAM. There are
> three different TCAMs on the PFC3xxx/DFC3xxx. There may be
> optimizations happening for one of the other TCAMs in SRB/SRC SXH/SRA
> but there is nothing to my knowledge that could be added to
> dramatically reduce overflowing the netflow table besides not
> enabling it upon all the interfaces. The table is either 128k or 256k
> per PFC3xxx/DFC3xxx, you send in 128k or 256k unique flows, and the
> table is filled, and the next unqiue flow will result in the table
> overflowing. There no way make this better other than not creating
> entires in the first place. Just to be sure I rang up one the
> developers who writes and maintains that the netflow code and he said
> they have not done anything in that area.
Netflow TCAM, obviously. The rumor I heard was that SRB/SRC made some
attempt to do the 1:N sampling BEFORE the flows were saved to TCAM, so as
to reduce the number of total flows and keep it from overflowing so
easily. Historically it seemed that enabling sampling made the problem
much worse rather than better, since it required changing a potentially
less-bad flow-mask like destination-only to full-interface in order to do
sampling. In my experience, destination-only on a average cust-agg box is
only good for about 2-3Gbps of traffic per PFC/DFC even with extremely
aggressive mls aging, while full-interface was good for significantly
less.
Also when looking through documentation, I found this:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/nde.html
Which seems to say that SRA had the same global netflow-isms as SXF, and
only SRB/SRC have the per-interface netflow, the same as SXH? Also it
mentions new flow-masks for SRB+, but nothing which would seem to be an
improvement, and no mention of removing the full-interface requirement for
doing sampling. Oh well, so much for hoping that Cisco was doing something
to make netflow useful on this platform. :/
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the cisco-nsp
mailing list