[c-nsp] 6500 Netflow

Lincoln Dale ltd at cisco.com
Fri Apr 18 00:50:27 EDT 2008



Richard A Steenbergen wrote:
> On Thu, Apr 17, 2008 at 06:49:14PM -0700, Ian Cox wrote:
>   
>> Which TCAM is being discussed? FIB, ACL or Netflow TCAM. There are 
>> three different TCAMs on the PFC3xxx/DFC3xxx. There may be 
>> optimizations happening for one of the other TCAMs in SRB/SRC SXH/SRA 
>> but there is nothing to my knowledge that could be added to 
>> dramatically reduce overflowing the netflow table besides not 
>> enabling it upon all the interfaces. The table is either 128k or 256k 
>> per PFC3xxx/DFC3xxx, you send in 128k or 256k unique flows, and the 
>> table is filled, and the next unqiue flow will result in the table 
>> overflowing. There no way make this better other than not creating 
>> entires in the first place. Just to be sure I rang up one the 
>> developers who writes and maintains that the netflow code and he said 
>> they have not done anything in that area.
>>     
>
> Netflow TCAM, obviously. The rumor I heard was that SRB/SRC made some 
> attempt to do the 1:N sampling BEFORE the flows were saved to TCAM, so as 
>   
the reality is that the forwarding hardware in question (EARL7/7.5 aka 
PFC3something) doesn't actually support sampled netflow in hardware but 
there are software workarounds to provide some degree of this functionality.

among other things, this is an enhancement that the follow-on forwarding 
hardware (EARL8) has added.
at this stage, EARL8 is only available on Nexus 7000 platforms, although 
you wouldn't need that much imagination to think of other platforms 
where it may also appear.

N7K's EARL8 has 512K netflow table size and can do packet-sampled 
netflow (one-packet-in-N) in hardware.
we also plan to add time-based sampled netflow too (again, h/w is 
capable of it).


cheers,

lincoln.



More information about the cisco-nsp mailing list