[c-nsp] Netflow Export Problem
Richard A Steenbergen
ras at e-gerbil.net
Sat Feb 2 17:34:21 EST 2008
On Sat, Feb 02, 2008 at 07:47:17PM +0100, Gert Doering wrote:
> (To be precise: the above is true up to 12.2(18)SXF. As far as I understand,
> in 12.2(33)SXH and in SR<something>, the MLS flow entries will actually be
> filtered according to the "ip flow ingress" settings on the interfaces, and
> thus you won't see unexpected flows. I have not yet tried either version,
> but have read it in the release notes...).
As best as I can tell (from what the release notes say or don't say at
any rate), there are three behaviors:
* In SXF and prior, all hardware flows are collected and exported globally,
regardless of your "ip flow" configurations.
* In SRA/SXH, the hardware flows are still collected (thus still crushing
your TCAM), but discarded after collection if its from (or to if you're
running ip flow egress) an interface without ip flow configured.
* In SRB/SRC+, the hardware flows are only collected from interfaces which
have ip flow configured. From what I'm told by people who have tried
this, the difference in netflow scalability is "night and day".
What I'm curious about is when SX is going to get the same fix, this this
is very high on my list of reasons why I'm considering running SRB/C
instead of SXH. Is this something on the roadmap for SXI?
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the cisco-nsp
mailing list