[c-nsp] Netflow performance

James Humphris jhumphris at nexagent.com
Thu Feb 14 09:44:39 EST 2008


Manuel,

It depends upon the exact hardware configuration you have (SUP/PFC/DFC etc..) but on more recent components such as the SUP720, mls netflow functions are supported by a dedicated ASIC in hardware. 

This means that enabling mls netflow has no impact on the forwarding performance of the device. The ASIC simply "listens" to packets that are routed by the PFC, every time the device considers that a flow has expired, it passes the flow information to the Netflow Data Export (NDE) function and clears the cache entry, ready for re-use.

It's worth bearing in mind though that the NDE function is completed by the MSFC in the "slow path" and hence can tend to drive up the CPU on the device.

We have completed some testing in our labs here on a 7600 with SUP720. We used our test kit to generate 60K concurrent flows with randomly inserted TCP SYN and FIN flags set (loosely emulating pseudo-random TCP sessions) and observed no performance difference with and without netflow enabled.

Interestingly, this test generated an average NDE traffic volume (using NDE version 5) of about 1Mbit/sec.

One thing to bear in mind is the level of NDE aggregation and the impact that this has on your management network and MSFC CPU utilisation.

Hope this helps

James.



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manuel García Montero
Sent: 14 February 2008 14:03
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Netflow performance

Hi,

Any advice in how netflow can affect the performance in a 6509? currently
the 6509 provides wccp (8 squids cache farm), with 40 MB of ram used
(366.9MBytes free), cpu stable at 1-2%, and supports ~500Mbps of
throughput ...

I was planning the following typical config (i can attach the rest of the
config if needed)

    mls netflow
    mls aging normal 60
    mls aging long 64
    mls flow ip interface-full
    mls nde sender version 5
    mls nde interface

    ip flow-export source IP_Router
    ip flow-export version 5 peer-as
    ip flow-export destination Collector_IP Collector_Port
    ip flow-aggregation cache source-prefix
      mask source 255.255.255.0


with C Class  aggregation in order to reduce flows size ¿is this premise
true?

Thanks.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list