[c-nsp] Netflow performance

Manuel García Montero magamo79 at gmail.com
Fri Feb 15 05:40:24 EST 2008 

Hi James,

Thanks for your response.

We have a WS-SUP720 in the 6500, so i expect it will be then able to
deal with the flows (i have monitorized it, 42K peeks, graphs
attached). Next monday will be the NF-Day.


On Thu, Feb 14, 2008 at 3:44 PM, James Humphris <jhumphris at nexagent.com> wrote:
> Manuel,
>
> It depends upon the exact hardware configuration you have (SUP/PFC/DFC etc..) but on more recent components such as the SUP720, mls netflow functions are supported by a dedicated ASIC in hardware.
>
> This means that enabling mls netflow has no impact on the forwarding performance of the device. The ASIC simply "listens" to packets that are routed by the PFC, every time the device considers that a flow has expired, it passes the flow information to the Netflow Data Export (NDE) function and clears the cache entry, ready for re-use.
>
> It's worth bearing in mind though that the NDE function is completed by the MSFC in the "slow path" and hence can tend to drive up the CPU on the device.
>
> We have completed some testing in our labs here on a 7600 with SUP720. We used our test kit to generate 60K concurrent flows with randomly inserted TCP SYN and FIN flags set (loosely emulating pseudo-random TCP sessions) and observed no performance difference with and without netflow enabled.
>
> Interestingly, this test generated an average NDE traffic volume (using NDE version 5) of about 1Mbit/sec.
>
> One thing to bear in mind is the level of NDE aggregation and the impact that this has on your management network and MSFC CPU utilisation.
>
> Hope this helps
>
> James.
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manuel García Montero
> Sent: 14 February 2008 14:03
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Netflow performance
>
> Hi,
>
> Any advice in how netflow can affect the performance in a 6509? currently
> the 6509 provides wccp (8 squids cache farm), with 40 MB of ram used
> (366.9MBytes free), cpu stable at 1-2%, and supports ~500Mbps of
>
> throughput ...
>
> I was planning the following typical config (i can attach the rest of the
> config if needed)
>
>    mls netflow
>    mls aging normal 60
>    mls aging long 64
>    mls flow ip interface-full
>    mls nde sender version 5
>    mls nde interface
>
>    ip flow-export source IP_Router
>    ip flow-export version 5 peer-as
>    ip flow-export destination Collector_IP Collector_Port
>    ip flow-aggregation cache source-prefix
>      mask source 255.255.255.0
>
>
> with C Class  aggregation in order to reduce flows size ¿is this premise
> true?
>
> Thanks.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list