[c-nsp] ipflow/netflow appliance
Julio Arruda
jarruda-cnsp at jarruda.com
Fri Jan 11 17:12:46 EST 2008
Stefan Hegger wrote:
> Hi,
>
> I'm looking for a device that can provide us with ipflow/netflow data. Our
> router isn't able to manage the netflows for a 10G connection. We have a
> catalyst 6500 with a sup 720. As far as I know it supports up to 128000 table
> entries. This is too small. So we are looking for a device that sniffer the
> traffic via SPAN and than generates the tables we need for analysis. Does
> someone know about such a device?
>
You don't say how much traffic you need to 'inspect', but just few ideas.
From what I understand, a SUP720 with XL xFC cards would handle up to
232k (or some other number 'close' to the magic 256k) TCAM entries for
netflow, this may help a little with your problem.
One thing that I seem to recall also, is that you can (and the usual
suspects on the list may want to confirm/deny this :-)..)
1- Use DFCs, if you have DFCs, I understand each slot would handle their
own 'inbound' Netflow, so you scale as you grow, with XLs based DFCs,
even better.
2- Use 'per interface' Netflow, also, I understand some recent IOS
release support enabling netflow in specific ingress interfaces only,
saving TCAM space.
More information about the cisco-nsp
mailing list