[c-nsp] Netflow Top Talkers?
Peter Rathlev
peter at rathlev.dk
Tue Mar 18 18:35:01 EDT 2008
Hi Brandon,
On Tue, 2008-03-18 at 12:32 -0800, Brandon Price wrote:
> So Netflow it is then.
<snip>
> What I don't know is what are the negative impacts of setting a really
> short timeout for active flows?
>
> Our router Catalyst has about 150 T1s and 2 DS3s of DSL with lots of
> VOIP..
> The output of show proc is:
>
> CPU utilization for five seconds: 2%/1%; one minute: 2%; five minutes:
> 2%
>
> Can I safely crank down the aging timer? What is a good value?
Lower aging timer means more flows generated, which in turn means more
CPU cycles processing and sending them if NDE is enabled. It depends a
lot on what traffic patterns the box carries, but I don't think you
should worry if you have a Sup720.
When you lower the aging you risk splitting natural flows. In theory a
telnet session with 5 seconds activity, a 20 second pause and then 5
seconds activity again will create two flows if your aging timer is
less than 20 seconds.
The box doesn't look at any session information (like e.g. TCP has), it
just looks at packets in the same "flow", defined from your flow mask.
Regards,
Peter
More information about the cisco-nsp
mailing list