[c-nsp] Netflow Top Talkers?

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Mar 18 19:01:24 EDT 2008


Peter Rathlev wrote on 19/3/2008 12:35 πμ:
> Hi Brandon,
> 
> On Tue, 2008-03-18 at 12:32 -0800, Brandon Price wrote:
>> So Netflow it is then.
> <snip>
>> What I don't know is what are the negative impacts of setting a really
>> short timeout for active flows?
>>
>> Our router Catalyst has about 150 T1s and 2 DS3s of DSL with lots of
>> VOIP..
>> The output of show proc is:
>>
>> CPU utilization for five seconds: 2%/1%; one minute: 2%; five minutes:
>> 2%
>>
>> Can I safely crank down the aging timer? What is a good value?
> 
> Lower aging timer means more flows generated, which in turn means more
> CPU cycles processing and sending them if NDE is enabled. It depends a
> lot on what traffic patterns the box carries, but I don't think you
> should worry if you have a Sup720.
> 
> When you lower the aging you risk splitting natural flows. In theory a
> telnet session with 5 seconds activity, a 20 second pause and then 5
> seconds activity again will create two flows if your aging timer is
> less than 20 seconds.
> 
> The box doesn't look at any session information (like e.g. TCP has), it
> just looks at packets in the same "flow", defined from your flow mask.
> 
> Regards,
> Peter
> 
> 

On the other hand, the advantage is that you don't get the ram full so easily.
So if you're not using a 3BXL/3CXL sup, then you might need to lower it; at least the fast aging timer.

--
Tassos


> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list