[c-nsp] Usage Billing w/ Netflow / Implementation Pitfalls
Peter Rathlev
peter at rathlev.dk
Tue May 20 15:25:05 EDT 2008
On Tue, 2008-05-20 at 14:46 -0400, Adam Powers wrote:
> On Tue, 2008-05-20 at 20:27 +0200, Peter Rathlev wrote:
> > This reminds me: All the flows we receive max out at ~2.1GB. I'd like
> > to assume that this is because the switches automatically ages flows
> > before they reach the 32-bit limit (or 31-bit?); can anyone confirm
> > this?
>
> You are correct. The exporter will unnaturally expire the cache entry
> and start a new one when the octet counter overflows.
>
> YMMV from one Netflow cache implementation to another.
>
> BTW: For systems that use "sort | uniq" approach for Netflow
> deduplication this effect would mess things up. Setting lower active
> timers (I recommend 60 seconds) would help.
The lowest I can set "mls aging long" to is 64 seconds (Sup720), and a
1Gbps connection could hit 2^32 bytes in less than that, even at
something like 75% use. And if we're talking 2^31 it's even worse.
Well, it seems NFSen can find out what to do, the aggregation numbers
look okay.
Thanks,
Peter
More information about the cisco-nsp
mailing list