[c-nsp] 6500 netflow export and the switch cpu
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 11 13:09:57 EDT 2008
Jon Lewis wrote:
> On Thu, 11 Sep 2008, Phil Mayers wrote:
>
>> What do the following say:
>>
>> sh mls netflow table-contention detailed
>
> Earl in Module 5
> Detailed Netflow CAM (TCAM and ICAM) Utilization
> ================================================
> TCAM Utilization : 100%
> ICAM Utilization : 7%
> Netflow TCAM count : 262026
> Netflow ICAM count : 10
> Netflow Creation Failures : 456680
> Netflow CAM aliases : 0
Ah. Yes, you're overflowing quite considerably. There's probably not a
lot you can do about this other than drop the flowmask.
>
> I guess I need to get more aggressive on the flow aging. I've been using
> mls aging fast time 8 threshold 3
> mls aging long 480
> mls aging normal 32
>
>
>> sh mls netflow flowmask
>
> current ip flowmask for unicast: if-full
> current ipv6 flowmask for unicast: null
Do you need the full mask? It includes tcp/udp ports. Dropping to
destination-source may save you a lot of flows (but obviously lose you a
lot of info)
>
>> sh mls nde
>
> Netflow Data Export enabled
> Exporting flows to [removed]
> Exporting flows from [removed]
> Version: 5
> Include Filter not configured
> Exclude Filter not configured
> Total Netflow Data Export Packets are:
> 3738467024 packets, 0 no packets, 1041361295 records
> Total Netflow Data Export Send Errors:
> IPWRITE_NO_FIB = 0
> IPWRITE_ADJ_FAILED = 0
> IPWRITE_PROCESS = 0
> IPWRITE_ENQUEUE_FAILED = 0
> IPWRITE_IPC_FAILED = 0
> IPWRITE_OUTPUT_FAILED = 0
> IPWRITE_MTU_FAILED = 0
> IPWRITE_ENCAPFIX_FAILED = 0
> Netflow Aggregation Disabled
>
>> sh platform hardware capacity netflow
> #sh platform hardware capacity netflow
> ^
Come to think of it, that's an SXF command.
More information about the cisco-nsp
mailing list