[c-nsp] 6500 netflow export and the switch cpu
Ross Vandegrift
ross at kallisti.us
Fri Sep 12 16:46:29 EDT 2008
On Fri, Sep 12, 2008 at 09:32:02PM +0200, Ivan Gasparik wrote:
> I plan to try the way mentioned by you - mirroring traffic to
> some fprobe server. Is here somebody running external server for
> netflow analysis? I would be interrested in your experiences,
> especially what hardware is needed for processing 10Gb/s of
> traffic?
I haven't done anything up to 10G, but I've mirrored transit
interfaces to servers for netflow collection as a demo. I'd say it
was around 500M of live traffic. I was using pmacctd to generate
netflow v9 records with src/dest IP, proto, ports, and src/dest AS.
A quad-core 2GHz Xeon could just about keep up with a 500M mirror
session per cpu, running one instance per mirror session.
--
Ross Vandegrift
ross at kallisti.us
"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
More information about the cisco-nsp
mailing list