[c-nsp] netflow sampling
Roland Dobbins
rdobbins at arbor.net
Tue May 19 20:21:37 EDT 2009
On May 20, 2009, at 4:37 AM, sthaug at nethelp.no wrote:
> Cisco 6500/7600 as far as I know always does non-sampled netflow in
> hardware - then the netflow may or may not be sampled before export,
> depending on your configuration.
Unfortunately, the caveats associated with NetFlow on past and current
6500/7600 hardware generally tend to render it unsuitable due to the
high likelihood of mls table overflow in most circumstances, along
with the lack of TCP flags and insight into dropped traffic.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the cisco-nsp
mailing list