[c-nsp] NetFlow for billing on 6500/SUP720-3B
Dobbins, Roland
rdobbins at arbor.net
Wed Apr 6 21:46:58 EDT 2011
On Apr 7, 2011, at 8:22 AM, TCIS List Acct wrote:
> My concern is that, due to our inexperience with the 6500 platform, I want to
> make sure we don't run into any performance issues or, worse yet, stability
> issues in IOS.
Performance and stability aren'the main concerns - rather, it's accuracy/utility which are problematic.
The 6500 Supervisor (and each DFC-enabled linecard) has a relatively small mls (NetFlow) table which is easily overflowed with minimal traffic diversity, and it doesn't support packet-sampled control of flow creation, otherwise known as 'sampled NetFlow'. This means that your statistics can be skewed/underreported in a non-deterministic manner.
It also doesn't tell you about dropped traffic (due to ACLs, PBR, QoS, uRPF, S/RTBH, etc.), nor does it report the logical OR of all the TCP flags in a TCP flow.
So, while NetFlow is an outstanding choice for your application, the 6500 platform with current hardware has many NetFlow caveats which can adversely affect the statistical validity of the exported telemetry. With the 6500 (and 7600), you're better off staying with a device on a tap, IMHO; you can use fprobe or somesuch to generate NetFlow and send that to a NetFlow connection/analysis system.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the cisco-nsp
mailing list