[c-nsp] NetFlow for billing on 6500/SUP720-3B
Gert Doering
gert at greenie.muc.de
Thu Apr 7 13:38:19 EDT 2011
Hi,
On Thu, Apr 07, 2011 at 01:46:58AM +0000, Dobbins, Roland wrote:
> So, while NetFlow is an outstanding choice for your application,
> the 6500 platform with current hardware has many NetFlow caveats
> which can adversely affect the statistical validity of the exported
> telemetry. With the 6500 (and 7600), you're better off staying
> with a device on a tap, IMHO; you can use fprobe or somesuch to
> generate NetFlow and send that to a NetFlow connection/analysis
> system.
I tend to disagree here. If your traffic levels are so low that a
device-on-a-tap can handle them with 100% accuracy (and not lose
flows due to bursts that overrun the tap), the 6500 netflow will
do this job just fine.
Yes, it's lacking some data (like TCP flows), and yes, if your TCAM
space fills, you lose some flows - but with sufficiently fast aging,
this has never been a large-enough problem for us to go for something
else.
OTOH our traffic levels are ridicusly low regarding the throughput
a 6500 can handle (~5 gbit peak on a single box right now, and a good
number of long-lived flows) - so for someone who wants to handle
40 Gbit/s of DNS traffic "every packet is a new flow", it certainly
wouldn't work out.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110407/1544fb96/attachment.pgp>
More information about the cisco-nsp
mailing list