[c-nsp] Netflow on 7600. Again...
Dobbins, Roland
rdobbins at arbor.net
Wed Aug 17 16:18:53 EDT 2011
On Aug 18, 2011, at 1:30 AM, Michail Litvak wrote:
> I would appreciate for any thoughts how to fix this or I should just
> downgrade IOS to some SRC ? ;)
NetFlow on the 7600 is pretty much operationally useless due to caveats in the EARL7 ASIC, IMHO. One of those caveats is that the box doesn't actually perform packet-sampled control of flow creation, colloquially known as 'sampled NetFlow'; instead, it does export output sampling of collected flows, which may not be representative of actual traffic due to mls table overflow.
There's nothing which can be done to fix this, it's a longstanding hardware issue. Sup2T/DFC4s on 6500, based on the EARL8 (same ASIC used in the N7K) resolve the NetFlow caveats for that platform, but there're no plans for 7600 to adopt that new hardware, AFAIK. Either using a packet-to-flow probe or a different box (like an ASR9000 or somesuch) are the only real remedies.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the cisco-nsp
mailing list