[c-nsp] Netflow on 7600. Again...
Ruslan Pustovoitov
rus-p at mostelekom.net
Thu Aug 18 01:34:53 EDT 2011
Roland says very exact thought about sampled vs non-sampled netflow
export on 7600.
If you 7600 box has no sufficient tcam to process current trafic and
aging timers already set to minimum, you may simply allow to overflow
tcam memory, drop part of statistics and use residual statistics
multiplied by emipical coefficient, as actual )
This approach work very well for as for many years and it more reliable
than sampled netflow.
Dobbins, Roland пишет:
> On Aug 18, 2011, at 1:30 AM, Michail Litvak wrote:
>
>
>> I would appreciate for any thoughts how to fix this or I should just
>> downgrade IOS to some SRC ? ;)
>>
>
> NetFlow on the 7600 is pretty much operationally useless due to caveats in the EARL7 ASIC, IMHO. One of those caveats is that the box doesn't actually perform packet-sampled control of flow creation, colloquially known as 'sampled NetFlow'; instead, it does export output sampling of collected flows, which may not be representative of actual traffic due to mls table overflow.
>
> There's nothing which can be done to fix this, it's a longstanding hardware issue. Sup2T/DFC4s on 6500, based on the EARL8 (same ASIC used in the N7K) resolve the NetFlow caveats for that platform, but there're no plans for 7600 to adopt that new hardware, AFAIK. Either using a packet-to-flow probe or a different box (like an ASR9000 or somesuch) are the only real remedies.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> The basis of optimism is sheer terror.
>
> -- Oscar Wilde
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list