[c-nsp] CoPP IS-IS traffic on N7k
Lincoln Dale
ltd at cisco.com
Mon Jan 24 21:44:37 EST 2011
On 25/01/2011, at 12:53 PM, Roland Dobbins wrote:
>
> On Jan 25, 2011, at 8:45 AM, Lincoln Dale wrote:
>
>> and if they constitute a single "flow"?
>
> Each NDE record lists the number of packets in a given flow, so, yes, absolutely. Operators make use of this NetFlow capability all the time.
<sigh> maybe i'm not being clear enough.
the example was:
- "flow" of packets that lasts 1 second total of 100K packets.
- "flow" of packets that lasts 100 seconds, total of 100K packets.
possibly with tuned netflow aging timers you may be able to tell the difference between them, but reality is if they were both considered to be 'active' flows, one would not be able to tell the degree to how 'spiky' the former is compared to the latter.
>> don't get the wrong idea. netflow is a great tool to have in the kit bag for diagnosing issues. but in this case its not necessarily the 'best' tool to pinpoint precisely what might be going on.
>
> It does in fact work quite well for this application - very useful for gaining the necessary information to construct a great deal of one's CoPP policies, for example.
>
>> case in point: lets say its a device flooding control plane with BPDUs. will netflow show that?
>
> If a given platform team choose to implement FNF on their hardware to include include layer-2 information, sure, there's no reason why it couldn't, although presently nobody's done this, to my knowledge.
>
> ;>
<http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_15netflow.html#wp1094178>
cheers,
lincoln.
More information about the cisco-nsp
mailing list