[c-nsp] Are there any disadvantages to aggressive netflow aging on a 6509?
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jul 4 11:15:09 EDT 2011
On 04/07/11 15:59, Matthew.Coleman-Hamilton at servicebirmingham.co.uk wrote:
> This seems to be having the desired affect in that TCAM utilisation is not
> approaching 100% and there doesn't appear to have been any significant
> increase in CPU utilisation (the EARL NDE task pops up in the process list
> on occasion when I check but seems to be using single figure % on the
> whole).
That's what we see; slight but largely insignificant CPU increase.
> However, my question is whether there are any disadvantages to aggressive
> aging, i.e. am I potentially missing flow information or exporting
> incomplete flow information by moving away from the default settings and
> aging flows quicker?
The flow information should be complete; you shouldn't miss anything.
What you might see is >1 flow for some connections, if they have mixed
periods of activity and inactivity e.g. if the host stops sending
packets for 33 seconds, then re-starts, you'll see two flows with the
same source/dest IPs/ports.
More information about the cisco-nsp
mailing list