[c-nsp] Flow tools
Justin M. Streiner
streiner at cluebyfour.org
Wed Jan 18 18:37:00 EST 2012
On Wed, 18 Jan 2012, Nick Hilliard wrote:
> On 18/01/2012 11:25, Phil Mayers wrote:
>> Sure. In particular, I note that on the 6500/sup720 platform, src/dst AS in
>> the netflow requires lookup (and export) by the supervisor CPU; distributed
>> NDE i.e. done by the linecard CPU will not be available.
>
> ... and also if you decide to change from origin-as to peer-as or
> vice-versa on a sup720, you should expect the sup720's CPU to be trashed
> for a couple of minutes. This can cause IGP session flapping and other
> unexpected results. I.e. do this in a maintenance window.
Fair warning: my BGP-speaking Netflow exporters are Juniper - I haven't
messed around too much with sampled Netflow on Cisco gear that supports
it. That said...
If you do sampled netflow, make sure the sample rate that nfdump
expects to see matches what your exporters are actually sending, otherwise
your data will be skewed.
This might be more of a Juniper option, but stay away from sample options
that include "the next X packets". In other words, sample setup of "1
packet out of 1000, plus the next 9 packets" is not the same as sampling
"1 packet out of 100". The last time I looked, nfdump didn't know how to
handle those "next 9 packets", so you would likely end up with very odd
looking data.
jms
More information about the cisco-nsp
mailing list