[c-nsp] Sup2T - poor netflow performance
"Rolf Hanßen"
nsp at rhanssen.de
Fri Oct 18 05:13:39 EDT 2013
Hi,
the whole interface config:
interface Vlan1421
description ...
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 ......................
ip ospf cost 1000
load-interval 30
ipv6 address x::1/y
ipv6 enable
ipv6 nd ra suppress
no ipv6 redirects
ipv6 ospf 1 area 2069
ipv6 ospf cost 1000
end
I apply netflow with:
ip flow monitor <monitorname> input
ip flow monitor <monitorname> output
Also tried with the "unicast" parameter, no effect.
Changing collect interface to match interface neither helps.
Replacing the record type with plattform default (record platform-original
ipv4 interface-full) does not reduce load either.
I guess it uses no sampling.
How do I configure/enable sampling ?
How do I see if it is sampled ?
I see no commands that look like to configure or verify sampling rate.
It's a 7609-S with CFC only and WS-X67xx linecards.
kind regards
Rolf
>
> On Oct 17, 2013, at 7:06 PM, "Rolf Hanßen" <nsp at rhanssen.de> wrote:
>
>> For example a box exporting something to a Peakflow SP for dos
>> recognition.
>> I recognized that starting a random-source-ip flood over my box even
>> could
>> make the cli freeze.
>
> This is not normal.
>
> What does your per-interface config look like?
>
> Are you sampling?
>
> What linecards are you using? Are they DFC4s or CFC linecards?
>
> Just as an aside, it would be advisable not to use the collect verb for
> the input interface, but rather to use the match verb in order to use
> input ifindex as a key field. 'Collect' is for non-key fields.
>
> ---------------------------------
> Roland Dobbins <rdobbins at arbor.net>
More information about the cisco-nsp
mailing list