[c-nsp] 3850?

Adam Greene maillist at webjogger.net
Fri Apr 10 18:26:58 EDT 2015 

We're not actually doing Netflow of any kind yet. 

It looks like most of our input queue drops are due to 'encapsulation failed' ... i.e. bogus traffic to non-existent hosts. So far it hasn't affected legitimate network performance, as far as we can tell. So maybe the 3750/3750G's will actually be able to support 450Mbps aggregate gracefully and we can afford to avoid upgrading for now ... that's a nice surprise.

That Smart Logging and Telemetry looks interesting ... 

I also understand the 3750's can support Medianet, which is similar to Netflow, with a recent enough IOS.

We're basically just interested in being able to drill down to see what kind of traffic is passing through the network, to find (a) illegitimate traffic, and (b) to respond to customer congestion complaints by explaining, "you are using your whole pipe to download windows updates: schedule those for off-hours!" etc.
 

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lukasz Bromirski
Sent: Friday, April 10, 2015 3:55 PM
To: Marco van den Bovenkamp
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 3850?


> On 10 Apr 2015, at 12:42, Marco van den Bovenkamp <marco at linuxgoeroe.dhs.org> wrote:
> 
> 
>> I think there's an uplink module for the 3750-X series which does 
>> netflow now, too?
> 
> Yep. The C3KX-SM-10G. That'll do line-rate FNF (or so thaey claim; haven't used them yet).

It does and the only limitation here is cache size. There is a way to RPSAN traffic from all ports in the switch despite this module capable of monitoring only traffic transitioning it’s ports using SFP loopback cable and one of the ports.

Without this module you can force generic 3k’s to generate NetFlow info triggered by some specific events on the switch by feature called Smart Logging and Telemetry:

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_bulletin_c25-658743.html

For truly all-ports NetFlow capable solutions in Cisco access portfolio go with 3650 and/or 3850.

-- 
"There's no sense in being precise when |               Łukasz Bromirski
 you don't know what you're talking     |      jid:lbromirski at jabber.org
 about."               John von Neumann |    http://lukasz.bromirski.net

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list