gather Neflow statistic in LAN

Unanswered Question
Oct 23rd, 2007

Hello,


we have some problems with gathering the Netflow statustic on our 6500 SUP720B and need some other solution. the problem is quite simple - netflow table on SUP720 goes full very fast, in 5-10 seconds and the netflow data statisctic is not fully exported.


Will e.g. NAM (or NAM2) sefvice card help us to gather the full netflow statistic? or is there other ways?


many Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Tue, 10/23/2007 - 07:39

If you haven't customized the cache timeout values, that may be an option.


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/command/reference/I1.html#wp1271726


mls aging fast [threshold|time] ###

mls aging long ###

mls aging normal ###


http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hnf_c/ch05/nfb_bmch.htm#wp1047359


ip flow-cache timeout inactive ###

ip flow-cache timeout active ##



Another option might be sampled netflow. Or, if you really only want to analyze certain traffic, you can try applying netflow filters. The latter two may require certain IOS code levels.


Konstantin Dunaev Tue, 10/23/2007 - 07:49

hi,


thank you for the responce!


age doesn't help, i tried the minimal values.

sampled netflow doesn't help to reduce the Netflow table utilisation and we need to see all traffic.

Jan Nejman Thu, 10/25/2007 - 01:53

Hello Konstantin,

I'm following to our previous discussion...

Could you change flow mask? You will see less details, but all flows. (Maybe is solution change it to see only src/dst IP and not ports, etc...) I suppose that changed flowmask can save 25% of flowcache... (see http://support.caligare.com/kb/entry/47/ about flowmasks) I think that a "Destination-Source-Interface" can be fine for you...



Jan


Konstantin Dunaev Thu, 10/25/2007 - 01:59

Hello Jan,


actually dst-src-int flowmask is currently used and I don't think the flow mask has any influence on Netflow table size, because aggregation, flowmask and samples are applyied only to exported Netflow data but not to the data which is used to build up the Netflow able itself.

Actions

This Discussion