NetFlow CPU Impact

Answered Question
Dec 12th, 2007
User Badges:

Hi,


I'm planning on enabling NetFlow on all my Routers( model 2600 through 7200).

I've been reading up on CPU impact and i found some interesting sites on the subject.


But one thing i'm not sure. The CPU utilization depends on how many flows the router sends out. Most of the documents refer to 10,000 flows. Does this amount depends on what i enable or is this the initial number of flows ?

Also what is the time interval for each flows.


I hope my question is clear.


thx.


Correct Answer by dgahm about 9 years 4 months ago

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.


I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.


Please rate helpful posts.


Dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dgahm Wed, 12/12/2007 - 17:04
User Badges:
  • Blue, 1500 points or more

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.


I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.


Please rate helpful posts.


Dave

paitken Sat, 01/12/2008 - 15:53
User Badges:

The CPU utilisation depends on the amount of traffic through the box. Matching each packet to the correct flow takes a tiny amount of CPU - so the more traffic that flows, the more CPU that's needed.


Also, exporting those flows from the box takes some CPU too. You don't have to export the flows, but then there's really not much point in gather the information in the first place - unless you're going to run a feature such as netflow top talkers right on the box itself.


As for your second question: there are two timers for flows:


The active time ("ip flow-cache tiemout active") controls the longest amount of time a flow can be active for before it's exported. This ensures that the collector gets to know about long-lived flows.


The inactive time ("ip flow-cache tiemout inactive") controls how quickly flows are exported after the last packet is seen. If your traffic is quite bursty then you might want to set this a little higher - though setting it too high means your netflow cache will be holding on to a lot of old data.


Finally, note you can also adjust the size of the netflow cache itself with the "ip flow-cache entries" command.



Actions

This Discussion