Need to utilize the netflow feature on a BGP peering internet service provider data center.
Need to use the netflow for analyze the customers IP subnets:
- on customer routed interfaces (FULL DUPLEX fast ethernet or Gigabit ethernet interfaces)
- or I can filter the netflow for specif stream (like ANY to CUSTOMER IP addresses).
The routers are Cisco Catalyst 6500 / 7600 with supervisor:
WS-X6K-SUP2-2GE Catalyst 6000 supervisor 2
WS-SUP720-3BXL Supervisor Engine 720
Need to see ALL the "raw packtes" routed with netflow feature for speciuc customers IP subnet.
1) WHICH IS THE BEST SOLUTION/APPROACH TO DO IT ?
2) In a enviroment where I have 5 or 10 or 20 Gbps of throughput on the same router can I use the MLS harware netflow feature WITH the netflow filtering solution to see ALL the "raw packets" whithout lost any one ?
3) If I use the MLS hardware netflow feature can I see ALL the "raw packets" (or i can lost some streams !) ?
4) It's possibile to configure the netflow on hardware (MLS NETFLOW) BEFORE the IP sterms/flow hit the PFC without missing any packets ?
I know how to filter netflow AFTER when I configure the NDE (keeping CPU cycles to a minimum on the Control Plane CPU Router) with "Packet-based NetFlow Flow Sampling" and/or "flow filters"
Packet-based NetFlow Flow Sampling:
I can also use flow filters to limit the flows being exported: