cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1647
Views
0
Helpful
4
Replies

the Netflow test on 10G interface

whenrnjs
Level 1
Level 1

I am on the Netflow testing with 10G interface on Cisco 6509. I am using SUP720 3B, 6704 4 port 10G module.

After configuring netflow on the Switch and generate packet.

when I check the this command "show plaform hardware capacity netflow", I've got the 100% TCAM utilization, of course, the receiving server lost incoming netflow data.

I am wondering if anyone have experienced the Netflow test on 10G interface or know of any limitation of supporting Netflow with 10G interface on SUP720-3B?

I am waiting for your advices.

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Whenrjs,

the question is how much different flows are seen in the generated traffic rather then raw traffic volume.

There are limitations on the size of the netflow cache table on a C6500.

A PFC 3B allows up to 128K entries

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html

you can perform some tuning using MLS aging timers in order to try to reduce TCAM usage with the tradeoff of missing short live flows

Hope to help

Giuseppe

Jan Nejman
Level 3
Level 3

Sorry, duplicated response.

Jan Nejman
Level 3
Level 3

sorry

Jan Nejman
Level 3
Level 3

Hi,

  giuslar have right. PFC 3B allows only up to 128K flow  entries. You can tune mls aging time.

I recommend you set mls  normal aging to 64 seconds, fast aging to 16 seconds with

threshold  50 packets, and long aging to 300 seconds. After changes please, check

your  switch processor utilization (it is different then MSFC processor  utilization).

See the following URL:  http://netflow.cesnet.cz/mls_aging.xls

I tested Cat6500 with different mls agings and the results are  in the xls sheet.

The second problem is that your analyzer dropping  netflow exports. This is another

problem! One part of problem is  that Cat6500 doesn't put all packets to the TCAM.

The second part  is that analyzer is overloaded and cannot parse all exports. Try

tune  the analyzer settings and/or database. I tuned Caligare Flow Inspector

analyzer  and it is capable to store up to 100.000 flows/sec on fast RAID array

and  quad-core CPU with 16GB RAM.

Kind regards,

Jan  Nejman

Caligare, co.

http://www.caligare.com/

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco