Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NetFlow table size

Hello,

I cannot find any documentation which says what happens when a NetFlow table becomes full (6509 switch - 12.2(18)SXF7 IOS). Do incoming packets get dropped or are they routed as a normal IP packet without NetFlow? Alternatively, are older NetFlow entries removed to allow for a new entry to be inserted?

I am wondering what will happen in the case of network attacks where there are huge numbers of sessions in the NetFlow table along with legitimate traffic.

Regards,

Tom Griffin

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: NetFlow table size

Tom,

Traffic will keep passing with no impact when the netflow TCAM is at 100% utilization.

The traffic, however, will not be counted or exported via netflow. The flows do age out of the TCAM based on the intervals set by default or manually, but in my practice manipulating the timers do not help because I have so much traffic/flows going through the box.

The traffic that is "missed" by the netflow TCAM is put into a snmp counter that you can use cacti to poll and see how much traffic you are missing on netflow.

But... The packets will still be routed/switched with no affect.

Happy to Help!

2 REPLIES
Bronze

Re: NetFlow table size

Tom,

Traffic will keep passing with no impact when the netflow TCAM is at 100% utilization.

The traffic, however, will not be counted or exported via netflow. The flows do age out of the TCAM based on the intervals set by default or manually, but in my practice manipulating the timers do not help because I have so much traffic/flows going through the box.

The traffic that is "missed" by the netflow TCAM is put into a snmp counter that you can use cacti to poll and see how much traffic you are missing on netflow.

But... The packets will still be routed/switched with no affect.

Happy to Help!

Re: NetFlow table size

just to add:

on 6509 (SUP32? SUP720?) IOS12.2 Netflow table is used only for statistics and is not used for traffic switching,

CEF is used for traffic switching.

158
Views
0
Helpful
2
Replies