Need to utilize the netflow feature on a BGP peering internet service provider data center.
Need to use the netflow for analyze the customers IP subnets:
- on customer routed interfaces (FULL DUPLEX fast ethernet or Gigabit ethernet interfaces)
- or I can filter the netflow for specif stream (like ANY to CUSTOMER IP addresses).
The routers are Cisco Catalyst 6500 / 7600 with supervisor:
WS-X6K-SUP2-2GE Catalyst 6000 supervisor 2
WS-SUP720-3BXL Supervisor Engine 720
Need to see ALL the "raw packtes" routed with netflow feature for speciuc customers IP subnet.
1) WHICH IS THE BEST SOLUTION/APPROACH TO DO IT ?
2) In a enviroment where I have 5 or 10 or 20 Gbps of throughput on the same router can I use the MLS harware netflow feature WITH the netflow filtering solution to see ALL the "raw packets" whithout lost any one ?
3) If I use the MLS hardware netflow feature can I see ALL the "raw packets" (or i can lost some streams !) ?
4) It's possibile to configure the netflow on hardware (MLS NETFLOW) BEFORE the IP sterms/flow hit the PFC without missing any packets ?
I know how to filter netflow AFTER when I configure the NDE (keeping CPU cycles to a minimum on the Control Plane CPU Router) with "Packet-based NetFlow Flow Sampling" and/or "flow filters"
this means 128K rows for Sup2/PFC2, up to 256k rows on SUP7203BXL.
these are not so high numbers when compared to the traffic volume you say to appear.
So the risk to miss some flows is not negligible and can be small only in a data center when monitoring inter-servers flows like DB synchronizations.
On the other end the export filters you can configure doesn't prevent the undesired flows to use space in the netflow table: they are thought to reduce the cpu burden in building the export packets with the same logic that has driven the introduction of flow cache router aggregation on router platforms: filtering or aggregating data locally can be a way to reduce the number of accounting packets to be generated.
So these filters doesn't provide protection from table size limits.
Netflow router aggregation can provide some help because the flow aggregation cache is another table hosting aggregated data.
You wrote of customer ip subnets so some form of aggregation can be used to achieve this level of granularity.
"When you configure NetFlow aggregation on the MSFC, it is configured automatically on the PFC and DFCs (see the "Configuring NetFlow Aggregation on the PFC" section)."
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...