We want to configure netflow on a 10gigabit uplink on a 6509 with sup720-10g, but before we do we want to make sure we know how to deal with the increase in load should it turn out to be to many flows.
My question is what commands/parameters should be set to reduce the load of netflow aside from the default config?
You could set the mimimum IP MLS Flow Masks for the Netflow table on the PFC. The flow mask determines the granularity of the statistics gathered, which controls the size of the NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the most-specific flow masks result in the most NetFlow entries. For example, if the flow mask is set to interface-source, the NetFlow table contains one entry per source IP address. (Assume that NetFlow is enabled on only one interface). The statistics for all flows from each source are accumulated in the one entry.
Also MLS aging could be used to keep the NetFlow table size below the recommended utilization
The PFC supports the following flow masks:
interface-source—A less-specific flow mask. Statistics for all ingress flows on an interface from each source IP address aggregate into one entry.
• interface-destination—A less-specific flow mask. Statistics for all ingress flows on an interface to each destination IP address aggregate into one entry.
• interface-destination-source—A more-specific flow mask. Statistics for all ingress flows on an interface between the same source IP address and destination IP address aggregate into one entry.
• interface-full—The most-specific flow mask. The PFC creates and maintains a separate table entry for each IP flow on an interface. An interface-full entry includes the source IP address, destination IP address, protocol, and protocol ports
I'd be interested to learn what happens in your NetFlow collector if you specify only "interface-source" as without full NetFlow v5 information (even if running NetFlow v9) some reporting tools may fail. If the reporting tool is home grown, it may not matter, but this post makes an intesting point in that it depends on what you want to collect and report on.
The Catalyst 65XX under a heavy load gets kind of interesting when considering the TCAM issues. If the switch starts skipping flow exports, the collector should alert you for missed flow sequence numbers. The NetFlow collector should also tell you if it can't keep up.
As far as increasing the load on the overall network, I wouldn't worry about this as typically NetFlow exports only increase the link utilization by 1-2% unless of course we are talking about a WAN link and multiple exports over the same link.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.