Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NetFlow Data Amt on my WAN?

Today, I send all NetFlows in/out of my 2851 routers' WAN interfaces, to a server local to each router.  I have ~ 30 routers around the world.  I'm thinking about centralizing these servers so that I have one per region (APAC, Americas, etc).  But I don't want to send the NetFlows across these WAN links if they are big enough to cause a utilization issue.  But with NetFlows... I've only ever used them for troubleshooting purposes... I have never checked to see how much data per second they generate!  Any tips for what commands could help me find this out, and what output I should focus on?

Everyone's tags (2)
3 REPLIES
New Member

Re: NetFlow Data Amt on my WAN?

Just realized this had a simple solution... from the local server, I launched Ethereal and did a trace that filters on udp port # X, X being the port # I configured on my routers for the destination of the flows. 

Bronze

Re: NetFlow Data Amt on my WAN?

Hello,

  I think that NetFlow don't cause any problem if you will send it throught the WAN. Usually the Netflow consume around 1-5% of the monitored traffic.

CO if your WAN line is 1mbps, netflow will consume between 10 and 50 kbps. The aging setting change the netflow traffic rate of course. You can set up higher aging time to save the line speed.Higher aging but will consume more TCAM resources on your router. I recommend to use 1-5 minute for active timeout, and 20 seconds for inactive.

Kind regards,

Jan


Caligare, Co.

http://www.caligare.com/

New Member

Re: NetFlow Data Amt on my WAN?

Hello Estein,

As pointed out, the amount of NetFlow being sent back over the WAN probably won't be significant, but to be sure your NetFlow Analyzer should tell you the flows/second or packets per second being received per router.  NOTE: The NetFlow UDP datagrams are typically large packets.

Also, I would set the active timeout to 1 minute as most NetFlow Analysis tools will provide trends in 1 minute intervals and an active timeout of 5 could cause miss leading spikes above the interface speed in your trends.

Jake

www.plixer.com

469
Views
0
Helpful
3
Replies