Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
10
Helpful
4
Replies

Netflow on a Sup720 Version 2

mlipsey
Level 1
Level 1

‎06-27-2006 09:34 AM

So my next question; now that I have Netflow collection properly configured - how can I limit the amount of CPU it can use? THE NDE process can hit pretty hard on the CPU; most of the good stuff happens in hardware anyway so I'm okay with some CPU utilization spent on this but I have a money making network. I need to ensure that the NDE process CAN'T overrun the router. Is there a way to limit the amount of processor a process can hog up?

Labels:
0 Helpful
4 Replies 4

David Stanford
Cisco Employee
Cisco Employee

‎06-27-2006 11:40 AM

Here's some info that might be helpful:

It is important to look at timers and exports as aggressive timers will lead to frequent purging of netflow table and frequent export of netflow entries to the collector.

Default timers result in optimal cpu usage, but it also depends on the traffic that you have in the network.

For example:

One must understand several characteristics of the traffic in the network, including average packets/second of throughput and average number of packets/flow, to estimate the amount of data Netflow will generate.

For example, if the average throughput on a Cisco

7600 router is 150kpps and the average number of packets per flow is 20, the device will

forward about 7500 flows per second. One can then expect 250 flow export datagrams (v5 in

this example) per second (7500 flows/30 flows per export datagram), or about 250 x 1500

bytes/datagram = 375KB/second of flow export traffic from one router toward the collector.

So a lot depends on traffic flow in the network , so it is hard to say how much CPU will

increase by enabling netflow. It can vary from one device to another.

mlipsey
Level 1
Level 1
In response to David Stanford

‎06-28-2006 02:12 PM

How might I make these calculations on my own router?

0 Helpful

matthew.mcbride
Level 4
Level 4

‎06-28-2006 10:37 AM

I came across this Cicso white paper titled "Netflow Performance Analysis". It may provide some information regarding your request for CPU impact.

http://www.cisco.com/en/US/customer/tech/tk812/technologies_white_paper0900aecd802a0eb9.shtml

Regards,

-m2

mlipsey
Level 1
Level 1
In response to matthew.mcbride

‎06-28-2006 02:01 PM

Dude, that's a pretty awesome article - I just wish it has a sup720 in there. How can I calculate how many flows per minute other than the obvious of just watching the counter?

Also; do I need to watch the CPU on the individual cards? "Execute-on" doesn't appear to work the same as on a 12000 on the sup720.

Thanks!

-Mike

0 Helpful
Customers Also Viewed These Support Documents