Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NetFlow CPU Impact

Hi,

I'm planning on enabling NetFlow on all my Routers( model 2600 through 7200).

I've been reading up on CPU impact and i found some interesting sites on the subject.

But one thing i'm not sure. The CPU utilization depends on how many flows the router sends out. Most of the documents refer to 10,000 flows. Does this amount depends on what i enable or is this the initial number of flows ?

Also what is the time interval for each flows.

I hope my question is clear.

thx.

1 ACCEPTED SOLUTION

Accepted Solutions
Blue

Re: NetFlow CPU Impact

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.

I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.

Please rate helpful posts.

Dave

3 REPLIES
Blue

Re: NetFlow CPU Impact

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.

I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.

Please rate helpful posts.

Dave

New Member

Re: NetFlow CPU Impact

thx for your information Dave.

New Member

Re: NetFlow CPU Impact

The CPU utilisation depends on the amount of traffic through the box. Matching each packet to the correct flow takes a tiny amount of CPU - so the more traffic that flows, the more CPU that's needed.

Also, exporting those flows from the box takes some CPU too. You don't have to export the flows, but then there's really not much point in gather the information in the first place - unless you're going to run a feature such as netflow top talkers right on the box itself.

As for your second question: there are two timers for flows:

The active time ("ip flow-cache tiemout active") controls the longest amount of time a flow can be active for before it's exported. This ensures that the collector gets to know about long-lived flows.

The inactive time ("ip flow-cache tiemout inactive") controls how quickly flows are exported after the last packet is seen. If your traffic is quite bursty then you might want to set this a little higher - though setting it too high means your netflow cache will be holding on to a lot of old data.

Finally, note you can also adjust the size of the netflow cache itself with the "ip flow-cache entries" command.

302
Views
0
Helpful
3
Replies