12-12-2007 01:55 PM - edited 03-03-2019 07:54 PM
Hi,
I'm planning on enabling NetFlow on all my Routers( model 2600 through 7200).
I've been reading up on CPU impact and i found some interesting sites on the subject.
But one thing i'm not sure. The CPU utilization depends on how many flows the router sends out. Most of the documents refer to 10,000 flows. Does this amount depends on what i enable or is this the initial number of flows ?
Also what is the time interval for each flows.
I hope my question is clear.
thx.
Solved! Go to Solution.
12-12-2007 05:04 PM
Tony,
Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.
I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.
Please rate helpful posts.
Dave
12-12-2007 05:04 PM
Tony,
Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.
I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.
Please rate helpful posts.
Dave
12-12-2007 05:13 PM
thx for your information Dave.
01-12-2008 03:53 PM
The CPU utilisation depends on the amount of traffic through the box. Matching each packet to the correct flow takes a tiny amount of CPU - so the more traffic that flows, the more CPU that's needed.
Also, exporting those flows from the box takes some CPU too. You don't have to export the flows, but then there's really not much point in gather the information in the first place - unless you're going to run a feature such as netflow top talkers right on the box itself.
As for your second question: there are two timers for flows:
The active time ("ip flow-cache tiemout active") controls the longest amount of time a flow can be active for before it's exported. This ensures that the collector gets to know about long-lived flows.
The inactive time ("ip flow-cache tiemout inactive") controls how quickly flows are exported after the last packet is seen. If your traffic is quite bursty then you might want to set this a little higher - though setting it too high means your netflow cache will be holding on to a lot of old data.
Finally, note you can also adjust the size of the netflow cache itself with the "ip flow-cache entries" command.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: