Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5186
Views
0
Helpful
3
Replies

NetFlow CPU Impact

Go to solution
tonyp8581
Level 1
Level 1

‎12-12-2007 01:55 PM - edited ‎03-03-2019 07:54 PM

Hi,

I'm planning on enabling NetFlow on all my Routers( model 2600 through 7200).

I've been reading up on CPU impact and i found some interesting sites on the subject.

But one thing i'm not sure. The CPU utilization depends on how many flows the router sends out. Most of the documents refer to 10,000 flows. Does this amount depends on what i enable or is this the initial number of flows ?

Also what is the time interval for each flows.

I hope my question is clear.

thx.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dgahm
Level 8
Level 8

‎12-12-2007 05:04 PM

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.

I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.

Please rate helpful posts.

Dave

View solution in original post

0 Helpful
3 Replies 3

Go to solution
dgahm
Level 8
Level 8

‎12-12-2007 05:04 PM

Tony,

Each flow is an IP connection, so it depends on traffic through the router and what interfaces you enable ip route-cache flow on.

I looked at a 7206 NPE225 with Netflow enabled on a single fast ethernet port running at about 4mb/s. There were 14,000 flows exported in about a minute. Router CPU is running about 45%. Lots of QOS with traffic shaping running on T1, multilink, and ethernet. Your mileage will of course vary -- but this is one example.

Please rate helpful posts.

Dave

0 Helpful

Go to solution
tonyp8581
Level 1
Level 1
In response to dgahm

‎12-12-2007 05:13 PM

thx for your information Dave.

0 Helpful

Go to solution
paitken
Level 1
Level 1

‎01-12-2008 03:53 PM

The CPU utilisation depends on the amount of traffic through the box. Matching each packet to the correct flow takes a tiny amount of CPU - so the more traffic that flows, the more CPU that's needed.

Also, exporting those flows from the box takes some CPU too. You don't have to export the flows, but then there's really not much point in gather the information in the first place - unless you're going to run a feature such as netflow top talkers right on the box itself.

As for your second question: there are two timers for flows:

The active time ("ip flow-cache tiemout active") controls the longest amount of time a flow can be active for before it's exported. This ensures that the collector gets to know about long-lived flows.

The inactive time ("ip flow-cache tiemout inactive") controls how quickly flows are exported after the last packet is seen. If your traffic is quite bursty then you might want to set this a little higher - though setting it too high means your netflow cache will be holding on to a lot of old data.

Finally, note you can also adjust the size of the netflow cache itself with the "ip flow-cache entries" command.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card