Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Netflow Switching + CEF


i was checking today the document "Troubleshooting High CPU Utilization Due to Interrupts". This talks about cpu load due to long access lists and also talks about using netflow switching with CEF to improve the process of access list and switching, this is the text:

"As a general rule of thumb, any access list with over ten lines is considered long.

Repeatedly going over long access lists is very CPU−intensive. With NetFlow switching, if
the flow is already in the cache, you no longer need to check the access list. So in this case,
NetFlow switching would be useful. You can enable NetFlow switching by issuing the ip
route−cache flow command.

Note that if Cisco Express Forwarding and NetFlow are both configured on an interface,
Cisco Express Forwarding will be used to make a switching decision, and NetFlow cache will
be used to speed up ACL checking and accounting purposes."

This is a document for 7500 series. I would like to know if this can be take as a best practice for other cisco platforms and can be used to improve perfomance when long access lists are applied to an interface, or if there is some limitation about using this.

thanks all for your replies.

Hall of Fame Super Silver

Re: Netflow Switching + CEF

Hello Fernando,

what platform are you intested in? with what IOS image running on it?

to reduce cpu usage caused by ACLs you could think to use turbo ACL

Hope to help


New Member

Re: Netflow Switching + CEF

thanks giuseppe for your reply,

i knew that turbo acls will be mentioned in the reply, for my understanding turbo acls applies for the big platforms like 7200, 7500, 1200, ASA, FWSM, 6500, and others series (pls tell me if there is any exception for this), but what about platforms like ISRs, 3700s, and others, im not sure if you can use turbo acls on this platforms, if that is not the case its ok to use netflow switching with CEF in the interfaces?

thanks again.

Hall of Fame Super Silver

Re: Netflow Switching + CEF


It would be interesting to know the date of publication of the article that discusses flow switching. I suspect that it is pretty old. There was a switching path for "flow switching" but only for a fairly short time.  Cisco retained flow switching concepts in implementing NetFlow tracking of forwarding of packets and the command ip route-cache flow enables this. But it no longer enables "flow switching" as a packet forwarding method. CEF is now the packet switching method that is used when packets are not process switched.



The "flow switching" is not

Nice information to know.

Hall of Fame Super Silver

Re: Netflow Switching + CEF

Hello Fernando,

>>  if that is not the case its ok to use netflow switching with CEF in the interfaces?

this is possible for sure on those high end platforms that you have mentioned I have configured many times successfully.

On ISR it should be possible too as you can find many examples here in the forums

have a look at Cisco IOS 12.4T netflow configuration guide


We don't disable CEF to enable netflow instead. Rather we can add netflow as a way to perform flow based accounting.

Scalability is achieved by sampling that can be deterministic or random depending on IOS versions and platforms.

So I agree with Rick that flow switching is not current anymore.

to be noted: when I tested turbo ACL on C7500 we could see that turbo ACL traffic was not processed in a distributed fashion on VIP processors but by central processor RSP4. But it was 8 years ago

Hope to help