Peter Rathlev wrote on 19/3/2008 12:35 πμ: > Hi Brandon, > > On Tue, 2008-03-18 at 12:32 -0800, Brandon Price wrote: >> So Netflow it is then. > <snip> >> What I don't know is what are the negative impacts of setting a really >> short timeout for active flows? >> >> Our router Catalyst has about 150 T1s and 2 DS3s of DSL with lots of >> VOIP.. >> The output of show proc is: >> >> CPU utilization for five seconds: 2%/1%; one minute: 2%; five minutes: >> 2% >> >> Can I safely crank down the aging timer? What is a good value? > > Lower aging timer means more flows generated, which in turn means more > CPU cycles processing and sending them if NDE is enabled. It depends a > lot on what traffic patterns the box carries, but I don't think you > should worry if you have a Sup720. > > When you lower the aging you risk splitting natural flows. In theory a > telnet session with 5 seconds activity, a 20 second pause and then 5 > seconds activity again will create two flows if your aging timer is > less than 20 seconds. > > The box doesn't look at any session information (like e.g. TCP has), it > just looks at packets in the same "flow", defined from your flow mask. > > Regards, > Peter > >
On the other hand, the advantage is that you don't get the ram full so easily. So if you're not using a 3BXL/3CXL sup, then you might need to lower it; at least the fast aging timer. -- Tassos > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/