On 11/08/2010 09:49 AM, Nick Hilliard wrote:
On 08/11/2010 00:35, Mack McBride wrote:
To be specific, the netflow portion does not do tcp flags properly.
There are also flow limits but most people do not run up against these.
In my experience, netflow problems start at a couple of hundred kpps.
It depends on your traffic patterns, your mix of DFCs and CFCs and of
course which linecards traffic is ingressing on.
We've used these boxes for years, under much higher load than 200kpps,
and had no problems. Only now, on our very busiest routers, are we
routinely suffering *occasional* netflow cache overflows. In fact, many
flows are double-counted, as they come into our network, then again once
they've passed through our firewalls into a VRF.
I'm honestly quite impressed they've lasted this long. My point is - it
varies, considerably.
Not really, but it does depend on what you're using your netflow for. If
you don't care about losing flows all over the place, then you can ignore
the warnings which the box will produce. On the other hand, if you're
using netflow for measuring traffic (e.g. for billing / measurement
purposes), then this is the Wrong Choice of hardware.
Certainly if you need 100% accuracy, it's the wrong choice.
On the other hand, enabling urpf for ipv6 will cause your ipv6 traffic to
be forwarded by the RP. This is completely useless.
Agreed. Easily my biggest disappointement!
On 10G support in general, the 6704 cards have tiny buffers (i.e. poor QoS
and risk of packet loss) and use XENPAKs, and won't do line rate 10G on all
ports. The 6708 have quite generously proportioned buffers, but they're
rather expensive and use X2 (again, not a problem if you're committed to
using X2, but if you aren't...) Buying XENPAKs these days is basically
lost investment - no new equipment has used XENPAKs for some years. And X2
is a matter of personal taste. If you are committed to Cisco, then it may
make sense. If you aren't, then it really doesn't.
Yeah, agreed. optics are a mish-mash. 6704 - avoid!
There was a very long and informative thread on sup720 CoPP earlier this
year ("Sup720 CoPP, limits on CPU performance"). Well worth reading.
And the RP CPU is pretty underpowered by today's standards. Even the
RSP720 is quite slow for busier bgp setups.
Kind-of related - slow boot times. 5+ minutes.
Also, the LAN cards don't do vpls, and... well, you get the idea. The
sup720 was a great platform when it was introduced in 2003, but the truth
is that technology has moved on. It still has lots of strengths and can be
a very good platform to buy on the second hand market. But you need to be
careful about what you do with it. It's not a one-box-fits-all product any
more. In its place, though, it's a really solid workhorse product.
An excellent summary!
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
