It is hard to give exact figures for traffic levels because every network is different. The following are based on my experience with a general hosting centric traffic pattern. Streaming media will generally allow higher BW to be achieved before overflow. Below 5G you are unlikely to overflow (given a certain amount of tuning). Above 10G you are almost certain to overflow (no matter how you tune it). Of course if traffic is atypical (attack or not just web traffic) all bets are off.
Having said all of that, netflow is lousy for traffic billing on the EARL7. Of course any traffic billing based on netflow should guarantee that the collection server doesn't drop packets since they don't get re-sent. Unless flow counts are fairly low netflow is not a good billing model for most applications since there is no guarantee against underbilling. For security, even the somewhat lacking netflow on the EARL7 is good but not great. It should definitely be supplemented by other data sources such as SPAN or taps. For general traffic patterns it is very good, primarily because these are estimates anyway. Mack -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: Tuesday, November 15, 2011 1:32 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6k Netflow To Be or Not To Be... On 11/15/2011 03:25 AM, Dobbins, Roland wrote: > > On Nov 15, 2011, at 5:57 AM, Nick Hilliard wrote: > >> pfc3 netflow is fine if you need to measure traffic ratios or >> protocol spread. > > Actually, in any kind of diverse source/dest/layer-4 environment, it > isn't, due to non-deterministic statistical skewing due to mls table > overflow. IF you overflow. Some (perhaps relatively small or quiet) networks can run without overflowing, or with only very occasional overflows. We do. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
