Hi all,
Thanks for replying with my previous email.
Here's our actual network setup.
pos1 pos2 fe1
[main_router] ---------------[edge_router]-------------
[another_router_to_the_Internet]
/|\ \ \ \ \ pos3
/ | \ \ \ \ \
/ | \ \ \ \
\[peer_R&D]
s/1 s/2 s/n fe/1 fe/2 fe/n
/ | \ \ \ \
1. The main_router is connected to the edge_router via pos1.
2. The main_router has a couple of fast ethernet and serial interfaces.
3. Each serial interface goes to a subnet (to our clients)
4. We use the fast ethernet interfaces for our LAN
5. The edge_router has also few serial, pos and fast ethernet interfaces but
only
three interfaces are currently in use(pos1 going to main_router, pos3
going to our peer R&D,
and fe1 going to the Internet(to the router of our provider)
My goals
1. Have an overall protocol breakdown and top talkers monitoring in our entire
network block.
2. Have a protocol breakdown and top talkers monitoring per subnet (those
serial interfaces in the main_router)
I'm thinking about:
1. Since each subnet is connected to the main router and not in the
edge_router, I will make the main_router
the netflow exporter.
2. I will enable ip route-cache flow on s/1, s/2... s/n and fe1,fe2...fe/n to
have a protocol breakdown and top talkers
per subnet.
Question:
2.1 I've read somewhere that it will add to the burden of the router. Our
main_router only has these specs:
cisco 7206VXR (NPE400) processor (revision A) with 491520K/32768K bytes
of memory.
R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3
Cache
It has overall 24 serial interfaces, four fast ethernet and 1 pos. If I
will put netflow sensors on each interfaces,
will the router be able to handle the load?
2.2 What if I just enable ip route-cache flow on each of our client's
(subnet) router, and have it export all of its flows?
This means I will free up a huge burden from the main_router, right?
2.3 Some of the serial interfaces on main_router have been configured with
sub-interfaces for tunneling,
I've read somewhere that I should enable ip router-cache flow on the
main interface and not the subinterface.
just to confirm, is this correct?
3. I will enable ip route-cache flow on pos1 so that I can have an overall
protocol breakdown and top talkers
for our entire network.
Question:
3.1 What's the difference between enabling ip route-cache flow on pos1 of
the main_router or pos2 and fe1 on the edge_router?
The goal is to monitor the overall traffic from our network to the
Internet and back. Also an overall protocol breakdown.
4. The only direction of traffic to pos3(our peer R&D) is from our
network(main_router) to it and vice versa. pos3
doesn't have traffic going out to Internet.
Question:
1. Is it still necessary to enable ip route-cache flow on pos3 or there's
no need since I will be enabling route-cache flow
on all interfaces of our main_router?
That's all folks!, thanks!
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
