Re: [Flow-tools] netflow on 6509 sup720?

Thu, 05 Apr 2007 22:21:12 -0700 

Thanks for your answer.
I would like to capture all flows as you said. But the traffic is over 10Gbps, so I should use sampling to reduce 6509 CPU load. 


And GigabitEthernet9/1(at below config) is serial interface connected with 
ISP backbone, and all out traffic is transferred through this interface.

and internal servers are divided with several vlans.

So should I execute "ip route cache-flow" command at all vlans to capture 
in and out packets?



Thanks again for your time..



From: Andrew Mabe <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Flow-tools] netflow on 6509 sup720?
Date: Thu, 5 Apr 2007 21:42:19 -0400




I would highly recommend turning off sampling.  It does you no  
service on a 6509 because the "samples" are pulled out of the 
netflow  TCAM.  The TCAM is severely limited depending on which 
version on 720  you have (max in the table on a BXL is 256K with a 
90% hash  efficiency).  When sampling is turned on it samples OUT of 
the table  and not INTO the table.  Therefore sampling does nothing 
other than  not report all traffic and reduce the load on your 
netflow collector.



mls netflow captures all traffic that is hardware switched, so make  
sure to catch anything that is CPU routed turn on "ip route-cache  
flow" on all possible interfaces that flows may be coming inbound.




On Apr 5, 2007, at 9:20 PM, Monty Ree wrote:


Hello, all.


I have operated several servers. But after I have setup flow-tools, 
 I can find only inbound traffic is seen.

(all request is seen, but I can't find any reply packet)

My config is below.

-. cisco 6509 sup720 native ios
mls ip multicast flow-stat-timer 9  mls aging long 64
mls aging normal 60
mls flow ip full
no mls flow ipv6
mls nde sender version 5
mls sampling time-based 1024
mls cef error action freeze

interface GigabitEthernet9/1
ip address 1.1.1.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
mls netflow sampling

ip flow-export version 5 peer-as
ip flow-export destination 2.2.2.2 2055


What's the matter and how can I solve this problem???

Thanks for your time..

_________________________________________________________________
메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools






<< smime.p7s >>






_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools


_________________________________________________________________

오늘 무슨 일이 생길까 궁금하시죠? MSN 운세에서 확인하세요. 
http://fortune.msn.co.kr/ 


_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools






















					Reply via email to