On 4/5/07, Monty Ree <[EMAIL PROTECTED]> wrote:
Thanks for your answer.
I would like to capture all flows as you said.
But the traffic is over 10Gbps, so I should use sampling to reduce 6509 CPU
load.
Note that if I remember this all correctly, you won't lower SP CPU
loading, only RP CPU load as a result of generating netflow packets
for export.
And GigabitEthernet9/1(at below config) is serial interface connected with
ISP backbone, and all out traffic is transferred through this interface.
and internal servers are divided with several vlans.
So should I execute "ip route cache-flow" command at all vlans to capture
in and out packets?
Yes. You need to turn netflow on for this platform at all ingress
ports. You're presently only generating netflow for traffic headed
towards your VLANs (in through Gi9/1).
My memory says that when you turn netflow on on any one port on this
platform, you're effectively actually capturing netflow for _every_
port, it just isn't generating the actual netflow packets in the RP
for ports you don't have "ip flow export" or "ip route-cache flow"
enabled on (it may also not be pushing the info from the SP to the RP,
which saves you resources).
I'd try to avoid running Netflow on the Sup720 at all costs, but best of luck.
-a
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
