Andrew Fort writes: > On 4/5/07, Monty Ree <[EMAIL PROTECTED]> wrote: >> I would like to capture all flows as you said. >> But the traffic is over 10Gbps, so I should use sampling to reduce 6509 CPU >> load.
> Note that if I remember this all correctly, you won't lower SP CPU > loading, only RP CPU load as a result of generating netflow packets > for export. It's the other way round - on newer IOS releases (I think 12.2SXD or SXE and later), the SP does practically all of the work of sending out NDE packets, and the RP is mostly unimpacted by the rate of flows to be exported. This is for the centralized case. I think the RP is involved in exporting packets from DFCs. This is a pity because otherwise adding DFCs would be a great way to scale NetFlow performance (it definitely increases the effective hardware flow-table size). > I'd try to avoid running Netflow on the Sup720 at all costs, but > best of luck. The Sup720 has the highest-performance (unsampled) Netflow implementation I know of. If you can tune your timeouts so that your flows fit into the hardware table (128Ki entries on the PFC-3B, 256Ki entries on the PFC-3BXL, then it will perform nicely. If you have more flow, NetFlow will not be able to account for all packets. But at least forwarding still works at line rate, and you even get counters that tell you how many packets could not be put in the flow table. -- Simon. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
