Felix Schueren wrote: > Tristan RHODES wrote: >> We are seeing these errors on our Cisco 6500 with Sup720 modules. It >> looks like we might be processing more flows than it can handle. >> >> Dec 4 18:10:59: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold >> exceeded, TCAM Utilization [93%] > > IIRC, you can't do anything - (sampled) netflow is horribly broken on > the 6500s, where data will be stored in TCAM _before_ sampling, so even > if you just wanted 1/1000 sampled data, you'd still overflow TCAM once > your netflow-observed interfaces pass enough traffic... > > someone with more cisco background should clarify that though, that's > just second-hand information.
I'd go farther and say Netflow in general on the cisco 6500 is pretty broken. For example, by default Netflow is turned on for ALL ports. And sampled Netflow isn't sampled on collection in to the TCAM, it's sampled on what they export back to the receiver. I hear that in newer versions of IOS, it will honor your per port configs, and it's not a global, but I haven't had the opportunity to test that yet. If you find anything let me know, as I'd love to try it. Here's how my flow stats are configured on my cat6k to help allievate the problem, but my TCAMS are regularly full too. ip flow-cache timeout inactive 300 ip flow-cache timeout active 5 mls ip multicast flow-stat-timer 9 mls flow ip interface-full no mls flow ipv6 ip flow ingress ip flow ingress ip flow-export source Loopback0 ip flow-export version 5 origin-as ip flow-export destination x.x.x.x 6000 Best of luck, Joel ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
