Joel,
My cat6k is a 6500 series with sup 720. I admit its a tad overkill but
we like the feature set.
> Joel said: "I find that my tables fill up when I reach about 5 Gigs of
aggregate traffic. (all ports in+out)"
> Joel said: "a platform created to pass 400Mpps of forwarding
that can't do 5Mpps of netflow collection has a broken netflow
collection implementation." (how did you get this number 400Mpps? 1.5)
I measure my router/switch performance by throughput in Gb/s. I get 305
Kpps at 2.6 Gb/s, if i extrapolate that pattern out i would get approx
605 Kpps at 5Gb/s. Your traffic must have a high percentage of small
packets and consist of a large amount of connections...
If the TCAM didn't have a limit and did not stop processing flows the
box might DoS itself or start to drop packets. It's about balance. A
large amount of smaller packets running through your network would
indicate more connections and using a flow mask of "mls flow ip
interface-full" would create more flows to keep track of in memory. You
need to lower your flow mask granularity and/or use aggressive ageing
timers. What are your timers at? If you posted them i cant find them.
Have I read your posts correctly, you are seeing less then 7Mpps during
your 5 Gig peaks but your are only receiving 5Mpps of flow data because
of the TCAM table filling up. If that is the case a timer tweak might
fix that up.
Shane
On Thu, 2007-06-12 at 09:57 -0800, Joel Krauska wrote:
> Shane Gaumond wrote:
> > What modules do you
> > have on your box?
>
> 6748, 6704, Sup720-3bXL
>
> If you're spiking to 250Kpps on a Cat6k, then I think you may have
> bought the wrong switch for your application. You're three orders of
> magnitude over provisioned.
>
> > I would guess that at your traffic rates your dropping
> > packets somewhere.
>
> My packet rates are fine. I'm not dropping data.
> The box forwards packets just fine.
>
> It's the netflow TCAM (statistics gathering for netflow) that overflows.
> This is outside fo the packet data path.
> (that's what this thread is about)
>
> I'm not doing any L2 netflow. I do netflow on my L3 network egress points for
> customer traffic evaluation.
>
> In any case, I will say again that a platform created to pass 400Mpps of
> forwarding
> that can't do 5Mpps of netflow collection has a broken netflow collection
> implementation.
> It's like a race car who's speedometer only goes up to 5Mph.
>
> To include some useful information:
> I've found that using DFC cards helps scale the issue.
> Each local DFC card has it's own netflow processing engine.
> (so putting an additional DFC engine on a card with lots of netflow ports
> can mitigate/scale/localize the "problem"... -- it's just that dfc cards
> aren't cheap)
>
> --joel
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
