[112721] in North American Network Operators' Group
Re: Netflow on SUP720-3BXL
daemon@ATHENA.MIT.EDU (Nick Hilliard)
Sun Mar 15 05:24:10 2009
X-Envelope-To: nanog@nanog.org
Date: Sun, 15 Mar 2009 09:23:29 +0000
From: Nick Hilliard <nick@foobar.org>
To: Andy Bierlair <globichen@gmail.com>
In-Reply-To: <d626d8700903141855w20a5be31vda6aaf528610b559@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 15/03/2009 01:55, Andy Bierlair wrote:
> I’m trying to run netflow on one of our Cisco core routers (SUP720-3BXL),
> but I think I am hitting some limitations because of this:
Sounds about right for the amount of traffic you're pushing through the
box. The SUP720 is a very poor netflow platform.
There has been extensive discussion about this problem in cisco-nsp over
the past several years, and this posting is probably more appropriate to
that mailing list. But basically, there is too little netflow tcam on this
card to deal with anything more than a couple of gigs of traffic. You can
help things by setting the aging timer to be very aggressive, and by
getting DFCs (although these are a rather expensive option). Sampling
won't generally help, as the sampling is done in software, after the data
has been collected.
More info on:
> http://www.google.com/search?q=sup720+netflow+%2Bsite:puck.nether.net/pipermail/cisco-nsp
Nick
