On 22 Feb 2016, at 11:31, online264...@telkomsa.net wrote:

> "Robert Franklin" <rc...@cam.ac.uk> wrote:
> 
>> I've not measured this exactly but our Netflow collectors (running nfcapd) 
>> are recording about 80-100,000 flows 
>> per second across about 17 routers and 2 Cisco ASAs with NFSen.  That's just 
>> over 50M flows per 10 minute file -
>> each about 1.2GB in size.
> 
> Sounds good. Are you doing full Netflow export, or have the routers doing 
> sampling and export sampled flows?

It's full export from all of Cisco Catalyst 6500s + Sup 720 using NetFlow v9 
and 6880-X + Nexus 7010 using Flexible NetFlow and ASA 5585-X using NetFlow 
with NFSen.

The Flexible NetFlow records are being match/exported using 'platform-original 
ipv4 interface-full'.


> In our case, ATM and GigE interfaces are exporting sampled flows. Which 
> messes around byte volumes when comparing with other data sets. But our 
> network guys are telling me it burns too much router CPU having these 
> interfaces do full flow exporting of traffic routed.

Depends on your traffic levels I think -- I had to tune the parameters on the 
Catalyst 6880-Xs (which are our border routers with the internet) to get a 
balance between table size and CPU load.  We have the XL tables (1M flows) and 
the following timers:

  Timers:
                       Local        Global
    Inactive Timeout:  7 secs       300 secs
    Active Timeout:    32 secs      64 secs
    Update Timeout:    1800 secs
    Fast Timeout:                   5 secs, 15 packets

The tables are mostly OK but will occasionally fill up on occasional bursts 
(once per hour or two) - the CPU load is 20% average and peaks at 30-40%.

The 6880-Xs are a lot better than the old 6500 + Supervisor 720s we used to 
have in that role: the CPUs are much faster.

  - Bob


-- 
Bob Franklin   rc...@cam.ac.uk / (+44 1223 7) 48479
Networks, University Information Services, University of Cambridge


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to