headers
Monty Ree | 6 Apr 2007 07:18
Picon
Favicon

Re: netflow on 6509 sup720?

Thanks for your answer.

I would like to capture all flows as you said. 
But the traffic is over 10Gbps, so I should use sampling to reduce 6509 CPU 
load.

And GigabitEthernet9/1(at below config) is serial interface connected with 
ISP backbone, and all out traffic is transferred through this interface.
and internal servers are divided with several vlans.
So should I execute "ip route cache-flow" command at all vlans to capture 
in and out packets?

Thanks again for your time..

>From: Andrew Mabe <amabe@...>
>To: flow-tools@...
>Subject: Re: [Flow-tools] netflow on 6509 sup720?
>Date: Thu, 5 Apr 2007 21:42:19 -0400
>
>
>
>I would highly recommend turning off sampling.  It does you no  
>service on a 6509 because the "samples" are pulled out of the 
>netflow  TCAM.  The TCAM is severely limited depending on which 
>version on 720  you have (max in the table on a BXL is 256K with a 
>90% hash  efficiency).  When sampling is turned on it samples OUT of 
>the table  and not INTO the table.  Therefore sampling does nothing 
>other than  not report all traffic and reduce the load on your 
>netflow collector.
>
>mls netflow captures all traffic that is hardware switched, so make  
>sure to catch anything that is CPU routed turn on "ip route-cache  
>flow" on all possible interfaces that flows may be coming inbound.
>
>
>
>On Apr 5, 2007, at 9:20 PM, Monty Ree wrote:
>
>>Hello, all.
>>
>>I have operated several servers. But after I have setup flow-tools, 
>>  I can find only inbound traffic is seen.
>>(all request is seen, but I can't find any reply packet)
>>
>>My config is below.
>>
>>-. cisco 6509 sup720 native ios
>>mls ip multicast flow-stat-timer 9  mls aging long 64
>>mls aging normal 60
>>mls flow ip full
>>no mls flow ipv6
>>mls nde sender version 5
>>mls sampling time-based 1024
>>mls cef error action freeze
>>
>>interface GigabitEthernet9/1
>>ip address 1.1.1.1 255.255.255.252
>>no ip redirects
>>no ip unreachables
>>no ip proxy-arp
>>ip route-cache flow
>>mls netflow sampling
>>
>>ip flow-export version 5 peer-as
>>ip flow-export destination 2.2.2.2 2055
>>
>>
>>What's the matter and how can I solve this problem???
>>
>>Thanks for your time..
>>
>>_________________________________________________________________
>>메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/
>>_______________________________________________
>>Flow-tools mailing list
>>flow-tools@...
>>http://mailman.splintered.net/mailman/listinfo/flow-tools
>

><< smime.p7s >>

>_______________________________________________
>Flow-tools mailing list
>flow-tools@...
>http://mailman.splintered.net/mailman/listinfo/flow-tools

_________________________________________________________________
오늘 무슨 일이 생길까 궁금하시죠? MSN 운세에서 확인하세요. 
http://fortune.msn.co.kr/
Permalink | Reply |

Gmane