Mailing List Archive: [nsp] Limiting netflow

[nsp] Limiting netflow

Oct 9, 2002, 2:53 PM

Post #1 of 3 (1270 views)

On a 7500 running 12.0S train, is there a way to either to do Netflow
sampling or limit the export to less than 65K of flows?

Thanks,
Hank

[nsp] Limiting Netflow [ In reply to ]

hank at att

Oct 9, 2002, 10:22 PM

Post #2 of 3 (1213 views)

Permalink

No one sent this to me but I just found it so it may be of interest:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/switch_r/x
swcmd.htm#xtocid6

I just tried it:

TAU-gp1(config)#ip flow-cache entries 30000
%The change in number of entries will take effect after either
the next reboot or when netflow is turned off on all interfaces.
TAU-gp1(config)#

Hopefully this will do the trick.

-Hank

Re: [nsp] Limiting Netflow [ In reply to ]

bradley at dunn

Oct 9, 2002, 11:03 PM

Post #3 of 3 (1218 views)

Permalink

On Thu, 10 Oct 2002, Hank Nussbacher wrote:

> No one sent this to me but I just found it so it may be of interest:
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/switch_r/x
> swcmd.htm#xtocid6
>
> I just tried it:
>
> TAU-gp1(config)#ip flow-cache entries 30000

I'm not sure if that will do what you want. I think by setting the number of
entries below the default of 64K you might actually increase the volume of
NetFlow export traffic. Flows will be aged more aggressively to keep the number
of entries in the cache down to 30K. You could try increasing the size of the
flow-cache which might reduce the volume of NetFlow traffic at the expense of
more memory utilization on the router.

AFAIK only the GSR supports sampling. Depending on your application router-based
aggregation (version 8) might help.

Bradley