Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Netflow adds how much extra CPU + Bandwith ?

Status
Not open for further replies.
SmokeyBandid

SmokeyBandid

Technical User
Jan 6, 2002
16
0
0
NL
Hello -> First I want to say that I really think Tek-Tips is a great community and I always enjoy reading the posts.

I'm working for a big company that has a ATM backbone at the moment that is connected from US to Europe to Asia. They have more then 100 sites and about 150+ cisco routers. Most of them are 26xx routers. The Core routers are 72xx routers. We are using Concord E-Health to monitor the amount of traffic on a connection, but now we want to use Cisco Netflow to monitor what kind of traffic (application based) is going over the lines.

I never worked with Netflow before and I'm still reading alot of information on the internet.

Now I found an article about the CPU utilization of cisco netflow on a 26xx router. Look here :
It says that the cpu utilization is about 50% higher then normal on a 2600 router when netflow is active with about 45000 flows.

Now my question is : Is 45000 flows much for a router and how do you describe a flow ? Does anybody have any experience with netflow ?
 
Sort by date Sort by votes
Each flow is a unique combination of source and destination IP address and port,as well as IP protocol. For flow read session, and 45000 simultaneous flows on a 2600 is probably rather high. I'm sure it may handle this much, but its a poor design choice.

I use Netflow, I check free memory and CPU load before and after its application. As an example I've just looked at a 7200 ATM core router:

IP Flow Switching Cache, 4456704 bytes
133 active, 65403 inactive, 18936380 added
542417183 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never

Currently its using 4.4Meg of RAM to maintain the cache and stats pool for the flows its recorded.

My view, its an excellent monitoring tool, I've used it for investigating host to host traffic profiles, looking at packet size distribution and tracking virus sources.
 
Upvote 0 Downvote
Thanks for the reply routerman,

1. So if I understand the sample correct, the 133 active flows are currently active and the 65403 inactive where active before. What is the highest amount of flows you ever had ? (if i may ask)

2. I've also found something about memory usage of netflow in the following link : With a 7x00 router, netflow cashe uses about 4mb of the dram. So that's the amount that you are using.
But it says 64k / cashe entry ? How does that add up to 4,4mb ?

3. Do you know how much extra cpu utilization netflow has on your router ?

4. How do you collect the neflow data ? With a Cisco Netflow Collector ? Do you only monitor the core routers, because we want to start monitoring the core and the edge routers but we have a 'problem' because we need to get all the info at 1 place and we don't know how much extra overhead that is going to produce for the routers and the bandwidth.

Thanks in advance ;)
 
Upvote 0 Downvote
I'm not sure what the highest value of active flows has reached, I applied this to glean some overall traffic profile details, so dont check that often.

I'll read up the link and have a look at that information

As for CPU utilisation on the routers I've used this on it normally impacts by 2-3% points only, but on most of the routers on customers network I look at the CPU is sat around 25% max(5 min), most are lower than this. This is true for 1700/2600 and 7200 series units.
 
Upvote 0 Downvote
So you also think 50% cpu increase is a little to much, but it should be more like 25% ? 45000 flows is a lot for a small 2600 router right ? For a backbone router that could be normal ? I don't know how to get the flow information. Is the flow information only available on a 72xx router with netflow ios installed or also on a normal ios on a 26xx router ?
 
Upvote 0 Downvote
This is one of those situations where you `have to suck it and see'. You wont have the flow information until you enable Netflow, then you find out you have too many flows for your RAM and the router crashes, admittedly this is probably an extreme case.

In my experience the CPU loading has not been a problem, but of course its entirely dependent on your particular network.

Once Netflow is enabled you will get the flow information, its part of the data Netflow produces.

I meant to say in my last post,when using this for looking at traffic profiles I captured the data to a text file and then imported it into Excel, OK for snapshots but not ideal for ongoing monitoring.
 
Upvote 0 Downvote
Hmm ok thanks for your help, i think we are going to install NAM boards into the routers so the CPU doesn't have to process the extra information. Thanks for you help.
 
Upvote 0 Downvote
The next thing I need to try and find out is the bandwith consumption of the Netflow information that is transported from the router to the Netflow collector. Any Idea ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
103
madwok
madwok
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
120
bdk76
bdk76
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
121
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
108
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
139
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top