 |
|
|
|
|
|
|
|
|
|
|
|
|
How-to setup sampled Cisco NetFlow In performance measurement vendor Plixer International's previous blog titled - How to configure a Cisco Nexus 7000 to export NetFlow v9, Plixer outlined how to enable Flexible NetFlow using 5 easy steps. Plixer also believes that unlike the Cisco Catalyst 6500 which drops NetFlow when its busy, the Cisco Nexus 7000 can send exponentially more flows (i.e. tens of thousands per second) without dropping anything. Although this may sound impressive, no single NetFlow collector solution can handle over 50,000 flows per second. Imagine a switch (the Cisco Nexus 7000) that is capable of sending even more than this. NetFlow Sampling on the Nexus 7000 On high bandwidth interfaces, applying NetFlow processing to every single packet can result in high CPU utilization. Cisco NetFlow sampling on the Nexus 7000 (see configuring NetFlow) is for high-speed interfaces. You can configure samples for M out of N, for example, 1 out of every 100 packets are sampled. Below you can define the number of samples to take per the number of packets received. The sample range is from 1 to 64. The packet range is from 1 to 8192 packets. Is this starting to sound like sFlow? NetFlow vs. sFlow Some think that NetFlow sampling is beginning to look and smell like sFlow, but it isn't the same thing. The sFlow technology samples packets of any protocol (IPX, Spanning Tree, etc.) and NetFlow is limited to IP. However, sFlow cannot be used as reliably for IP accounting. Neither are standards, but NetFlow like sFlow can be implemented in hardware or software and like sFlow, NetFlow can sample packets. More on this in another blog. You can find more information on sFlow vs. NetFlow within Network World's (Closer look: sFlow better than NetFlow?). Even if the collector could handle the volume, the necessary SQL queries on such a massive amount of data could cause coffee breaks. This is when NetFlow sampling must come into play. Plixer's aware that it's a dirty phrase most enterprises don't want to consider, however, there are times when it's simply the only option. Enterasys also came to terms with this in their X Series switch, which only sends sampled NetFlow. Review of the NetFlow Commands To review, here are the steps to set up the Cisco Nexus 7000 to export NetFlow v9:
Fourth -We need to bind the record to the exporter using a flow monitor. We'll call it 'Monitortac7000.'
Please pay close attention to what happened above. We bound the record 'netflow-original' to the exporter 'scrutinizer' and the name of this flow monitor is called 'Monitortac7000.' Step 4.5 - We need to bind the record to the exporter using a flow monitor. We'll call it 'Monitortac7000.'
Above, we're sampling 1 out of every 100 packets. Fifth - Now it's time to apply the flow monitor 'Monitortac7000' to each interface.
The next line is for egress, but in most cases you don't need it.
Continue on applying the flow monitor to each interface.
Sixth - Plixer knows it was supposed to be 5 steps, but Plixer forgot this one.
Visit Brad's how to archive.
Don't be shy, what tips can you provide on sampling Cisco NetFlow? 
|
| |||||||||||||||
|
©2011 BradReese.Com - Home - About - Repair - Power Supplies - Refurbished - Blog - Quick Links - Site Map - Contact Us | |||||||||||||||||
