SDM template must be set as video (similar to PBR) using the sdm prefer video command. The scale of PBR feature may be reduced when netflow is enabled. ICMP egress packetĪt the global level, both netflow and PBR features use the same TCAM region for adding rules. When ICMP (ping) and netflow is enabled on the same interface, only the ICMP ingress packets are monitored. If BFD and netflow is enabled on the same interface, only the BFD ingress packets are monitored. This is due to FPGA limitations.Įnabled on the same interface with netflow configuration. Overall traffic monitored is within 1Gbps. Monitoring can account for a maximum of 1Gbps traffic rate in the system (withĪ minimum frame size of 100 bytes). Though, netflow supports 16KĮntries, flows monitored are lower due to hash collisions. Monitoring can be configured only after configuring bridge-domain on the EFPįlows can only be learnt due to FPGA limitations. Ports (IP Ethernet, BDI) and EFP are supported. Supported are packets and bytes (collect counter packets and collect counter Identify or classify flows for both IPv4 and IPv6 unicast traffic. Type, TOS, source port, destination port and input logical interface to Monitoring supports only the 7 keys-Source IP, Destination IP, Layer 3 protocol Netflow monitoring is only supported on the RSP2 module. L2VPN Flow monitor configured under Xconnect does not monitor the flows and cache is not updated.Ĭonfiguring netflow monitor under L2VPN Xconnect context (local connect) is not supported. But you can still apply the same concept to determine the best place to set up your Netflow captures with the goal of capturing both forward and return traffic, and not duplicating any packets.Netflow ingress monitoring in not supported on mpls core interface.Ĭonfiguration of caches entries number is not supported. That said most production networks are significantly more complex (and rightfully so!) than what is pictured above. This accounts for picking from one of the four netflow capture points to cover the forward traffic (host X to Host Y) as well as the return traffic (Host Y to Host X), without capturing duplicated traffic in the process. Which in the (again, simplistic) example above would mean setting up a capture at these points: So capturing on one of these would be sufficient.Ī common practice is to deploy netflow on the ingress interfaces of all your 'access' routers. Obviously, capturing on all four of these points would also create 4x duplication of the traffic. The simple solution is to just pick one of these to monitor, but then what of the return traffic? Imagine a packet going from Host Y to Host X, that packet would also cross four possible (what I'll call) Netflow capture points: If you were capturing at every single one of these points, you would get the same flow data, duplicated four times. Take this simple example: Host X Router A Router B Host YĪ packet going from Host X to Host Y will cross four total interfaces: The decision of where and what direction to monitor becomes a bit more ionvolved when more Router's are involved. If you monitor both directions and both interfaces, you will be monitoring duplicated flows. When you only have one Router, then you are fine monitoring both directions or both interfaces.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |