Re: Negative impacts by implementing Netflow?

CiscoPurpleBelt · ‎02-09-2020

Would there be any considerations in regards to negative impacts by implementing Netflow on production network devices/infrastructure such as memory, CPU, etc? I know only cached data is sent to a collector so I would not think so but seeking some guidance.

Rob Ingram · ‎02-09-2020

Hi, On modern hardware you would only expect to see a couple of additional % utilisation once netflow is enabled.

HTH

CiscoPurpleBelt · ‎02-10-2020

How about switches, routers, ASA, etc.? I read about possible high CPU utilization but even if that were the case, can't you set CPU threshold parameters to make sure Netflow does not hog CPU on the device?

Rob Ingram · ‎02-10-2020

A long time ago (15 years ago) netflow hogging resources used to be considered an issue, nowadays newer hardware shouldn't be a problem, even if hardware is 5 years old. You can define a CPU utilisation threshold, example here.

HTH

CiscoPurpleBelt · ‎02-10-2020

Awesome!

What do you think is a good limit to set for the CPU?

Is it best to set cache limits as well?

Basically, if there is a ton of traffic on the network, I would want to reduce any potential for issue as much as possible by configuring certain parameters other than perhaps random sampling or something.

Also, if you have IPSEC VPNs that use the interface NetFlow in configured on, it should collect that tunnel data as well correct? What if there are multiple tunnels on that interface?