Would there be any considerations in regards to negative impacts by implementing Netflow on production network devices/infrastructure such as memory, CPU, etc? I know only cached data is sent to a collector so I would not think so but seeking some guidance.
A long time ago (15 years ago) netflow hogging resources used to be considered an issue, nowadays newer hardware shouldn't be a problem, even if hardware is 5 years old. You can define a CPU utilisation threshold, example here.
What do you think is a good limit to set for the CPU?
Is it best to set cache limits as well?
Basically, if there is a ton of traffic on the network, I would want to reduce any potential for issue as much as possible by configuring certain parameters other than perhaps random sampling or something.
Also, if you have IPSEC VPNs that use the interface NetFlow in configured on, it should collect that tunnel data as well correct? What if there are multiple tunnels on that interface?