Today, I send all NetFlows in/out of my 2851 routers' WAN interfaces, to a server local to each router. I have ~ 30 routers around the world. I'm thinking about centralizing these servers so that I have one per region (APAC, Americas, etc). But I don't want to send the NetFlows across these WAN links if they are big enough to cause a utilization issue. But with NetFlows... I've only ever used them for troubleshooting purposes... I have never checked to see how much data per second they generate! Any tips for what commands could help me find this out, and what output I should focus on?
Just realized this had a simple solution... from the local server, I launched Ethereal and did a trace that filters on udp port # X, X being the port # I configured on my routers for the destination of the flows.
I think that NetFlow don't cause any problem if you will send it throught the WAN. Usually the Netflow consume around 1-5% of the monitored traffic.
CO if your WAN line is 1mbps, netflow will consume between 10 and 50 kbps. The aging setting change the netflow traffic rate of course. You can set up higher aging time to save the line speed.Higher aging but will consume more TCAM resources on your router. I recommend to use 1-5 minute for active timeout, and 20 seconds for inactive.
As pointed out, the amount of NetFlow being sent back over the WAN probably won't be significant, but to be sure your NetFlow Analyzer should tell you the flows/second or packets per second being received per router. NOTE: The NetFlow UDP datagrams are typically large packets.
Also, I would set the active timeout to 1 minute as most NetFlow Analysis tools will provide trends in 1 minute intervals and an active timeout of 5 could cause miss leading spikes above the interface speed in your trends.