Dear all
We have a couple of 7206VXR NPE-G1 running IOS Version 12.4(24)T6.
They were doing IPv4 netflow exporting all the time with this simple configuration:
ip flow-export source Loopback0
ip flow-export version 5 origin-as
ip flow-export destination x.y.z.1 2190
ip flow-export destination x.y.z.2 2191
int range Gi0/1 - 3
ip flow ingress
Everything was fine. But now we wanted to have netflow accounting for IPv6 as well and I realized that I have to deal with the new flexible netflow configuration method in order to get IPv6 netflows.
Well, it turned out that this is indeed very flexible and not really hard to do.
So we have configured exporters, records and monitors and activated
ipv6 flow monitor IPv6-NETFLOW input
on the three interfaces. Since there is almost no IPv6 traffic yet on the router in question this configuration did not affect the cpu-load.
When we were save with our flow record configuration and everything ran fine with ipv6 we did the analogous configuration for ipv4, switched off the old "ip flow-export" and enabled
ip flow monitor IPv4-NETFLOW input
instead on the three interfaces.
It works as expected BUT the cpu-load increased dramatically from 20 to 40 percent. And where we had 25% peak load so far we are now seeing almost 70%.
So, are there any issues with flexible netflow which we should know about? Anything one can do about the cpu-load or do we have to switch back to the old flow-export style at least for IPv4?
Any suggestions?
Grischa
