Hello @Herman2018 ,

>> how much traffics will be generated after enabling flow monitor?

the traffic is sent to the configured netflow collector using the configured flow exporter. The Exporting is efficient it is not a packet capture it reports expired flows using the flow record format ( flexible netflow version 9). The flows are exported when inactive or when the local flow cache is full. For a router usually it is the first case ( flow has terminated a flow is unidirectional traffic seen in ingress or egress on an interface the reported info includes the SNMP ifindex of the incoming interface , source IP, destination IP, protocol over IP and for TCP and UDP source and destination ports. Finally the numbers of packets and the number of bytes). A single packet can provide info about multiple monitored flows.

In the case the outgoing interface is also configured for netflow in the exported flows you will also see the exporting flows themselves towards the collector  ( UDP flows with destination = collector this is an old term whatever software you are using it is the server that  receives the accounting flow data)

Hope to help

Giuseppe

Both M02@rt37 and @Giuseppe Larosa are correct, NetFlow monitoring bandwidth depends on multiple factors and the latest V9 variant is designed to be efficient how it does it.

It's really difficult, without knowing what's happening now, to predict the impact.  Laugh, a catch-22, if you were running NetFlow, with its info, we could likely accurately predict, but if you were running it, we wouldn't need to predict.

Perhaps the best way is to "ease" into it.  For example, use a high ratio sampling.  It won't provide extreme accuracy on flow stats, but it would help better predict how decreasing the sampling ratio may increase NetFlow bandwidth demand.

One good thing, you only want to monitor one interface.  Although NetFlow isn't like SPAN, it could be used against all the traffic passing through a device with many interfaces, a case where detailed NetFlow stats could be voluminous.

Bad thing, you didn't described the current circuit's bandwidth or its usual utilization.  I.e., possibly, the NetFlow traffic could fill the circuit, if you're nearly there now.  (For any one interface, NetFlow should be a rather low consumer of the bandwidth being monitored.)