cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2195
Views
15
Helpful
9
Replies

Netflow

vinod_sharma7
Level 1
Level 1

I am working to do the impact assessment of netflow on the existing devices. I want to know the no of flows passing through the boxes. Could you anyone please give me an idea as how could i find out no of flows in the network without configuring netflow.

Any help in this would me much appreciated.


Thanks
Vinod

9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

Hi

what netflow are you running  , you can check the flow count with the below if flex netflow  ?

#sh flow exporter statistics
Flow Exporter xxxxxxxxxxxxxxxxxxxxxx:
  Packet send statistics (last cleared 9w5d ago):
    Successfully sent:         74681296 

Hello Mark,

Thanks for looking into this. 

We are planning to configure flexible netflow, however, i need to know the current flows in the network without configuring netflow. Do you think there is any way to check the flows in the network without configuring netflow.

Thanks

Hi

There would be no flows as you don't have netflow enabled , until you enable netflow nothing is being pushed in terms of flows to measure or calculate

netflow needs to be first applied to a layer 3 or layer 2 interface  to collect stats from and then flows are generated / stored or exported to a server to view

so the answer would be no , not until its enabled

I understand it would not be possible to check with netflow untill we enable netflow. I mean to ask is there any other way to figure out no of flows in the network. maybe some approximate value.

for example we take 64 bytes for a voice call and look at the no of users for voice application and conclude the bandwidth required for voice. Similarly, i was thinking any method to figure out no of flows in the network.

Thanks

not sure if you can do that before hand maybe you can I don't know , we just test ours as its in place ensuring were not causing issues to our switches/routers , you could turn it on bit by bit as its flexible netflow and see what your collecting to give you an idea as you can only collect certain parameters if you need to , or do 1 interface at a time

Netflow in general wont harm your device it usually just jumps the cpu by 2 - 5% if even and on bigger switches you shouldn't even notice it  

we have 2 netflow systems on our lan we export to each one all flows and we have over a 1000 devices sending them and we don't see any issues on router/switch side , although some collectors are limited by license to what you can send to them in terms of flows  

do see this online if its any use

https://www.lancope.com/blog/estimating-flows-per-second-fps-rate-with-ciscos-flexible-netflow

Thanks Mark for helping me out on this. Do you have any document from Cisco or any other source which explains impact of netflow on cisco devices.

How does it impact the CPE, Memory, TCAM etc?  How does it impact different hardware platform? How does the no of flows impact the overall router performance?

Thanks

Vinod

so that's a huge question as diff platforms process netflow differently , like 65s can be in hardware others in software , I don't have links to each platform you would have to look into that and probably wont be that easy to find as its not even mentioned on the public data sheets Cisco provides per platform

I have been running netflow on everything for the last 8 years in diff companies all diff types of hardware from 800 series up to ASRs and never had an issue with it , it terms of causing impact to local kit or production traffic

there is a couple of generic links online

https://www.plixer.com/blog/netflow/netflow-impact-on-hardware-performance/

few white papers on it

http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/white-paper-listing.html

as an example one of my 4331s a mid range router has sent over 7 million flows , its cpu is 2% :)

#sh flow exporter statistics
Flow Exporter LIVEACTION-FLOWEXPORTER-IPFIX:
  Packet send statistics (last cleared 32w6d ago):
    Successfully sent:         74360841   

#sh proc cpu sorted
CPU utilization for five seconds: 1%/0%; one minute: 2%; five minutes: 2%

It seems to me that the impact of NetFlow (which in my experience is not large) is in preparing data for export and in exporting the NetFlow data. I would think that you could enable NetFlow on the devices you want to measure without configuring any export. The device would process flows and should allow you to obtain counts of flows with minimal impact on the device.

I agree with Mark that without enabling NetFlow that I do not know of a way that you could estimate the number of flows.

HTH

Rick

HTH

Rick

Thanks Mark and Richard for your help and expert comments.