Are there any disadvantages to aggressive netflow aging?
I've enable netflow across the bulk of our 6509 estate and have, after reading various guides, posts and pieces of advice settled on a fairly aggressive set of mls aging timers:-
mls aging long 64
mls aging normal 32
mls aging fast time 16
This seems to be having the desired affect in that TCAM utilisation is not approaching 100% and there doesn't appear to have been any significant increase in CPU usage (the EARL NDE task seems to be using single figure % on the whole).
My question is around whether there are any disadvantages of aggressive aging, i.e. am I missing information by moving away from the default settings and aging flows quicker?
netflow tuning is similar to QoS tuning meaning that there is no setting which is good for every implementation but it depends on traffic pattern and on the hardware being utilized.
In general you use fast aging when TCAM is getting full and you need to clear space to fit more flows and get more accurate information (if the TCAM is full new flows are not created).
The drawback is that the shorter the flows stay in the TCAM and 'statistically' the higher the CPU will go as in a unit of time it needs to create and delete an higher number of flows (and depending on hw and configuration it might export them to a collector).
If you don't see high CPU condition when you configure a more aggressive aging it means that 1) your hardware can cope with the traffic pattern and 2) there aren't some many new unique flos created in a unit of time.
Hi to all,i would like to send the output of a single command to an email address so i have created a simple script you can see below.The email is successfully sent to the recipient with the correct subject but the body is empty without the output of the ...
To participate in this event, please use the button to ask your questions
* Note: The link to join the discussion will be activated on March 8
All the knowledge of these four experts at your disposal!
Cisco Software-Defined Wide Area Network (SD-WAN...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...