Cisco 7600 (7609) as a core BGP router.
Richard A Steenbergen
ras at e-gerbil.net
Sat Jul 18 14:00:02 CDT 2009
On Sat, Jul 18, 2009 at 03:05:32AM -0700, Darren Bolding wrote:
> Can someone provide a link, or more detail, on the netflow issues.
> Particularly as they relate to 6509's and sup720's.
The long and short of it is the current hardware (EARL7) is incapable of
doing sampling (i.e. looking at 1 out of every Nth packets). It gathers
all of the flow data into tcam and THEN does sampling in software, but
by that point its already too late because the tcam is exhausted.
Turning on sampling actually makes it worse, because it forces a
flowmask which fills the tcam even faster.
In my experience, even with extremely aggressive aging and a dest only
flowmask (discarding all src and L4 port information to make it fit
better), it tops out at around 2Gbps of "generic wholesale IP" traffic
you can sample. Obviously when it runs out of steam is dependent on the
number of flows in your network, you could be much better or much worse
depending on your traffic, but the point is it usually doesn't work for
most people. Adding DFC daughterboards makes this capacity scale
linearly, i.e. you go from 2Gbps system-wide capacity to 2Gbps per slot
capacity, but this typically doesn't make any difference.
The only recent improvement is that in SXH+ and SRB+ software you can
now enable netflow on a per-interface basis rather than a global basis
(before this, all traffic was sampled globally regardless of what you
configured on the interfaces). This can let you exclude interfaces you
don't care about (such as core links) use your limited resources only on
interfaces you do care about (such as edge links).
Until they come out with the EARL8 SUPs (what have they pushed that back
to now, 2011? :P) you are basically SOL in the netflow dept.
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the NANOG