1. Home
  2. Networking
  3. Network Management

Deployment Guidelines

Historically, NetFlow has been an ingress measurement technology. With the introduction of new features such as Egress NetFlow, careful planning of NetFlow deployment is required to monitor all the flows of interest and avoid duplicate flow collection by enabling NetFlow at each ingress and egress interface. Indeed, duplicated flow records are difficult to track and eliminate.

Before enabling NetFlow on a network element, the CPU utilization is the first parameter to monitor. Enabling NetFlow and exporting the flow records with NetFlow version 5 increases the CPU utilization by about 15 percent on average, up to a maximum of 25 percent on some platforms. The additional CPU utilization on software platforms (as opposed to platforms where the NetFlow classification is done in hardware ASIC) due to NetFlow varies based on the number of flows, as described in Table 7-10. Note that the number of flows relates both to the rate at which flows are created and exported and to the occupation of the NetFlow table. The first is more relevant to CPU utilization, and the second relates to memory requirements. Even on platforms such as the Cisco 12000 and 7600 and Catalyst 6500, where NetFlow collection is implemented in ASIC, the export of flows requires CPU cycles.

Table 7-10. Approximate CPU Utilization for a Given Number of Active Flows
Number of Active Flows in CacheAdditional CPU Utilization
10,000< 4 percent
45,000< 12 percent
65,000< 16 percent

Enabling an extra aggregation scheme on a router increases the CPU utilization by 2 to 5 percent, depending on the number of aggregations enabled, with a maximum of 6 percent for multiple aggregation schemes.

Exporting flows with NetFlow version 5 or 9 has the same impact on CPU utilization. Furthermore, dual export of flows has no significant CPU impact.

If the CPU utilization is a problem or monitoring of all flows is not required, sampled NetFlow offers an alternative solution that is less CPU-intensive. Another alternative is to increase the flow expiration timeout. Finally, configuring the minimum required set of key-fields (in the case of Flexible NetFlow) or the minimum required flow mask (in the case of the Catalyst 6500/Cisco 7600) is essential in lowering the export bandwidth requirements. Figure 7-16 shows the CPU impact decrease by enabling sampled NetFlow as opposed to full NetFlow for a Cisco 7505 router.

Figure 7-16. NetFlow CPU Utilization




Network Management: Accounting and Performance Strategies - Graphically Rich Book
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Part I: Data Collection and Methodology Standards
Part II: Implementations on the Cisco Devices
Chapter 4. SNMP and MIBs
Chapter 5. RMON
Chapter 6. IP Accounting
Chapter 7. NetFlow
Fundamentals of NetFlow
CLI Operations
SNMP Operations with the NETFLOW-MIB
Example: NetFlow Version 5 on a Router
Example: NetFlow Configuration on the Catalyst
Example: NetFlow Version 8
Example: NetFlow Version 9
New Features Supported with NetFlow Version 9
Deployment Guidelines
Supported Devices and IOS Versions
Chapter 8. BGP Policy Accounting
Chapter 9. AAA Accounting
Chapter 10. NBAR
Chapter 11. IP SLA
Chapter 12. Summary of Data Collection Methodology
Part III: Assigning Technologies to Solutions