-
Flexible
NetFlow is not supported on the L2 port-channel interface, but is supported on
the L2 port-channel member ports.
-
Flexible NetFlow is not supported on the L3 port-channel interface, but is supported on the L3 port-channel member ports.
-
Traditional NetFlow (TNF) accounting is not supported.
-
Flexible NetFlow version 9 and version 10 export formats are supported. However, if you have not configured the export protocol, version 9 export format is applied by default.
-
Microflow
policing feature shares the NetFlow hardware resource with FNF.
-
Only one flow monitor per interface and per direction is
supported
.
-
Layer 2, IPv4, and IPv6 traffic types are supported. Multiple flow monitors of different traffic types can be applied for a given interface and direction. Multiple flow monitors of same traffic type cannot be applied for a given interface and direction.
-
Layer 2, VLAN, WLAN and Layer 3 interfaces are supported, but the device does not support SVI and tunnels.
-
The following NetFlow table sizes are supported:
Trim Level
|
Ingress NetFlow Table
|
Egress NetFlow Table
|
LAN Base
|
Not supported
|
Not supported
|
IP Base
|
8 K
|
16 K
|
IP Services
|
8 K
|
16 K
|
-
Depending on the switch type, a switch will have one or two forwarding ASICs. The capacities listed in the above table are on a per-ASIC basis.
-
The switch can support either one or two ASICs. Each ASIC has 8K ingress and 16 K egress entries, whereas each TCAM can handle up to 6K ingress and 12K egress entries.
-
The NetFlow tables are on separate compartments and cannot be combined. Depending on which ASIC processed the packet, the flows will be created in the table in the corresponding ASIC.
-
NetFlow hardware implementation supports four hardware samplers. You can select a sampler rate from 1 out of 2 to 1 out of 1024. Only random sampling mode is supported.
-
With the microflow policing feature (which is enabled only for wireless implementation), NetFlow can and should be used only in full flow mode i.e. NetFlow policing cannot be used. For wireless traffic, applying a sampler is not permitted, as it hinders microflow QoS.
-
Only full flow accounting is supported for wireless traffic.
-
NetFlow hardware uses hash tables internally. Hash collisions can occur in the hardware. Therefore, in spite of the internal overflow Content Addressable Memory (CAM), the actual NetFlow table utilization could be about 80 percent.
-
Depending on the fields that are used for the flow, a single flow could take two consecutive entries. IPv6 flows also take two entries. In these situations, the effective usage of NetFlow entries is half the table size, which is separate from the above hash collision limitation.
-
The device supports up to
15 flow monitors.
-
SSID-based NetFlow accounting is supported. SSID is treated in a manner similar to an interface. However, certain fields are not supported such as user ID .
-
The NetFlow software implementation supports distributed NetFlow export, so the flows are exported from the same device in which the flow was created.
-
Ingress flows are present in the ASIC that first received the packets for the flow. Egress flows are present in the ASIC from which the packets actually left the device set up.
-
The reported value for the bytes count field (called “bytes long”) is Layer-2-packet-size—18 bytes. For classic Ethernet traffic (802.3), this will be accurate. For all other Ethernet types, this field will not be accurate. Use the "bytes layer2” field, which always reports the accurate Layer 2 packet size. For information about supported Flexible NetFlow fields, see Supported Flexible NetFlow Fields.
-
Configuration of IPFIX exporter on an AVC flow monitor is not supported.
-
Flexible NetFlow export is not supported on the Ethernet management port, Gi0/0.
-
When a flow record has only Source Group Tag (SGT) and Destination Group Tag (DGT) fields (or only either of the two) and if both the values are not applicable, then a flow will still be created with zero values for SGT and DGT. The flow records are expected to include source and destination IP addresses, along with SGT and DGT fields.
-
The flow monitor with flow record, that contains the CTS field, cannot be attached on the WLAN (SSID).
-
When QoS marked packet is received on an interface which has NetFlow configured on the egress direction, the QoS value of the packet will be captured by the collector. However, when the packet is received on an interface which has NetFlow configured on the ingress direction, the QoS value of the packet will not be captured by the collector.