Cisco NX-OS supports
sampled NetFlow. This feature samples incoming and outgoing packets on an
interface. The packets sampled then qualify to create flows.
Sampled NetFlow
reduces the amount of export data sent to the collector by limiting the number
of packets that create flows and the number of flows. It is essential when
flows are created on a line card or external device, instead of on the
forwarding engine. F2, F2e, F3, and M3 Series modules support only sampled
NetFlow.
Implementing NetFlow
on F2 and F2e Series modules creates flows in the software. Too many packets
trying to create or update flows can increase the load on the CPU, thereby
increasing the need for a protective rate limiter. The rate limiter limits the
number of packets that reach the CPU to approximately 1000 packets per second.
F3 and M3 Series modules use a special hardware called FSA, which is used as a
NetFlow processor, to create flows.
The sampling mode
supported on F2, F2e, F3, M3, M1, and M2 modules is M out of N, where M packets
are selected randomly out of every N packets for sampling, and only those
packets can create flows.
Note |
With the F2 and F2e Series modules, you will need to be aware of the scaling factor to be configured, which is the additional
sampling of 1:100 multiplied by the configured sampling. If you overlook this factor, you will not see the actual in the reported
rate.
|
Rate limiter limits
the number of packets that reach the CPU to approximately 1000 packets per
second on the F2 and F2e Series modules. On the F3 Series module, rate limiting
of 500 PPS per ASIC (SoC) is implemented. Hence, for Cisco NX-OS 7000, if the
F3 Series module has 6 SoCs, then it will rate limit 500*6=3000 PPS to the CPU,
per F3 Series module; and for Cisco NX-OS 7700, if the F3 Series module has 12
SoCs, then it will rate limit 500*12=6000 PPS to the CPU, per F3 Series module.
The F3 and M3 Series
module supports more sampling rate, 1:131071 compared to 1:8191 on other F2 and
F2e series modules.
Note |
The F3 series module
supports an increased sampling rate on version 9. Performance on the F3 series
module for the 7.2(0)D1(1) release has improved by 20 to 50 times the packet
processing capability when compared to a 6.2.x release. It is enhanced to 50000
pps. Due to the increased speed, you can use a lower sampling rate on the F3
series module for this release. For example, a sampling of 1:4000 can be
replaced with a sampling of 1:80.
|
On M3 series modules,
the default rate limit value is 8000 PPS per ASIC (SoC). In such a scenario,
the Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (with 2 SoCs) will
rate limit 8000*2=16000 PPS only to the CPU per M3 Series module. Use the
hardware rate-limiter layer-2
netflow rate module m3module command on a specific M3 Series module to
configure the rate limit value to 24000 PPS. This configuration will enable the
M3 series module to rate limit 24000*2=48000 PPS to the CPU per M3 Series
module.
Similarly, the Cisco
Nexus 7700 M3-Series 24-Port 40G Ethernet Module (with 4 SoCs) will rate limit
8000*4=32000 PPS only to the CPU per M3 Series module. Use the
hardware rate-limiter layer-2
netflow rate module m3module command on a specific M3 Series module to
configure the rate limit value to 12000 PPS. This configuration will enable the
M3 Series module to rate limit 12000*4=48000 PPS to the CPU per M3 Series
module.
The following
limitations apply to sampled NetFlow and F2 Series and F2e Series modules:
-
An additional
sampling of 1:100 is applied over the configured value for F2 Series and F2e
Series modules. For example, if the configured sampling is 1 in 200, the actual
applied sampling is 1 in 20000. When you configure the sampler value to 1:4956,
the system does not start the rate-limiter. This value is calculated based on
the maximum traffic that would cross a module.
-
The accuracy of
the sampled NetFlow compared with the traditional NetFlow is dependent on the
sampling rate configured. If the sampling rate is 1:1, the sampled NetFlow is
exactly accurate as the traditional NetFlow. And if the sampling rate is 1:100,
the sampled NetFlow is less accurate than the traditional, but it still yields
statistical patterns that allow you to monitor the device.