Impact of Netflow accounting

A few days ago I was describing the impact of CEF accounting on a router (based on its architecture). The picture is clearer with Netflow: Cisco has published a white paper detailing the impact of various types of Netflow accounting on a large variety of platforms, from an 1800 ISR to the GSR (12000).

The link to this white paper has been published in Joe Harris' blog.

5 comments:

  1. My apologies for the tangent I'm about to go down regarding NetFlow on an 1800 series. I've noticed IP_Audit Trail spikes CPU usage on the router and am wondering if switching to NetFlow will help to alleviate this issue while still providing quality reporting from the IOS firewall. Any help here would be greatly appreciated.

    ReplyDelete
  2. In my understanding, Netflow is more an accounting than an acceleration feature these days, but I could be completely wrong. If I'm not too far off, Netflow will not improve your firewall performance but increase the overall CPU utilization as the router has one extra step to do while forwarding the packets.

    You could, however, use Netflow to figure out the top flows that cause the high CPU utilization. I would also log incoming ACL failures to see whether you're under a DoS attack.

    ReplyDelete
  3. NetFlow is turning to be more of a traffic accounting and analysis technology. Quite a lot of people depend on NetFlow data for indepth traffic analysis and it also helps in finding security violations, DoS attacks and also capacity planning provided you have a good flow analyzer tool. You could try NetFlow Analyzer from ManageEngine. Nice and low cost with good features.

    ReplyDelete
  4. I am wondering if it is possible to log every connection that has passed through the router for security reasons? In my particular case I am looking for a solution that could provide last 30 days of all connections which have passed through the router.

    ReplyDelete
  5. ASA or SCE should be able to do it.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.