On Jul 18, 2009, at 5:05 PM, Darren Bolding wrote:
Can someone provide a link, or more detail, on the netflow issues. Particularly as they relate to 6509's and sup720's.
mls table can hold 256K entries at 93% efficiency, so you end up with about 239K flows total. No packet-sampled control of flow creation, so the table is likely to be overflowed in production edge situations, leading to non-deterministically skewed stats. No logical OR of TCP flags throughout a TCP flow - can't classify SYN- floods, RST-floods, et. al. No stats on dropped traffic. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Unfortunately, inefficiency scales really well. -- Kevin Lawton