29 Feb
2016
29 Feb
'16
8:05 a.m.
Saku Ytti wrote:
I cannot see why not, it's cheap. You're doing 1-2 LPM on the packet, QoS lookup, ACL lookup, incrementing various counters, etc., adding one hash lookup and two counters is not going to be relevant cost to the lookup time.
depends on what you define by "cheap". Netflow requires separate packet forwarding lookup and ACL handling silicon.
Having many entries in the hash table is an issue, incrementing their counters is not.
it is certainly an issue if you get splatted with lots of discrete junk flow, yes. Neither of these are a problem for sflow. It just plucks packets out of the data plane at a pre-defined rate and forwards their headers to the collector. So long as your sampler is accurate, it's great. Nick