"ylt" == Yannick Le Teigner <9368Def@excite.com> writes: I have a little problem setting up Netflow on routers. It seems like the timeout to remove unactive flow from the cache is too low(15"), and I can't set it to a bigger value (say 5 minutes).
Given a recent enough IOS, you can use swiCE1(config)#ip flow-cache timeout inactive ? <10-600> Timeout in seconds
A good example is the bgp session. Depending on the time I execute a "show ip cache flow", the bgp session is seen active or not, although it is always active!
Maybe your routes don't flap enough, otherwise there would always be update activity keeping the flow active. Do you use route dampening? Just kidding.
The problem is that if the router doesn't see any data on a flow during 15 seconds, it considers it unactive.
If you set the inactive timeout too high, you will probably keep a lot of obsolete flows in the NetFlow cache. This may cause the cache to fill up (note that you can also configure the size of that cache in recent IOS versions), maybe causing additional cleanup overhead.
I included two outputs of "show ip cache flow" to show you the problem.
Well, is this really a problem for you? You can always use e.g. the SNMP tcpConnTable and the BGP-4 MIB to get very detailed information about BGP connections terminating at the router. Regards, -- Simon.
participants (1)
-
Simon Leinen