Cisco WS-C6506 Software Manual page 528

Configuring NDE on the Switch
If there are protocols with fewer packets per flow running, reduce the MLS fast aging time. For
•
information on how to change the MLS fast aging time, see the
Aging Time, Fast Aging Time, and Packet Threshold Values" section on page 14-20
"Configuring MLS."
• Use the flow mask that is required to extract the kind of information that you want. A full flow mask
gives more information but as the number of flows increase, the load on the Layer 3 aging also
increases. Try to use a flow mask with the minimum granularity that is required to get the data that
you need. With a full flow mask, you might need to decrease the MLS aging time because a full flow
mask increases the number of flows per second. For information on setting the flow mask, see the
"Setting the Minimum IP MLS Flow Mask" section on page 14-21
MLS."
• Exclude the entries with fewer packets per flow. Some query protocols, like the Domain Name
System (DNS), generate fewer packets per flow and can be excluded from the NetFlow table with
the set mls exclude protocol command. You can specify up to four protocol filters, but the packets
from the filtered protocols will go to the MSFC.
• Keep the specific flows from being added to the NetFlow table with the set mls nde flow exclude
command.
Enable the bridged-flow statistics on a VLAN to increase the number of flows in the NetFlow table
•
with the bridged flows for VLANs appearing with the Layer 3 flows. As the NetFlow entries
increase in the NetFlow table, the performance degrades.
On the Supervisor Engine 1, if there is no space in the hardware NetFlow table to report the VLAN
flows, the packets are sent to the MSFC for software forwarding and the NetFlow Full Errors register
is incremented.
On the Supervisor Engine 2, if a flow entry is not found in the NetFlow table, the packets are
forwarded and the NetFlow Full Errors register is incremented resulting in a loss of statistics.
To prevent the NetFlow table from overflowing, you can do the following:
You can enable NetFlow table entry creation on a per-VLAN basis. However, because the
•
bridged-flow statistics and per-VLAN entry creation use the same mechanism for collecting the
statistics, the VLAN entries may overlap. See the
Per-Interface Basis" section on page
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
16-8
Keep the flow mask at the least granular value. For example, if the protocol and Layer 4 port
–
information is not required, set the flow mask to the destination-source or to the destination
instead of to full flow.
Set the aging time to the least possible value (1 second), depending on the traffic profile.
–
– Enable the bridged-flow statistics only on the VLANs on which the intraVLAN statistics are
required. The interVLAN statistics are reported by default.
"Specifying NetFlow Table Entry Creation on a
13-28.
Chapter 16 Configuring NDE
"Specifying IP MLS Long-Duration
in Chapter 14,
in Chapter 14, "Configuring
OL-8978-04