"It looks like the fix was to enable flow-sampling." Out of curiosity what are you using your netflow for? I'm asking because sampling obviously isn't ideal when you are trying to get completely accurate data for accounting.
I am interested in hearing people's opinion on their methods of accounting when data hits well beyond the TCAM limit(and you're already on DFC's) and you are in an all Ethernet switched world (ie not broadband ppp radius accounting), do you try and distribute the netflow onto multiple boxes closer to the edge or do you opt for another method? There is the easy option of byte counting switchports via snmp, but if people are wanting statistics of who's been where(possible legal reasons) or where the majority of traffic is coming from then that is not enough, maybe a mix of sampled netflow and switchport byte counting? It feels a shame using DFC's for a margin of their capacity purely because you need the TCAM space to produce netflow. Ben _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/