On Tue, 2011-11-15 at 03:25 +0000, Dobbins, Roland wrote: > On Nov 15, 2011, at 5:57 AM, Nick Hilliard wrote: > > pfc3 netflow is fine if you need to measure traffic ratios or > > protocol spread. > > Actually, in any kind of diverse source/dest/layer-4 environment, it > isn't, due to non-deterministic statistical skewing due to mls table > overflow.
The limitations of Sup720 netflow are vast and irritating, and one of course needs to be aware of overflow. Fortunately the box actually logs messages when that happens. But the OP question was: Why turn it on at all? I'd still say it's better than nothing. At least in an enterprise environment as ours, even if the tables do overflow once in a while. Sup720 Netflow is useless for billing of course. But it's fine as an extra tool in troubleshooting or as a warning tool for when someone is doing unexpected things. -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
