We're not actually doing Netflow of any kind yet. It looks like most of our input queue drops are due to 'encapsulation failed' ... i.e. bogus traffic to non-existent hosts. So far it hasn't affected legitimate network performance, as far as we can tell. So maybe the 3750/3750G's will actually be able to support 450Mbps aggregate gracefully and we can afford to avoid upgrading for now ... that's a nice surprise.
That Smart Logging and Telemetry looks interesting ... I also understand the 3750's can support Medianet, which is similar to Netflow, with a recent enough IOS. We're basically just interested in being able to drill down to see what kind of traffic is passing through the network, to find (a) illegitimate traffic, and (b) to respond to customer congestion complaints by explaining, "you are using your whole pipe to download windows updates: schedule those for off-hours!" etc. -----Original Message----- From: cisco-nsp [mailto:[email protected]] On Behalf Of Lukasz Bromirski Sent: Friday, April 10, 2015 3:55 PM To: Marco van den Bovenkamp Cc: [email protected] Subject: Re: [c-nsp] 3850? > On 10 Apr 2015, at 12:42, Marco van den Bovenkamp <[email protected]> > wrote: > > >> I think there's an uplink module for the 3750-X series which does >> netflow now, too? > > Yep. The C3KX-SM-10G. That'll do line-rate FNF (or so thaey claim; haven't > used them yet). It does and the only limitation here is cache size. There is a way to RPSAN traffic from all ports in the switch despite this module capable of monitoring only traffic transitioning it’s ports using SFP loopback cable and one of the ports. Without this module you can force generic 3k’s to generate NetFlow info triggered by some specific events on the switch by feature called Smart Logging and Telemetry: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/product_bulletin_c25-658743.html For truly all-ports NetFlow capable solutions in Cisco access portfolio go with 3650 and/or 3850. -- "There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:[email protected] about." John von Neumann | http://lukasz.bromirski.net _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
