Saku Ytti wrote: > I cannot see why not, it's cheap. You're doing 1-2 LPM on the packet, > QoS lookup, ACL lookup, incrementing various counters, etc., adding > one hash lookup and two counters is not going to be relevant cost to > the lookup time.
depends on what you define by "cheap". Netflow requires separate packet forwarding lookup and ACL handling silicon. > Having many entries in the hash table is an issue, incrementing their > counters is not. it is certainly an issue if you get splatted with lots of discrete junk flow, yes. Neither of these are a problem for sflow. It just plucks packets out of the data plane at a pre-defined rate and forwards their headers to the collector. So long as your sampler is accurate, it's great. Nick