The cutting edge Cisco 7600 Series is an edge router that delivers robust, high performance IP/MPLS features for service provider and enterprise WAN/MAN applications. There are some common Cisco 7600 NetFlow problems that you should be aware of when enabling Cisco 7600 NetFlow exports.
The Cisco 7600 NetFlow problems originate from the device’s supervisor engine, so let’s take a look at the two most popular Cisco 7600 NetFlow Supervisor Engines to see what they have to offer for NetFlow features.
Supervisor Engine 2T and Supervisor Engine 720 NetFlow capabilities
| Feature | Supervisor 720-10G-3C/3CXL | Supervisor 2T/2TXL |
| NetFlow Table Size |
128K/256K |
512K/1M |
| NetFlow Hash Efficiency |
90% |
99% |
| Maximum Flow Entries (6513-E) |
3328M |
13M |
| Egress NetFlow |
No |
Yes |
| Sampled NetFlow |
Yes (software) |
Yes (hardware) |
| Flexible NetFlow |
No |
Yes |
| TCP Flags |
No |
Yes |
| Yielding NDE |
No |
Yes |
| EEM Integration |
No |
Yes |
Let’s dive into a few of these features and how they affect your NetFlow reporting.
NetFlow Table Size
Each supervisor engine has a NetFlow cache that can hold a limited amount of entries. Both supervisor engines have a base model and an XL model that comes with a larger NetFlow cache. This is important because the most common Cisco 7600 NetFlow problem with a Supervisor 720 is understating NetFlow data. This Cisco 7600 NetFlow problem happens when the cache fills up and it’s no longer able to export all of the flow entries in a timely manner. When this occurs, it’s recommend to decrease the aging timers to export flows more frequently or increase the cache size.
Egress NetFlow
Egress NetFlow reporting is espically important if you’re looking to monitor Quality of Service changes that the device is making. If you’re only exporting ingress data than you’re only going to see what the flow looks like when it arrived at the device and not the changes that the device itself made.
Flexible NetFlow
Until the release of the Supervisor Engine 2T, Flexible NetFlow has not been available in a supervisor engine. This is one of my favorite new features because it opens up many NetFlow features that were not previously available on these devices. The new NetFlow features include Medianet Performance Monitoring for you VoIP and real time applications, NBAR, MAC address reporting, and many more.
TCP Flags
Reporting on TCP flags in NetFlow is a commonly overlooked Cisco 7600 NetFlow problem. Our network monitoring solution has Flow Analytics algorithms that analyze TCP flags to detect suspicious traffic patterns such as NULL scans, FIN and SYN violations, and breach attempts.
Conclusion
With customers demanding more visibility out of Cisco 7600 NetFlow, Cisco has delivered with Supervisor Engine 2T NetFlow Enhancements. Does your Cisco 7600 or 6500 have a Supervisor Engine 2T? If so, are you taking advantage of all the new NetFlow features that resolve the old Cisco 7600 NetFlow problems?
Related
Defining top talkers with Flexible NetFlow and AVC
I was recently on a call with a customer who wanted to know which applications use the most bandwidth during working hours—i.e. their top
::
