      After reading up on netflow I'm interested in trying it out but I have a few concerns.  The first is the impact to the router/switch, I read on the Cisco web site that the amount of traffic can cause performance issues.

      Aother issue is the amount of traffic generated, I plan on collecting netflow data  from 2 to 4 6509's in the network core. How much traffic can I expect to receive?

          Andy McBride

          Hi Eric,

          Cisco has cleaned up NetFlow a lot so it typically has little impact on the device. The impact you will have on the device and the NTA database depends a lot on how many exporters flows you implement and how many flows you send to Orion NTA. The big switches have the ability to handle a lot of data so start small and add as you need.

            I vaguely remember reading something that stated the amount of NetFlow traffic you'll receive is about 1% of the size of the data flow you're monitoring.  For example, if you're seeing 100 Kb worth of traffic on an interface, you'll receive about 1Kb worth of traffic from NetFlow.  I've got NetFlow configured on several remote site WAN routers and it has had a minimal impact on router performance or bandwidth utilization.  I don't have NetFlow enabled on any of our 6500s (we don't have the correct version policy feature card to support it.)

                This is what I saw on the Cisco site when I was reading about configuring netflow data export.


                "Exporting a large volume of statistics can significantly impact SP and RP CPU utilization. "

                    I have a couple of 6500 series switches with SUP720 modules exporting netflow for roughly 100 gigabit interfaces and this puts a strain of about 2% on the processor (show proc cpu). There's so much horse power in the 6500 switches, you'd be hard pressed to stress it. You're much more likely to kill your netflow receiver and/or database server before you impact the performance of the supervisor module in the 6500.

                    This warning is true of older and smaller Cisco models like the 2900 series, which could suffer from high CPU when NetFlow was enabled, causing high latency for normal routed traffic going through the device.

                        I'm gathering Netflow data from about a dozen 6509s with a mixture of Sup720s abd 7203BXLs. It has minimal impact on all of them.

                        In total I am collecting data from an additional 60 or so routers across an MPLS network,with no ill affects.

                        As an example. Between 10 and 11 AM on 12/11 Netflow accounted for 1.24% of my MPLS traffic.