NetFlow Feature Acceleration



Similar documents
Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

How To Get A New Phone System For Your Business

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Cisco CNS NetFlow Collection Engine Version 4.0

Cisco 7200 and 7500 Series Routers

E-Seminar. Financial Management Internet Business Solution Seminar

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

Cisco Conference Connection

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

CISCO METRO ETHERNET SERVICES AND SUPPORT

IP Networking and the Advantages of consolidation

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

Cisco Router and Security Device Manager File Management

Cisco CNS NetFlow Collection Engine Version 5.0

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

CISCO PIX SECURITY APPLIANCE LICENSING

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

Cisco IT Data Center and Operations Control Center Tour

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

CISCO NETWORK CONNECTIVITY CENTER

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

Cisco 7200 Series Enterprise WAN Aggregation Application

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

E-Seminar. E-Commerce Internet Business Solution Seminar

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

CISCO IOS IP SERVICE LEVEL AGREEMENT

Enterprise Reporting

Cisco Secure Access Control Server Solution Engine

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

CISCO WIRELESS SECURITY SUITE

It looks like your regular telephone.

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

CISCO CATALYST 3750 SERIES SWITCHES

Cisco Systems GigaStack Gigabit Interface Converter

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco GLBP Load Balancing Options

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

Cisco Aironet 1130AG Series

CISCO AIRONET POWER INJECTOR

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

World Consumer Income and Expenditure Patterns

DATA SHEET. GigaStack GBIC THE CISCO SYSTEMS GIGASTACK GIGABIT INTERFACE CONVERTER (GBIC) IS A VERSATILE, LOW-COST,

Cisco PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

Cisco Router and Security Device Manager Dial-Backup Solution

How To Connect A Cisco Aironet 350 Series Wireless Bridge To A Network With A Wireless Bridge

Cisco Outbound Option

Cisco WebEx Social Compatibility Guide

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM.

Cisco Solution Incentive Program Asia Pacific

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

CISCO IP PHONE EXPANSION MODULE 7914

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate

Appendix 1: Full Country Rankings

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

Cisco CSS Series Content Services Switch

What is network convergence all about?

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Cisco SMB Class Solutions Your Next Phone System Purchase

Cisco Intelligent Contact Management Enterprise Edition

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

Cisco IOS Firewall Intrusion Detection System

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

Combined voice and data solution supports Orange s ongoing success in the UK business market

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

CISCO MEETINGPLACE FOR OUTLOOK 5.3

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

The Palace of Versailles Goes Digital, Increasing Revenue and Enhancing Overall Visitor Experience

Reporting practices for domestic and total debt securities

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

Enabling High Availability for Voice Services in Cable Networks

CISCO 10GBASE X2 MODULES

Triple-play subscriptions to rocket to 400 mil.

Cisco IT Data Center and Operations Control Center Tour

NETFLOW PERFORMANCE ANALYSIS

Cisco AVVID Network Enterprise Data Center Solution Overview

BT Premium Event Call and Web Rate Card

CISCO 100BASE-X SFP FOR FAST ETHERNET SFP PORTS

41 T Korea, Rep T Netherlands T Japan E Bulgaria T Argentina T Czech Republic T Greece 50.

Cisco Systems Brings World-Class Online Banking Solutions to State Bank of India

How To Outtask Metro Ether To A Managed Service Provider

Configuring DHCP for ShoreTel IP Phones

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

Cisco 2600XM DSL Router Bundles

CISCO CALLMANAGER EXPRESS 3.2

Supported Payment Methods

Load balancing with Cisco Express Forwarding

Supported Payment Methods

CISCO MEETINGPLACE MANAGED SERVICE

Region Country AT&T Direct Access Code(s) HelpLine Number. Telstra: Optus:

Transcription:

WHITE PAPER NetFlow Feature Acceleration Feature Description Rapid growth in Internet and intranet deployment and usage has created a major shift in both corporate and consumer computing paradigms. This shift has resulted in massive increases in demand for network bandwidth, performance, and predictable quality of service as well as multimedia and security-oriented network services. Simultaneously, the need has emerged for measurement technology to support this growth by efficiently providing the information required to network and application resource utilization. Cisco NetFlow services provide solutions for each of these challenges. A network flow is defined as a unidirectional sequence of packets between given source and destination endpoints. Network flows are highly granular; flow endpoints are identified both by IP address as well as by transport layer application port numbers. NetFlow also utilizes the IP Protocol type, type of service (ToS), and input interface identifier to uniquely identify flows. Access control on Cisco routers is provided via access control lists (ACLs), which enable packet filtering applications to be based on source and destination addresses, protocols, and specific interfaces. With traditional switching mechanisms, each individual packet is matched against a set of access lists to determine if a configured packet filter applies for a particular source and destination address pair. With NetFlow enabled, only the first packet of a flow follows this process. If the first packet in a flow passes through these filters, an entry is added to the NetFlow flow cache. Subsequent packets in the same flow are then switched based on this cache entry, without needing to be matched against the complete set of access lists. This significant simplification enables NetFlow to maintain high performance when access lists are used for packet filtering. Specific performance will vary based on the number and complexity of the access lists. The NetFlow flow cache is also used to accelerate several Cisco IOS services. For features such as policy-based routing, the NetFlow cache is used in the same way it works with ACLs. The first packet goes through all policy statements and is switched. An extended cache entry is created for this flow, which maintains feature specific state information for the flow. NetFlow feature acceleration, which is enabled on Cisco IOS Software through a global configuration parameter, takes advantage of NetFlow to provide higher-performance, flow-based services. Feature Implementation NetFlow acceleration is implemented differently, whether the feature is configured on the input or the output interface. All contents are Copyright 1992 2001 All rights reserved. Important Notices and Privacy Statement. Page 1 of 5

If the feature candidate to acceleration is configured on the input interface (Policy Routing for example), the feature decides whether it is interested in the flow at flow creation time. If this is the case, the flow is labeled for future use. If the feature candidate to acceleration is configured on the output interface (IP Accounting for example), the output interface at flow creation time is unknown, so the network has not yet determined which output feature it wants to attach. In this case, the output features must wait until their post lookup feature checks, because at only this time is the output interface known. When round-robin load balancing is used, the output interface could change on every packet in the flow, defeats flow acceleration. Cisco recommends to use per-destination load balancing instead of per-packet load balancing. This method maps all packets in a flow to the same adjacency, which enables the benefit of NetFlow acceleration. The acceleration uses the following mechanisms depending on the feature: Policy-Based Routing When conducting policy-based routing, the NetFlow cache is recording a pointer to the statement of the route map matching it. This will reduce overhead in checking the route map list to find the matching one. Crypto Encryption and Decryption When encrypting or decrypting, the NetFlow cache records a pointer to the matching flow. A separate pointer is recorded for encryption and decryption. RSVP When conducting RSVP functions, the NetFlow cache records a pointer to the matching conversation. CASA For CASA, the NetFlow cache records L5 routing table entry, which allows CASA to redirect flow to a particular server. IP Accounting When IP accounting is enabled, the NetFlow cache points to the IP accounting structure responsible for collecting statistics for a flow. Configuration The NetFlow feature acceleration is enabled with the following global command: ip flow-cache feature-acceleration Enabling NetFlow feature acceleration changes the structure of the NetFlow cache; the Flow Feature Acceleration will be enabled after either the next reboot or NetFlow is turned off on all interfaces. The NetFlow feature acceleration is disabled with the following global command: no ip flow-cache feature-acceleration Because previously enabling NetFlow feature acceleration changed the structure of the NetFlow cache, the original structure of the NetFlow cache will be restored after either the next reboot or NetFlow is turned off on all interfaces. As a reminder, we must say that NetFlow must be configured on each interface you want to use to accelerate a feature: interface x/y ip route-cache flow All contents are Copyright 1992 2001 All rights reserved. Important Notices and Privacy Statement. Page 2 of 5

Show Command Cisco added the show ip flow acceleration command to help debug flow accelerated features. The command shows whether feature acceleration is enabled and what features are currently being accelerated. There are also per-feature counters to show statistics on feature attaches and detaches. The following is a simple example of the result of show commands: router#show ip flow acceleration Flow feature acceleration is enabled 2 active features Slot 0: IP Accounting Active 3 Attaches 6 Detaches 3 config changes 1 Slot 1: Policy Routing Active 5 Attaches 8 Detaches 3 config changes 2 The above example reports for each feature (IP Accounting and Policy routing) the number of active and detached (expired) flows. The number of attached flows (Attaches) from the beginning is also reported. When a feature changes its configuration in a way that affects the NetFlow cache, config change counter is incremented. When subsequent packets are coming they are triggering the re-evaluation of the attachment of the feature to the flow. Feature Configuration Example Here is a sample configuration for Policy Routing, which benefits of NetFlow feature acceleration: interface Serial0/0 ip policy route-map police00 route-map police00 permit 10 match ip address 150 set interface Serial0/1 access-list 150 permit ip any 5.1.1.0 0.0.0.255 Accelerated Features The featured been accelerated may vary from one train of Cisco IOS Software to another as some specific features are not available in the standard train of release. Turning NetFlow feature acceleration on result may vary from one version of Cisco IOS Software to another. 12.0ST/12.0S Trains WCCP inbound redirection 12.1 Train All contents are Copyright 1992 2001 All rights reserved. Important Notices and Privacy Statement. Page 3 of 5

12.1T Train 12.2 Train For all trains of Cisco IOS Software, access-lists acceleration does not require feature acceleration to be turned on. They are accelerated as soon as Flow Switching is enabled. Switching Path The list of features accelerated is currently reported in the above section. This is subject to change as acceleration is added to a feature, however in order to be supported, a feature must be fast switched or CEF/distributed CEF switched. If a feature is process switched, it cannot be a candidate to the acceleration. Performance Memory Consumption With NetFlow features accelerate enabled the flow cache entry size increases (from 64 bytes to 96 bytes per flow) so the total flow cache will increase. Flow table maintains the list of features that are to be accelerated, and these features are checked at switching time. It reserves space in the flow cache for state information belonging to the features. The features can then hang per-flow state information of the cache entry and use NetFlow as a quick way to access information. Acceleration Expected The acceleration factor we can expect from NetFlow feature acceleration strongly depends on the exact router configuration and may vary from feature to feature. For example, in the case of Policy Routing, longer is the list of route-map statements to apply larger will be the rate of acceleration. All contents are Copyright 1992 2001 All rights reserved. Important Notices and Privacy Statement. Page 4 of 5

Platforms Support The NetFlow feature acceleration works on most Cisco platforms except those using specialized ASICs to perform switching. Examples include Catalyst 6000, Catalyst 8500, Cisco 10000, and Cisco 12000 with engine 2 and 4. In any case, the use of ASICs to switch packets is providing better performance than one can expect with software switching, making NetFlow feature acceleration ineffective. Cisco IOS Versions First Versions to Support the Feature 12.0(3)T, 12.0(6)S, 12.0(9)ST Recommended Versions 12.2(1), 12.0(16)S, 12.0(16)ST Corporate Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems Europe 11, Rue Camille Desmoulins 92782 Issy-les-Moulineaux Cedex 9 France www-europe.cisco.com Tel: 33 1 58 04 60 00 Fax: 33 1 58 04 61 00 Americas Headquarters 170 West Tasman Drive San Jose, CA 95134-1706 USA Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Cisco Systems Australia, Pty., Ltd Level 9, 80 Pacific Highway P.O. Box 469 North Sydney NSW 2060 Australia Tel: +61 2 8448 7100 Fax: +61 2 9957 4350 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at /go/offices Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2001, All rights reserved. Printed in the USA. Catalyst, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks of and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0106R) 07/01 LW2484

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information