Cisco – Can netflow be left on all the time

cisconetflow

One of my colleagues and I have gotten into a debate about netflow. He's an old Cisco hand and I've recently joined the cisco ops team after working on Juniper for a few years. The debate is whether netflow can be left on all the time or should only be used for temporary diagnostic purposes. I've reviewed the Cisco documentation and it says nothing about if being a short term only monitoring solution (or that leaving it on is in anyway problematic). Any pointers one or the other would be appreciated.

Best Answer

The new Cisco product line does netflow in hardware (and I believe the previous generation as well), but when I approach this question here are the things I typically ask myself:

  • 1: Can I afford the bandwidth (i'm sure this won't be a problem most of the time)
  • 2: Is netflow done in hardware on this device?
  • 3: Can I afford the CPU cycles (if applicable)
  • 4: how long you want to store said data on the device
  • 5: how long should the data be stored on the aggregation point

I have only found benefits when leaving it on all the time, but I also keep an eye on how it's affecting the performance of my network.

To each his own!

Related Topic