[c-nsp] Traffic destined to IPs that are null routed, Netflow, and you!
Drew Weaver
drew.weaver at thenap.com
Fri Mar 12 10:36:39 EST 2010
GSR 12810 /w E5 Line cards.
I was using flow-tools and sorting by 'octets' and it didn't show up in there (it was a 500Mbps oops) So I would've expected to see that in there.
-Drew
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Friday, March 12, 2010 9:56 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Traffic destined to IPs that are null routed, Netflow, and you!
On 12/03/10 13:23, Drew Weaver wrote:
> Hi,
>
> I had an incident earlier this week where for "some reason" a large
> amount of traffic was being sent to an IP that wasn't routed in my
> network (was covered by the hold down).
>
> Ultimately I found the source/dest of the traffic by simply routing
> all of the unused IPs to a server, and then used tcpdump.
>
> My question is, is it normal for this 'hold down' traffic not to show
> up anywhere in Netflow?
On what platform?
It does show up in our netflow, on 6500/sup720.
That said, the "out if" index is the ifIndex of Null0, which is NOT zero.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list