[cisco-bba] RE: [c-nsp] Static ip address info
Mark at u.tv
Thu Nov 17 07:14:43 EST 2005
I think this may not work in my setup.
When I enable netflow on my L2TP from Telco, I am only seeing L2TP
source and destination tunnel IP's, fair enough.
I take it I would have to set NetFlow to monitor traffic bound for
subnets to be monitored, as opposed to sourced from. i.e ingress on my
Had a look into sampling etc to reduce stats collection. Came up with:
int atm ATM1/0.101
ip flow ingress
mode random one-out-of 1000
class-map match-any netflow-subnet-usage-test-class-map
match access-group 180
service-policy input netflow-subnet-usage-test-policy-map
access-list 180 permit ip X.X.X.X 0.0.0.255 any
access-list 180 permit ip Y.Y.Y.Y 0.0.0.255 any
<and remainder of subnets to be monitored>
I still have no idea as to what to do with these stats if they are
collected on router?
Any 'viewers' out there ( I know, not likely)
From: Stephen J. Wilcox [mailto:steve at telecomplete.co.uk]
Sent: 16 November 2005 19:44
To: Mark Tohill
Cc: Oliver Boehmer (oboehmer); cisco-nsp at puck.nether.net;
cisco-bba at puck.nether.net
Subject: RE: [c-nsp] Static ip address info
for what you describe, either get some basic tool that will give you a
debug output or write something to dump the packets, then a bit of grep
and you should have the info you need :)
On Wed, 16 Nov 2005, Mark Tohill wrote:
> Thanks Oli for that.
> Does anyone know the 'minimal' for Netflow re: monitoring applications
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: 16 November 2005 11:34
> To: Mark Tohill; cisco-nsp at puck.nether.net
> Cc: cisco-bba at puck.nether.net
> Subject: RE: [c-nsp] Static ip address info
> Mark Tohill <> wrote on Wednesday, November 16, 2005 12:20 PM:
> > I sent this originally to BBA List. Hope I'm not off-topic.
> Cc'ing bba list
> > We have DSL users coming in on 7204VXR's over L2TP VPDN acquiring
> > static IP's, both gateways and small subnets (/29's for example).
> > We suspect a lot of our users are not using their /29's and are
> > NAT'ing etc. on their gateway addresses.
> > Is there any relatively easy way of finding out this sort of
> > information?
> > Ideas spring to mind are ACL's, gleaning info from CEF (???), ip
> > accounting....
> > Has anyone ever come up against same problem or has an idea how this
> > might work?
> What are your objectives? To find out if your product is actually used
> the way it is intended to, or if you might as well offer fixed /32
> addresses only since most of the customers use NAT anyway?
> CEF installs a /29 prefix and doesn't care or tell which addresses out
> of this network has been used. IP accounting is a way, but it is
> expensive. I would investigate Netflow (possibly sampled) and work
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-bba