[cisco-bba] RE: [c-nsp] Static ip address info
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Nov 17 07:21:23 EST 2005
you need to enable Netflow on your virtual-access interfaces as well as
on the GigE interface, i.e. where you see the "raw" IP traffic, not the
Mark Tohill <mailto:Mark at u.tv> wrote on Thursday, November 17, 2005 1:15
> I think this may not work in my setup.
> When I enable netflow on my L2TP from Telco, I am only seeing L2TP
> source and destination tunnel IP's, fair enough.
> I take it I would have to set NetFlow to monitor traffic bound for
> subnets to be monitored, as opposed to sourced from. i.e ingress on my
> GigE port?
> Had a look into sampling etc to reduce stats collection. Came up with:
> int atm ATM1/0.101
> ip flow ingress
> flow-sampler-map netflow-subnet-usage-test-sampler-map
> mode random one-out-of 1000
> class-map match-any netflow-subnet-usage-test-class-map
> match access-group 180
> policy-map netflow-subnet-usage-test-policy-map
> class netflow-subnet-usage-test-class-map
> sampler netflow-subnet-usage-test-sampler-map
> netflow-sampler netflow-subnet-usage-test-sampler-map
> interface ATM1/0.101
> service-policy input netflow-subnet-usage-test-policy-map
> access-list 180 permit ip X.X.X.X 0.0.0.255 any
> access-list 180 permit ip Y.Y.Y.Y 0.0.0.255 any
> <and remainder of subnets to be monitored>
> I still have no idea as to what to do with these stats if they are
> collected on router?
> Any 'viewers' out there ( I know, not likely)
> -----Original Message-----
> From: Stephen J. Wilcox [mailto:steve at telecomplete.co.uk]
> Sent: 16 November 2005 19:44
> To: Mark Tohill
> Cc: Oliver Boehmer (oboehmer); cisco-nsp at puck.nether.net;
> cisco-bba at puck.nether.net
> Subject: RE: [c-nsp] Static ip address info
> for what you describe, either get some basic tool that will give you a
> debug output or write something to dump the packets, then a bit of
> and sort
> and you should have the info you need :)
> On Wed, 16 Nov 2005, Mark Tohill wrote:
>> Thanks Oli for that.
>> Does anyone know the 'minimal' for Netflow re: monitoring
>> applications etc.?
>> -----Original Message-----
>> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
>> Sent: 16 November 2005 11:34
>> To: Mark Tohill; cisco-nsp at puck.nether.net
>> Cc: cisco-bba at puck.nether.net
>> Subject: RE: [c-nsp] Static ip address info
>> Mark Tohill <> wrote on Wednesday, November 16, 2005 12:20 PM:
>>> I sent this originally to BBA List. Hope I'm not off-topic.
>> Cc'ing bba list
>>> We have DSL users coming in on 7204VXR's over L2TP VPDN acquiring
>>> static IP's, both gateways and small subnets (/29's for example).
>>> We suspect a lot of our users are not using their /29's and are
>>> NAT'ing etc. on their gateway addresses.
>>> Is there any relatively easy way of finding out this sort of
>>> Ideas spring to mind are ACL's, gleaning info from CEF (???), ip
>>> Has anyone ever come up against same problem or has an idea how this
>>> might work?
>> What are your objectives? To find out if your product is actually
>> used the way it is intended to, or if you might as well offer fixed
>> /32 addresses only since most of the customers use NAT anyway?
>> CEF installs a /29 prefix and doesn't care or tell which addresses
>> out of this network has been used. IP accounting is a way, but it is
>> expensive. I would investigate Netflow (possibly sampled) and work
>> from there..
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-bba