[c-nsp] Monitoring Null0 interface
Gert Doering
gert at greenie.muc.de
Wed Apr 20 03:49:35 EDT 2005
Hi,
On Tue, Apr 19, 2005 at 04:42:55PM -0700, Dan Lockwood wrote:
> You actually can configure NetFlow to be of use in this scenario.
> Configure NetFlow like you normally would on each of your interfaces.
> When a packet is caught by an ACL the ifIndex for the next hop is zero.
> You can then simply run a report that shows you what matches ifIndex =
> 0.
Unfortunately, it's not that waterproof - for example, local broadcasts
also show up with "ifIndex = 0" (as they are not forwarded, but seen
by the router).
Cisco people: if would be really nice if netflow could be enhanced to make
the distinction between "packet not forwarded because no route", "packet
not forwarded because local broadcast packet" and "packet not forwarded
because ACL" visible somehow.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list