[c-nsp] Static ip address info

Mark Tohill Mark at u.tv
Thu Nov 17 07:14:43 EST 2005 


I think this may not work in my setup.

When I enable netflow on my L2TP from Telco, I am only seeing L2TP
source and destination tunnel IP's, fair enough.

I take it I would have to set NetFlow to monitor traffic bound for
subnets to be monitored, as opposed to sourced from. i.e ingress on my
GigE port?

Had a look into sampling etc to reduce stats collection. Came up with:

!
!
int atm ATM1/0.101
ip flow ingress
!
flow-sampler-map netflow-subnet-usage-test-sampler-map
    mode random one-out-of 1000

!
class-map match-any netflow-subnet-usage-test-class-map
 match access-group 180
!
policy-map netflow-subnet-usage-test-policy-map 
 class netflow-subnet-usage-test-class-map
 sampler netflow-subnet-usage-test-sampler-map
!
netflow-sampler  netflow-subnet-usage-test-sampler-map
!
interface ATM1/0.101
service-policy input netflow-subnet-usage-test-policy-map  
!
access-list 180 permit ip X.X.X.X 0.0.0.255 any
access-list 180 permit ip Y.Y.Y.Y 0.0.0.255 any
<and remainder of subnets to be monitored>

I still have no idea as to what to do with these stats if they are
collected on router?

Any 'viewers' out there ( I know, not likely)

Thanks
Mark

-----Original Message-----
From: Stephen J. Wilcox [mailto:steve at telecomplete.co.uk] 
Sent: 16 November 2005 19:44
To: Mark Tohill
Cc: Oliver Boehmer (oboehmer); cisco-nsp at puck.nether.net;
cisco-bba at puck.nether.net
Subject: RE: [c-nsp] Static ip address info

for what you describe, either get some basic tool that will give you a
text
debug output or write something to dump the packets, then a bit of grep
and sort
and you should have the info you need :)

Steve

On Wed, 16 Nov 2005, Mark Tohill wrote:

> 
> Thanks Oli for that.
> 
> Does anyone know the 'minimal' for Netflow re: monitoring applications
> etc.?
> 
> Mark
> 
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
> Sent: 16 November 2005 11:34
> To: Mark Tohill; cisco-nsp at puck.nether.net
> Cc: cisco-bba at puck.nether.net
> Subject: RE: [c-nsp] Static ip address info
> 
> Mark Tohill <> wrote on Wednesday, November 16, 2005 12:20 PM:
> 
> > I sent this originally to BBA List. Hope I'm not off-topic.
> 
> Cc'ing bba list 
> >
> > We have DSL users coming in on 7204VXR's over L2TP VPDN acquiring
> > static IP's, both gateways and small subnets (/29's for example).
> > 
> > We suspect a lot of our users are not using their /29's and are
> > NAT'ing etc. on their gateway addresses.
> > 
> > Is there any relatively easy way of finding out this sort of
> > information?
> > 
> > Ideas spring to mind are ACL's, gleaning info from CEF (???), ip
> > accounting....
> >
> > Has anyone ever come up against same problem or has an idea how this
> > might work?
> 
> What are your objectives? To find out if your product is actually used
> the way it is intended to, or if you might as well offer fixed /32
> addresses only since most of the customers use NAT anyway?
> 
> CEF installs a /29 prefix and doesn't care or tell which addresses out
> of this network has been used. IP accounting is a way, but it is
> expensive. I would investigate Netflow (possibly sampled) and work
from
> there..
> 
> 	oli
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list