[c-nsp] Netflow Questions
Christophe Fillot
cf at utc.fr
Thu Oct 12 16:39:38 EDT 2006
Jeremiah Millay a écrit :
Hi,
> I recently start exporting and collecting Netflow data using the
> Nfdump/Nfsen combo. I have a few questions about Netflows "order of
> operations". Is netflow data collected before traffic hits the inbound
> ACL. It appears as though it is because I'm seeing flows in nfsen that
> are getting blocked by my inbound ACL. I guess I'm looking for
> verification on this.
Indeed, you will receive flows even if they are blocked by your input
ACL, but with a SNMP index set to 0 for the output interface.
If you take a look at the flow cache with "sh ip ca f", the output
interface is marked as "Null".
Hope this helps.
More information about the cisco-nsp
mailing list