[c-nsp] Netflow Export Problem
Gert Doering
gert at greenie.muc.de
Sat Feb 2 13:47:17 EST 2008
Hi,
On Fri, Feb 01, 2008 at 10:25:48AM +0200, mihai at duras.ro wrote:
> ip flow ingress on 2 interfaces (and ip route-cache flow)
>
> The problem is that the flows that I receive only contain local traffic
> (traffic between various IP addresses on the C7600 and remote IPs, no
> transit traffic).
Flows on the 7600 can come from two different sources - CPU and Hardware/MLS.
CPU switched packets will cause, well "CPU flows", and those respect the
settings of "ip flow ingress" on the interfaces.
Hardware/MLS switched packets will cause flow records on *all* interfaces,
and so you see traffic for most of the data flowing through your 7600.
As a workaround, you need to filter by ifindex on the netflow collector.
(To be precise: the above is true up to 12.2(18)SXF. As far as I understand,
in 12.2(33)SXH and in SR<something>, the MLS flow entries will actually be
filtered according to the "ip flow ingress" settings on the interfaces, and
thus you won't see unexpected flows. I have not yet tried either version,
but have read it in the release notes...).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080202/edd8c4f8/attachment.bin
More information about the cisco-nsp
mailing list