[c-nsp] Bogon Filter - Least Resource/CPU intensive method?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 6 13:57:29 EST 2008
Justin Shore wrote:
> Jeff Kell wrote:
>> Justin Shore wrote:
>>> Personally I'm still using ACLs on my border routers. At this point
>>> in time I want the ACE hit counters for those rogue packets
>> Hrmmm... will these show up in netflow in some identifiable fashion?
>
> That's a good question. I'm not sure if NF will get the chance to log
> the flows before the ACL drops them. I'll check my flow dumps to see if
> I can figure that out.
It depends on the platform, but on 6500s at least I know you get an
output interface of 0.
Sadly you get an output interface of 0 for a whole lot of other stuff,
including glean failures (i.e. couldn't arp for the next hop), RPF
failures and also traffic to the box e.g. SSH sessions.
On that topic: It's very annoying that you can only get RPF counter
failures out of 6500s via the CLI which is of course rubbish for
automated monitoring.
More information about the cisco-nsp
mailing list