[c-nsp] netflow only on ingress and HSRP setup
Borg Tinderne
borgtinderne at btinternet.com
Thu Oct 16 06:55:29 EDT 2008
Raw netflow is a box centric view of network traffic, the few netflow display products I have played with over the last decade or so continue with this box-centric view , can't comment on nfsen. As interesting as a box-centric view is, I generally find I want a network-centric view of network traffic, so post processing of flow data with something , for me this has been RYO, so choose your own poison ( perl / sql / tcl / awk .. ) .
----- Original Message ----
From: Zorg 421 <zorglub421 at gmail.com>
To: cisco-nsp at puck.nether.net
Sent: Thursday, 16 October, 2008 9:38:55 AM
Subject: [c-nsp] netflow only on ingress and HSRP setup
(was: ip flow egress on c76k).Hello c-nsp,
My setup is pretty simple: two routers running BGP and getting full routes,
having some kind of backbone LAN on which are connected
devices who don't run dynamic routing protocol. Hence we run HSRP on the
backbone LAN so the static default of firewalls can always get out to the
internet (in case of B1 or B2 failing).
One border, B2, is c76k. The other is a NPE-G2.
The HSRP primary is on B2.
with netflow beeing available only on ingress, I'm forced to run netflow on
the c76k, B2, on the backbone interface.
A big chunk of this trafic is sent to B1 to go out thru others upstream or
peerings.
On B1 I run "ip flow ingress" and "ip flow egress" on interfaces to the
outside world, upstreams and peers, but not on the backbone.
I get trafic duplication in my netflow app (nfsen) because trafic that go to
the default, HSRP on B2, redirected to B1 and getting out to the
net is counted on backbone interface on B2 and outside interface on B1.
By some kind of "law of kirschoff" I could disable "ip flow egress" on
external interfaces on B1, but would loose some
information like output interface and nexthop for the peerings of B1.
Is there a know workaround to not count this trafic twice?
(I cannot see one on my own).
Regards.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list