[c-nsp] Netflow - GSR engine 5

Drew Weaver drew.weaver at thenap.com
Thu Feb 25 11:43:37 EST 2010


Howdy,

Should ingress packets dropped by ACLs still hit Netflow on the GSR with E5 linecards?

Gi2/0/2       10.1.123.32  Null          10.1.123.3   11 A29F 0035     1

Gi2/0/2 is one of our Internet connections
10.1.123.32 (changed to protect, is one of our routed public IPs that isn't routed in our network (spoofing?))
10.1.123.3 (changed to protect) is the IP address of one of our DNS servers.

So basically a packet is being sent in from the Internet sourced from one of my own IP addresses, and I assume it is being dropped because of the ACL on our Internet connections that says we don't want traffic coming in from ourselves, but why is it showing up in the netflow exports?

Thanks,
-Drew





More information about the cisco-nsp mailing list