[c-nsp] Netflow - GSR engine 5
Gert Doering
gert at greenie.muc.de
Thu Feb 25 16:37:21 EST 2010
Hi,
On Thu, Feb 25, 2010 at 11:43:37AM -0500, Drew Weaver wrote:
> Should ingress packets dropped by ACLs still hit Netflow on the GSR with E5 linecards?
>
> Gi2/0/2 10.1.123.32 Null 10.1.123.3 11 A29F 0035 1
I'm not sure whether this is documented anywhere, but this is expected,
and it is actually recommended to use "Netflow dest if=null" instead
of "ACL logging" to see which packets your network is refusing.
> So basically a packet is being sent in from the Internet sourced
> from one of my own IP addresses, and I assume it is being dropped
> because of the ACL on our Internet connections that says we don't
> want traffic coming in from ourselves, but why is it showing up in
> the netflow exports?
So that you can keep track of what you're dropping. You might want
to know about it :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100225/720515b7/attachment.bin>
More information about the cisco-nsp
mailing list