[c-nsp] Netflow - GSR engine 5

Gert Doering gert at greenie.muc.de
Thu Feb 25 16:37:21 EST 2010


On Thu, Feb 25, 2010 at 11:43:37AM -0500, Drew Weaver wrote:
> Should ingress packets dropped by ACLs still hit Netflow on the GSR with E5 linecards?
> Gi2/0/2  Null   11 A29F 0035     1

I'm not sure whether this is documented anywhere, but this is expected,
and it is actually recommended to use "Netflow dest if=null" instead
of "ACL logging" to see which packets your network is refusing.

> So basically a packet is being sent in from the Internet sourced
> from one of my own IP addresses, and I assume it is being dropped
> because of the ACL on our Internet connections that says we don't
> want traffic coming in from ourselves, but why is it showing up in
> the netflow exports?

So that you can keep track of what you're dropping.  You might want
to know about it :-)


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100225/720515b7/attachment.bin>

More information about the cisco-nsp mailing list