[c-nsp] Netflow - GSR engine 5

Drew Weaver drew.weaver at thenap.com
Fri Feb 26 09:36:53 EST 2010


You're of course right, because if it didn't I never would've known this was happening =)

The problem now is getting my upstream to figure out what the source is =(

-Drew


-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de] 
Sent: Thursday, February 25, 2010 4:37 PM
To: Drew Weaver
Cc: Cisco-nsp
Subject: Re: [c-nsp] Netflow - GSR engine 5

Hi,

On Thu, Feb 25, 2010 at 11:43:37AM -0500, Drew Weaver wrote:
> Should ingress packets dropped by ACLs still hit Netflow on the GSR with E5 linecards?
> 
> Gi2/0/2       10.1.123.32  Null          10.1.123.3   11 A29F 0035     1

I'm not sure whether this is documented anywhere, but this is expected, and it is actually recommended to use "Netflow dest if=null" instead of "ACL logging" to see which packets your network is refusing.

> So basically a packet is being sent in from the Internet sourced from 
> one of my own IP addresses, and I assume it is being dropped because 
> of the ACL on our Internet connections that says we don't want traffic 
> coming in from ourselves, but why is it showing up in the netflow 
> exports?

So that you can keep track of what you're dropping.  You might want to know about it :-)

gert

--
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de



More information about the cisco-nsp mailing list