[c-nsp] Netflow - GSR engine 5
Drew Weaver
drew.weaver at thenap.com
Fri Feb 26 09:36:53 EST 2010
You're of course right, because if it didn't I never would've known this was happening =)
The problem now is getting my upstream to figure out what the source is =(
-Drew
-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de]
Sent: Thursday, February 25, 2010 4:37 PM
To: Drew Weaver
Cc: Cisco-nsp
Subject: Re: [c-nsp] Netflow - GSR engine 5
Hi,
On Thu, Feb 25, 2010 at 11:43:37AM -0500, Drew Weaver wrote:
> Should ingress packets dropped by ACLs still hit Netflow on the GSR with E5 linecards?
>
> Gi2/0/2 10.1.123.32 Null 10.1.123.3 11 A29F 0035 1
I'm not sure whether this is documented anywhere, but this is expected, and it is actually recommended to use "Netflow dest if=null" instead of "ACL logging" to see which packets your network is refusing.
> So basically a packet is being sent in from the Internet sourced from
> one of my own IP addresses, and I assume it is being dropped because
> of the ACL on our Internet connections that says we don't want traffic
> coming in from ourselves, but why is it showing up in the netflow
> exports?
So that you can keep track of what you're dropping. You might want to know about it :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list