[c-nsp] WARNING: Netflow Data Export & Hardware assisted NAT not supported on 76xx/65xx on the same interface
Gert Doering
gert at greenie.muc.de
Sun Aug 28 14:00:36 EDT 2011
Hi,
On Sun, Aug 28, 2011 at 10:23:57AM -0400, Matthew Huff wrote:
> Netflow *collection* of flows traversing the NAT-ed interface.
Thanks for clarification. Yes, indeed, that makes more sense (in a way)
and is not that easy to work around.
One could try some VRF tricks (NAT in one VRF, netflow in another VRF,
hardware-loopback from one GigE/VRF-1 to another GigE/VRF-2) on the
same box, but that's not exactly a clean design.
OTOH, I can't see why the hardware couldn't properly age out NAT
entries, and then send a NDE record when the NAT entry expires... after
all, it will have to do NAT state table entry cleanup anyway. (But to
get Cisco to work on that, you might have to offer to buy another 500
boxes...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110828/5f135a08/attachment.pgp>
More information about the cisco-nsp
mailing list