We have activated Netflow Export on our new SUP5-10GE Supervisor Card. The following commands are added to the configuration.
#sh run | include flow
ip flow ingress
ip flow ingress layer2-switched
ip flow-cache timeout active 5
ip flow-export source Vlan250
ip flow-export version 5
ip flow-export destination xxx xxx
ip route-cache flow
Our device is ony used as a normal Switch, so we only see Layer2 Bridged Flows. Src/Dest Interfaces marked as "NULL". The Problem is that some of the Flows are very strange. It seems that some Src/Dst. IP Addresses are wrong composed.
NULL 0.96.207.32 Null 126.96.36.199 18 0000 0000 7
NULL 0.16.24.0 Null 188.8.131.52 CF 0000 0000 15
NULL 184.108.40.206 Null 220.127.116.11 04 0000 0000 1
NULL 18.104.22.168 Null 22.214.171.124 04 0000 0000 14K
NULL 126.96.36.199 Null 10.44.170.0 04 0000 0000 2255
Adresses which are never used in our environment. We have also activated netflow export on our core routers, and they dont see the flow on the layer3 svi interfaces. So we believe the problem relies on the Sup5.
We have tested both c450x IOS release Trains:
12.2(25)EWA9 and 12.2(37)SG
Both releases produce the same strange flows!