1506 byte netflow packet from a 1500 mtu router

Unanswered Question
Sep 21st, 2007
User Badges:


I've been battling with an annoying problem where netflow v9 data from a 3725 router has been going awol when it reaches my F5 load balancers. what i have come down to is finding that the F5 boxes are rejecting the UDP packets as they have a size of 1506 bytes, compared to their MTU of 1500, and i can now see icmp host unreachable messages going back to the router to this effect. but the 3725 router itself is also configured, according to the snmp if table (as that's all i can see... the router is hosted for us) that the fa0.1 interface which is connect to our LAN also has an MTU of 1500, that that device is apparently creating packets of 1506 itself (i've verified this by directly spanning that switch port and capturing data right from it). From what i understand my load balancer is totally correct to reject the packet as it is 6 bytes too big.

what's going on?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jan Nejman Sat, 09/22/2007 - 01:49
User Badges:
  • Bronze, 100 points or more


it is really very strange. I saw the longest netflow packet 1496 bytes long. In any case netflow export is not supported by Cisco on this device type. (*NetFlow is not supported on 35xx and 37xx devices). Is the value 1506B a L2 or L3 packet size? It looks that you are using a trunk, so maybe it is that problem (size of packet is incremented due to 802.1q... I don't know.) Did you test what happens when you decrease MTU on 3725?

Please, let me know, I'm personally interested in any solution.

Kind regards,

Jan Nejman

Caligare Co.


acid_kewpie Sat, 09/22/2007 - 03:08
User Badges:

netflow definitely is supported, we are using it. maybe you're thinking of 3560 and 3750 catalyst switches not routers?

1506 is the L2 frame size, the L3 packet is 1464 bytes, and there is no trunk, just a single access port.




This Discussion