Netflow and Mask Information

Unanswered Question
Oct 30th, 2007
User Badges:

We have been looking at the netflow records sent from our devices to our netflow collector and have found a couple of anomolies.

the src and dst mask is often shown as a /32 when this is not actual mask size. Also the output interface is shown as 0 when the packet would have left the device. This is happening on both version 7 netflow from 6500's (catos) and also version 5 from routers. Can anyone explain why this is happening and if it is correct.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Mon, 11/05/2007 - 10:14
User Badges:
  • Silver, 250 points or more

If you use mls flow ip full command it will consume more memory in MLS because it will have more entries based on layer 4 information. It is recommended to keep the size of the MLS cache below 32K entries. To keep the size of the MLS cache down, enable mls aging fast. Src-only / Dest-only Microflow policer will not work, when NDE is configured.

yjdabear Mon, 11/05/2007 - 12:12
User Badges:
  • Gold, 750 points or more

Aren't "output interface 0" flows just dropped packets?

Actions

This Discussion