Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
2
Replies

Netflow and Mask Information

chrisayres
Level 1
Level 1

‎10-30-2007 09:31 AM

We have been looking at the netflow records sent from our devices to our netflow collector and have found a couple of anomolies.

the src and dst mask is often shown as a /32 when this is not actual mask size. Also the output interface is shown as 0 when the packet would have left the device. This is happening on both version 7 netflow from 6500's (catos) and also version 5 from routers. Can anyone explain why this is happening and if it is correct.

Labels:
0 Helpful
2 Replies 2

ebreniz
Level 6
Level 6

‎11-05-2007 10:14 AM

If you use mls flow ip full command it will consume more memory in MLS because it will have more entries based on layer 4 information. It is recommended to keep the size of the MLS cache below 32K entries. To keep the size of the MLS cache down, enable mls aging fast. Src-only / Dest-only Microflow policer will not work, when NDE is configured.

0 Helpful

yjdabear
VIP Alumni
VIP Alumni

‎11-05-2007 12:12 PM

Aren't "output interface 0" flows just dropped packets?

0 Helpful
Customers Also Viewed These Support Documents