Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Netflow L2 versus L3

Hi,

I have a Catylyst 6500 with SUP720-PFC3B running version 12.2(33)SXH4. On this switch, I have a VRF configured with 6 vlan interfaces.

I activated Netflow on this witch and configured Netflow on only one vlan interface with the command ip flow ingress. This interface is on VLAN 311 in the following picture :

VRF.jpg

I observe that a flow initiated upstream of the interface vlan 300 and direcetd to another interface is marked as L3 - Dynamic, which is normal because it is a routed flow form one interface to another interface on different subnets. However, the return packets are marked as L2 - Dynamic !

For instance, a DNS request arriving on interface vlan 311 is seen as a Layer-3 flow, whereas the retrun packet is seen as a Layer-2 flow !

DstIP           SrcIP           Prot:SrcPort:DstPort  Src i/f  :AdjPtrPkts   Bytes   Age   LastSeen  Attributes    
---------------------------------------------------------------------------------------------------------------    

10.56.6.222     10.240.3.45     udp :44241  :dns      Vl311    :0x01         69      72    11:15:46   L3 - Dynamic
10.240.3.45     10.56.6.222     udp :dns    :44241    Vl311    :0x00          0      72    11:15:46   L2 - Dynamic

The same observation is valid for TCP flows

My Questions :

  • When Netflow is activated in ingress only on only one interface, is it normal to see the return flow ? As far as I understood, a flow is a unidirectional communication and Netflow has not been configured on the the return path. So I wonder whay i see the return flow ?

  • Why the return flow is marked as L2 switched flow and not L3 routed ?

  • Is is a valid statement to say that if I want to see only L3 flows in the Netflow tale, I have to configure ingress Netflow on all the interfaces ?

Thank you for any explanations,

Yves Haemmerli

Everyone's tags (1)
863
Views
0
Helpful
0
Replies