08-03-2004 12:34 PM - edited 03-02-2019 05:30 PM
I've started Netflow in a 7206VXR running 12.2(13) and realized a weird behavior when checking output from 'show ip cache flow' command, as follows:
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa3/0 10.105.160.8 Null 193.41.102.38 06 3383 01BB 3
Fa3/0 172.19.249.73 Null 10.103.192.216 06 0050 0449 1
Fa3/0 172.19.249.73 Null 10.103.192.216 06 0050 0448 1
Some of the DstIf information goes to Null (??). What could be a reasonable reason for that ? These destination ip addresses have specific matching in the routing table, therefore it looks really strange!
Thanks for your help !
08-03-2004 07:44 PM
Hi
Hv u defined any route map kinda of thing to match traffic destined to particular port nos to be send to Null interface ??
regds
prem
08-10-2004 07:36 AM
Hi Prem, sorry for late reply !
No I don't have any route-map doign this kinda of thing.
08-05-2004 03:36 PM
Do you have the "ip route-cache flow" command on all interfaces and particularly those which would be the outgoing interface to 10.103.192.216?
Regards
08-10-2004 07:44 AM
Hi Steve, these packets are really going to trash or what the output is giving me is something I should no take into account ? Customer is complaining about slow response and drops.
Brgds,
08-05-2004 09:29 PM
Filtering with an ACL rule matching those "Null" entries have this effect in the CLI netflow output.
08-10-2004 07:40 AM
Hi asmoura, could you pls be more specific. In fact I don't have any ACL like this one setup in the router. Bottom line here is: Are these packets really going to trash or not ?
Thanks.
08-10-2004 06:43 PM
Hi
As asmoura said there may be some ACLs matching source from particular ip and particular destination pointed towards null0 which will infact drop ur packets.
But to hve more indepth view on this situation do post the config without any sensitive info..
regds
prem
08-11-2004 05:55 AM
Hello,
Yes, your packets are being dropped.
There are at least two situations that can cause that, that I am aware of:
1) There's an ACL applied to your Fa3/0 interface, or the destination interface, with some rule matching the flows, directing them to null.
2) There's a route to Null0, matching those destinations configured in the equipment.
Maybe other situations can do the same, like a rate-limiting (imply using ACLs, anyway) command applyed to the interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide