Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
8
Replies

Netflow - DstIf

dahirton
Level 1
Level 1

‎08-03-2004 12:34 PM - edited ‎03-02-2019 05:30 PM

I've started Netflow in a 7206VXR running 12.2(13) and realized a weird behavior when checking output from 'show ip cache flow' command, as follows:

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa3/0 10.105.160.8 Null 193.41.102.38 06 3383 01BB 3

Fa3/0 172.19.249.73 Null 10.103.192.216 06 0050 0449 1

Fa3/0 172.19.249.73 Null 10.103.192.216 06 0050 0448 1

Some of the DstIf information goes to Null (??). What could be a reasonable reason for that ? These destination ip addresses have specific matching in the routing table, therefore it looks really strange!

Thanks for your help !

Labels:
0 Helpful
8 Replies 8

spremkumar
Level 9
Level 9

‎08-03-2004 07:44 PM

Hi

Hv u defined any route map kinda of thing to match traffic destined to particular port nos to be send to Null interface ??

regds

prem

0 Helpful

dahirton
Level 1
Level 1
In response to spremkumar

‎08-10-2004 07:36 AM

Hi Prem, sorry for late reply !

No I don't have any route-map doign this kinda of thing.

0 Helpful

Steve Fuller
Level 9
Level 9

‎08-05-2004 03:36 PM

Do you have the "ip route-cache flow" command on all interfaces and particularly those which would be the outgoing interface to 10.103.192.216?

Regards

0 Helpful

dahirton
Level 1
Level 1
In response to Steve Fuller

‎08-10-2004 07:44 AM

Hi Steve, these packets are really going to trash or what the output is giving me is something I should no take into account ? Customer is complaining about slow response and drops.

Brgds,

0 Helpful

asmoura
Level 1
Level 1

‎08-05-2004 09:29 PM

Filtering with an ACL rule matching those "Null" entries have this effect in the CLI netflow output.

0 Helpful

dahirton
Level 1
Level 1
In response to asmoura

‎08-10-2004 07:40 AM

Hi asmoura, could you pls be more specific. In fact I don't have any ACL like this one setup in the router. Bottom line here is: Are these packets really going to trash or not ?

Thanks.

0 Helpful

spremkumar
Level 9
Level 9
In response to dahirton

‎08-10-2004 06:43 PM

Hi

As asmoura said there may be some ACLs matching source from particular ip and particular destination pointed towards null0 which will infact drop ur packets.

But to hve more indepth view on this situation do post the config without any sensitive info..

regds

prem

0 Helpful

asmoura
Level 1
Level 1
In response to dahirton

‎08-11-2004 05:55 AM

Hello,

Yes, your packets are being dropped.

There are at least two situations that can cause that, that I am aware of:

1) There's an ACL applied to your Fa3/0 interface, or the destination interface, with some rule matching the flows, directing them to null.

2) There's a route to Null0, matching those destinations configured in the equipment.

Maybe other situations can do the same, like a rate-limiting (imply using ACLs, anyway) command applyed to the interface.

0 Helpful
Customers Also Viewed These Support Documents