Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1664
Views
5
Helpful
5
Replies

IP Accounting question

Go to solution
DanielKerman
Level 1
Level 1

‎06-12-2013 07:14 AM - edited ‎03-04-2019 08:10 PM

Hello everyone!

One of end costumers is trying to configure IP Accounting on 7206 running version 12.4(4)XD8

Here is part of the configuration on the interface:

interface GigabitEthernet0/3.106

bandwidth 1000

encapsulation dot1Q 106

ip address <IP> <SM=/29>

ip verify unicast reverse-path

no ip redirects

ip accounting output-packets

no snmp trap link-status

no cdp enable

The issue we are having is that while the physical interface is up (the sub interface is part of a metro line which is directly connected) we dont see packets being accounted if the destanation IP is down.

Basically we need to know if what we are seeing is normal.

Thanks in advance, Daniel.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mohammadrastgoo
Level 1
Level 1
In response to DanielKerman

‎07-17-2013 10:44 AM

Hello Daniel,

Sometimes (not if most of the time) industry standards don't come with official documents. A technology simply becomes the mainstream and everyone adopts it.

Netflow is much more capable than IP accounting. Not sure if your device supports netflow or sflow but try to pair it up with manageengine. they have a 30 day trial. and then see the power of netflow accounting for yourself.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-22-2013 03:07 AM

Hello Daniel,

>> we dont see packets being accounted if the destanation IP is down

Do you mean the IPv4 next-hop to the final destination ? or you mean actually the final destination?

What side is starting the communication?

IF it is the IPv4 next-hop to final destination I would say what you see is normal as the route has been removed from IP routing table and from CEF table after next-hop failure, the packets are likely following another path pointing to the default route (if any is present in your environment) and so no IP accounting is performed out the specific interface-

If it is the final destination we need additional information to be helpful

One point can be noted : you have also uRPF configured.

You should provide a network diagram and the configuration of the involved network devices

Hope to help

Giuseppe

Go to solution
DanielKerman
Level 1
Level 1
In response to Giuseppe Larosa

‎07-17-2013 09:24 AM

Hello Giuseppe, thank you for your reply.

Here are the answers to your quesions:

>> we dont see packets being accounted if the destanation IP is down

Do you mean the IPv4 next-hop to the final destination ? or you mean actually the final destination?

Both actually. The IPv4 next hop adress is the final destination. During the ocurrence of the problem the interface on the other end acting as the final destination is shut down.

What side is starting the communication?

Communaction is starting from the LAN network connected to the 7206, heading for the remote site on the other end of the metro line.

IF it is the IPv4 next-hop to final destination I would say what you see is normal as the route has been removed from IP routing table and from CEF table after next-hop failure, the packets are likely following another path pointing to the default route (if any is present in your environment) and so no IP accounting is performed out the specific interface-

If it is the final destination we need additional information to be helpful

As I said before, its both. When we shut the IPv4 next-hop/Intertfacegshhi, we immediately ping the IP address of the destination. At that moment we dont see packets being accounted.


One point can be noted : you have also uRPF configured.

Can you care to explain how it might be effecting us in the current scenario?



0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-22-2013 03:28 AM

IP Accounting is obsolete and should not be used. Use netflow instead.

0 Helpful

Go to solution
DanielKerman
Level 1
Level 1
In response to paolo bevilacqua

‎07-17-2013 09:26 AM

Hello Paolo,

Do you have any official document or source that supports your claim?

I also prefer to use neflow, but an official statement is aways good

0 Helpful

Go to solution
mohammadrastgoo
Level 1
Level 1
In response to DanielKerman

‎07-17-2013 10:44 AM

Hello Daniel,

Sometimes (not if most of the time) industry standards don't come with official documents. A technology simply becomes the mainstream and everyone adopts it.

Netflow is much more capable than IP accounting. Not sure if your device supports netflow or sflow but try to pair it up with manageengine. they have a 30 day trial. and then see the power of netflow accounting for yourself.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card