cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
904
Views
0
Helpful
1
Replies

NetFlow/Null interface

blwoltz
Beginner
Beginner

Does anybody have any ideas why I see netflow data with destination of Null interface, when based on the source/dest IP it should be going through the router? I would expect to see source int be one interface, and dest be the other interface. Would acl cause this? Would IOS FW feature cause this? Maybe inspecting the traffic it sends invalid traffic to null interface?

I've got one router that is showing a ton of this behavior and just trying to figure out what exactly could be causing it. It seems to be adversly affecting performance as the IP Input process is hogging the CPU when this happens.

1 Reply 1

spremkumar
Engager
Engager

Hi

Can you post your config here ?

From my personal exp we had some customer sites badly affected with nachi,blaster and their variants which was mitigated using route-map.

in which we mention or configure the certain match criterias and drop the packet inplace of forwarding it.

you can also check out the port details with which you are getting the traffic sourced or destined,that will also help u to isolate whether its some worm related traffic or something being done purposefully.. (thats getting ur traffic blackholed)..

if u want to lookout for a upgrade do post out ur current ios version o/p..

regds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers