Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

NetFlow/Null interface

blwoltz
Beginner
Beginner

‎11-16-2005 12:33 PM - edited ‎03-03-2019 10:59 AM

Does anybody have any ideas why I see netflow data with destination of Null interface, when based on the source/dest IP it should be going through the router? I would expect to see source int be one interface, and dest be the other interface. Would acl cause this? Would IOS FW feature cause this? Maybe inspecting the traffic it sends invalid traffic to null interface?

I've got one router that is showing a ton of this behavior and just trying to figure out what exactly could be causing it. It seems to be adversly affecting performance as the IP Input process is hogging the CPU when this happens.

Labels:
0 Helpful
1 REPLY 1

spremkumar
Engager
Engager

‎11-17-2005 08:12 AM

Hi

Can you post your config here ?

From my personal exp we had some customer sites badly affected with nachi,blaster and their variants which was mitigated using route-map.

in which we mention or configure the certain match criterias and drop the packet inplace of forwarding it.

you can also check out the port details with which you are getting the traffic sourced or destined,that will also help u to isolate whether its some worm related traffic or something being done purposefully.. (thats getting ur traffic blackholed)..

if u want to lookout for a upgrade do post out ur current ios version o/p..

regds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents