where is the traffic being routed? Without using packet tracer

lm438b · ‎04-06-2018

Hello,

I have a question. Im working in a really big network, and I want to see the traffic that is exiting the router via a specific interface. The routers are running OSPF.

If I take a look into the routing table, I see thousands of routes that use that specific interface, however how can I know which ones of those routes are really being used? are really being matched?

Im trying to find something like a counter that tells me for each route in the routing table I have x amount of packets that matched that route.

OR

Ideally, being able to see the packets source and destination IP addresses.

(I cannot issue any debug commands or monitor)

Thanks for your help

Seb Rupik · ‎04-06-2018

Hi there,

This is a perfect use case for netflow.

Configure ip flow monitor on the interface in question and have it exported to a netflow collector/ analyser. This will give you detailed information about the packets traversing the interface. For example filtering the results based on destination address derived from the subnets in your routing table.

cheers,

Seb.

lm438b · ‎04-06-2018

Hey Seb!

Thanks for your reply.

I also stumble to that solution, and like you said that would be perfect!!

But unfortunately that is not an option...

Do you have any other idea?

Thanks a lot

Hulk8647 · ‎04-06-2018

You could configure policy based routing (PBR) and use the ACLs to each network. You could then check your hit counters