Re: [c-nsp] Counters for null0?

Wed, 05 Aug 2009 09:15:57 -0700 

Gert Doering wrote:

Hi,

On Wed, Aug 05, 2009 at 11:07:09AM -0400, Julio Arruda wrote:

On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in Netflow ? 
If a given IOS version does that, it's a bug.

ifout = NULL usually means "traffic dropped due to ACL or no route".

Traffic consumed by the router :-), that should be more specific.
Example, OSPF/BGP traffic, NAT traffic, some VPN traffic (tunnel interface as outbound). 

I'm wondering a bit about VPN and NAT (I think this might depend very
much on platform, but at least the software platforms should know the
output interface). 
On IPSEC, there is a great doc on www.cisco.com on the expected behaviour..

http://www.cisco.com/en/US/products/ps6601/products_white_paper09186a008022bde8.shtml
What I saw in old Catos+IOS was NOT something expected...but the customer changed topology, so I'm not sure if they ever opened a case with their support. 



BGP shows up on our 7200s as "Local" (addresses changed):

Cisco-7200>sh ip cache flow | inc 00B3
Gi0/3.123 100.100.10.219 Local 100.100.10.200 06 8355 00B3 65 Gi0/1.11 100.100.10.46 Local 100.100.10.200 06 00B3 8BA5 2 Gi0/3.123 101.10.101.79 Local 101.10.101.65 06 E514 00B3 1 Gi0/1.11 100.100.10.209 Local 100.100.10.200 06 E473 00B3 1 Gi0/3.123 100.100.10.213 Local 100.100.10.200 06 EAD7 00B3 52 Gi0/3.123 101.10.101.80 Local 101.10.101.65 06 37D3 00B3 1
Interesting, how this is exported ? I seem to recall it would show as ifout=0, but was looking at the 'out of the box experience' :-) 
And as you said, it may quite well be platform dependent...


EIGRP is "Null", though:

Cisco-7200>sh ip cache flow | inc 224.0
Gi0/1.11 100.100.10.111 Null 224.0.0.10 58 0000 0000 47 Gi0/1.11 100.100.10.118 Null 224.0.0.10 58 0000 0000 51 Gi0/1.11 100.100.10.117 Null 224.0.0.10 58 0000 0000 56 Gi0/1.11 100.100.10.114 Null 224.0.0.10 58 0000 0000 65 
gert


_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to