Hi, the question came up elsewhere, and I'm looking for operational experience.
Are there cisco platforms that will reliably and correctly fill in the
"source MAC address" in netflow records, for IPv4 and IPv6? The packet
format permits it, but unless the hardware can do it, it's not that useful.
(6500/Sup720 will just leave the source mac blank)
Use case: peering router at an IXP - you receive packets that "you don't
want" (for whatever reason) and want to be sure which peer sent them
to you. Using the source IP address is no reliable indicator for
"which peer did it come from" - it could be spoofed, there could be
asymmetric routing, etc. - so the only reliable indicator is "source MAC"
(assuming the IXP does source-MAC filtering, this cannot be spoofed,
even if a bad guy controls the peer router).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpQdX1DS0Wuz.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
