On 03/29/2013 10:38 AM, Gert Doering wrote:
Hi,
the question came up elsewhere, and I'm looking for operational experience.
Are there cisco platforms that will reliably and correctly fill in the
"source MAC address" in netflow records, for IPv4 and IPv6? The packet
format permits it, but unless the hardware can do it, it's not that useful.
(6500/Sup720 will just leave the source mac blank)
I thought they would fill it in for CPU-generated flows, but a wuick
look in our netflow suggests they're not.
I guess the tricky bit is "which MAC address" because of course there
could be one, two or dozens for a given flow. It's likely to be smaller
values, but in FnF terms do you want "mac" to be a "match" or "collect"
term?
I have a vague recollection sup2T claimed to be able to do this?
Use case: peering router at an IXP - you receive packets that "you don't
Oh, there's a bunch of use-cases - tracking actual origin for ACL denies
and uRPF fails, tracking real origin for anycast or DSR SLB packets, and
so on. It would certainly be a useful tool.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
