Hi Peter, Peter Nixon, 23.05.2006 22:26: > This is not what I am seeing on my system nor what cisco says at: > http://www.cisco.com/application/pdf/en/us/guest/products/ps6601/c1244/cdccont_0900aecd8045b422.pdf > > "Since both the ping and the Telnet session were part of a two-way flow of > traffic, we might expect four NetFlow records, rather than two. For each > traffic type, one flow represents traffic on the way out; another flow > represents traffic on the way back. However, with one exception to be > discussed later, NetFlow only track flows on the physical ingress port, not > the egress port. In this example, NetFlow had been disabled intentionally on > interface Fa4/0, so that this issue could be illustrated. In order to track > the two-way nature of IP traffic flows, it is necessary to enable NetFlow on > all interfaces of a router."
ok, now I understand your problem. I don't have too much Cisco experience, and didn't know about this strange behaviour. This means, that NAT breaks the whole thing. Maybe they offer some "workaround" configuration, like "rewrite ingress traffic with nat table" or so, which you could enable on the external port? But I think it's a broken design to offer NAT, but not to meter egress traffic. > I am using Netflow 9. I am going to try to upgrade my IOS and see if that > helps. Netflow v9 should offer a a flow key like "postDestinationIPAddress", which contains the IP address after the NAT-process, then you have both IP adresses in the flow, but nfacct cannot handle this flow key yet AFAIK. Cheers, Sven -- Sven Anderson Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de Georg-August-Universitaet Goettingen Lotzestr. 16-18, 37083 Goettingen, Germany _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
