Hi, On Fri, Feb 01, 2008 at 10:25:48AM +0200, [EMAIL PROTECTED] wrote: > ip flow ingress on 2 interfaces (and ip route-cache flow) > > The problem is that the flows that I receive only contain local traffic > (traffic between various IP addresses on the C7600 and remote IPs, no > transit traffic).
Flows on the 7600 can come from two different sources - CPU and Hardware/MLS.
CPU switched packets will cause, well "CPU flows", and those respect the
settings of "ip flow ingress" on the interfaces.
Hardware/MLS switched packets will cause flow records on *all* interfaces,
and so you see traffic for most of the data flowing through your 7600.
As a workaround, you need to filter by ifindex on the netflow collector.
(To be precise: the above is true up to 12.2(18)SXF. As far as I understand,
in 12.2(33)SXH and in SR<something>, the MLS flow entries will actually be
filtered according to the "ip flow ingress" settings on the interfaces, and
thus you won't see unexpected flows. I have not yet tried either version,
but have read it in the release notes...).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-35655025 [EMAIL PROTECTED]
pgp9tDSN6Xfbj.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
