The code path for MLS netflow versus software netflow is not the same.
For MLS netflow the export records are created by the DFC/PFC so it's
not surprising that they act differently than "locally generated"
traffic.
Just as an example that shows the code path is different. Export to
VRF destination is supported for software netflow but not for MLS
netflow.
-Ben
On Jun 17, 2010, at 9:17 AM, Marco Matarazzo wrote:
Hi all,
I'm facing a strange behaviour on an ACL just wanted to know if
someone has
encountered a similar issue? Here're the facts:
I'm using a Cisco 6509 on SXI2, I've setup Netflow to collect and send
traffic to a collector. The collector is on my management network. The
relevant configs:
[...snip...]
mls netflow interface
mls flow ip interface-full
mls nde sender
[... some interfaces has ip flow ingress configured...]
interface FastEthernet3/48
description Management Network
ip address 10.16.x.y 255.255.255.0
ip access-group Management out
no ip proxy-arp
ip flow-export source FastEthernet3/48
ip flow-export version 9 origin-as
ip flow-export destination 10.16.x.z 9995
ip access-list extended Management
deny ip any any
with this configuration in place the collector only receives flows
generated
by CPU switch traffic. All the traffic generated by the mls nde sender
command does get blocked by the ACL. As soon as I remove the ACL the
traffic
flows fine. I was under the assumption that traffic generated by the
router
was not affected by the ACLs, and in fact all the rest of the
traffic is
fine... Maybe I'm catching a bug here, or is that written somewhere
that
packets created by the mls gets blocked by ACLs?
Cheers,
]\/[arco
--
I'm Winston Wolf, I solve problems.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
