Using NetFlow to isolate packet drops or blocks

Must have netflow configured ingress or egress ‘ip flow ingress/egress’

Use command:

R3#sh ip cache 1.1.1.1 255.255.255.255 flow
IP packet size distribution (86 total packets):
1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
.000 .534 .000 .465 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
1 active, 65535 inactive, 14 added
180 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
0 active, 16384 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 2 chunks added
last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
——–         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet           6      0.0         7    43      0.0       1.9       8.6
ICMP                 7      0.0         5   100      0.0       0.1      15.4
Total:              13      0.0         6    67      0.0       0.9      12.3

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa0/1         1.1.1.1         Local         100.100.100.100 01 0000 0800     5

Null DstIf, ACL blocking traffic

R3#sh ip cache flow
IP packet size distribution (952 total packets):
1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
.018 .263 .399 .318 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
7 active, 65529 inactive, 216 added
7632 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
0 active, 16384 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
——–         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-BGP            125      0.0         2    51      0.0       6.5      14.7
UDP-other           18      0.0         1    28      0.0       0.0      15.5
ICMP                63      0.0         4    98      0.0       0.8      15.4
IP-other             3      0.0        65    79      0.0     599.3      11.2
Total:             209      0.0         3    76      0.1      12.7      15.0

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa0/0         34.34.34.4      Null          8.8.8.8         01 0000 0800     5
Fa0/0         34.34.34.4      Fa1/1*        1.1.1.1         01 0000 0800     5
Fa0/0         34.34.34.4      Fa1/1         1.1.1.1         01 0000 0800     5
Fa0/0         34.34.34.4      Null          224.0.0.5       59 0000 0000   178
Fa1/1         1.1.1.1         Fa0/0         34.34.34.4      01 0000 0000     5
Fa1/1         1.1.1.1         Fa0/0*        34.34.34.4      01 0000 0000     5
R3#sh ip access-lists
Standard IP access list 1
10 deny   8.8.8.8
20 permit any
Extended IP access list EIGHT
10 deny ip any host 8.8.8.8 (5 matches)
20 permit ip any any (19 matches)

en
conf t
host R1
int f0/0
ip add 12.12.12.1 255.255.255.0
no shut
int loop 0
ip add 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.12.12.2

en
conf t
host R2
int f0/0
ip add 12.12.12.2 255.255.255.0
no shut
int f1/0
ip add 23.23.23.2 255.255.255.0
no shut
int loop 0
ip add 2.2.2.2 255.255.255.0
ip route 1.1.1.1 255.255.255.255 12.12.12.1
ip route 3.3.3.3 255.255.255.255 23.23.23.3
ip route 100.100.100.100 255.255.255.255 23.23.23.3

en
conf t
host R3
int f0/1
ip add 23.23.23.3 255.255.255.0
ip flow ingress
no shut
int loop 0
ip add 3.3.3.3 255.255.255.0
interface Loopback100
ip address 100.100.100.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 23.23.23.2

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s