Wrong flows appearing on interface
Moderators: scottr, Moderator Team
3 posts
• Page 1 of 1
Wrong flows appearing on interface
by meade470 » Sat Sep 10, 2011 12:43 pm
I have a small network with a simple config. Our router is configured as follows:
Global:
ip flow-export source Loopback1
ip flow-export version 5
ip flow-export destination 192.168.25.86 9996
ip flow-export destination 192.168.25.87 9996
All interfaces (2 physical and 3 subinterfaces) have "ip flow ingress" applied to them (the "ip route-cache flow" is deprecated in the IOS version).
I am seeing, on all interfaces, flows which shouldn't appear on the interfaces. For instance, if I view Host-to-Host on the 192.168.25.1 interface, I see:
Source IP: 192.168.40.2 Destination IP: (internet IP)
Source IP: 192.168.26.34 Destination IP: (internet IP)
This is occuring on an upgraded installation of Scrutinizer as well as a fresh installation of Scrutinizer on a test server. Any thoughts? Am I misunderstanding something?
Thanks
Global:
ip flow-export source Loopback1
ip flow-export version 5
ip flow-export destination 192.168.25.86 9996
ip flow-export destination 192.168.25.87 9996
All interfaces (2 physical and 3 subinterfaces) have "ip flow ingress" applied to them (the "ip route-cache flow" is deprecated in the IOS version).
I am seeing, on all interfaces, flows which shouldn't appear on the interfaces. For instance, if I view Host-to-Host on the 192.168.25.1 interface, I see:
Source IP: 192.168.40.2 Destination IP: (internet IP)
Source IP: 192.168.26.34 Destination IP: (internet IP)
This is occuring on an upgraded installation of Scrutinizer as well as a fresh installation of Scrutinizer on a test server. Any thoughts? Am I misunderstanding something?
Thanks
- meade470
- Posts: 2
- Joined: Thu Jun 24, 2010 6:30 pm
Re: Wrong flows appearing on interface
by BenjaminM » Mon Sep 12, 2011 6:35 am
What device is this?
Benjamin Moore
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
-
BenjaminM - Posts: 63
- Joined: Tue Mar 01, 2011 11:33 am
- Location: Sanford, Maine
Re: Wrong flows appearing on interface
by BenjaminM » Wed Sep 21, 2011 8:55 am
Hi Meade470,
I apologize for my vague response.
It sounds to me like you are seeing traffic that is ingress on the 192.168 interface with the internet being it's destination.
I am happy to look at this with you so we both understand what it is we are seeing here. Can we make that happen?
What type of hardware/OS are you running?
Can you send me the configuration for the 192.168.25.1 interface you are seeing this behavior on? Is 192.168.25.1 an interface or subinterface?
Is this behavior occurring on all of the interfaces from this device?
Thanks,
Ben
I apologize for my vague response.
It sounds to me like you are seeing traffic that is ingress on the 192.168 interface with the internet being it's destination.
I am happy to look at this with you so we both understand what it is we are seeing here. Can we make that happen?
What type of hardware/OS are you running?
Can you send me the configuration for the 192.168.25.1 interface you are seeing this behavior on? Is 192.168.25.1 an interface or subinterface?
Is this behavior occurring on all of the interfaces from this device?
Thanks,
Ben
Benjamin Moore
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
-
BenjaminM - Posts: 63
- Joined: Tue Mar 01, 2011 11:33 am
- Location: Sanford, Maine
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests