Cisco Bug: CSCtd92012 - NetFlow should not create records for GRE if GRE/IPsec is configured
Feb 06, 2017
- Cisco IOS
Known Affected Releases
Symptom: NetFlow creates entries for both ESP and GRE on an interface with crypto applied: SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi0/0 192.168.1.2 Local 192.168.1.1 2F 0000 0000 10 Gi0/0 192.168.1.2 Local 192.168.1.1 32 A452 CA03 10 This is not a behavior as per the officially published whitepaper and leads to double-accounting in customer networks: http://www.cisco.com/en/US/products/ps6601/products_white_paper09186a008022bde8.shtml However, this is expected behaviour from 12.4(15)T and earlier. Conditions: "ip flow ingress" is enabled on the outside Gi0/0 interface and this interface terminates GRE/IPSec tunnel. This behavior is observed in IOS 12.4 and IOS 12.4(15)T and below.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases