This is an old revision of the document!
2 Export NAT flows in IPFIX (Netflow 10)
For data analisys on NAT flows on external systems IPFIX export is available (aka netflow v10).
Settings of NAT flows export:
ipfix_dev=em1 ipfix_nat_udp_collectors=1.2.3.4:1500,1.2.3.5:1501 ipfix_nat_tcp_collectors=1.2.3.6:9418
here
- em1 - network device name for export
- ipfix_nat_udp_collectors - addresses of udp collectors
- ipfix_nat_tcp_collectors - addresses of tcp collectors
IPFIX template for NAT flows export
| ID | IANA | Size | Type | Description | Note |
|---|---|---|---|---|---|
| 323 | 0 | 8 | int64 | SYSTEM TIME WHEN THE EVENT OCCURRED | |
| 4 | 0 | 1 | int8 | PROTOCOLIDENTIFIER | |
| 230 | 0 | 1 | int8 | TYPE OF EVENT | |
| 8 | 0 | 4 | IP v4 | SOURCEIPV4ADDRESS | |
| 225 | 0 | 4 | IP v4 | POSTNATSOURCEIPV4ADDRESS | |
| 7 | 0 | 2 | int16 | SOURCE PORT | |
| 227 | 0 | 2 | int16 | POSTNAPTSOURCETRANSPORTPORT | |
| 12 | 0 | 4 | IP v4 | DESTINATIONIPV4ADDRESS | |
| 11 | 0 | 2 | int16 | DESTINATIONTRANSPORTPORT | |
| 2000 | 43823 | 8 | int64 | SESSION_ID | |
| 2003 | 43823 | string | LOGIN |
To collect information in IPFIX any universal collector can be used or IPFIX Receiver utility.