This is an old revision of the document!
2 Export NAT flows in IPFIX (Netflow 10)
For data analisys on NAT flows on external systems IPFIX export is available (aka netflow v10).
Settings of NAT flows export:
ipfix_dev=em1 ipfix_nat_udp_collectors=1.2.3.4:1500,1.2.3.5:1501 ipfix_nat_tcp_collectors=1.2.3.6:9418
here
- em1 - network device name for export
- ipfix_nat_udp_collectors - addresses of udp collectors
- ipfix_nat_tcp_collectors - addresses of tcp collectors
| IPFIX template for NAT flows export | ||||
|---|---|---|---|---|
| ID | IANA | Size | Type | Description |
| 323 | 0 | 8 | int64 | SYSTEM TIME WHEN THE EVENT OCCURRED |
| 4 | 0 | 1 | int8 | PROTOCOLIDENTIFIER |
| 230 | 0 | 1 | int8 | TYPE OF EVENT |
| 8 | 0 | 4 | IP v4 | SOURCEIPV4ADDRESS |
| 225 | 0 | 4 | IP v4 | POSTNATSOURCEIPV4ADDRESS |
| 7 | 0 | 2 | int16 | SOURCE PORT |
| 227 | 0 | 2 | int16 | POSTNAPTSOURCETRANSPORTPORT |
| 12 | 0 | 4 | IP v4 | DESTINATIONIPV4ADDRESS |
| 11 | 0 | 2 | int16 | DESTINATIONTRANSPORTPORT |
| 2000 | 43823 | 8 | int64 | SESSION_ID |
| 2003 | 43823 | string | LOGIN | |
To collect information in IPFIX any universal collector can be used or IPFIX Receiver utility.
Was this information helpful?