NAT flow export [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
  • Show pagesource
  • Old revisions
  • Export to PDF
  • Backlinks
    • Stingray Service Gateway by VAS ExpertsCG-NATNAT flow export

    Table of Contents

    NAT flow export

    Export NAT flows in IPFIX (Netflow 10)

    For data analisys on NAT flows on external systems IPFIX export is available (aka netflow v10).

    Settings of NAT flows export: 

    ipfix_dev=em1
ipfix_nat_udp_collectors=1.2.3.4:1500,1.2.3.5:1501
ipfix_nat_tcp_collectors=1.2.3.6:9418

    here

    • em1 - network device name for export
    • ipfix_nat_udp_collectors - addresses of udp collectors
    • ipfix_nat_tcp_collectors - addresses of tcp collectors
    IPFIX template for NAT flows export
    ID IANA Size Type Description
    323 0 8 int64 SYSTEM_TIME_WHEN_THE_EVENT_OCCURRED
    4 0 1 int8 PROTOCOL_IDENTIFIER
    230 0 1 int8 TYPE_OF_EVENT
    8 0 4 IP v4 SOURCE_IPV4_ADDRESS
    225 0 4 IP v4 POST_NAT_SOURCE_IPV4_ADDRESS
    7 0 2 int16 SOURCE_PORT
    227 0 2 int16 POST_NAPT_SOURCE_TRANSPORT_PORT
    12 0 4 IP v4 DESTINATION_IPV4_ADDRESS
    11 0 2 int16 DESTINATION_TRANSPORT_PORT
    2000 438238 int64 SESSION_ID
    2003 43823 string LOGIN

    To collect information in IPFIX any universal collector can be used or IPFIX Receiver utility.

    Also NAT information is transmited in fields postNATsourceIPv4Address and postNAPTsourceTransportPort in IPFIX export full Netflow

    Export NAT flows in text file

    Settings for NAT flow export in text file on Stingray Service Gateway DPI server are in the configuration file /etc/dpi/fastdpi.conf: 

    ajb_save_nat=1
ajb_save_nat_format=ts:ssid:event:login:proto:ipsrc:portsrc:ipsrcpostnat:portsrcpostnat:ipdst:portdst
ajb_nat_path=/var/dump/dpi
ajb_nat_ftimeout=30

    here

    • ajb_save_nat=1 activate export NAT flows in text file
    • ajb_nat_path=/var/dump/dpi directory for files with NAT flows (default /var/dump/dpi)
    • ajb_nat_ftimeout=30 time period of records
    • ajb_save_nat_format=ts:ssid:event:login:proto:ipsrc:portsrc:ipsrcpostnat:portsrcpostnat:ipdst:portdst list and order of recorder fields, here
      • ts - timestamp
      • ssid - session id (for link with Netflow/IPFIX by volume)
      • event - event : 1 - NAT44 Session create, 2 - NAT44 Session delete
      • login - subscriber login
      • ipsrc - IP address of request source (subscriber)
      • portsrc - port of request source (subscriber)
      • ipsrcpostnat - IP address of request source (subscriber) after NAT translation
      • portsrcpostnat - port of request source (subscriber) after NAT translation
      • ipdst - destination IP address (host)
      • portdst - destination port (host).
    The file system for writing logs must be fast and local (no NFS and other remotes), this type of journaling is recommended only for short-term diagnostics.