Hello,
we have a setup where a cisco ASR1K router is configured for CGNAT and
sending v9 NAT netflow packets to the nfdump/nfsen server
version of nfdump used is 1.6.10p1. nfdump was installed with the NEL
module. nfdump was installed using "./configure --enable-nel
--enable-nfprofile --with-rrdpath=/usr/bin"
the issue is that when I enable the command for bulk port allocation [bpa]
on the cisco router, the nfdump logs fail to show the ports used
the command I am using is "ip nat settings pap bpa set-size 1024"
BPA is a new feature available on cisco IOS-XE 3.10 for the ASR1K whereby a
bulk of ports are allocated for each user [in this case 1024]. This feature
is also important since it reduces the netflow logs greatly
this is the output from nfdump where the ports are all showing :0
[root@rsys1 30]# nfdump -onel -r
/var/log/nfsen/profiles-data/live/peer1/2013/08/30/nfcapd.201308301130
Date first seen Event Proto Src IP Addr:Port Dst IP
Addr:Port Src NAT IP Addr:Port Dst NAT IP Addr:Port
2013-08-30 11:30:03.388 ADD TCP 192.168.251.10:0 ->
0.0.0.0:0 194.XXX.93.1:0 -> 0.0.0.0:0
2013-08-30 11:30:03.637 ADD UDP 192.168.251.10:0 ->
0.0.0.0:0 194.XXX.93.1:0 -> 0.0.0.0:0
2013-08-30 11:30:03.388 ADD TCP 192.168.251.10:0 ->
0.0.0.0:0 194.XXX.93.1:0 -> 0.0.0.0:0
2013-08-30 11:30:03.637 ADD UDP 192.168.251.10:0 ->
0.0.0.0:0 194.XXX.93.1:0 -> 0.0.0.0:0
now when I remove the BPA command from the cisco router the output seems
fine as shown below :
[root@rsys1 27]# nfdump -r
/var/log/nfsen/profiles-data/live/peer1/2013/08/27/nfcapd.201308271135
Date first seen Event Proto Src IP Addr:Port Dst IP
Addr:Port Src NAT IP Addr:Port Dst NAT IP Addr:Port
2013-08-27 11:36:20.149 DELETE UDP 192.168.251.8:61133 ->
0.0.0.0:0 194.XXX.93.1:1031 -> 0.0.0.0:0
2013-08-27 11:36:20.158 DELETE UDP 192.168.251.8:61782 ->
0.0.0.0:0 194.XXX.93.1:1030 -> 0.0.0.0:0
2013-08-27 11:36:20.163 DELETE UDP 192.168.251.8:64497 ->
0.0.0.0:0 194.XXX.93.1:1036 -> 0.0.0.0:0
2013-08-27 11:36:20.172 DELETE UDP 192.168.251.8:51700 ->
0.0.0.0:0 194.XXX.93.1:1028 -> 0.0.0.0:0
2013-08-27 11:36:20.176 DELETE UDP 192.168.251.8:55015 ->
0.0.0.0:0 194.XXX.93.1:1034 -> 0.0.0.0:0
2013-08-27 11:36:20.180 DELETE UDP 192.168.251.8:51694 ->
0.0.0.0:0 194.XXX.93.1:1027 -> 0.0.0.0:0
2013-08-27 11:36:20.201 DELETE UDP 192.168.251.8:59962 ->
0.0.0.0:0 194.XXX.93.1:1035 -> 0.0.0.0:0
2013-08-27 11:36:20.213 DELETE UDP 192.168.247.26:5154 ->
0.0.0.0:0 194.XXX.93.1:1037 -> 0.0.0.0:0
2013-08-27 11:36:20.234 DELETE UDP 192.168.251.8:51854 ->
0.0.0.0:0 194.XXX.93.1:1025 -> 0.0.0.0:0
2013-08-27 11:36:20.259 DELETE TCP 192.168.251.8:4318 ->
0.0.0.0:0 194.XXX.93.1:1100 -> 0.0.0.0:0
2013-08-27 11:36:20.261 DELETE UDP 192.168.251.8:56449 ->
0.0.0.0:0 194.XXX.93.1:1032 -> 0.0.0.0:0
2013-08-27 11:36:20.318 DELETE UDP 192.168.251.8:53780 ->
0.0.0.0:0 194.XXX.93.1:1026 -> 0.0.0.0:0
2013-08-27 11:36:20.324 DELETE UDP 192.168.251.8:54785 ->
0.0.0.0:0 194.XXX.93.1:1033 -> 0.0.0.0:0
2013-08-27 11:36:20.149 DELETE UDP 192.168.251.8:61133 ->
0.0.0.0:0 194.XXX.93.1:1031 -> 0.0.0.0:0
2013-08-27 11:36:20.158 DELETE UDP 192.168.251.8:61782 ->
0.0.0.0:0 194.XXX.93.1:1030 -> 0.0.0.0:0
2013-08-27 11:36:20.163 DELETE UDP 192.168.251.8:64497 ->
0.0.0.0:0 194.XXX.93.1:1029 -> 0.0.0.0:0
2013-08-27 11:36:20.164 DELETE UDP 192.168.251.8:63990 ->
0.0.0.0:0 194.XXX.93.1:1036 -> 0.0.0.0:0
2013-08-27 11:36:20.172 DELETE UDP 192.168.251.8:51700 ->
0.0.0.0:0 194.XXX.93.1:1028 -> 0.0.0.0:0
2013-08-27 11:36:20.176 DELETE UDP 192.168.251.8:55015 ->
0.0.0.0:0 194.XXX.93.1:1034 -> 0.0.0.0:0
2013-08-27 11:36:20.180 DELETE UDP 192.168.251.8:51694 ->
0.0.0.0:0 194.XXX.93.1:1027 -> 0.0.0.0:0
2013-08-27 11:36:20.201 DELETE UDP 192.168.251.8:59962 ->
0.0.0.0:0 194.XXX.93.1:1035 -> 0.0.0.0:0
2013-08-27 11:36:20.213 DELETE UDP 192.168.247.26:5154 ->
0.0.0.0:0 194.XXX.93.1:1037 -> 0.0.0.0:0
2013-08-27 11:36:20.234 DELETE UDP 192.168.251.8:51854 ->
0.0.0.0:0 194.XXX.93.1:1025 -> 0.0.0.0:0
2013-08-27 11:36:20.259 DELETE TCP 192.168.251.8:4318 ->
0.0.0.0:0 194.XXX.93.1:1100 -> 0.0.0.0:0
2013-08-27 11:36:20.261 DELETE UDP 192.168.251.8:56449 ->
0.0.0.0:0 194.XXX.93.1:1032 -> 0.0.0.0:0
2013-08-27 11:36:20.318 DELETE UDP 192.168.251.8:53780 ->
0.0.0.0:0 194.XXX.93.1:1026 -> 0.0.0.0:0
2013-08-27 11:36:20.324 DELETE UDP 192.168.251.8:54785 ->
0.0.0.0:0 194.XXX.93.1:1033 -> 0.0.0.0:0
2013-08-27 11:36:20.358 DELETE UDP 192.168.251.8:49280 ->
0.0.0.0:0 194.XXX.93.1:1024 -> 0.0.0.0:0
2013-08-27 11:36:20.358 DELETE UDP 192.168.251.8:49280 ->
0.0.0.0:0 194.XXX.93.1:1024 -> 0.0.0.0:0
can you help out?
Thanks
Silvio
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
