Netflow Forward
These scenarios show how to configure and use Netflow to collect and export TCP forwarded flows. Different NAT topologies are described.
Netflow Without NAT
Description
Simple scenario without NAT configuration.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth0 flow egress selector TCP_SEL set interfaces ethernet eth0 flow ingress selector TCP_SEL set interfaces ethernet eth1 address 20.0.0.2/24 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system netflow app-id set system netflow destination 10.0.0.1 set system netflow engine-id 1111 set traffic selector TCP_SEL rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.1/24 set protocols static route 0.0.0.0/0 next-hop 10.0.0.2 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 20.0.0.1/24 set protocols static route 0.0.0.0/0 next-hop 20.0.0.2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system conntrack clear at DUT1.
Step 5: Ping IP address 10.0.0.1 from DUT0:
admin@DUT0$ ping 10.0.0.1 count 1 size 56 timeout 1Show output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=18.7 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 18.747/18.747/18.747/0.000 ms
Step 6: Ping IP address 20.0.0.1 from DUT0:
admin@DUT0$ ping 20.0.0.1 count 1 size 56 timeout 1Show output
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data. 64 bytes from 20.0.0.1: icmp_seq=1 ttl=64 time=0.337 ms --- 20.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.337/0.337/0.337/0.000 ms
Step 7: Initiate a tcp connection from DUT1 to DUT2 and try to send some messages between both endpoints
admin@DUT2$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 20.0.0.1 8080 tcp
Step 8: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
2\s+3\s+10.0.0.1:\d+\s+20.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 592c 0 2 3 10.0.0.1:54206 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 13 784 409 31 2 3864 0 3 2 20.0.0.1:8080 10.0.0.1:54206 54206 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 409 31
Step 9: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
3\s+2\s+20.0.0.1:\d+\s+10.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 592c 0 2 3 10.0.0.1:54206 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 13 784 432 54 2 3864 0 3 2 20.0.0.1:8080 10.0.0.1:54206 54206 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 432 54
Step 10: Run command system netflow show status at DUT0 and check if output matches the following regular expressions:
Protocol\sversion\s10\s\(ipfix\) Export:.*Errors 0 pkts sock0:\s127.0.0.1:2055,.*err: sndbuf reached 0, connect 0, cberr 0, other 0Show output
ipt_NETFLOW 2.6, srcversion 8B9448AE98279E0F2C96BAD; dir Protocol version 10 (ipfix), refresh-rate 20, timeout-rate 30, (templates 0, active 1). Timeouts: active 1800s, inactive 15s. Maxflows 2000000 Flows: active 2 (peak 2 reached 0d0h0m ago), mem 492K, worker delay 25/250 [1..25] (16 ms, 0 us, 2:0 [cpu1]). Hash: size 62967 (mem 491K), metric 1.00 [1.00, 1.00, 1.00]. InHash: 23 pkt, 1 K, InPDU 0, 0. Rate: 344 bits/sec, 0 packets/sec; Avg 1 min: 43 bps, 0 pps; 5 min: 8 bps, 0 pps cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes> Total 0; 0 34 2 [1.00], 0 0 0 0, traffic: 23, 0 MB, drop: 0, 0 K cpu0 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu1 0; 0 34 2 [1.00], 0 0 0 0, traffic: 23, 0 MB, drop: 0, 0 K cpu2 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu3 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K Export: Rate 161 bytes/s; Total 2 pkts, 0 MB, 0 flows; Errors 0 pkts; Traffic lost 0 pkts, 0 Kbytes, 0 flows. sock0: 127.0.0.1:2055, sndbuf 212992, filled 1, peak 1; err: sndbuf reached 0, connect 0, cberr 0, other 0
Netflow With SNAT
Description
Scenario with SNAT in DUT0 WAN interface (eth1).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth0 flow egress selector TCP_SEL set interfaces ethernet eth0 flow ingress selector TCP_SEL set interfaces ethernet eth1 address 20.0.0.2/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic nat source rule 1 selector TCP_SEL set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system netflow app-id set system netflow destination 10.0.0.1 set system netflow engine-id 1111 set traffic selector TCP_SEL rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.1/24 set protocols static route 0.0.0.0/0 next-hop 10.0.0.2 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 20.0.0.1/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system conntrack clear at DUT1.
Step 5: Ping IP address 10.0.0.1 from DUT0:
admin@DUT0$ ping 10.0.0.1 count 1 size 56 timeout 1Show output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.266 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.266/0.266/0.266/0.000 ms
Step 6: Ping IP address 20.0.0.1 from DUT0:
admin@DUT0$ ping 20.0.0.1 count 1 size 56 timeout 1Show output
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data. 64 bytes from 20.0.0.1: icmp_seq=1 ttl=64 time=0.257 ms --- 20.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.257/0.257/0.257/0.000 ms
Step 7: Initiate a tcp connection from DUT1 to DUT2 and try to send some messages between both endpoints
admin@DUT2$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 20.0.0.1 8080 tcp
Step 8: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
2\s+3\s+10.0.0.1:\d+\s+20.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 f318 0 3 2 20.0.0.1:8080 10.0.0.1:56286 56286 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 11 680 388 31 2 3892 0 2 3 10.0.0.1:56286 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 12 732 388 31
Step 9: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
3\s+2\s+20.0.0.1:\d+\s+10.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 f318 0 3 2 20.0.0.1:8080 10.0.0.1:56286 56286 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 11 680 409 52 2 3892 0 2 3 10.0.0.1:56286 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 12 732 409 52
Step 10: Run command system netflow show status at DUT0 and check if output matches the following regular expressions:
Protocol\sversion\s10\s\(ipfix\) Export:.*Errors 0 pkts sock0:\s127.0.0.1:2055,.*err: sndbuf reached 0, connect 0, cberr 0, other 0Show output
ipt_NETFLOW 2.6, srcversion 8B9448AE98279E0F2C96BAD; dir Protocol version 10 (ipfix), refresh-rate 20, timeout-rate 30, (templates 0, active 1). Timeouts: active 1800s, inactive 15s. Maxflows 2000000 Flows: active 2 (peak 2 reached 0d0h0m ago), mem 492K, worker delay 25/250 [1..25] (96 ms, 0 us, 2:0 [cpu0]). Hash: size 62967 (mem 491K), metric 1.00 [1.00, 1.00, 1.00]. InHash: 23 pkt, 1 K, InPDU 0, 0. Rate: 344 bits/sec, 0 packets/sec; Avg 1 min: 308 bps, 0 pps; 5 min: 75 bps, 0 pps cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes> Total 0; 0 67 4 [1.00], 0 0 0 0, traffic: 46, 0 MB, drop: 0, 0 K cpu0 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu1 0; 0 67 4 [1.00], 0 0 0 0, traffic: 46, 0 MB, drop: 0, 0 K cpu2 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu3 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K Export: Rate 118 bytes/s; Total 6 pkts, 0 MB, 0 flows; Errors 0 pkts; Traffic lost 23 pkts, 1 Kbytes, 2 flows. sock0: 127.0.0.1:2055, sndbuf 212992, filled 1, peak 1; err: sndbuf reached 0, connect 0, cberr 0, other 0
Netflow With DNAT
Description
Scenario with DNAT in DUT0 LAN interface (eth0).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth0 flow egress selector TCP_SEL set interfaces ethernet eth0 flow ingress selector TCP_SEL set interfaces ethernet eth0 traffic nat destination rule 1 address 20.0.0.1 set interfaces ethernet eth0 traffic nat destination rule 1 selector TCP_SEL set interfaces ethernet eth1 address 20.0.0.2/24 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system netflow app-id set system netflow destination 10.0.0.1 set system netflow engine-id 1111 set traffic selector TCP_SEL rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.1/24 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 20.0.0.1/24 set protocols static route 0.0.0.0/0 next-hop 20.0.0.2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system conntrack clear at DUT1.
Step 5: Ping IP address 10.0.0.1 from DUT0:
admin@DUT0$ ping 10.0.0.1 count 1 size 56 timeout 1Show output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.238 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 6: Ping IP address 20.0.0.1 from DUT0:
admin@DUT0$ ping 20.0.0.1 count 1 size 56 timeout 1Show output
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data. 64 bytes from 20.0.0.1: icmp_seq=1 ttl=64 time=0.314 ms --- 20.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.314/0.314/0.314/0.000 ms
Step 7: Initiate a tcp connection from DUT1 to DUT2 and try to send some messages between both endpoints
admin@DUT2$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 10.0.0.2 8080 tcp
Step 8: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
2\s+3\s+10.0.0.1:\d+\s+20.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 bd26 0 3 2 20.0.0.1:8080 10.0.0.1:36274 36274 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 376 29 2 62d9 0 2 3 10.0.0.1:36274 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 377 29
Step 9: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
3\s+2\s+20.0.0.1:\d+\s+10.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 bd26 0 3 2 20.0.0.1:8080 10.0.0.1:36274 36274 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 395 48 2 62d9 0 2 3 10.0.0.1:36274 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 396 48
Step 10: Run command system netflow show status at DUT0 and check if output matches the following regular expressions:
Protocol\sversion\s10\s\(ipfix\) Export:.*Errors 0 pkts sock0:\s127.0.0.1:2055,.*err: sndbuf reached 0, connect 0, cberr 0, other 0Show output
ipt_NETFLOW 2.6, srcversion 8B9448AE98279E0F2C96BAD; dir Protocol version 10 (ipfix), refresh-rate 20, timeout-rate 30, (templates 0, active 1). Timeouts: active 1800s, inactive 15s. Maxflows 2000000 Flows: active 2 (peak 2 reached 0d0h0m ago), mem 492K, worker delay 25/250 [1..25] (20 ms, 0 us, 2:0 [cpu0]). Hash: size 62967 (mem 491K), metric 1.00 [1.00, 1.00, 1.00]. InHash: 20 pkt, 1 K, InPDU 0, 0. Rate: 344 bits/sec, 0 packets/sec; Avg 1 min: 485 bps, 0 pps; 5 min: 137 bps, 0 pps cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes> Total 0; 0 95 6 [1.00], 0 0 0 0, traffic: 66, 0 MB, drop: 0, 0 K cpu0 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu1 0; 0 95 6 [1.00], 0 0 0 0, traffic: 66, 0 MB, drop: 0, 0 K cpu2 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu3 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K Export: Rate 118 bytes/s; Total 10 pkts, 0 MB, 0 flows; Errors 0 pkts; Traffic lost 46 pkts, 2 Kbytes, 4 flows. sock0: 127.0.0.1:2055, sndbuf 212992, filled 1, peak 1; err: sndbuf reached 0, connect 0, cberr 0, other 0
Netflow With SDNAT
Description
Scenario with SNAT in DUT0 WAN interface (eth1)
and DNAT in DUT0 LAN interface (eth0).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth0 flow egress selector TCP_SEL set interfaces ethernet eth0 flow ingress selector TCP_SEL set interfaces ethernet eth0 traffic nat destination rule 1 address 20.0.0.1 set interfaces ethernet eth0 traffic nat destination rule 1 selector TCP_SEL set interfaces ethernet eth1 address 20.0.0.2/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic nat source rule 1 selector TCP_SEL set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system netflow app-id set system netflow destination 10.0.0.1 set system netflow engine-id 1111 set traffic selector TCP_SEL rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.1/24 set system conntrack app-detect set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 20.0.0.1/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system conntrack clear at DUT1.
Step 5: Ping IP address 10.0.0.1 from DUT0:
admin@DUT0$ ping 10.0.0.1 count 1 size 56 timeout 1Show output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=3.51 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.514/3.514/3.514/0.000 ms
Step 6: Ping IP address 20.0.0.1 from DUT0:
admin@DUT0$ ping 20.0.0.1 count 1 size 56 timeout 1Show output
PING 20.0.0.1 (20.0.0.1) 56(84) bytes of data. 64 bytes from 20.0.0.1: icmp_seq=1 ttl=64 time=0.339 ms --- 20.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.339/0.339/0.339/0.000 ms
Step 7: Initiate a tcp connection from DUT1 to DUT2 and try to send some messages between both endpoints
admin@DUT2$ monitor test connection server 8080 tcp admin@DUT1$ monitor test connection client 10.0.0.2 8080 tcp
Step 8: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
2\s+3\s+10.0.0.1:\d+\s+20.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 e929 0 3 2 20.0.0.1:8080 10.0.0.1:38632 38632 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 408 35 2 e052 0 2 3 10.0.0.1:38632 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 13 784 408 35
Step 9: Run command system netflow show flows detailed at DUT0 and check if output matches the following regular expressions:
3\s+2\s+20.0.0.1:\d+\s+10.0.0.1:\d+\s*\d*\s*\d+[^\[]*\[L4:8080\]Show output
------------------------------------------------------------------------------------------ Field Description ------------------------------------------------------------------------------------------ # Numeric flow identifier hash Hash of the flow a Shows if the flow is pending of being exported iif Input interface oif Output interface src Source IP:PORT dst Destination IP:PORT protocol Protocol identifier nexthop Next-hop [Layer 4:Port] tos Type of service identificator tcpflags TCP flags options Optional IP options tcpoptions TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) pkts Packets counter bytes Bytes counter ts_first Timestamp of fist packet that passed through the flow ts_last Timestamp of last packet that passed through the flow ---------------------------------------------------------------------------------------------------------------------------------------------------- # hash a iif oif src dst protocol nexthop tos tcpflags options tcpoptions pkts bytes ts_first ts_last ---------------------------------------------------------------------------------------------------------------------------------------------------- 1 e929 0 3 2 20.0.0.1:8080 10.0.0.1:38632 38632 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 10 628 438 65 2 e052 0 2 3 10.0.0.1:38632 20.0.0.1:8080 8080 0.0.0.0[L4:8080] 0x0 0x1b 0x0 0xf1000000 13 784 438 65
Step 10: Run command system netflow show status at DUT0 and check if output matches the following regular expressions:
Protocol\sversion\s10\s\(ipfix\) Export:.*Errors 0 pkts sock0:\s127.0.0.1:2055,.*err: sndbuf reached 0, connect 0, cberr 0, other 0Show output
ipt_NETFLOW 2.6, srcversion 8B9448AE98279E0F2C96BAD; dir Protocol version 10 (ipfix), refresh-rate 20, timeout-rate 30, (templates 0, active 1). Timeouts: active 1800s, inactive 15s. Maxflows 2000000 Flows: active 2 (peak 2 reached 0d0h0m ago), mem 492K, worker delay 25/250 [1..25] (32 ms, 0 us, 2:0 [cpu0]). Hash: size 62967 (mem 491K), metric 1.00 [1.00, 1.00, 1.00]. InHash: 23 pkt, 1 K, InPDU 0, 0. Rate: 344 bits/sec, 0 packets/sec; Avg 1 min: 575 bps, 0 pps; 5 min: 187 bps, 0 pps cpu# pps; <search found new [metric], trunc frag alloc maxflows>, traffic: <pkt, bytes>, drop: <pkt, bytes> Total 0; 0 129 8 [1.00], 0 0 0 0, traffic: 89, 0 MB, drop: 0, 0 K cpu0 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu1 0; 0 129 8 [1.00], 0 0 0 0, traffic: 89, 0 MB, drop: 0, 0 K cpu2 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K cpu3 0; 0 0 0 [1.00], 0 0 0 0, traffic: 0, 0 MB, drop: 0, 0 K Export: Rate 118 bytes/s; Total 14 pkts, 0 MB, 0 flows; Errors 0 pkts; Traffic lost 66 pkts, 3 Kbytes, 6 flows. sock0: 127.0.0.1:2055, sndbuf 212992, filled 1, peak 1; err: sndbuf reached 0, connect 0, cberr 0, other 0