Template formats

The SR OS supports two data formats. Their selection is controlled through CLI:

configure
   service
      ipfix
         ipfix-export-policy <name> [create]
             template-format {format1|format2}

The difference between the two formats is related to the fields conveying information about the translated source IP addresses and ports (outside IP addresses and ports).

Format1 carries information about translated (outside) IP address in the sourceIPv4Address information element while in format2 this information element is replaced by the postNATSourceIPv4Address. Further, format1 does not convey any information about the translated source port (post-NAT) while a new information element postNAPTsourceTrasportPort is introduced in format2 to carry this information.

Both formats use proprietary information element AluNatSubString carrying the original source IP address, before NAT is performed.

The template and data sets are formatted according to RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information.

Standardized data fields are defined in RFC 5102, Information Model for IP Flow Information Export, and in IANA registry https://www.iana.org/assignments/ipfix/ipfix.xhtml# ipfix-information-elements.

In addition to standardized data fields, IPFIX supports vendor-proprietary data fields which contains an Enterprise Number specific to each vendor.

The supported information elements and their description for each format is provided in Table: IPFIX fields and formats . EN in Table: IPFIX fields and formats stands for Enterprise Number (0 = IETF, 637 = Nokia) and IE-Id represents Information Element Identifier.

Table: IPFIX fields and formats
Field EN, IE-Id Format 1 Format 2

flowId

0, 148

A unique (per-observation domain ID) ID for this flow.

Used for tracking purposes only (opaque value). The flow ID in a create and a delete mapping record must be the same for a specific NAT mapping.

A unique (per-observation domain ID) ID for this flow.

Used for tracking purposes only (opaque value). The flow ID in a create and a delete mapping record must be the same for a specific NAT mapping.

sourceIPv4Address

0, 8

The outside (translated) IP address used in the NAT mapping.

In format2, this is replaced by postNATSourceIPv4Address.

N/A

postNATSourceIPv4Address

0, 255

N/A

The outside (translated) IP address used in the NAT mapping.

This replaces the sourceIPv4Address field from format1.

destinationIPv4Address

0, 12

The foreign or remote IP address used in the NAT mapping.

The foreign or remote IP address used in the NAT mapping.

sourceTransportPort

0, 7

The outside (translated) source port used in the NAT mapping.

This is the original source port (before NAT translation) on the inside

postNAPTsourceTrasportPort

0, 227

N/A

The outside (translated) source port used in the NAT mapping

destinationTransportPort

0, 11

The destination port used in the NAT mapping.

The destination port used in the NAT mapping.

flowStartMilliseconds

0, 152

The timestamp of when the flow was created (chassis NTP derived) in milliseconds from epoch.

The timestamp of when the flow was created (chassis NTP derived) in milliseconds from epoch.

flowEndMilliseconds

0, 153

The timestamp of when the flow was destroyed (chassis NTP derived) in milliseconds from epoch.

The timestamp of when the flow was destroyed (chassis NTP derived) in milliseconds from epoch.

protocolIdentifier

0, 4

Protocol (UDP, TCP, ICMP)

Protocol (UDP, TCP, ICMP)

flowEndReason

0, 136

The reasons for flow termination.

The following Flow End Reasons are supported:

  • 0x01: Idle Timeout. A mapping expired (because of UDP or TCP timeout)

  • 0x03: end of Flow Detected. A mapping closed (only used for TCP after a FIN or RST).

  • 0x04: forced end. Collects all other reasons included administrative or failure case.

The reasons for flow termination.

The following Flow End Reasons are supported:

  • 0x01: Idle Timeout. A mapping expired (because of UDP or TCP timeout)

  • 0x03: end of Flow Detected. A mapping closed (only used for TCP after a FIN or RST).

  • 0x04: forced end. Collects all other reasons included administrative or failure case.

paddingOctets

0, 210

Padding

N/A

aluInsideServiceId

637, 91

The 16-bit service ID representing the inside service ID. This field is not applicable in L2-Aware NAT and is set to NULL in this case.

The 16-bit service ID representing the inside service ID. This field is not applicable in L2-Aware NAT and is set to NULL in this case.

aluOutsideServiceId

637, 92

The 16-bit service ID representing the outside service ID.

The 16-bit service ID representing the outside service ID.

aluNatSubString

637, 93

A variable 8B aligned string that represents the NAT subscriber construct (as currently used in the tools>dump>service>nat> session commands). The original IP source address, before NAT is performed is included in this string.

For example:

LSN-Host@10.10.10.101

A variable 8B aligned string that represents the NAT subscriber construct (as currently used in the tools>dump>service>nat> session commands). The original IP source address, before NAT is performed is included in this string.

For example:

LSN-Host@10.10.10.101
Parent topic: LSN and L2-Aware NAT flow logging