





sFlow.org                                                    Peter Phaal
http://www.sFlow.org/                                        InMon Corp.
info@sflow.org





                                                              June 2012


                        sFlow Port NAT Structure



Copyright Notice

Copyright (C) sFlow.org (2012). All Rights Reserved.

Abstract

This memo describes an sFlow version 5 structures to report on port
translated traffic.

Table of Contents

1. Overview ......................................................  1
2. sFlow Datagram Extension ......................................  1
3. References ....................................................  2
4. Author's Addresses ............................................  2

1. Overview

   This document describes an additional structure that allow an sFlow
   agent to export information relating to port translation.  sFlow
   version 5 is an extensible protocol that allows the addition of new
   data structures without impacting existing collectors. This document
   does not change the sFlow version 5 protocol [1], it simply defines
   an additional, optional, data structure that a network device can use
   to report on port translation.

2. sFlow Datagram Extension

   The sFlow version 5 specification includes the extended_nat
   structure, allowing an sFlow agent to report on address translation.
   This documents defines an additional extended_nat_port structure that
   can be used in conjunction with the extended_nat[1] structure to
   describe port translation.



FINAL                           sFlow.org                       [Page 1]

FINAL                   sFlow Port NAT Structure               June 2012


   A device supporting this extension must only include an extended_nat
   and/or extended_pat structure with flow samples where addresses
   and/or ports have been modified. If addresses are unmodified then the
   extended_nat structure must be omitted and if ports are unmodified
   then the extended_pat stucture must be omitted.

/* Extended NAT L4 Port Data
   Packet header reports ports as seen at the sFlowDataSource.
   The extended_nat_port structure reports on translated source and/or
   destination layer 4 (TCP/UDP) ports for this packet. If port was not
   translated it should be equal to that reported for the header. */
/* opaque = flow_data; enterprise = 0; format = 1020 */

struct extended_nat_port {
     unsigned int src_port;            /* Source port */
     unsigned int dst_port;            /* Destination port */
}

3. References

[1]  Phaal, P. and Lavine, M., "sFlow Version 5",
     http://www.sflow.org/sflow_version_5.txt, July 2006

4. Author's Address

   Peter Phaal
   InMon Corp.
   580 California Street, 5th Floor
   San Francisco, CA 94104

   Phone: (415) 283-3263
   EMail: peter.phaal@inmon.com



















FINAL                           sFlow.org                       [Page 2]