[c-nsp] Trying to collect flows for NAT VRF aware traffic

[Andy Saykao]

Hi All,
 
I've set up an MPLS L3 VPN Internet Gateway on one of our PE routers and
need some ideas on how to collect netflow for public IP's in the
NAT-POOL so we can bill the customer for usage.
 
We are using NAT VRF aware as seen by the config below.
 
--------------------------------------------------------
PE Config:
--------------------------------------------------------
interface GigabitEthernet0/0.1
 description Router / MPLS Backbone
 encapsulation dot1Q 1 native
 ip address A.B.C.D X.X.X.X
 ip nat inside
 ip flow ingress
 mpls ip
!
interface GigabitEthernet0/0.20
 description VPN Internet Gateway
 encapsulation dot1Q 20
 ip address 172.16.76.10 255.255.255.248
 ip nat outside
 ip flow ingress
 ip flow egress
!
ip route vrf NSTEST 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 172.16.76.9
global
ip route 210.15.226.136 255.255.255.252 Null0
!
ip nat pool NSTEST-NAT-POOL 210.15.226.137 210.15.226.137 netmask
255.255.255.252
ip nat inside source list NSTEST-NAT-ACL pool NSTEST-NAT-POOL vrf NSTEST
overload
!
ip access-list standard NSTEST-NAT-ACL
 permit 192.168.0.0 0.0.255.255
! 
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination X.X.X.X 5000
ip flow-export destination X.X.X.X 5000

--------------------------------------------------------
P Config:
--------------------------------------------------------
interface Vlan1
 description Router / MPLS Backbone
 bandwidth 10000000
 ip address A.B.C.D X.X.X.X
 no ip redirects
 no ip mroute-cache
 load-interval 30
 tag-switching ip
!
interface Vlan20
 description VPN Internet Gateway
 ip address 172.16.76.9 255.255.255.248
 no ip redirects
 load-interval 30
!
ip route 210.15.226.136 255.255.255.252 Vlan20 172.16.76.10

--------------------------------------------------------
 
When I do a "sh ip cache flow", I can see flows in one direction only
and with the public NAT IP as the source IP. For billing purposes we
need to see the public NAT IP in the destination fields so we can count
their download usage.
 
#sh ip cache flow | inc 210.15.226.137
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
Pkts
Gi0/0.1       210.15.226.137  Gi0/0.20*     203.10.110.102  01 0000 0800
549

I have both "ip flow ingress" and "ip flow egress" on the nat outside
interface on the PE (Gi0/0.20) so not sure why I'm not seeing
bidirectional flows. I'm thinking that a NAT lookup/translation is
performed first on the return traffic through the PE (Gi0/020) before
flows are process/captured - hence why I don't see any flows going to
the public NAT IP. Is this correct?
 
Any ideas how to capture flows for these public IP's in the NAT POOL? Do
I need to capture flows at the P router on Vlan 20??
 
Thanks.
 
Andy

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.