Applies To:
Show VersionsBIG-IP LTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Using the Deterministic NAT Log Tool
About the DNAT utility
BIG-IP® deterministic NAT (DNAT) mode allows conservation of log storage for service providers by mapping subscribers to public translation addresses and ports algorithmically so that very little data needs to be stored in logs. The DNAT utility (dnatutil) is necessary for identifying subscribers through calculation of reverse source address and port mapping of deterministic-mode LSN pools, by using the states stored in the log files.
It can interpret logs from version 11.4.0 and later, correctly reverse mapping subscribers or forward mapping possible end-points of the subscriber. DNAT, as of version 11.5 of the BIG-IP system, supports multiple log destinations including, LTM®, Remote Syslog, and Splunk. The DNAT utility can parse logs from any supported DNAT log destination.
The DNAT utility binary can be run either on the BIG-IP system or on any supported Linux host. The DNAT utility package currently supports CentOS 64 and Ubuntu 64 for deployment on Linux systems to support reverse mappings on archived logs. The package is available from the F5® Downloads site (http://support.f5.com/kb/en-us.html).
Downloading the DNAT utility external tool
Using the DNAT utility external tool for reverse mappings
To discover the subscriber address, you need to have at least the NAT/public address and port that you would like to translate. It is preferable to have the date, time, and NAT/public address, port, and the archived logs with the state information you wish to use.
Using DNAT utility to look up deterministic NAT mappings on the BIG-IP system
DNAT utility example commands
This list provides examples of the syntax used in commands for dnatutil.
Command | Response |
---|---|
dnatutil 10.0.0.1 --action forward |
Shows a list of translation address/port pairs that might be used for a subscriber at 10.0.0.1, using the DNAT states contained in /var/log/ltm. |
dnatutil 173.240.102.139:5678 |
Performs a reverse mapping back to the subscriber address for the connection from 173.240.102.139:5678, using the DNAT states contained in /var/log/ltm. |
dnatutil --start_time ’2012-09-27 06:30:00’ --end_time ’2012-09-27 12:10:00’ 173.240.102.139:5678 |
Performs a reverse mapping back to the subscriber address for the connection from 173.240.102.139:5678, but only shows the subscriber addresses that used the translation within the specified time range. |
dnatutil --start_time ’2012-09-27 06:30:00’ --end_time ’2012-09-27 12:10:00’ --file ltmlog-21102013 173.240.102.139:5678 |
Performs a reverse mapping back to the subscriber address for the connection from 173.240.102.139:5678, showing the subscriber addresses that used the translation within the specified time range, and using the DNAT states contained in /var/log/test. |
dnatutil --file /var/log/test |
Shows summary information, using the DNAT states contained in /var/log/test. |
dnatutil --action summary --start_time ’2012-09-27 06:30:00’ --end_time ’2012-09-27 12:10:00’ |
Shows summary information, using the DNAT states within the specified time range. |