Enabling NAT High-Speed Logging per VRF

The Enabling NAT High-Speed Logging Per VRF feature provides the ability to enable and disable Network Address Translation (NAT) high-speed logging (HAL) for virtual routing and forwarding (VRF) instances.

This module provides information about how to enable HSL for VRFs.

Information About Enabling NAT High-Speed Logging per VRF

High-Speed Logging for NAT

Network Address Translation (NAT) supports high-speed logging (HSL) for upto 4 destinations. When HSL is configured, NAT provides a log of the packets flowing through the routing devices (similar to the Version 9 NetFlow-like records) to an external collector. Records are sent for each binding (binding is the address binding between the local address and the global address to which the local address is translated) and when sessions are created and destroyed. Session records contain the full 5-tuple of information (the source IP address, destination IP address, source port, destination port, and protocol). A tuple is an ordered list of elements. NAT also sends an HSL message when a NAT pool runs out of addresses (also called pool exhaustion ). Because the pool exhaustion messages are rate limited, each packet that hits the pool exhaustion condition does not trigger an HSL message.

The table below describes the templates for HSL bind and session create or destroy.

Table 1. Template for HSL Bind and Session Create or Destroy

Field

Format

ID

Value

Source IP address

IPv4 address

8

varies

Translated source IP address

IPv4 address

225

varies

Destination IP address

IPv4 address

12

varies

Translated destination IP address

IPv4 address

226

varies

Original source port

16-bit port

7

varies

Translated source port

16-bit port

227

varies

Original destination port

16-bit port

11

varies

Translated destination port

16-bit port

228

varies

Virtual routing and forwarding (VRF) ID

32-bit ID

234

varies

Protocol

8-bit value

4

varies

Event

8-bit value

230

0-Invalid

1-Adds event

2-Deletes event

Unix timestamp in milliseconds

64-bit value

323

varies
Note 

Based on your release version, this field will be available.

The table below describes the HSL pool exhaustion templates.

Table 2. Template for HSL Pool Exhaustion

Field

Format

ID

Values

NAT pool ID

32-bit value

283

varies

NAT event

8-bit value

230

3-Pool exhaust

How to Configure Enabling NAT High-Speed Logging per VRF

Enabling High-Speed Logging of NAT Translations

You can enable or disable high-speed logging (HSL) of all Network Address Translation (NAT) translations or only translations for specific VPNs.

You must first use the ip nat log translations flow-export v9 udp destination command to enable HSL for all VPN and non-VPN translations. The vrf keyword can be used to specify HSL destination address on a specific VRF. VPN translations are also known as Virtual Routing and Forwarding (VRF) translations.

After you enable HSL for all NAT translations, you can then use the ip nat log translations flow-export v9 vrf-name command to enable or disable translations for specific VPNs. When you use this command, HSL is disabled for all VPNs, except for the ones the command is explicitly enabled.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat log translations flow-export v9 udp destination addr|ipv6-destination IPv6 address vrf vrf name source interface type interface-number
  4. ip nat log translations flow-export v9 {vrf-name | global-on }
  5. exit

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

ip nat log translations flow-export v9 udp destination addr|ipv6-destination IPv6 address vrf vrf name source interface type interface-number

Example:

This example shows how to enable high-speed logging using an IPv4 address
Device(config)# ip nat log translations flow-export v9 udp destination 10.10.0.1 1020 source GigabitEthernet 0/0/0

Example:

This example shows how to enable high-speed logging using an IPv6 address
Device(config)# ip nat log translations flow-export v9 udp ipv6-destination 2001::06 5050 source GigabitEthernet 0/0/0

Example:

This example shows how to enable high-speed logging using an IPv6 address for a destination VRF
Device(config)# ip nat log translations flow-export v9 udp ipv6-destination 2001::06 5050 vrf hslvrf source GigabitEthernet 0/0/0

Enables the high-speed logging of all VPN and non-VPN translations for up to four destinations. You can enable logging for a specific destination VRF using the vrf keyword. To specify an IPv6 address for the UDP destination, use the ipv6-destination keyword followed by the IPv6 address.

Step 4

ip nat log translations flow-export v9 {vrf-name | global-on }

Example:

Device(config)# ip nat log translations flow-export v9 VPN-18

Enables or disables the high-speed logging of specific NAT VPN translations.

Step 5

exit

Example:

Device(config)# exit

(Optional) Exits global configuration mode and enters privileged EXEC mode.

Configuration Examples for Enabling NAT High-Speed Logging per VRF

Example: Enabling High-Speed Logging of NAT Translations

Device# configure terminal
Device(config)# ip nat log translations flow-export v9 udp destination 10.10.0.1 1020 source GigabitEthernet 0/0/0
Device(config)# ip nat log translations flow-export v9 VPN-18
Device(config)# exit

Additional References for Enabling NAT High-Speed Logging per VRF

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

NAT commands

Cisco IOS IP Addressing Services Command Reference

Standards and RFCs

Standard/RFC

Title

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Enabling NAT High-Speed Logging per VRF

Table 3. Feature Information for Enabling NAT HIgh-Speed Logging per VRF

Feature Name

Releases

Feature Information

Enabling NAT High-Speed Logging per VRF

Cisco IOS XE Release 3.1S

The Enabling NAT High-Speed Logging per VRF feature provides the ability to enable and disable Network Address Translation (NAT) high-speed logging (HAL) for virtual routing and forwarding (VRF) instances.

The following commands were introduced or modified: ip nat log translations flow-export .