Enabling NAT High-Speed Logging per VRF

The Enabling NAT High-Speed Logging Per VRF feature provides the ability to enable and disable Network Address Translation (NAT) high-speed logging (HAL) for virtual routing and forwarding (VRF) instances.

This module provides information about how to enable HSL for VRFs.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Enabling NAT High-Speed Logging per VRF

High-Speed Logging for NAT

Network Address Translation (NAT) supports high-speed logging (HSL) for upto 4 destinations. When HSL is configured, NAT provides a log of the packets flowing through the routing devices (similar to the Version 9 NetFlow-like records) to an external collector. Records are sent for each binding (binding is the address binding between the local address and the global address to which the local address is translated) and when sessions are created and destroyed. Session records contain the full 5-tuple of information (the source IP address, destination IP address, source port, destination port, and protocol). A tuple is an ordered list of elements. NAT also sends an HSL message when a NAT pool runs out of addresses (also called pool exhaustion ). Because the pool exhaustion messages are rate limited, each packet that hits the pool exhaustion condition does not trigger an HSL message.

The table below describes the templates for HSL bind and session create or destroy.

Table 1. Template for HSL Bind and Session Create or Destroy

Field

Format

ID

Value

Source IP address

IPv4 address

8

varies

Translated source IP address

IPv4 address

225

varies

Destination IP address

IPv4 address

12

varies

Translated destination IP address

IPv4 address

226

varies

Original source port

16-bit port

7

varies

Translated source port

16-bit port

227

varies

Original destination port

16-bit port

11

varies

Translated destination port

16-bit port

228

varies

Virtual routing and forwarding (VRF) ID

32-bit ID

234

varies

Protocol

8-bit value

4

varies

Event

8-bit value

230

0-Invalid

1-Adds event

2-Deletes event

Unix timestamp in milliseconds

64-bit value

323

varies
Note 

Based on your release version, this field will be available.

The table below describes the HSL pool exhaustion templates.

Table 2. Template for HSL Pool Exhaustion

Field

Format

ID

Values

NAT pool ID

32-bit value

283

varies

NAT event

8-bit value

230

3-Pool exhaust

How to Configure Enabling NAT High-Speed Logging per VRF

Enabling High-Speed Logging of NAT Translations

You can enable or disable high-speed logging (HSL) of all Network Address Translation (NAT) translations or only translations for specific VPNs.

You must first use the ip nat log translations flow-export v9 udp destination command to enable HSL for all VPN and non-VPN translations. . VPN translations are also known as Virtual Routing and Forwarding (VRF) translations.

After you enable HSL for all NAT translations, you can then use the ip nat log translations flow-export v9 vrf-name command to enable or disable translations for specific VPNs. When you use this command, HSL is disabled for all VPNs, except for the ones the command is explicitly enabled.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip nat log translations flow-export v9 udp destination source interface type interface-number
  4. ip nat log translations flow-export v9 {vrf-name | global-on }
  5. exit

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

ip nat log translations flow-export v9 udp destination source interface type interface-number

Example:

This example shows how to enable high-speed logging using an IPv4 address
Device(config)# ip nat log translations flow-export v9 udp destination 10.10.0.1 1020 source GigabitEthernet 0/0/0
Step 4

ip nat log translations flow-export v9 {vrf-name | global-on }

Example:

Device(config)# ip nat log translations flow-export v9 VPN-18

Enables or disables the high-speed logging of specific NAT VPN translations.

Step 5

exit

Example:

Device(config)# exit

(Optional) Exits global configuration mode and enters privileged EXEC mode.

Configuration Examples for Enabling NAT High-Speed Logging per VRF

Example: Enabling High-Speed Logging of NAT Translations

Device# configure terminal
Device(config)# ip nat log translations flow-export v9 udp destination 10.10.0.1 1020 source GigabitEthernet 0/0/0
Device(config)# ip nat log translations flow-export v9 VPN-18
Device(config)# exit

Additional References for Enabling NAT High-Speed Logging per VRF

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

NAT commands

Cisco IOS IP Addressing Services Command Reference

Standards and RFCs

Standard/RFC

Title

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Enabling NAT High-Speed Logging per VRF

Table 3. Feature Information for Enabling NAT HIgh-Speed Logging per VRF

Feature Name

Releases

Feature Information

Enabling NAT High-Speed Logging per VRF

Cisco IOS XE Release 3.1S

The Enabling NAT High-Speed Logging per VRF feature provides the ability to enable and disable Network Address Translation (NAT) high-speed logging (HAL) for virtual routing and forwarding (VRF) instances.

The following commands were introduced or modified: ip nat log translations flow-export .