In L2-Aware NAT, the logging of NAT resources is integrated with ESM RADIUS accounting. The NAT-related resources reporting is described in Table: Integrated ESM and NAT accounting .
Accounting START messages carry only the RADIUS Event-Timestamp (type 55), which correctly reflects the creation of the initial port block and outside IP address for L2-Aware NAT. The initial port block and outside IP address allocation in the ISA or ESA for a L2-Aware subscriber is triggered by the control plane (CPM) when the first session or host is created. This means that the initial port block and outside IP address creation in the ISA or ESA is not triggered by data traffic. However, data traffic triggers the creation of extend port blocks.
Interim-Updates and STOP accounting messages carry two timestamps. This is because the RADIUS accounting message is generated by the CPM at the time indicated by the Event-Timestamp, which may not accurately reflect the time of the extended port block allocation or de-allocation that occurs on ISA or ESA.
RADIUS Event-Timestamp (type 55) with a 1 second resolution
This timestamp is updated by the CPM with the time that the Interim-Update message is generated.
Nokia Alc-ISA-Event-Timestamp (type 86)
This is updated only when an event on the ISA or ESA occurs, for example, an extension port block is allocated or de-allocated. The format and resolution of this timestamp is the same as the format of the Event-Timestamp.
A summary of integrated ESM and NAT RADIUS logging is shown in Table: Integrated ESM and NAT accounting . Only RADIUS attributes relevant to NAT are shown.
| ESM and NAT integrated RADIUS accounting/logging | |||
|---|---|---|---|
| Acct msg type | Queue-instance (Sla-profile instance) accounting |
Session or host accounting | Comments |
Start |
An Acct START message is generated for every SLA profile instantiation and every accounting START message contains NAT-related information carried in Alc-Nat-Port-Range (26.6527.121) which includes the outside IP address, newly allocated initial port block, outside router ID, and NAT policy ID. If there are multiple SLA profile instances per a NAT-enabled ESM subscriber, this information is repeated for all additional SLA profile instances. |
Acct START is generated for every new session or host of a NAT- enabled subscriber. This message carries:
The NAT related information is carried in the following RADIUS attribute: Alc-Nat-Port-Range(26.6527.121) This attribute includes the outside IP address, port blocks, outside router ID, and NAT policy. There is no distinction between NAT-enabled sessions or hosts and non NAT-enabled sessions of hosts (that is, non NAT-enabled sessions or hosts also carry NAT information) for a NAT enabled subscriber. |
The initial port block and outside IP address are always advertised in accounting START messages, regardless of whether there is a single session, host, multiple sessions, hosts per subscriber, or the sessions or hosts are NAT-enabled. |
Regular Interim-Update |
The message reports existing in-use NAT resources (the cumulative update) for each SLA profile instance: Alc-Nat-Port-Range (26.6527.121) The outside IP address, all existing port blocks, outside router ID, and NAT policy ID. Alc-ISA-Event-Timestamp(241.26.6527.86) The time of the last extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM. This is repeated for all NAT- enabled sessions of an ESM subscriber. |
This message reports the existing in-use NAT resources (the cumulative update) for each session: Alc-Nat-Port-Range (26.6527.121) The outside IP address, all existing port blocks, outside router ID, and NAT policy. Alc-ISA-Event-Timestamp(241.26.6527.86) The time of the last extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM This is repeated for all NAT-enabled sessions or hosts of an ESM subscriber. |
— |
Triggered Interim-Update |
This message carries differential updates tracking changes only for extended port blocks of the existing subscriber. The initial port-block is not advertised in the triggered Interim-Update but instead it is only advertised in the accounting START (map) or STOP (free) message. Alc-Nat-Port-Range (26.6527.121) The outside IP address, newly allocated or de-allocated extended port block, outside router ID, and NAT policy ID. Alc-Acct-Triggered-Reason (26.6527.163)
These are the reasons for this triggered Interim-Update message. An extended port block is allocated (MAP) or de-allocated (FREE). Alc-ISA-Event-Timestamp (241.26.6527.86) The time of the extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM. This is repeated for each SLA-profile instance (queuing instance). |
This message carries differential updates tracking changes only for extended port blocks of the existing subscriber. The initial port block is never advertised in the triggered Interim-Update but is only advertised in accounting START (map) or STOP (free) message. Alc-Nat-Port-Range (26.6527.121) The outside IP address, newly allocated or de-allocated extended port block, outside router ID, and NAT policy ID. Alc-Acct-Triggered-Reason (26.6527.163)
The reason for this triggered Interim-Update message. An extended port block is allocated (MAP) or de-allocated (FREE). Alc-ISA-Event-Timestamp (241.26.6527.86) The time of the extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM. This is repeated for all sessions or hosts of an ESM subscriber. |
If the last session of the subscriber is terminated, and at the same time this session has extended port blocks in use, two consecutive RADIUS accounting messages are sent (regardless of the accounting model):
A subscriber termination is infrequent event. |
Stop |
Accounting STOP messages are sent when an SLA profile instance (queuing-instance) is terminated (the last session associated with it is terminated). If the terminated SLA-profile instance (queuing instance) is the last for the subscriber, the accounting STOP message only carry the initial port block (and outside IP address). Any extended port blocks that were released are be reported in immediately preceding triggered Interim-Update message. If the terminated SLA-profile instance (queuing instance) is not the last for the subscriber, the accounting STOP message carries the initial port-block (and outside IP address) and any extended port blocks that are still allocated for the subscriber, but not used any more by this terminated SLA-profile instance. Alc-Nat-Port-Range (26.6527.121) The outside IP address, initial port block, outside router ID, and NAT policy ID. Alc-ISA-Event-Timestamp (241.26.6527.86) The time of the last extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM. This information is generated for every SLA-profile instance (queuing instance) termination, meaning that the information is repeated if the subscriber has multiple SLA-profile instances. |
Accounting STOP message is sent when a session or host of a NAT enabled subscriber is terminated. If the terminated session of host is the last for the subscriber, the accounting STOP message carries only the initial port-block (and outside IP address). Any extended port blocks that were released are reported in immediately preceding triggered Interim-Update messages. If the terminated session or host is not the last for the subscriber, the accounting STOP message carries the initial port-block (and outside IP address) and any extended port blocks that are still allocated for the subscriber, but not used any more by this terminated session or host. Alc-Nat-Port-Range (26.6527.121) The outside IP address, initial port block, outside router ID, and NAT policy ID. Alc-ISA-Event-Timestamp (241.26.6527.86) The time of the last extended port block allocation or de-allocation on the ISA or ESA. Event-Timestamp (55) The time when the RADIUS message is generated on the CPM This information is generated upon termination of every session or host of an L2-Aware subscriber. |
Each accounting stream (START, I-U, STOP) is treated as a separate entity and it contains NAT information that can overlap with other accounting streams (for the queuing instance or a session) of the same subscriber. A complete NAT information is always conveyed in an accounting stream, for example, for every PB allocation a matching de-allocation can be found on the same stream. In other words, there are no known cases where a PB allocation is reported on one accounting stream, but de-allocation is reported on another. |
The following are examples showing only relevant NAT related attributes:
A session is created for a L2-Aware NAT subscriber. At the time of session instantiation, a RADIUS accounting START messages is generated.
Alc-Nat-Port-Range = "192.168.20.2 2001-2024 router base l2-aware"
Event-Timestamp = T1
The outside IP address 192.168.20.2 and initial port block [2001-2004] are allocated at time T1.
New extended port block is allocated. Differential data is carried in a triggered Interim-Update message.
Alc-Nat-Port-Range = "192.168.20.2 3000-3023 router base l2-aware"
Alc-Acct-Triggered-Reason = Nat-Map (20)
Event-Timestamp = T3
Alc-ISA-Event-Timestamp = T2
Only the new allocated port blocks are present in this update with the triggered reason Nat-Map (20).
This port block was allocated on ISA or ESA at time T2 which may be different than time T3 at which the Interim-Update is sent to the RADIUS server.
This difference may be small if there is no congestion in the system. It may be larger if there is congestion in the system while the notifications from the ISA or ESA are queued internally in the system waiting to be transported to the CPM which is backlogged. A reason for CPM backlog can be from a high volume of RADIUS messages that are sent to the RADIUS servers.
Periodic Interim-Update messages are triggered at regular intervals and carries cumulative (or absolute) data.
Alc-Nat-Port-Range = "192.168.20.2 2001-2024, 3000-3023 router base l2-aware"
Event-Timestamp = T4
Alc-ISA-Event-Timestamp = T2
This update carries both previously allocated port blocks, the initial port block and the extended port block.
T4 in Event-Timestamp reflects the time when the message is generated, while the Alc-ISA-Event-Timestamp is unchanged from the previous update because no new event occurred on the ISA or ESA.
An existing extended port block is de-allocated. Differential data is carried in triggered Interim-Update message.
Alc-Acct-Triggered-Reason = Nat-Free (19)
Alc-Nat-Port-Range = "192.168.20.2 3000-3023 router base l2-aware"
Event-Timestamp = T6
Alc-ISA-Event-Timestamp = T5
Only the de-allocated port block is present in this update with the triggered reason NAT-Free (19).
This port block was de-allocated on ISA or ESA at time T5 which may be different than time T6 at which the Interim-Update is sent to the RADIUS server.
At session termination, a RADIUS accounting STOP message with initial port block is generated.
Alc-Nat-Port-Range = "192.168.20.2 2001-2024 router base l2-aware"
Event-Timestamp = T7
Alc-ISA-Event-Timestamp = T5
This final update for the session carries the initial port block that is no longer used by the terminated session, host or queuing instance. Although this session is terminated, the initial port block can be used by another sessions still present under the same L2-Aware NAT subscriber.
T7 in Event-Timestamp reflects the time when the message is generated, while the Alc-ISA-Event-Timestamp is always the same as in the previous triggered accounting Interim-Update message.