When multiple NAT policies per inside routing context are deployed, a new policy-id parameter is added to specific syslog messages. The format of the policy-id is:
plcy-id XX
Where XX is an arbitrary unique number per inside routing context assigned by the router. This number, represents the corresponding NAT policy. Because the maximum number of NAT policies in the inside routing context is 8, the policy-id value is also a numerical value in the range 1 to 8.
The introduction of the policy-id in logs is necessary because of the bulk-operations associated with multiple NAT policies per inside routing context. A bulk operation, for example, represents the removal of the nat-policy from the configuration, shutting down the NAT pool, or removing an IP address range from the pool. Removing a NAT accounting policy in case of RADIUS NAT logging does not trigger a summarization log because an acct-off message is sent. Such operations have a tendency to be heavy on NAT logging because they affect a large number of NAT subscribers at the same time. Summarization logs are introduced to prevent excessive logging during bulk operations. For example, the NAT policy deletion can be logged with a single (summarized) entry containing the policy-id of the NAT policy that was removed and the inside service-id. Because all logs contain the policy-id, a single summarization free log can be compared to all map2 logs containing the same policy-id to determine for which subscribers the NAT mappings have ceased. Map and Free logs are generated when the port-block for the subscribers are allocated and de-allocated.
Summarization log is always generated on the CPM, regardless of whether the RADIUS logging is enabled or not. A summarization log simply cannot be generated via RADIUS logging because the RADIUS accounting message streams (start/interim-updates/stop) are always generated per subscriber. In other words, for RADIUS logging, the summarization log would need to be sent to each subscriber, which defeats the purpose of the summarization logs.
A summarization log on the CPM is generated:
When the NAT policy is removed, with a single NAT policy per inside routing context, a summarization log is generated with only one field: inside srvc-id (vprn or base). This is sufficient because there is only one NAT policy per inside routing context. To determine subscribers for which NAT mappings are terminated, the operator should search all most recent map logs matching the service-id from the summarization log.
With multiple NAT policies per inside routing context, the inside srvc-id and the policy-id are included in the summarization log (no outside IPs, outside srvc-id, port-block or source IP).
A log search based on the policy-id and inside srvc-id should reveal all subscribers whose mappings were affected by the NAT policy removal.
When the pool is shutdown, the router sends a summarization log that includes the outside srvc-id and all IP address ranges configured in the pool. No other parameters are included in the summarization log.
A log search based on the outside IP address and outside srvc-id should reveal all subscribers for which the NAT mappings have ceased.
When an IP address-range is removed from the pool. The router sends a summarization log that includes the outside srvc-id and the IP address range that has been removed. No other parameters are included in the summarization log.
A log search based on the outside IP addresses in the range and the outside srvc-id should reveal all subscribers for which the NAT mappings have ceased.
when the last AFTR address is removed
when DS-Lite/NAT64 node is shutdown
when deterministic NAT prefixes are created or removed
Summarization logs in RADIUS logging:
The summarization log for bulk operation while RADIUS logging is generated only in the CPM (syslog). This means that for bulk operations with RADIUS logging, the operator has to rely on RADIUS logging as well as on the CPM logging.
An open log sequence in RADIUS, for example a map for the <inside IP 1, outside IP 1,port-block 1> followed at some later time with a map for <inside IP 2, outside IP 1, port-block 1>, is an indication that the free log for <inside IP 1, outside IP 1,port-block 1> is missing. This means that either the free log for <inside IP 1, outside IP 1,port-block 1> was lost or that a policy, pool, and address-range was removed from the configuration. In the latter case, the operator should look in the CPM log for the summarization message.
The summarization logs are enabled via the event control 2021 tmnxNatLsnSubBlksFree which is by default suppressed. The event control 2021 is also used to report when all blocks for the subscriber are freed.