Logging

As with any NAT operation where the identity of the user is hidden behind the NAT identity, logging of the NAT translation information is required. In the MAP-T domain, NAT logging is based on configuration changes because the user identity can be derived from the configured rules.

A system can have a large number of rules and each configured MAP rule generates a separate log. As a result, the amount of logs generated can be substantial. Logging is explicitly enabled using a log event.

A NAT log contains information about the following:

• MAP type (map-t)

• map-domain name

• map-rule name

• v6 rule-prefix

• v4 rule-prefix

• EA bits

• psid-offset bits

• associated routing context for the MAP-T rule

• timestamp

A MAP rule log is generated when both of the following conditions are met:

• a MAP rule is activated and deactivated in the system (administratively shutdown/no shutdown, corresponding MAP domain is associated/dissociated from the routing context, corresponding MAP domain is shutdown /no shutdown, and so on)

• event tmnxNatMapRuleChange (id=2036) has been enabled in event-control

Example:

551 2016/04/22 14:56:35.44 UTC MINOR: NAT #2036 vprn220 NAT MAP
"map-type=map-t map-domain=domain-name-1 rule-name=rule-name-1 rule-prefix=2001:db8::/44 ipv4-prefix=192.168.10.0/24 ea-length=12 psid-offset=6 enabled router=vprn220 at 2016/04/22 14:56:35"