Technical data
26 ServerIron ADX NAT64 Configuration Guide
53-1002288-02
NAT64 Connection logging
2
DRAFT: BROCADE CONFIDENTIAL
NAT64 Connection logging
A ServerIron ADX provides NAT64 connection logging to enable administrators to audit and log
NAT64 connections created on the ServerIron ADX. A user can configure the ServerIron ADX to send
a message to an external Syslog server each time NAT64 creates session table entries for NAT64
traffic.
The forward flow for NAT64 is from the IPv6 Client to the NAT64 IPv6 prefix::ipv4 destination
address. The ServerIron ADX selects a NAT pool IP and port to replace the Client IP and Client port
and strips off the NAT64 prefix to create the IPv4 destination address.
The NAT64 connection logging displays the following information:
• Protocol
• Client IP
• Client Port
• NAT64 prefix
• IPv4 destination IP
• Destination port
• NAT pool IP
• NAT port
A user can recreate an IPv6 destination IP address by pre-pending the NAT64 prefix to the IPv4
destination IP address.
Beginning with release 12.301a, NAT64 connection creation is logged. A Syslog message is sent
each time a flow session pair is created. There is no buffering or batching in the current release.
The ServerIron ADX does not currently log connection teardown.
NOTE
This feature is only applicable to Stateful NAT64 since no sessions are created for Stateless NAT64
traffic.
NOTE
Enabling NAT64 logging will have an impact on performance.
Configuring NAT64 Connection logging
To enable NAT64 Connection logging on a ServerIron ADX, you must configure the IP address of the
external Syslog Server and enable NAT64 connection-logging.
Configuring the IP address of the external Syslog Server
You can configure the IP address of the external Syslog Server using the following commands.
ServerIronADX#configure terminal
ServerIronADX(config)# logging 100.100.100.1
ServerIronADX(config)#
Syntax: [no] logging <ip_address>