Example: Configuring Logs in Flow Monitoring Format for NAT Events on MX Series Routers for Troubleshooting
You can configure MX Series routers with MS-MPCs, MS-MICs, and MX-SPC3s to log network address translation (NAT) events using the Junos Traffic Vision (previously known as Jflow) version 9 or IPFIX (version 10) template format. This method of generating flow monitoring records for NAT events, such as NAT44 and NAT64 session creation and deletion, and NAT44 and NAT64 binding information base events, enables cohesive and streamlined analysis of NAT traffic and troubleshooting of NAT-related problems.
This functionality is supported on MX Series routers with Junos OS Extension-Provider packages installed and configured on the device, and on MS-MPCs, MS-PICs, and MX-SPC3s. It is not supported on MS-DPCs with MX Series routers.
This example describes how to configure flow monitoring log generation in flow monitoring format for NAT events at the service-set level on MS-MIC, MS-MPC, and MX-SPC3, and contains the following sections:
This configuration example is for an Interface-Style service set.
Requirements
This example uses the following hardware and software components:
One MX Series router with an MS-MPC, MS-MIC, or MX-SPC3
Junos OS Release 14.2R2 or later for MX Series routers
Generation of Log Messages Using Flow Templates for NAT Operations on MS-MPCs, MS-MICs, and MX-SPC3s
You can configure the mechanism to record logging messages in flow monitoring format for NAT events. You can create a template profile for a particular NAT service on an MX Series router with MS-MPCs, MS-MICs, or MX-SPC3s, or for a service set, which applies for all of the NAT services. You must define a template profile to generate flow monitoring logs in a specific flow template format and attach the template profile with a service set. You must configure a collector or a group of collectors, which are hosts that receive the log messages for NAT events from the service PIC or the exporter. You need to associate a template profile with the collector. The profile defines the characteristics of the flow monitoring record template, such as the version of flow monitoring (version 9 or IPFIX), the refresh rate, in either packets or seconds, and the type of service or application (NAT in this case) for which flow records must be sent to the collector.
Assume a sample deployment in which two collectors, c1 and c2, are defined. These collectors are clustered into two groups. The collector group, cg1, contains c1 and c2, and the collector group, cg2, contains c2. Two template profiles named t1 and t2 are defined. The profiles, t1 and t2, are associated with collectors, c1 and c2, respectively.
These profiles describe the properties or attributes for transmission of logs, such as the flow template format to be used, the rate at which the logs must be refreshed, and the service or event, such as NAT, for which logs must be sent to the specified collector.
Configuration
To enable the flow monitoring log capability for NAT events and configure the transmission of logs to collectors, perform these tasks:
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them in a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level:
Configuring Service Set Properties
set services service-set sset_0 interface-service service-interface ms-5/0/0.0
Applying Flow Monitoring Log Service on an Interface
set interfaces ms-5/0/0 services-options jflow-log message-rate-limit 50000
Enabling and Configuring Flow Monitoring Logs for a Service Set
set services jflow-log collector c1 destination-address 192.0.2.3 destination-port 1 source-ip 198.51.100.1 set services jflow-log collector c2 destination-address 203.0.113.5 destination-port 3 source-ip 198.51.100.2 set services jflow-log collector-group cg1 collector [ c1 c2 ] set services jflow-log template-profile t1 collector c1 version ipfix template-type nat refresh-rate packets 20 seconds 20 set services jflow-log template-profile t2 collector c2 version v9 template-type nat refresh-rate packets 20 seconds 20 set services jflow-log template-profile t1 collector-group cg1
Associating the Template Profile with a Service Set
set services service-set sset_0 jflow-log template-profile t1
Procedure
Step-by-Step Procedure
To configure the generation and transmission of flow monitoring template logs for NAT events:
Create a service set properties.
[edit] user@host# set services service-set sset_0 interface-service service-interface ms-5/0/0.0
Define the flow monitoring log service to be applied on an interface.
[edit] user@host# set interfaces ms-5/0/0 services-options jflow-log message-rate-limit 50000
Configure the collectors and collector groups.
[edit] user@host# set services jflow-log collector c1 destination-address 192.0.2.3 destination-port 1 source-ip 198.51.100.1 user@host# set services jflow-log collector c2 destination-address 203.0.113.5 destination-port 3 source-ip 198.51.100.2 user@host# set services jflow-log collector-group cg1 collector [ c1 c2 ] user@host# set services jflow-log collector-group cg2 collector c2
Configure the template profiles and associate the template profile with the collector.
[edit] user@host# set services jflow-log template-profile t1 collector c1 version ipfix template-type nat refresh-rate packets 20 seconds 20 user@host# set services jflow-log template-profile t2 collector c2 version v9 template-type nat refresh-rate packets 20 seconds 20
Associate the template profile with the service set.
[edit] user @ host# set services service-set sset_0 jflow-log template-profile t1
Results
From the configuration mode, confirm your configuration
by entering the show services, show services jflow-log, and show services service-set sset_0 jflow-log commands.
If the output does not display the intended configuration, repeat
the instructions in this example to correct the configuration.
user@host# show services
service-set sset_0 {
interface-service {
service-interface ms-5/0/0;
}
}
[edit interfaces]
ms-5/0/0 {
services-options {
jflow-log {
message-rate-limit 50000;
}
}
}
user@host# show services jflow-log
collector c1 {
destination-address 192.0.2.3;
destination-port 1;
source-ip 198.51.100.1;
}
collector c2 {
destination-address 203.0.113.5;
destination-port 3;
source-ip 198.51.100.2;
}
collector-group cg1 {
collector [ c2 c1 ];
}
collector-group cg2 {
collector c2;
}
template-profile t2 {
collector c2;
template-type nat;
referesh-rate packets 20 seconds 20;
version v9;
}
template-profile t1 {
collector c1;
template-type nat;
referesh-rate packets 20 seconds 20;
version ipfix;
}
[edit]
user@host# show services service-set sset_0 jflow-log
template-profile t2;
Verification
To confirm that the configuration is working properly, perform the following:
Verifying That the Flow Monitoring Logs Are Generated and Sent to Collectors
Purpose
Verify that the flow monitoring log messages in the defined template format, such as IPFIX or version 9, are generated and transmitted to the configured collectors for the different NAT operations.
Action
From operational mode, use the show services service-sets
statistics jflow-log command:
user@host> show services service-sets statistics jflow-log
Interface: ms-5/0/0
Rate limit: 1000
Template records:
Sent: 36
Dropped: 0
Data records:
Sent: 2
Dropped: 0
Service-set: sset_0
Unresolvable collectors: 0
Template records:
Sent: 36
Dropped: 0
Data records:
Sent: 2
Dropped: 0
From operational mode, use the show services service-sets
statistics jflow-log detail command:
user@host> show services service-sets statistics jflow-log detail
Interface: ms-5/0/0
Rate limit: 1000
Template records:
Sent: 48
Dropped: 0
Data records:
Sent: 4
Dropped: 0
Service-set: sset_0
Unresolvable collectors: 0
Template records:
Sent: 48
Dropped: 0
Data records:
Sent: 4
Dropped: 0
NAT44 Session logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 4
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT64 Session logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT44 BIB logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT64 BIB logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT Address Exhausted logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT Port Exhausted logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT44 Quota Exceeded logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT64 Quota Exceeded logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT44 Address Bind logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT64 Address Bind logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT44 PBA logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
NAT64 PBA logs:
Template records:
Sent: 4
Dropped: 0 (socket send error: 0, no memory: 0)
Data records:
Sent: 0
Dropped: 0 (invalid data: 0, no memory: 0, above rate limit: 0)
Meaning
The output shows that the log messages in flow monitoring format associated with the specified service set and interface are generated for the different NAT events.