You can configure MX Series routers with MS-MPCs, MS-MICs,
and MX-SPC3s to log network address translation (NAT) events using
the Junos Traffic Vision (previously known as Jflow) version 9 or
IPFIX (version 10) template format. NAT event logger generates logs
or template records in flow monitoring format and transmits them to
the specified external collector or server for various NAT events,
such as NAT44 and NAT64 session creation and deletion, and NAT44 and
NAT64 binding information base events.
Note: This functionality is supported on MX Series routers with
Junos OS Extension-Provider packages installed and configured on the
device, and on MS-MPCs, MS-PICs, and MX-SPC3s. It is not supported
on MS-DPCs with MX Series routers.
You can configure the mechanism to record logging messages
in flow monitoring format for NAT events. You need to define collectors,
and template profiles that contain the properties for flow monitoring
logs. You can create a template profile for a particular NAT service
on an MX Series router with MS-MPCs, MS-MICs, or MX-SPC3s, or for
a service set, which applies for all of the NAT services. You can
define a template profile to generate flow monitoring logs in a specific
flow template format and associate the specified template profile
with a service set.
To enable the flow monitoring log capability for NAT events
and configure the transmission of logs to collectors at a service
level:
- Define the flow monitoring log service to be applied on
an interface to control the maximum number of flow monitoring logs
generated for NAT error events.
[edit]
user@host# set interfaces ms-fpc/pic/port services-options jflow-log message-rate-limit messages-per-second
For example:
[edit]
user@host# set interfaces ms-5/0/0 services-options jflow-log message-rate-limit 50
- Configure the collectors and collector groups.
[edit]
user@host# set services jflow-log collector collector-name destination-address address destination-port port-number source-ip address
user@host# set services jflow-log collector-group collector-group-name collector [ collector-name1 collector-name2]
For example:
[edit]
user@host# set services jflow-log collector c1 destination-address 203.0.113.3 destination-port 1 source-ip 192.0.2.1
user@host# set services jflow-log collector-group cg1 collector c1
- Configure the template profiles and associate the template
profile with the collector or collector group.
[edit]
user@host# set services jflow-log template-profile template-profile-name collector collector-name version (ipfix | v9) template-type nat refresh-rate packets packets seconds seconds
user@host# set services jflow-log template-profile template-profile-name collector-group collector-group-name version (ipfix | v9) template-type nat refresh-rate packets packets seconds seconds
For example:
[edit]
user@host# set services jflow-log template-profile t1 collector c1 version ipfix template-type nat refresh-rate packets 20 seconds 20
user@host# set services jflow-log template-profile t1 collector-group cg1
user@host# set services jflow-log template-profile t2 collector c2 version v9 template-type nat refresh-rate packets 20 seconds 20
- Associate the template profile with the service set.
[edit]
user@host# set services service-set service-set-name jflow-log template-profile template-profile-name
For example:
[edit]
user@host# set services service-set sset_0 jflow-log template-profile t1
