You can configure the BIG-IP system to log information about carrier grade network address translation (CGNAT) processes and send the log messages to remote IPFIX collectors.
IPFIX is a set of IETF standards described in RFCs 5101 and 5102. The BIG-IP system supports logging of CGNAT translation events over the IPFIX protocol specified in RFC 5101 using the information model described in RFC 5102. IPFIX logs are raw, binary-encoded strings with their fields and field lengths defined by IPFIX templates. IPFIX collectors are external devices that can receive IPFIX templates and use them to interpret IPFIX logs.
The configuration process involves creating and connecting the following configuration objects.
|Object to create in implementation||Reason|
|Pool of IPFIX collectors||Create a pool of IPFIX collectors to which the BIG-IP system can send IPFIX log messages.|
|Destination||Create a log destination to format the logs in IPFIX templates, and forward the logs to the local-syslog database.|
|Publisher||Create a log publisher to send logs to a set of specified log destinations.|
|LSN pool||Associate a large scale NAT (LSN) pool with a log publisher in order to log messages about the traffic that uses the pool.|
This illustration shows the association of the configuration objects for IPFIX logging of CGNAT processes.
Before creating a pool of IPFIX collectors, gather the IP addresses of the collectors that you want to include in the pool. Ensure that the remote IPFIX collectors are configured to listen to and receive log messages from the BIG-IP system.
A log destination of the IPFIX type specifies that log messages are sent to a pool of IPFIX collectors.
The log destination periodically retransmits all of its IPFIX templates. The retransmissions are helpful for UDP connections, which are lossy, and they are also helpful for debugging a TCP connection.