This website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you're not happy with this, we won't set these cookies but some nice features of the site may be unavailable.

IsarNet IsarFlow IsarFlow-Partner NetFlow.de

CGN/NSEL

CGN - Carrier Grade NAT

Internet providers have to implement some NAT solution due to the IPv4 address depletion to enable IPv6 transition. Due to the huge number of concurrent IP connections there is a hardware based solution available by Cisco, the CGSE and ASR1000. Other options to implement CGN are ASA firewalls. There are different technologies available like NAT 44, NAT 64, DS-lite, resulting in different reporting types.

There are strong requirements of storing the NAT events (e.g. IP addresses used by end customers) for reasons like data retention, law enforcement or carrier operation.

This is addressed by IsarFlow using a special module which provides CGN analyses. IsarFlow receives the logging data via Netflow v9 and provides multiple analyses. It supports NAT 44, NAT 64, DS-lite and NSEL.

The logging of events of building and maintaining such a NAT database has been done using syslog protocol in the past. Using syslog is no longer feasible due to the high amount of events at the very same time. Cisco implemented Netflow export instead of syslog, since this is much more efficient.

The data collector performance is optimized to support even highest event rates (even in cases of traffic bursts or failover) and to store the data optionally in a compressed format (this compress the data up to 10:1).

NSEL - Netflow Secure Event Logging

Similar to CGN a ASA firewall creates events events like permit, deny or teardown of a connection (depending on the firewall rules). These events are exported via netflow (again to handle the huge amount of events possible) and can be analysed in IsarFlow finally. There is a detailed drill down available.