Due to the shortage of IPv4 addresses, Internet service providers must implement NAT to facilitate the long-term transition to IPv6. Because of the large number of simultaneous IP connections, various manufacturers offer hardware-based solutions to map private IP addresses to a limited number of public IPv4 addresses.

Due in part to legal regulations, it is necessary to log these NAT translations in order to determine which public IP address was in use at a specific point in time via a private IP address.

For this reason, NAT gateways implement the ability to log NAT ADD and NAT DELETE events in real time. Event rates in typical provider networks are very high, which is why the term “high-speed logging” is often used.

NetFlow v9 and IPFIX have proven themselves as protocols for high-speed logging, as they enable very efficient data transmission unlike Syslog.

In addition to IsarFlow for traffic analysis, IsarFlow CGN is the customized, high-performance solution for storing NAT bindings long-term and making them easily searchable.

IsarFlow CGN also offers integration with RADIUS accounting servers. RADIUS accounting logs from multiple RADIUS servers can be received with high availability and stored for a configurable retention period.

To search and correlate stored NAT and RADIUS data, IsarFlow CGN provides a web interface for ad-hoc searches and a REST API for integration into customer environments.

IsarFlow CGN enables service providers to meet regulatory requirements, maintain operational visibility and ensure full transparency across large-scale CGN deployments – fast, reliable and easy to integrate.

IsarFlow CGN supports the following NAT variants:

• NAT44
• NAT44 DBL (destination based logging)
• NAT44 BPA (bulk port allocation)
• Other NAT variants, such as NAT64 and DS-Lite, are available upon request

IsarFlow CGN is not limited to specific vendors - the IsarFlow CGN collector processes NetFlow and IPFIX data from a wide variety of vendors, such as

• CISCO (CGSE, ASR1k, Firepower, ...)
• Huawei
• A10
• Fortinet
• Nokia
• ...

The IsarFlow CGN collector supports vendor-specific NetFlow v9 / IPFIX templates. It is not necessary to pre-configure templates in the IsarFlow collector - a sophisticated mapping algorithm extracts the information elements required for CGN from the vendor-specific templates for storage in the IsarFlow database. IsarFlow CGN is not limited to the logging format specified in RFC 8158, but also offers the ability to convert vendor-specific templates into a unified data model. This makes it possible to store NAT data from different vendors in a single database and search it transparently.

In typical provider networks, a very large number of NAT bindings are created, which results in high event rates for real-time high-speed logging. IsarFlow CGN offers a powerful CGN collector that can process event rates of up to 3,000,000 events per second on a single server.

To match the high performance of data collection, a high-performance search algorithm is implemented in IsarFlow CGN. Even billions of stored NAT bindings can be searched efficiently. The retention time has no impact on search speed, regardless of whether a NAT binding from yesterday or 18 months ago is being searched for.

Scalability is a core feature of IsarFlow. By installing additional IsarFlow instances, performance can be scaled linearly through a distributed system.

To meet the high availability requirements of provider networks, NetFlow/IPFIX and RADIUS accounting data can be collected with high availability.

HA can be configured in either active/active or active/standby mode.

Due to the volume of data involved, IsarFlow CGN is optimized for on-premises operation.

Optionally, IsarFlow can receive and store CGN accounting logs from RADIUS servers. The RADIUS attributes (e.g., subscriberId, phone-number, etc.) to be stored can be freely configured.

IsarFlow CGN supports custom retention periods for NAT and RADIUS data to meet specific requirements. Data is stored with high efficiency, allowing for retention periods of several months or even years.

Time stamps accurate to the second are stored with every NAT and RADIUS event.

The data is stored in a multi-tiered model, which enables fast searches on the one hand and low storage space requirements on the other through strong compression in long-term archiving.

For advanced availability requirements, IsarFlow CGN allows for easy data backup through this multi-tiered storage method, which is also optimized for straightforward backups.

The stored NAT and RADIUS data can be searched for private and public IP addresses using a robust search algorithm. The results list not only the respective NAT bindings. The algorithm implemented in IsarFlow CGN links NAT ADD, NAT DELETE, Radius Start, and Radius Stop events together, so in addition to the IP addresses from the NAT bindings, subscriber information is directly available in the results.

The search is time-based, so each query requires at least two parameters: a timestamp and either a private or public IP address.

To narrow down the search results, search parameters such as Destination IP, Destination Port, Public Port, and Private Port can be optionally specified.

A web interface and a REST API are available as interfaces for the search. The REST API is authenticated. The results in machine-readable JSON format allow for integration into the provider’s infrastructure.

Thanks to many years of experience in the CGN field, we are able to provide our customers with optimal support in sizing and integrating IsarFlow CGN into their environment.