This chapter
identifies features and functionality added to, modified for, or
deprecated from 14.0 NAT software releases.
NAT Feature Changes
as of June 29, 2012
This section
provides information on NAT feature changes in release 14.0.
IMPORTANT:
For more information
regarding features in this section, refer to the NAT Administration
Guide for this release.
New NAT Features
This section
identifies new NAT features available in release 14.0.
IP Reassembly Timer
New nat
ip downlink reassembly-timeout command added in ACS Configuration
Mode to configure the maximum duration for IP reassembly timer.
Refer
to the New NAT Configuration Commands section of this reference
for more information.
Modified NAT Features
This section
identifies NAT features modified in release 14.0. There are two
kinds of modified features: enhancements and behavior changes. Enhancements
are feature changes based on customer change requests. Behavior
changes are feature changes that modify an existing behavior and
may result from software error corrections (bug fixes).
Flow-checkpointing
ICSR Support
This
release supports the following in Firewall-and-NAT Policy:
-
Enable/Disable
checkpointing of basic NAT related information
-
Enable/Disable checkpointing of SIP and H323 ALG
related information
-
Enable/Disable ICSR recovery for basic NAT flows
and SIP flows
-
Configure maximum basic flows that can be checkpointed
Refer
to the nat check-point-info command in the New
NAT Configuration Commands section of this reference for more information.
NAT64 Translation
Changes
For NAT64, Network
address translation and Protocol translation are done on the packets. The
uplink IPv6 packets that are destined to hosts in the IPv4 network
must be protocol translated to IPv4 packets and forwarded. The downlink
IPv4 packets destined to hosts in IPv6 network must be protocol
translated to IPv6 packets and then forwarded.
Previous Behavior:
One-to-One NAT IP was used for NATing either IPv4 or IPv6 traffic
but not both. No 1:1 NAT64 binding table was used. All downlink
traffic received on 1:1 NAT64 IP was translated to client IPv6 addresses
irrespective of the interface ID used for uplink.
New Behavior: One-to-One
NAT IP allocated to a subscriber can be simultaneously used for
NATing IPv4 traffic and IPv6 traffic. 1:1 NAT64 binding table is maintained
to store the interface ID/prefix. The downlink traffic
is translated based on the binding table.
NBR Support
NBRs can now support
both IPv4 and IPv6 addresses in case of an IPv4v6 subscriber. If
the existing “ip subscriber-ip-address” is used
for IPV4 or IPv4v6 call, IPv4 address will be generated and IPv6
address will be generated for IPv6 only call. New attributes, subscriber-ipv4-address and subscriber-ipv6-address are
added to hold IPv4 and IPv6 addresses respectively. Refer to the attribute command
in the Modified NAT Configuration Commands section of this
reference for more information.
Updating Firewall-and-NAT
Policy in Mid-session
The Firewall-and-NAT
policy can be updated mid-session provided the policy was enabled during
call setup. In this release, Firewall-and-NAT policy can also be
updated during mid-session rulebase update through Gx and Gy. Mid-session
rulebase update support from RADIUS server and CLI is already present.
Previous Behavior:
Firewall-and-NAT policy was not updated during mid-session rulebase
update via Gx and Gy.
New Behavior: Firewall-and-NAT
policy can be updated during Gx/Gy mid-session rulebase
update if the new rulebase has Firewall-and-NAT policy configured
and the old Firewall-and-NAT policy is configured through old rulebase.
NAT Configuration
Management Changes as of June 29, 2012
This section
provides information on NAT configuration command changes in release 14.0.
IMPORTANT:
For more information
regarding commands in this section, refer to the Command Line Interface
Reference for this release.
New NAT Configuration
Commands
This section
identifies new NAT commands available in release 14.0.
nat check-point-info
This command enables
or disables the checkpointing for basic NAT, H323 ALG and SIP ALG
recovery. ICSR recovery can be enabled or disabled for basic NAT
and SIP flows.
Firewall-and-NAT Policy
Configuration Mode
[ default | no ] nat
check-point-info { basic [ icsr-also | limit-flows limit ] | h323-alg | sip-alg [ icsr-also ] }
nat ip downlink
reassembly-timeout
This command configures
the maximum duration for which IP packet fragments are retained.
ACS Configuration Mode
[ default ] nat
ip downlink reassembly-timeout timeout
Modified NAT Configuration
Commands
This section
identifies NAT commands modified in release 14.0.
attribute
This command specifies
the order of fields in EDRs. The following new attributes are added to
this command.
-
subscriber-ipv4-address:
For NAT in-line service, this attribute generates the subscriber
IPv4 address in the NBR.
-
subscriber-ipv6-address:
For NAT in-line service, this attribute generates the subscriber
IPv6 prefix in the NBR.
EDR Format Configuration
Mode
attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
no attribute attribute [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] [ priority priority ]
Deprecated NAT Configuration
Commands
This section
identifies deprecated NAT commands that are no longer supported
in release 14.0.
nat icsr-flow-recovery
This command enables
or disables the NAT ICSR Flow checkpointing support for subscribers
in a Firewall-and-NAT policy.
Firewall-and-NAT Policy
Configuration Mode
[ default | no ] nat
icsr-flow-recovery
NAT Performance Management
Changes as of June 29, 2012
This section
provides information on NAT performance management changes in release 14.0.
IMPORTANT:
For more information
regarding bulk statistics in this section, refer to the Statistics and Counters
Reference for this release.
For more information
regarding commands in this section, refer to the Command Line Interface Reference for
this release.
New NAT Bulk Statistics
This section
identifies new NAT bulk statistics available in release 14.0.
The following bulk
statistics are new in this release:
NAT-Realm Schema
Modified NAT Bulk
Statistics
This section
identifies NAT bulk statistics modified in release 14.0.
Deprecated NAT Bulk
Statistics
This section
identifies deprecated NAT bulk statistics that are no longer supported
in release 14.0.
The following bulk
statistics are deprecated for this release:
NAT-Realm Schema
New NAT Performance
Commands
This section
identifies new NAT performance commands available in release 14.0.
Modified NAT Performance
Commands
This section
identifies NAT performance commands modified in release 14.0.
show active-charging
fw-and-nat policy name
This command displays
Firewall-and-NAT Policy information.
Exec Mode
The following fields
have been added to the output of this command:
-
-
-
Recoverable basic
NAT flows
-
-
ICSR Flow-recovery
status
The following field
has been deprecated from the output of this command:
show active-charging
nat statistics
This command displays
NAT realm statistics.
Exec Mode
show
active-charging nat statistics instance instance_number
The following fields
have been added to the output of this command:
-
-
-
Total Port-Chunk
Alloc Reqs
-
Total Port-Chunk
Dealloc Reqs
-
-
Total Port-Chunk
Alloc failure
-
-
-
-
Total IP Alloc failure
while recovery is in progress
-
Total Port-Chunk
Alloc failure while recovery is in progress
show active-charging
subsytem all
This command shows
service and configuration counters for the ACS subsystem.
Exec Mode
The following fields
have been added to the output of this command:
-
-
-
NAT44 N-1 flows
processed
-
NAT44 1-1 flows
processed
-
-
NAT64 N-1 flows
processed
-
NAT64 1-1 flows
processed
-
-
show active-charging
subsytem facility acsmgr instance
This command shows
service and configuration counters for the ACS subsystem.
Exec Mode
The following fields
have been added to the output of this command:
-
-
-
NAT44 N-1 flows
processed
-
NAT44 1-1 flows
processed
-
-
NAT64 N-1 flows
processed
-
NAT64 1-1 flows
processed
-
-
Deprecated NAT Performance
Commands
This section
identifies deprecated NAT performance commands that are no longer
supported in release 14.0.
NAT Security Management
Changes as of June 29, 2012
This section
provides information on NAT security management changes in release 14.0.