Product Documentation

Logging and Monitoring DS-Lite

Aug 30, 2016

You can log DS-Lite information to diagnose or troubleshoot problems, and to meet legal requirements. The NetScaler appliance supports all LSN logging features for logging DS-Lite information. For configuring DS-Lite logging, use the procedures for configuring LSN logging, described at Logging and Monitoring LSN.

A log message for a DS-Lite LSN mapping entry consists of the following information:

  • NetScaler owned IP address (NSIP address or SNIP address) from which the log message is sourced
  • Time stamp
  • Entry type (MAPPING)
  • Whether the DS-Lite LSN mapping entry was created or deleted
  • IPv6 address of B4
  • Subscriber's IP address, port, and traffic domain ID
  • NAT IP address and port
  • Protocol name
  • Destination IP address, port, and traffic domain ID might be present, depending on the following conditions:
    • Destination IP address and port are not logged for Endpoint-Independent mapping.
    • Only the destination IP address is logged for Address-Dependent mapping. The port is not logged.
    • Destination IP address and port are logged for Address-Port-Dependent mapping.

A log message for a DS-Lite session consists of the following information:

  • NetScaler owned IP address (NSIP address or SNIP address) from which the log message is sourced
  • Time stamp
  • Entry type (SESSION)
  • Whether the DS-Lite session is created or removed
  • IPv6 address of B4
  • Subscriber's IP address, port, and traffic domain ID
  • NAT IP address and port
  • Protocol name
  • Destination IP address, port, and traffic domain ID

The following table shows sample DS-Lite log entries of each type stored on the configured log servers. These log entries are generated by a NetScaler appliance whose NSIP address is 10.102.37.115.You can log DS-Lite information to diagnose or troubleshoot problems, and to meet legal requirements. The NetScaler appliance supports all LSN logging features for logging DS-Lite information. For configuring DS-Lite logging, use the procedures for configuring LSN logging, described at Logging and Monitoring LSN.

A log message for a DS-Lite LSN mapping entry consists of the following information:

  • NetScaler owned IP address (NSIP address or SNIP address) from which the log message is sourced
  • Time stamp
  • Entry type (MAPPING)
  • Whether the DS-Lite LSN mapping entry was created or deleted
  • IPv6 address of B4
  • Subscriber's IP address, port, and traffic domain ID
  • NAT IP address and port
  • Protocol name
  • Destination IP address, port, and traffic domain ID might be present, depending on the following conditions:
    • Destination IP address and port are not logged for Endpoint-Independent mapping.
    • Only the destination IP address is logged for Address-Dependent mapping. The port is not logged.
    • Destination IP address and port are logged for Address-Port-Dependent mapping.

A log message for a DS-Lite session consists of the following information:

  • NetScaler owned IP address (NSIP address or SNIP address) from which the log message is sourced
  • Time stamp
  • Entry type (SESSION)
  • Whether the DS-Lite session is created or removed
  • IPv6 address of B4
  • Subscriber's IP address, port, and traffic domain ID
  • NAT IP address and port
  • Protocol name
  • Destination IP address, port, and traffic domain ID

The following table shows sample DS-Lite log entries of each type stored on the configured log servers. These log entries are generated by a NetScaler appliance whose NSIP address is 10.102.37.115.

LSN Log Entry Type

Sample Log Entry

DS-Lite session creation

Local4.Informational 10.102.37.115 08/14/2015:13:35:38 GMT   0-PPE-1 : default LSN LSN_SESSION 37647607 0 :  SESSION CREATED 2001:DB8::3:4 Client IP:Port:TD 192.0.2.51:2552:0, NatIP:NatPort 203.0.113.61:3002, Destination IP:Port:TD 198.51.100.250:80:0, Protocol:TCP

DS-Lite session deletion

Local4.Informational 10.102.37.115 08/14/2015:13:38:22 GMT   0-PPE-1 : default LSN LSN_SESSION 37647617 0 :  SESSION DELETED 2001:DB8::3:4 Client IP:Port:TD 192.0.2.51:2552:0, NatIP:NatPort 203.0.113.61:3002, Destination IP:Port:TD 198.51.100.250:80:0, Protocol: TCP

DS-Lite LSN mapping creation

Local4.Informational 10.102.37.115 08/14/2015:13:35:39 GMT  0-PPE-1 : default LSN LSN_EIM_MAPPING 37647610 0 :  EIM CREATED 2001:DB8::3:4 Client IP:Port:TD 192.0.2.51:2552:0, NatIP:NatPort 198.51.100.250:80, Protocol: TCP

DS-Lite LSN mapping deletion

Local4.Informational 10.102.37.115 08/14/2015:13:38:25 GMT  0-PPE-1 : default LSN LSN_EIM_MAPPING 37647618 0 :  EIM DELETED 2001:DB8::3:4 Client IP:Port:TD 192.0.2.51:2552:0, NatIP:NatPort 198.51.100.250:80, Protocol: TCP

Displaying Current DS-Lite Sessions

You can display the current DS-Lite sessions for detecting any unwanted or inefficient sessions on the NetScaler appliance. You can display all or some DS-Lite sessions, on the basis of selection parameters.

Configuration by Using the Command Line Interface

To display all DS-Lite sessions by using the command line interface

At the command prompt, type:

show lsn session –nattype DS-Lite

To display selected DS-Lite sessions by using the command line interface

At the command prompt, type:

show lsn session –nattype DS-Lite [-clientname <string>] [-network <ip_addr> [-netmask <netmask>] [-td <positive_integer>]] [-natIP <ip_addr> [-natPort <port>]]

Example 복사

The following sample ouput displays all DS-Lite sessions existing on a NetScaler appliance:

> show lsn session –nattype DS-Lite

  B4-Address SubscrIP SubscrPort SubscrTD DstIP DstPort DstTD NatIP NatPort Proto Dir
1. 2001:DB8::3:4 192.0.2.51 2552 0 198.51.100.250 80 0 203.0.113.61 3002 TCP OUT
2. 2001:DB8::3:4 192.0.2.51 3551 0 198.51.100.300 80 0 203.0.113.61 52862 TCP OUT
3. 2001:DB8::3:4 192.0.2.100 4556 0 198.51.100.250 0 0 203.0.113.61 48116 ICMP OUT
4. 2001: DB8::190 192.0.2.150 3881 0 198.51.100.199 80 0 203.0.113.69 48305 TCP OUT

Done

Configuration Using the Configuration Utility

To display all or selected DS-Lite sessions by using the configuration utility

  1. Navigate to System > Large Scale NAT > Sessions, and click the DS-Lite tab.
  2. For displaying DS-Lite sessions on the basis of selection parameters, click Search.

Clearing DS-Lite Sessions

You can remove any unwanted or inefficient DS-Lite sessions from the NetScaler appliance. The appliance immediately releases the resources (such as NAT IP address, port, and memory) allocated for these sessions, making the resources available for new sessions. The appliance also drops all the subsequent packets related to these removed sessions. You can remove all or selected DS-Lite sessions from the NetScaler appliance.

To clear all DS-Lite sessions by using the command line interface

At the command prompt, type:

  • flush lsn session –nattype DS-Lite
  • show lsn session –nattype DS-Lite

To clear selected DS-Lite sessions by using the command line interface

At the command prompt, type:

  • flush lsn session –nattype DS-Lite [-clientname <string>] [-network <ip_addr> [-netmask <netmask>] [-td <positive_integer>]] [-natIP <ip_addr> [-natPort <port>]]
  • show lsn session –nattype DS-Lite

To clear all or selected DS-Lite sessions by using the configuration utility

  1. Navigate to System > Large Scale NAT > Sessions, and click the DS-Lite tab.
  2. Click Flush Sessions.

Logging HTTP Header Information

The NetScaler appliance can log request header information of an HTTP connection that is using the DS-Lite functionality. The following header information of an HTTP request packet can be logged:

  •  URL that the HTTP request is destined to
  • HTTP Method specified in the HTTP request 

  • HTTP version used in the HTTP request 

  • IPv4 address of the subscriber that sent the HTTP request 

 The HTTP header logs can be used by ISPs to see the trends related to the HTTP protocol among a set of subscribers. For example, an ISP can use this feature to find out the most popular website among a set of subscribers.

Configuration Steps

Perform the following tasks for configuring the NetScaler appliance to log HTTP header information:

  • Create an HTTP header log profile. An HTTP header log profile is a collection of HTTP header attributes (for example, URL and HTTP method) that can be enabled or disabled for logging.
  • Bind the HTTP header to an LSN group of a DS-Lite LSN configuration. Bind the HTTP header log profile to an LSN group of an LSN configuration by setting the HTTP header log profile name parameter to the name of the created HTTP header log profile. The NetScaler appliance then logs HTTP header information of any HTTP requests related to the LSN group. An HTTP header log profile can be bound to multiple LSN groups, but an LSN group can have only one HTTP header log profile.

To create an HTTP header log profile by using the command line interface

At the command prompt, type:

  • add lsn httphdrlogprofile <httphdrlogprofilename> [-logURL ( ENABLED | DISABLED )] [-logMethod ( ENABLED | DISABLED )] [-logVersion ( ENABLED | DISABLED )] [-logHost ( ENABLED | DISABLED )]
  • show lsn httphdrlogprofile 


To bind an HTTP header log profile to an LSN group by using the command line interface

At the command prompt, type:

  • bind lsn group <groupname> -httphdrlogprofilename <string>
  • show lsn group <groupname>

Sample Configuration

In the following DS-Lite LSN configuration, HTTP header log profile HTTP-Header-LOG-1 is bound to LSN group LSN-DSLITE-GROUP-1. The log profile has all the HTTP attributes (URL, HTTP method, HTTP version, and HOST IP address) enabled for logging, so that all these attributes are logged for any HTTP requests from B4 devices (in the network 2001:DB8:5001::/96).

Sample Configuration 복사

> add lsn httphdrlogprofile HTTP-HEADER-LOG-1
Done

> add lsn client LSN-DSLITE-CLIENT-1
Done

> bind lsn client LSN-DSLITE-CLIENT-1 -network6 2001:DB8::3:0/100
Done

> add lsn pool LSN-DSLITE-POOL-1
Done

> bind lsn pool LSN-DSLITE-POOL-1 203.0.113.61 - 203.0.113.70
Done

> add lsn ip6profile LSN-DSLITE-PROFILE-1 -type DS-Lite -network6 2001:DB8::5:6
Done

> add lsn group LSN-DSLITE-GROUP-1 -clientname LSN-DSLITE-CLIENT-1 -portblocksize 1024 -ip6profile LSN-DSLITE-PROFILE-1
Done

> bind lsn group LSN-DSLITE-GROUP-1 -poolname LSN-DSLITE-POOL-1
Done


> bind lsn group LSN-DSLITE-GROUP-1 -httphdrlogprofilename HTTP-HEADER-LOG-1
Done