12.1. Release 4.2#

12.1.1. Changes#

  • We now provide offline licenses. With this, connection to our licensing server is no longer needed.

  • There is no longer a separate logging interface. Now you must use data interfaces to send logs. For example, if previously you had four interfaces in the VM: virtual interface for management, virtual interface for logging, and two physical PCI-passthrough interfaces for data, now you will have only three interfaces: one a virtual interface for management and two physical PCI-passthrough interfaces for data and logging.

    The typical way to configure logging without spending the whole physical interface on it is to use separate VLAN and VRF for logging traffic, for example:

    vrf nat-log
!
interface if0.100
vrf nat-log
ip address 10.0.0.1/24
!
nat log server 0 type netflow ip 10.0.0.2 port 2055 vrf nat-log
nat log type session enable
nat log enable

    With the configuration above, you have a separate virtual interface with VLAN tag 100 for sending logs. This interface is in a separate VRF named “nat-log” to prevent routing collisions with the default VRF where customer traffic is routed.

    Additionally, there is now a possibility to configure and use multiple logging servers simultaneously. Therefore, you need to specify a server ID when configuring it. For example, if you had the configuration line nat log server type syslog ip 1.1.1.1 port 514 you must change it to nat log server 0 type syslog ip 1.1.1.1 port 514. And you may configure additional log servers, even using a different protocol, if you need to, for example, nat log server 1 type ipfix ip 2.2.2.2 port 4739.

12.1.2. New Features#

  • VRF support.

  • BFD (Bidirectional Forwarding Detection) protocol support.

  • Ability to send logs to multiple servers.

  • Blackhole routes.

  • Mellanox 100 GbE NICs support.

  • On-the-fly reconfiguration of pools (add/remove IPs).

  • TCP implementation complied with RFC 7857.

  • Added ICMP errors sending (NAT is visible in traceroute now).

  • Random public IP selection on session creation.

  • Autocomplete and search in CLI.

  • Changed logging format (all log types now have VRF field and syslog compatibility with RFC 5424).