A computer network generally includes a number of interconnected network devices. Large networks, such as the Internet, typically include a number of interconnected computer networks, which in this context are often referred to as sub-networks or subnets. These subnets are each assigned a range of network addresses that can be allocated to the individual network devices that reside in the respective subnet. A server in each subnet may be responsible for allocating these network addresses in accordance with a network address allocation protocol, such as a dynamic host configuration protocol (DHCP).
Service provider networks typically assign private network addresses to subscriber equipment (e.g., cable modems, DSL modems, mobile devices) utilized by their customers. For example, a DHCP server or Radius server may dynamically assign a private address to a subscriber equipment upon establishing a network connection for the subscriber equipment. When not in use, the network connection is torn down and the private address is returned to a pool of provider addresses utilized within the service provider network. These private addresses are not routable outside the service provider network. Instead, a network address translation (NAT) device translates the private addresses currently used by each subscriber equipment to public network addresses that are routable within a public network, such as the Internet.
Service providers are sometimes required by law enforcement to be able to identify a particular customer that is associated with particular network traffic at a particular time and day. As a result, service provides are typically required to maintain information such that any given network address that sourced or received certain traffic can be traced back to the particular customer. As a result, service providers typically deploy a Carrier Grade NAT (CGN) archive system that maintains archives of NAT system log files (“syslog”). Each syslog file stores by the CGN archive system potentially a significant amount of information including each subscriber login and, for each login, the private source IP address, the private source port, any VPN information of the subscriber, tunneling information, any NAT rules/terms, public IP address and port assigned to the subscriber. As such, in a typical service provider network, the CGN archive system is tasked with burden of correlating subscriber login and address allocation information from databases of, for example, the AAA server or access gateway with network address translation information from routers or NAT devices forwarding network traffic within the subscriber network. This correlation can present significant challenges and burdens in certain environments, such as large service provider networks where session setup rate is typically very high with tens of millions of sessions being established and torn down each day across the network.