IETF Logo Mail Archive

Re: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03

ssenthil <ssenthil@cisco.com> Sun, 13 November 2011 01:35 UTC

Return-Path: <ssenthil@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81F3011E8082 for <behave@ietfa.amsl.com>; Sat, 12 Nov 2011 17:35:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.366
X-Spam-Level:
X-Spam-Status: No, score=-6.366 tagged_above=-999 required=5 tests=[AWL=0.233, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUC-zPuueXAQ for <behave@ietfa.amsl.com>; Sat, 12 Nov 2011 17:35:05 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 60A2421F8ACE for <behave@ietf.org>; Sat, 12 Nov 2011 17:35:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ssenthil@cisco.com; l=4784; q=dns/txt; s=iport; t=1321148104; x=1322357704; h=date:subject:from:to:message-id:in-reply-to:mime-version: content-transfer-encoding; bh=x3+YeM3shtbuxzVnit5/iy8Dio+4jqikmRBa5hSq1Ek=; b=NHJclchV8050SHSyQ2LmIT4r8FuD2zyM5K1TpT64MBsswVrRmKwU7ZGe 8q7ScmEJRy48xUX0Tck2MC1xehGh3rSA7weiFVZoQ1C/PwOLqA+J4H26r qR3Wh/rIE0vfxeYwNn1JAAYNRvwnKiXX9glzrp9UFq7K3ssTKLP5JCew0 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAKwdv06rRDoJ/2dsb2JhbABCqi+BBYFyAQEBAwESAScCAUENAQgJBYEPAQEEARIih2CYGwGdLIZPgzAEiBCEfIcihUSMUw
X-IronPort-AV: E=Sophos;i="4.69,501,1315180800"; d="scan'208";a="13899397"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-4.cisco.com with ESMTP; 13 Nov 2011 01:35:03 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id pAD1Z3dU018877; Sun, 13 Nov 2011 01:35:03 GMT
Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 12 Nov 2011 17:35:03 -0800
Received: from 10.82.235.157 ([10.82.235.157]) by xmb-sjc-236.amer.cisco.com ([128.107.191.121]) with Microsoft Exchange Server HTTP-DAV ; Sun, 13 Nov 2011 01:35:02 +0000
User-Agent: Microsoft-Entourage/12.31.0.110725
Date: Sat, 12 Nov 2011 20:35:00 -0500
From: ssenthil <ssenthil@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>, "behave@ietf.org" <behave@ietf.org>
Message-ID: <CAE488F4.1B6D5%ssenthil@cisco.com>
Thread-Topic: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
Thread-Index: AcyfW5BCln8kX3wLSUicEd9FWWl3jQAfrm8OAAjyqmAAaZgjKw==
In-Reply-To: <9B57C850BB53634CACEC56EF4853FF653B2EBF5A@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 13 Nov 2011 01:35:03.0128 (UTC) FILETIME=[77120580:01CCA1A4]
Subject: Re: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2011 01:35:06 -0000

On 11/10/11 6:16 PM, "Dave Thaler" <dthaler@microsoft.com> wrote:

> Ssenthil writes: 
>>> 1) The abstract says:
>>>> The lack of a consistent way makes it difficult to write the
>>>> collector applications that would receive this data and process it to
>>>> present useful information.
>>> 
>>> However the document only discusses data objects not a specific
>>> mechanism to retrieve them.   As such, the statement above is still
>>> true because there's no consistent way to receive such data.
>>> So what problem is this trying to solve?   And is it useful without
>>> specifying what protocol to use?
>> 
>> The problem we are trying to solve is as specified above, to be able to write
>> applications that can collect and process them without having to deal with
>> vendor specific implementations. I believe trying to specify the protocol to
>> use to transport the data objects is beyond the scope of this specification.
>> We could recommend some protocol if that would make this specification
>> complete.
> 
> This draft does not currently allow you to write apps that collect and process
> them without having to deal with vendor specific implementations.  To get
> that, you'd have to specify what protocol to use.  Otherwise you have to
> deal with vendor specific protocol code anyway so you haven't met your
> stated goal.

There are many choices of the protocol that can be used to transport the
data. But we wanted to stay away from getting into exact recommendation of
the protocol to use.

> 
>>> 2) Section 1 says:
>>>> The usage of the term "NAT device" in this document refer to any
>>>> NAT44, Firewall and NAT64  devices.
>>> 
>>> The term NAT64 by itself includes both stateful NAT64 and stateless
>> NAT64.
>>> Why would logging be required for stateless devices?
>>> Furthermore, the abstract talks about CGNs (where logging makes sense).
>>> Why would the requirements in this document apply to "any" device (as
>>> opposed to only CGNs) including CPE home gateways?   I didn't see any
>>> text discussing or justifying this statement.
>>> If this really is just about logging requirements for CGNs then this
>>> should be discussed in the context of the CGN requirements document.
>> 
>> Some NATs might not require it - like CPEs, but there are NATs deployed in
>> enterprises too (they don't have to come under the CGN umbrella) and that
>> would still require a logging function.
> 
> Ok.  Since you agree that this does not apply to "any" device, I expect you
> will update the text accordingly.
> 
> [...]

Ok I will change the text to reflect that it is not a must for all kinds of
NAT.

> 
>>> 4) Section 4 says:
>>>> Prior to logging any events, the NAT device MUST send the template
>>>> of the record to the collector to declare the format of the data
>>>> record that it is using to send the events.
>>> 
>>> The above MUST might make sense for a specific protocol, but since
>>> this document currently doesn't require any specific protocol the MUST
>> doesn't
>>> make sense.   For example, if the protocol is SNMP Traps or
>> InformRequests,
>>> then the format is specified in a MIB and there's no
>>> need for the NAT device to send it a MIB.   Similarly for any other protocol
>>> the collector might have some other way of getting the template from
>>> somewhere other than the NAT device.
>> 
>> I am not sure I see the connection between the protocol specification and
>> the ability to send templates. The reason for sending the template is that
>> the same device could be sending multiple templates (one for nat44 create
>> event and the other for NAT64 delete event and another for a NAT44 quota
>> exceeded event. All of them carry different data sets and hence the template
>> is necessary.
> 
> I understand you didn't follow what I said, so I'll try to rephrase.  A NAT
> device can send all of this information to a collector without sending any
> "template" before sending the information.   Of course since you never defined
> the term template, I'm assuming it means schema.   The collector might already
> have the templates, and there's many examples of this today.
> 
I will define what a template is in the next rev. Yes, schema and template
are the same. The problem with the fixed templates is that it makes it
difficult to change and adopt to different implementations. Let me give you
an example.
If the schema/template changes the data to be exported for example an
previously optional field now becomes a part of the new template, then the
collector device need to change its template too. Having the templates sent
over dynamically provides a much greater benefit and ability to change the
schema.

Senthil

v2.23.0 | Report a Bug | By Email