[BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
Dave Thaler <dthaler@microsoft.com> Thu, 10 November 2011 15:30 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 284D421F8B06 for <behave@ietfa.amsl.com>; Thu, 10 Nov 2011 07:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.605
X-Spam-Level:
X-Spam-Status: No, score=-110.605 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7FPmVYN+fg2R for <behave@ietfa.amsl.com>; Thu, 10 Nov 2011 07:30:52 -0800 (PST)
Received: from smtp.microsoft.com (mail3.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id 9EBC621F8AFB for <behave@ietf.org>; Thu, 10 Nov 2011 07:30:52 -0800 (PST)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 10 Nov 2011 07:30:52 -0800
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.1.355.3; Thu, 10 Nov 2011 07:30:52 -0800
Received: from TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com ([169.254.1.162]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi id 14.01.0355.003; Thu, 10 Nov 2011 07:30:51 -0800
From: Dave Thaler <dthaler@microsoft.com>
To: "behave@ietf.org" <behave@ietf.org>
Thread-Topic: Comments on draft-sivakumar-behave-nat-logging-03
Thread-Index: AcyfW5BCln8kX3wLSUicEd9FWWl3jQ==
Date: Thu, 10 Nov 2011 15:30:51 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B2E9B35@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.43]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 15:30:53 -0000
1) The abstract says: > The lack of a consistent way makes it difficult to write > the collector applications that would receive this data and process > it to present useful information. However the document only discusses data objects not a specific mechanism to retrieve them. As such, the statement above is still true because there's no consistent way to receive such data. So what problem is this trying to solve? And is it useful without specifying what protocol to use? 2) Section 1 says: > The usage of the term "NAT device" in this document refer to any > NAT44, Firewall and NAT64 devices. The term NAT64 by itself includes both stateful NAT64 and stateless NAT64. Why would logging be required for stateless devices? Furthermore, the abstract talks about CGNs (where logging makes sense). Why would the requirements in this document apply to "any" device (as opposed to only CGNs) including CPE home gateways? I didn't see any text discussing or justifying this statement. If this really is just about logging requirements for CGNs then this should be discussed in the context of the CGN requirements document. 3) The document uses several terms without defining them: "template", "address realm", "VRF", "NAT session", etc. 4) Section 4 says: > Prior to logging any events, the NAT device MUST send the template of > the record to the collector to declare the format of the data record > that it is using to send the events. The above MUST might make sense for a specific protocol, but since this document currently doesn't require any specific protocol the MUST doesn't make sense. For example, if the protocol is SNMP Traps or InformRequests, then the format is specified in a MIB and there's no need for the NAT device to send it a MIB. Similarly for any other protocol the collector might have some other way of getting the template from somewhere other than the NAT device. 5) Section 4.1-4.3: Some of these seem underspecified by comparison to what I'm used to in MIBs. (e.g., what's the format of "timestamp"? what are the units? since when? Local time or UTC?) This would be cleaner if done in some formal way like SMIv2 or whatever, which can reference well-defined data types. And then no new "NAT Event Logging" registry would be needed from IANA either. 6) Section 4.1: This defines "MAC address" as 48 bits which is too link-type specific. A generic document that claims to apply to "any NAT device" should be link-type agnostic. (Same comment goes for "VLAN ID".) 7) Section 4.3.11: The text confuses "user" with "source address". They're not the same thing. There can be many users per source address, as well as multiple source addresses per user. -Dave
- [BEHAVE] Comments on draft-sivakumar-behave-nat-l… Dave Thaler
- Re: [BEHAVE] Comments on draft-sivakumar-behave-n… ssenthil
- Re: [BEHAVE] Comments on draft-sivakumar-behave-n… Dave Thaler
- Re: [BEHAVE] Comments on draft-sivakumar-behave-n… ssenthil
- Re: [BEHAVE] Comments on draft-sivakumar-behave-n… Dave Thaler