IETF Logo Mail Archive

Re: [BEHAVE] Port Management To Reduce Logging In Large-Scale NATs

"Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com> Wed, 15 September 2010 02:39 UTC

Return-Path: <ssenthil@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D39643A6B6B for <behave@core3.amsl.com>; Tue, 14 Sep 2010 19:39:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.301, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_81=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jx1pcIH9wWYp for <behave@core3.amsl.com>; Tue, 14 Sep 2010 19:39:04 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id DCF833A6B63 for <behave@ietf.org>; Tue, 14 Sep 2010 19:38:38 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvYFACrOj0yrRN+J/2dsb2JhbACZWQGIDXGpcJwahUAEhEmIYg
X-IronPort-AV: E=Sophos; i="4.56,368,1280707200"; d="scan'208,217"; a="589388582"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-6.cisco.com with ESMTP; 15 Sep 2010 02:38:25 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o8F2cPA9026917; Wed, 15 Sep 2010 02:38:25 GMT
Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 14 Sep 2010 19:38:25 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CB547F.1200B74F"
Date: Tue, 14 Sep 2010 19:38:30 -0700
Message-ID: <85B2F271FDF6B949B3672BA5A7BB62FB0B2FEBAC@xmb-sjc-236.amer.cisco.com>
In-Reply-To: <AANLkTi=75YBavh2FXAZNiCO-WvNkDpb9z7vncMK46Vvf@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [BEHAVE] Port Management To Reduce Logging In Large-Scale NATs
thread-index: ActUKP+FAsFxo9HkRk+i1+6h6lPadQAVHPCg
References: <979A43C06A7B488B93D6FFBA8395A033@china.huawei.com><9245BF3C-D02C-4C91-8690-C6261758701A@nokia.com><17006_1283515801_4C80E599_17006_1679467_1_94C682931C08B048B7A8645303FDC9F31C501E6E33@PUEXCB1B.nanterre.francetelecom.fr><55DD09BB-C144-4124-8080-332E8B4C0F7B@nokia.com><26667_1283517256_4C80EB48_26667_79086_1_94C682931C08B048B7A8645303FDC9F31C501E6E60@PUEXCB1B.nanterre.francetelecom.fr><84600D05C20FF943918238042D7670FD36D96A7BA1@EMBX01-HQ.jnpr.net><25053_1283750532_4C847A84_25053_19298_1_94C682931C08B048B7A8645303FDC9F31C501E70A4@PUEXCB1B.nanterre.francetelecom.fr> <AANLkTi=75YBavh2FXAZNiCO-WvNkDpb9z7vncMK46Vvf@mail.gmail.com>
From: "Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com>
To: Jacni Qin <jacniq@gmail.com>, mohamed.boucadair@orange-ftgroup.com
X-OriginalArrivalTime: 15 Sep 2010 02:38:25.0377 (UTC) FILETIME=[123D2D10:01CB547F]
Cc: Olivier Vautrin <ovautrin@juniper.net>, behave@ietf.org, Tina TSOU <tena@huawei.com>
Subject: Re: [BEHAVE] Port Management To Reduce Logging In Large-Scale NATs
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 02:39:09 -0000

 

________________________________

From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On Behalf Of Jacni Qin
Sent: Tuesday, September 14, 2010 12:22 PM
To: mohamed.boucadair@orange-ftgroup.com
Cc: behave@ietf.org; Olivier Vautrin; Tina TSOU
Subject: Re: [BEHAVE] Port Management To Reduce Logging In Large-Scale NATs





On Mon, Sep 6, 2010 at 1:22 PM, <mohamed.boucadair@orange-ftgroup.com> wrote:


	Dear Olivier, all,
	
	Compression is needed whatever the scheme adopted for the port assignment, especially to reduce the amount of exchanges between the mediation platform (responsible for collecting legal storage data from several location in the network) and the CGN device.
	
	BTW, I agree with Joel's position: The way logs are built does not need to be standardised and this is implementation-specific.
	


Agree with this point. We can not unify the format and operation of logging on the NAT box, we also don't know what the log analyser(a throng of servers) will do ;-)
 
[Senthil] There is value in unifying and expecting a consistent behavior - because the collectors/analyzers would need to know what to expect. I have worked with the IPFIX
 wg in the past to get some of the IEs defined in IPFIX registry for NAT. 
 
http://www.iana.org/assignments/ipfix/ipfix.xhtml
http://tools.ietf.org/id/draft-aitken-ipfix-new-infos-03.txt
 
I have written a new I-D to define the templates of different logging events.
http://www.ietf.org/id/draft-sivakumar-behave-nat-logging-00.txt
 
Senthil  



	The interest I see in draft-tsou is it documents a way for optimisation (which is already supported by various vendors) and encourages the servers to store the source port information. This second point can be encouraged further if (as already suggested by Dan Wing) it has shown that the integration of the source port number is an easy task to handle by servers and this modification has no (or minor) impact on existing tools used to manipulate logs stored by the servers.
	


Yes, if the source addresses with timestamp are recorded on the server side, the storage needed for logs around NAT can be vastly reduced.

Regards,
Jacni





	Cheers,
	Med
	
	
	-----Message d'origine-----
	
	De : Olivier Vautrin [mailto:ovautrin@juniper.net]
	Envoyé : dimanche 5 septembre 2010 08:41
	À : BOUCADAIR Mohamed NCPI/NAD/TIP; Lars Eggert
	Cc : behave@ietf.org; Tina TSOU
	Objet : RE: [BEHAVE] Port Management To Reduce Logging In Large-Scale NATs
	

	Hello Med,
	
	Does that mean you don't expect providers to Compress/Optimize the logs information sent per CGN device at all?
	
	In my understanding, this proposition will have an effect on the storage of log files only if the logs are kept *as is*. This is because the ports are randomly choosen in draft-tsou-behave-natx4-log-reduction-01, range are not created with contiguous ports so the amount of information sent by the CGN is not decreasing only the syslog message has changed.
	
	Regards,
	Olivier.
	
	> > (3) As an aside effect, when port ranges are used the size of the log
	> file is optimised (FWIW, see http://tools.ietf.org/html/draft-
	> boucadair-port-range-02#section-15.2 for a simplified exercise). Of
	> course this optimisation depends on length of the port range.
	>
	> I understand that ranges shorten the log file. The point I was trying
	> to make is that even on very large CGNs (large enough so that they'd
	> need an insane amount of bandwidth to forward all the traffic they're
	> seeing), the log sizes are not unmanageable. Sure, they can always be
	> reduced, but that's an optional optimization.
	>
	> Med: When the factor is 1000, then optimisation can not be seen as a
	> luxe.
	
	
	*********************************
	This message and any attachments (the "message") are confidential and intended solely for the addressees.
	Any unauthorised use or dissemination is prohibited.
	Messages are susceptible to alteration.
	France Telecom Group shall not be liable for the message if altered, changed or falsified.
	If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
	********************************
	
	
	_______________________________________________
	Behave mailing list
	Behave@ietf.org
	https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email