Re: [BEHAVE] NAT logging drafts
"Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com> Sat, 19 January 2013 15:22 UTC
Return-Path: <ssenthil@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0747621F8487 for <behave@ietfa.amsl.com>; Sat, 19 Jan 2013 07:22:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-LQQYMSdP5O for <behave@ietfa.amsl.com>; Sat, 19 Jan 2013 07:22:28 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 8C40121F8475 for <behave@ietf.org>; Sat, 19 Jan 2013 07:22:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8536; q=dns/txt; s=iport; t=1358608947; x=1359818547; h=from:to:subject:date:message-id:in-reply-to:mime-version; bh=I4JOofTQ/YZxXiwfUFCkYGV9G4JL9gUjk+cPDdlscXQ=; b=Q2/2BY9OiIpJnKyrCGRSEE1Yg3I9j//Oo8kSSmou8B075otNSbAa91x4 /dYbdRs6uXVmoJnPzM8FgOQ8sQx+DA+crGEGN95GudJ+eZXr2zyTLvztZ klO4ho+DX7vXH/anbiHTF9Yx60PGAYYqvklG4AGoFuAshMKm9IHqYgDUB 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAMe4+lCtJV2Y/2dsb2JhbABEgki7dxZzgh4BAQEELV4BCA4DAwECCx05FAkIAQEEARIIiBG8ApBYYQOmVYJ1giQ
X-IronPort-AV: E=Sophos; i="4.84,498,1355097600"; d="scan'208,217"; a="161898187"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-9.cisco.com with ESMTP; 19 Jan 2013 15:22:27 +0000
Received: from xhc-rcd-x01.cisco.com (xhc-rcd-x01.cisco.com [173.37.183.75]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id r0JFMQIu005271 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 19 Jan 2013 15:22:27 GMT
Received: from xmb-rcd-x15.cisco.com ([169.254.5.248]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.02.0318.004; Sat, 19 Jan 2013 09:22:26 -0600
From: "Senthil Sivakumar (ssenthil)" <ssenthil@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>, "behave@ietf.org" <behave@ietf.org>
Thread-Topic: [BEHAVE] NAT logging drafts
Thread-Index: Ac311HcfR1GOEr0gTyyHDptnpCHF+gAjLJCA
Date: Sat, 19 Jan 2013 15:22:26 +0000
Message-ID: <CB1B483277FEC94E9B58357040EE5D0232384FCF@xmb-rcd-x15.cisco.com>
In-Reply-To: <341064315C6D0D498193B256F238CF972E8CBD@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
x-originating-ip: [10.117.198.136]
Content-Type: multipart/alternative; boundary="_000_CB1B483277FEC94E9B58357040EE5D0232384FCFxmbrcdx15ciscoc_"
MIME-Version: 1.0
Subject: Re: [BEHAVE] NAT logging drafts
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jan 2013 15:22:29 -0000
From: Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> Date: Friday, January 18, 2013 6:47 PM To: "behave@ietf.org<mailto:behave@ietf.org>" <behave@ietf.org<mailto:behave@ietf.org>> Subject: [BEHAVE] NAT logging drafts We have two individual drafts under discussion: * draft-sivakumar-behave-nat-logging (using IPFIX) * draft-zhou-behave-syslog-nat-logging (using SYSLOG) Based on the WG discussion to date, we as chairs are fine adopting both documents as WG documents (so the next rev can be draft-ietf-behave-…-00) with the following constraints… The two documents appear to target the same scenario but expose different information. Our expectation is that the two mechanisms will either be consistent (as much as allowed by the underlying protocols) or else they will motivate why their scenarios are inherently different. This is a requirement before going to WGLC. [Senthil] One of the key differences is that draft-sivakumar is broader in scope including both CGN and non-CGN logging. Even with CGN logging, the destination address/ports may be a requirement In some deployments that the draft-zhou does not seem to address. The other events like address exhaustion and other resource exhaustion is not addressed in draft-zhou. At next IETF, we would like to see a presentation on the differences in the data/events exposed by the two drafts, where the authors of both drafts agree on what the differences are. We can then use the meeting to discuss what the right way to address each difference is. [Senthil] Ok. Thanks Senthil -Dave and Dan
- [BEHAVE] NAT logging drafts Dave Thaler
- Re: [BEHAVE] NAT logging drafts Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] NAT logging drafts Zhouqian (Cathy)