IETF Logo Mail Archive

[BEHAVE] four data models: SYSLOG, IPFIX, SNMP, RADIUS

"Dan Wing" <dwing@cisco.com> Mon, 16 July 2012 17:54 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD3711E8283 for <behave@ietfa.amsl.com>; Mon, 16 Jul 2012 10:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.487
X-Spam-Level:
X-Spam-Status: No, score=-110.487 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JrBxcoij1uLy for <behave@ietfa.amsl.com>; Mon, 16 Jul 2012 10:54:53 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id D37B411E8282 for <behave@ietf.org>; Mon, 16 Jul 2012 10:54:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=991; q=dns/txt; s=iport; t=1342461338; x=1343670938; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=Xy7YsE9bLXnd6lPzwUsNeEv1OEpsEJvzIE7nPp0vFYw=; b=HzYdzcE9djnknUfXzkaGVyaAUGURxs7Dhctiv5UCAzhGUl+Jb5TmBWEV olfR/4lFpvn/KdOcbgKoX2OJkCpHiFFd/zCJX3h05Beqnwot5m8j3jroB mJveoO0PH+4AbF94t5a7tmg0JiU+joa9Y6rhFpToZrMkPyxS5u+i8SOcr Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiMFAGlVBFCrRDoH/2dsb2JhbABFqg6PPYEHgicICgEXEEwFGFAjHAEEHheHagybA4Eon3iOa4McA4hLhQWIfY0OgWaCfw
X-IronPort-AV: E=Sophos;i="4.77,595,1336348800"; d="scan'208";a="49510869"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 16 Jul 2012 17:55:38 +0000
Received: from dwingWS (sjc-vpn2-417.cisco.com [10.21.113.161]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q6GHtbKJ028708 for <behave@ietf.org>; Mon, 16 Jul 2012 17:55:37 GMT
From: Dan Wing <dwing@cisco.com>
To: behave@ietf.org
Date: Mon, 16 Jul 2012 10:55:37 -0700
Message-ID: <035801cd637c$34df33f0$9e9d9bd0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac1jfDSEsfkpVZMvSuucIiFo9SIW+w==
Content-Language: en-us
Subject: [BEHAVE] four data models: SYSLOG, IPFIX, SNMP, RADIUS
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2012 17:54:54 -0000

As an individual, I have been worried about the possibility of disparate
data models for NATs.  We currently have four ways to report information
about a NAT or other address-sharing device,

SYSLOG, http://tools.ietf.org/html/draft-zhou-behave-syslog-nat-logging-00
IPFIX, http://tools.ietf.org/html/draft-sivakumar-behave-nat-logging-05 
SNMP, http://tools.ietf.org/html/draft-perreault-sunset4-cgn-mib
RADIUS,
http://tools.ietf.org/html/draft-cheng-behave-cgn-cfg-radius-ext-03#section-
4.2

My concern is that operators may find it necessary to deploy all four
protocols (IPFIX, SYSLOG, SNMP, and RADIUS) to get their needed logging and.
This seems undesirable.  Imagine, for example, that only one of those
protocols supported pseudo-random port assignment but only one other
protocol provided alarms for when a subscriber consumed all their ports (and
thus might open a support case with the operator that "the Internet is
down").

Are my concerns misplaced?

-d

v2.23.0 | Report a Bug | By Email