IETF Logo Mail Archive

Re: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03

ssenthil <ssenthil@cisco.com> Thu, 10 November 2011 18:55 UTC

Return-Path: <ssenthil@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 213FE21F8B82 for <behave@ietfa.amsl.com>; Thu, 10 Nov 2011 10:55:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.25
X-Spam-Level:
X-Spam-Status: No, score=-6.25 tagged_above=-999 required=5 tests=[AWL=0.349, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NniyfOZF4-7f for <behave@ietfa.amsl.com>; Thu, 10 Nov 2011 10:55:39 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 3B84A21F8B7A for <behave@ietf.org>; Thu, 10 Nov 2011 10:55:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ssenthil@cisco.com; l=4515; q=dns/txt; s=iport; t=1320951339; x=1322160939; h=date:subject:from:to:message-id:in-reply-to:mime-version: content-transfer-encoding; bh=K5p0N/ir+x0TThdp/VwuaWv1JRbPMOS/M7nOT3vzkhE=; b=fZkuwgmGKL3vLVoIdslScGSOYvfGzHWzXrUVr615oCrnLBE9UlyktvVF vYbjX3SoNfn8kuLXV+DQo02Kod4Dp6wa6fP1GEq+qYqm83fLAWc3tVgnW kKQ9S1k/N9hp1ylB7nFLtG04qwntuqagdh+bgIwoSt6dIjBtNUe8n/IuP A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAOAdvE6rRDoG/2dsb2JhbABEqiyBBYFyAQEBAwEBAQEPAScCATEQDQEICQVfMAEBBAESIodgCJk7AZ5gBIZPgy8EiA+EeYcghUGMUg
X-IronPort-AV: E=Sophos;i="4.69,489,1315180800"; d="scan'208";a="13501046"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-4.cisco.com with ESMTP; 10 Nov 2011 18:55:21 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id pAAItLCb014498; Thu, 10 Nov 2011 18:55:21 GMT
Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 10 Nov 2011 10:55:21 -0800
Received: from 10.82.247.142 ([10.82.247.142]) by xmb-sjc-236.amer.cisco.com ([128.107.191.121]) with Microsoft Exchange Server HTTP-DAV ; Thu, 10 Nov 2011 18:55:20 +0000
User-Agent: Microsoft-Entourage/12.31.0.110725
Date: Thu, 10 Nov 2011 13:55:18 -0500
From: ssenthil <ssenthil@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>, "behave@ietf.org" <behave@ietf.org>
Message-ID: <CAE18846.1B480%ssenthil@cisco.com>
Thread-Topic: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
Thread-Index: AcyfW5BCln8kX3wLSUicEd9FWWl3jQAfrm8O
In-Reply-To: <9B57C850BB53634CACEC56EF4853FF653B2E9B35@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 10 Nov 2011 18:55:21.0174 (UTC) FILETIME=[4BE2BF60:01CC9FDA]
Subject: Re: [BEHAVE] Comments on draft-sivakumar-behave-nat-logging-03
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 18:55:41 -0000

Thanks for the comments. Please see inline


On 11/10/11 10:30 AM, "Dave Thaler" <dthaler@microsoft.com> wrote:

> 1) The abstract says:
>> The lack of a consistent way makes it difficult to write
>> the collector applications that would receive this data and process
>> it to present useful information.
> 
> However the document only discusses data objects not a specific
> mechanism to retrieve them.   As such, the statement above is still
> true because there's no consistent way to receive such data.
> So what problem is this trying to solve?   And is it useful without
> specifying what protocol to use?

The problem we are trying to solve is as specified above, to be able to
write applications that can collect and process them without having to deal
with vendor specific implementations. I believe trying to specify the
protocol to use to transport the data objects is beyond the scope of this
specification. We could recommend some protocol if that would make this
specification complete.


> 
> 2) Section 1 says:
>> The usage of the term "NAT device" in this document refer to any
>> NAT44, Firewall and NAT64  devices.
> 
> The term NAT64 by itself includes both stateful NAT64 and stateless NAT64.
> Why would logging be required for stateless devices?
> Furthermore, the abstract talks about CGNs (where logging makes sense).
> Why would the requirements in this document apply to "any" device (as
> opposed to only CGNs) including CPE home gateways?   I didn't see any
> text discussing or justifying this statement.
> If this really is just about logging requirements for CGNs then this should
> be discussed in the context of the CGN requirements document.

Some NATs might not require it - like CPEs, but there are NATs deployed in
enterprises too (they don't have to come under the CGN umbrella) and that
would still require a logging function.

> 
> 3) The document uses several terms without defining them:
> "template", "address realm", "VRF", "NAT session", etc.
> 

Ok, I will address them in the next revision.

> 4) Section 4 says:
>> Prior to logging any events, the NAT device MUST send the template  of
>> the record to the collector to declare the format of the data record
>> that it is using to send the events.
> 
> The above MUST might make sense for a specific protocol, but since this
> document currently doesn't require any specific protocol the MUST doesn't
> make sense.   For example, if the protocol is SNMP Traps or InformRequests,
> then the format is specified in a MIB and there's no
> need for the NAT device to send it a MIB.   Similarly for any other protocol
> the collector might have some other way of getting the template from
> somewhere other than the NAT device.
> 

I am not sure I see the connection between the protocol specification and
the ability to send templates. The reason for sending the template is that
the same device could be sending multiple templates (one for nat44 create
event and the other for NAT64 delete event and another for a NAT44 quota
exceeded event. All of them carry different data sets and hence the template
is necessary. 

> 5) Section 4.1-4.3:
> Some of these seem underspecified by comparison to what I'm used to
> in MIBs.   (e.g., what's the format of "timestamp"?  what are the units?
> since when?  Local time or UTC?)  This would be cleaner if done in some
> formal way like SMIv2 or whatever, which can reference well-defined
> data types.   And then no new "NAT Event Logging" registry would be
> needed from IANA either.
> 

Ok. But for NAT specific types like a translatedAddress and port those types
have to be defined.

> 6) Section 4.1:
> This defines "MAC address" as 48 bits which is too link-type specific.
> A generic document that claims to apply to "any NAT device"
> should be link-type agnostic.  (Same comment goes for "VLAN ID".)
> 
> 7) Section 4.3.11:
> The text confuses "user" with "source address".  They're not the same thing.
> There can be many users per source address, as well as multiple source
> addresses per user.
> 
If I reword this as follows, would that be better?

"The examples of Quota exceeded are to allow only certain number of NAT
sessions per device, certain number of NAT sessions per subscriber etc."

Thanks
Senthil

> -Dave
> 
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email