IETF Logo Mail Archive

Re: [Int-area] Last Call: <draft-ietf-intarea-server-logging-recommendations-02.txt> (Logging recommendations for Internet facing servers) to BCP

<mohamed.boucadair@orange-ftgroup.com> Thu, 17 March 2011 08:41 UTC

Return-Path: <mohamed.boucadair@orange-ftgroup.com>
X-Original-To: int-area@core3.amsl.com
Delivered-To: int-area@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D684A3A6806; Thu, 17 Mar 2011 01:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.133
X-Spam-Level:
X-Spam-Status: No, score=-3.133 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79Ci0PfLVCHw; Thu, 17 Mar 2011 01:41:22 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by core3.amsl.com (Postfix) with ESMTP id A9E603A67F4; Thu, 17 Mar 2011 01:41:21 -0700 (PDT)
Received: from omfedm07.si.francetelecom.fr (unknown [xx.xx.xx.3]) by omfedm10.si.francetelecom.fr (ESMTP service) with ESMTP id 70FF2264521; Thu, 17 Mar 2011 09:42:48 +0100 (CET)
Received: from PUEXCH81.nanterre.francetelecom.fr (unknown [10.101.44.34]) by omfedm07.si.francetelecom.fr (ESMTP service) with ESMTP id 572044C015; Thu, 17 Mar 2011 09:42:48 +0100 (CET)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.11]) by PUEXCH81.nanterre.francetelecom.fr ([10.101.44.34]) with mapi; Thu, 17 Mar 2011 09:42:48 +0100
From: mohamed.boucadair@orange-ftgroup.com
To: "ietf@ietf.org" <ietf@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
Date: Thu, 17 Mar 2011 09:42:47 +0100
Thread-Topic: [Int-area] Last Call: <draft-ietf-intarea-server-logging-recommendations-02.txt> (Logging recommendations for Internet facing servers) to BCP
Thread-Index: AcvU/WacJJI2wiQvTgKW3hSNcmOaFQPgLyAg
Message-ID: <94C682931C08B048B7A8645303FDC9F33C4DBA41F1@PUEXCB1B.nanterre.francetelecom.fr>
References: <20110225150413.12795.84573.idtracker@localhost>
In-Reply-To: <20110225150413.12795.84573.idtracker@localhost>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.3.17.81221
Cc: "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [Int-area] Last Call: <draft-ietf-intarea-server-logging-recommendations-02.txt> (Logging recommendations for Internet facing servers) to BCP
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2011 08:41:22 -0000

Dear all,

This is a late comment but I think it is worth raising it.

This I-D recommends to log the source port number for internet-facing servers. But due to the presence of load-balancers in the path, the "original" source port may be lost. The source port number that will be passed to the target server may not be accurate and hence does not meet the initial requirement.

Of course, the same issue applies for the source IP address. The only difference is that there are tool to convey the source IP address in application headers for instance. There is nothing equivalent at the IP/transport/application level for the source port.

You don't think it would be valuable to record the issue in the draft?

FWIW, below a text describing this issue.

"
2.1. Preserve Source Port Number

   In order to implement the recommendation documented in
   [I-D.ietf-intarea-server-logging-recommendations], extensions are
   required to preserve the source port number and to avoid this
   information to be lost when load-balancers are involved in the path.
   Examples of mitigation solutions are provided below:

   1.  Extend XFF to convey the port in addition to the IP address

   2.  Define a header similar to XFF to convey the source port

   3.  Extend the TCP Option to convey the source port

   4.  Enable the Proxy Protocol [Proxy]."

Cheers,
Med
 

-----Message d'origine-----
De : int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org] De la part de The IESG
Envoyé : vendredi 25 février 2011 16:04
À : IETF-Announce
Cc : int-area@ietf.org
Objet : [Int-area] Last Call: <draft-ietf-intarea-server-logging-recommendations-02.txt> (Logging recommendations for Internet facing servers) to BCP


The IESG has received a request from the Internet Area Working Group WG
(intarea) to consider the following document:
- 'Logging recommendations for Internet facing servers'
  <draft-ietf-intarea-server-logging-recommendations-02.txt> as a BCP

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-03-11. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/



No IPR declarations have been submitted directly on this I-D.
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email