IETF Logo Mail Archive

Re: [Softwires] ISP CGN logging inc. Destination ??

"Rajiv Asati (rajiva)" <rajiva@cisco.com> Wed, 09 May 2018 11:22 UTC

Return-Path: <rajiva@cisco.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F2212704A; Wed, 9 May 2018 04:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.61
X-Spam-Level:
X-Spam-Status: No, score=-12.61 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wxCPARLL3dr; Wed, 9 May 2018 04:22:32 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC861127023; Wed, 9 May 2018 04:22:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=47308; q=dns/txt; s=iport; t=1525864952; x=1527074552; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=tgZBwFCbKTGXd/OPbog+cImGvcYKgSar/q/vjwvBIOs=; b=h8b1uwdpJQW2r0+i5fXoDsl/QfU7+W2kJs6TtaAuQS6Bhi2N53yRL866 3vLOkRr19RbBpxRH2wPFKF/NE7rG+C5phm5GvuMsh1bIGFcdxPTxfbxIx HavHMbJ5HKpVoayCOozMJelAzNIXfiXlWg5BCWZsbn1eCpQgq7k60a3fo U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ATAQBm2fJa/4UNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJNSythF2MoCoNliAKMcIFYIYEPkykUgWEDCxgBDIQBRgIagk0hNBgBAgEBAQEBAQJsHAyFKAEBAQEDAQEhRAcLDAQCAQgRAwEBASEBBgMCAgIlCxQJCAIEAQ0FG4MIAoEbTAMVD6d3ghyIQoJDBYcofYFUPyWBDQyCXIJPQgEBAgGBIQQFARIBJhAJFoJKMIIkAocVBwGBA4hjhykIAoVlhlKCFoE1g2CHTYlJhmACERMBgSQBHDhhcXAVOyoBghgJgygBAgaHVoU+bwEBjmuBH4EYAQE
X-IronPort-AV: E=Sophos;i="5.49,381,1520899200"; d="scan'208,217";a="111287418"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 May 2018 11:22:30 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id w49BMU8G027730 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 May 2018 11:22:30 GMT
Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 9 May 2018 06:22:30 -0500
Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1320.000; Wed, 9 May 2018 06:22:30 -0500
From: "Rajiv Asati (rajiva)" <rajiva@cisco.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Ramesh.R.Chandra@ril.com" <Ramesh.R.Chandra@ril.com>, "Yiu_Lee@comcast.com" <Yiu_Lee@comcast.com>
CC: "softwires@ietf.org" <softwires@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Thread-Topic: [Softwires] Re: ISP CGN logging inc. Destination ??
Thread-Index: AQHT52elJKvBbucOSEig10hJAUPUwqQnUfuA
Date: Wed, 09 May 2018 11:22:30 +0000
Message-ID: <1F488589-EB20-4375-A992-BDC5B4E7BB40@cisco.com>
References: <56C7D96E-182F-4584-B190-DCD17957C01F@cisco.com> <95081DF2-FBE4-4B28-802E-13988B6DDF8D@gmx.com> <8433F1DD-3988-4DF6-B14D-3873B0F36CCB@cisco.com> <DE94262F-6C94-492A-B9F0-629160527B37@gmx.com> <ef2bbe951814477eae919a4abf9ae182@SHYDEXMBX08.in.ril.com> <77D9057C-0310-4D03-BCA9-DBFC17CE9055@Cable.Comcast.com> <6b552bbdcc4146aa97386eb609c70e27@SHYDEXMBX08.in.ril.com> <0041E033-2A33-40C8-AF67-B2FE050C4531@cisco.com> <787AE7BB302AE849A7480A190F8B93302DF16A24@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DF16A24@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.230.34]
Content-Type: multipart/alternative; boundary="_000_1F488589EB204375A992BDC5B4E7BB40ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/U_rpB_9wMjw4Ef13npu0HmhdNPM>
X-Mailman-Approved-At: Thu, 10 May 2018 03:32:36 -0700
Subject: Re: [Softwires] ISP CGN logging inc. Destination ??
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 11:22:34 -0000

Hi Med,

I share the same concern. While such a requirement may be deemed reasonable, it does not warrant nullifying the very advantage stateless 4o6 techniques such as MAP bring to bear.

If such a requirement carries over to native IPv6 communication (involving no address translation), then it would warrant a solution such as IPFIX anyway, in which case, it would also implicitly solve for the stateless 4o6 techniques.

--
Cheers,
Rajiv

From: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
Date: Wednesday, May 9, 2018 at 3:30 AM
To: Rajiv Asati <rajiva@cisco.com>, "Ramesh.R.Chandra@ril.com" <Ramesh.R.Chandra@ril.com>, "Yiu_Lee@comcast.com" <Yiu_Lee@comcast.com>
Cc: Softwires-wg list <softwires@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Subject: RE: [Softwires] Re: ISP CGN logging inc. Destination ??

Hi Rajiv,

What concerns me with this requirement is that it nullifies one of the motivations for stateless address sharing:
https://tools.ietf.org/html/draft-ietf-softwire-stateless-4v6-motivation-05#section-3.1.3 (Logging - No Need for Dynamic Binding Notifications)

especially, this part:

   Some Service Providers have a requirement to use only existing
   logging systems and to avoid introducing new ones (mainly because of
   Capital Expenditure (CAPEX) considerations).  This requirement is
   easily met with stateless solutions.

Cheers,
Med

De : Softwires [mailto:softwires-bounces@ietf.org] De la part de Rajiv Asati (rajiva)
Envoyé : mardi 8 mai 2018 23:43
À : Ramesh.R.Chandra@ril.com; Yiu_Lee@comcast.com
Cc : softwires@ietf.org; int-area@ietf.org
Objet : Re: [Softwires] [EXTERNAL] Re: ISP CGN logging inc. Destination ??

Agree with Ramesh. DHCP(v6) helps with logging source IP assignment, but that’s it.

The requirement here is about keeping track of not only source IP+port, but also destination IP+port per connection. DHCP(v6) doesn’t apply here.

--
Cheers,
Rajiv

From: "Ramesh.R.Chandra@ril.com<mailto:Ramesh.R.Chandra@ril.com>" <Ramesh.R.Chandra@ril.com<mailto:Ramesh.R.Chandra@ril.com>>
Date: Tuesday, May 8, 2018 at 1:15 AM
To: "Yiu_Lee@comcast.com<mailto:Yiu_Lee@comcast.com>" <Yiu_Lee@comcast.com<mailto:Yiu_Lee@comcast.com>>
Cc: "ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>" <ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>>, Rajiv Asati <rajiva@cisco.com<mailto:rajiva@cisco.com>>, Softwires-wg list <softwires@ietf.org<mailto:softwires@ietf.org>>, "int-area@ietf.org<mailto:int-area@ietf.org>" <int-area@ietf.org<mailto:int-area@ietf.org>>
Subject: RE: [EXTERNAL] Re: [Softwires] ISP CGN logging inc. Destination ??

Not really. Need IPv4 because desitination IP is on IPv4.

Regds
ramesh chandra
M#: +91 90829 61303
O#: +91 22 7965 9762

-----Original Message-----
From: Lee, Yiu [mailto:Yiu_Lee@comcast.com]
Sent: 07 May 2018 16:46
To: Ramesh R Chandra
Cc: ianfarrer@gmx.com<mailto:ianfarrer@gmx.com>; rajiva@cisco.com<mailto:rajiva@cisco.com>; softwires@ietf.org<mailto:softwires@ietf.org>; int-area@ietf.org<mailto:int-area@ietf.org>
Subject: Re: [EXTERNAL] Re: [Softwires] ISP CGN logging inc. Destination ??

Just a quick thought. Will the dhcpv6 logs help?

Sent from mobile device, pardon possible typo.

On May 7, 2018, at 7:06 AM, "Ramesh.R.Chandra@ril.com<mailto:Ramesh.R.Chandra@ril.com>" <Ramesh.R.Chandra@ril.com<mailto:Ramesh.R.Chandra@ril.com>> wrote:
Dear Ian,  thanks for clarifications.
Regulator in India mandated to preserve the following details for each flow.
1.    Source IP + Port (private for end subscriber device)
2.    Destination IP + Port (public)
3.    Translated IP + port (public)
4.    Date and time
There is no brainer and all this is available in NAT44. MAP being stateless, no such data available from MAP-BR. We are exploring alternate option on BR to create this data in MAP.
Pls advise.
Regds
ramesh
-----Original Message-----
From: ianfarrer@gmx.com<mailto:ianfarrer@gmx.com> [mailto:ianfarrer@gmx.com]
Sent: 04 May 2018 17:28
To: Rajiv Asati (rajiva)
Cc: Softwires-wg list; int-area@ietf.org<mailto:int-area@ietf.org>; Ramesh R Chandra
Subject: Re: [Softwires] ISP CGN logging inc. Destination ??
Hi Rajiv,
Please see inline.
Cheers,
Ian
On 4. May 2018, at 12:01, Rajiv Asati (rajiva) <rajiva@cisco.com<mailto:rajiva@cisco.com>> wrote:
Ian,
Thanks for sharing the URL. While not explicit, “all metadata” would include both source and destination A+P. Is that the right interpretation?
[if - My understanding is that per-flow logging is necessary to meet
the requirement, but I’m not familiar enough with the legislation to
know what exactly needs to be stored.]
If an ISP were to use “binding” mode on the BR, then without using net flow/IPFIX, How could the compliance be achieved ?
[if - If there’s address sharing and the requirement is to provide an exact match to a data retention request (in some countries, a list of e.g. 16 users is OK), then AFAICS, you have to use IPFIX.
The implementation problem for this is compounded by the lack of state
table on most BR implementations (e.g. how do you know when a UDP
session has completed without state for that flow?)]
"Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s).
are confidential and may be privileged. If you are not the intended
recipient. you are hereby notified that any review. re-transmission.
conversion to hard copy. copying. circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient. please notify the sender immediately by return email.
and delete this message and any attachments from your system.
Virus Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this email.
The company cannot accept responsibility for any loss or damage arising from the use of this email or attachment."
_______________________________________________
Softwires mailing list
Softwires@ietf.org<mailto:Softwires@ietf.org>
https://www.ietf.org/mailman/listinfo/softwires
"Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s).
are confidential and may be privileged. If you are not the intended recipient. you are hereby notified that any
review. re-transmission. conversion to hard copy. copying. circulation or other use of this message and any attachments is
strictly prohibited. If you are not the intended recipient. please notify the sender immediately by return email.
and delete this message and any attachments from your system.

Virus Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this email.
The company cannot accept responsibility for any loss or damage arising from the use of this email or attachment."

v2.23.0 | Report a Bug | By Email