IETF Logo Mail Archive

Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls

<Pasi.Eronen@nokia.com> Mon, 24 May 2010 07:58 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B08C33A6AB1 for <syslog@core3.amsl.com>; Mon, 24 May 2010 00:58:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.646
X-Spam-Level:
X-Spam-Status: No, score=-4.646 tagged_above=-999 required=5 tests=[AWL=-1.247, BAYES_50=0.001, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQUep5WselfK for <syslog@core3.amsl.com>; Mon, 24 May 2010 00:58:29 -0700 (PDT)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id 6509F3A6AA5 for <syslog@ietf.org>; Mon, 24 May 2010 00:58:29 -0700 (PDT)
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx03.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id o4O7w5c6015015; Mon, 24 May 2010 10:58:12 +0300
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 24 May 2010 10:58:11 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.6]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Mon, 24 May 2010 10:58:06 +0300
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.106]) by nok-am1mhub-02.mgdnok.nokia.com ([65.54.30.6]) with mapi; Mon, 24 May 2010 09:58:04 +0200
From: Pasi.Eronen@nokia.com
To: turners@ieca.com, ietfc@btconnect.com
Date: Mon, 24 May 2010 09:54:01 +0200
Thread-Topic: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls
Thread-Index: Acr5y13nwx1KBk/MQJuf8iuF1y0JowBSugT4
Message-ID: <808FD6E27AD4884E94820BC333B2DB775BC0E09522@NOK-EUMSG-01.mgdnok.nokia.com>
References: <20100511182040.16429@web6.nyc1.bluetie.com> <01c701caf904$d1662c40$4001a8c0@gateway.2wire.net>, <4BF7F544.70004@ieca.com>
In-Reply-To: <4BF7F544.70004@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 24 May 2010 07:58:06.0618 (UTC) FILETIME=[D80EC7A0:01CAFB16]
X-Nokia-AV: Clean
Cc: syslog@ietf.org
Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 May 2010 07:58:30 -0000

I haven't followed this discussion in detail, but it looks like
there's some confusion about the basic "units" of transmission. As far
as I can tell, we have four different layers:

- a syslog message (SYSLOG-FRAME in ABNF)
- a DTLS record
- a UDP datagram
- an IP packet

As noted in Section 5.4, "It is possible that multiple syslog messages
be contained in one DTLS record, or that a syslog message be
transferred in multiple DTLS records."

The maximum size of a single DTLS record is 2^14 bytes (this limit
comes from TLS). One DTLS record must fit in one UDP datagram, but one
UDP datagram can contain more than one DTLS record.

The maximum size of UDP datagram is 64K (this limit comes from UDP),
but it can be fragmented to multiple IP packets as needed.

There's one additional restriction that I'm not sure is really
mentioned anywhere: A single syslog message has to fit in a single UDP
datagram. So while it can be split to multiple DTLS records, all those
records have to be in a single UDP datagram (so the syslog layer does
not reassemble syslog message pieces from multiple UDP datagrams --
SYSLOG-FRAME does not have sufficient information to do this
anyway).

In addition to the "hard" size limits (coming from DTLS and UDP),
we probably need a recommendation saying that it's better if you
can avoid IP fragmentation -- but this is precisely the same as normal
syslog-over-UDP (minus the small overhead from DTLS).

Best regards,
Pasi


________________________________________
From: syslog-bounces@ietf.org [syslog-bounces@ietf.org] On Behalf Of ext Sean Turner [turners@ieca.com]
Sent: Saturday, May 22, 2010 6:16 PM
To: t.petch
Cc: syslog
Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls

t.petch wrote:
> I see that this I-D had entered 'Revised I-D needed' which I would like to
> progress.
>
> I see several comments about maximum record size, including a suggestion that we
> should make the 'SHOULD NOT' a 'MUST NOT' exceed 2**14.
>
> I am dead set against this change.  We had a clear requirment, early on, to
> allow 65k messages, and I think it wrong to MUST NOT that requirement. The text
> in the other I-Ds is a compromise to strke a balance between this and having
> everything fit in 576 byte; I think we have the balance right.

Tom,

My response to Alexey was that this I-D borrows that particular
requirement from RFC4347 and that this I-D shouldn't be upping the
requirement.  If it's okay with you, I'll forward him your response.
The way I read his comment was that he's just asking why - he's not
really requesting a change.

spt
_______________________________________________
Syslog mailing list
Syslog@ietf.org
https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email