IETF Logo Mail Archive

Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability

Erik Kline <ek@google.com> Fri, 10 July 2015 07:38 UTC

Return-Path: <ek@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F821A8927 for <v6ops@ietfa.amsl.com>; Fri, 10 Jul 2015 00:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zZ0E2lc0QqdE for <v6ops@ietfa.amsl.com>; Fri, 10 Jul 2015 00:38:09 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E1A91A8925 for <v6ops@ietf.org>; Fri, 10 Jul 2015 00:38:08 -0700 (PDT)
Received: by wgjx7 with SMTP id x7so241854990wgj.2 for <v6ops@ietf.org>; Fri, 10 Jul 2015 00:38:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Fum2jmKhPjzSFUnH9pDHmHYTkQrb+Mu4fAxHE0w+tZc=; b=nGjSw3GAyXddCpYRef6tV5wUVtPtuER6XIZ/yNR2So7PYuYUR9CiBJcnCK+/kzd6Vg 1sGCXwQfD9zO8RZ4wfNRd12CvJO1SdqHKDedomHnz99uUOvQbx1IjMmBy95f2QFGA73I sPohrYrELhFkh4mrXbGZayY+ZkWGxiYl09H24dRw7I343IlRlJsy93sWZ47JAxXBmg+P Rp1t+p66bQi4PHTNTU/NFjyuPVwjJvS0OLfbd2SRPvenfQktDizS7HZB0559MVpQpiIn MogF3Tjb0t0pqA7lk0jyKpHzueyJDtSyxdR2vgc5J/toWn3zWenP9qnZnZLiGzVZPthk avJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Fum2jmKhPjzSFUnH9pDHmHYTkQrb+Mu4fAxHE0w+tZc=; b=ewDMWhNvH+fiKl4Yhbc5dL1Rq0vyeKy6lHcttmXe8iqcQV7XcBKwMKIZlbSbW3jhGM RTIMJ1o8KO9nfp63IP59To0QBacVIzrzKcZRRJmSBYzXbKmL07thopFjGnGBBsBL2xkf Vraj/P7JmaW6sfP8nai64SgObkBczuIqaSb3zZK9eQ4DKrlPOfvM6YUmX4SPdMjEzHs5 sKm3VOyHK3tHRgiL46NNZ1iM9H6fTZZ3NYwKzEBoStY5hX3uRH8fiEHolDyO31NZvmy7 W6VTq18CdhnKQO+x1sfUxnpaJfvg5huT3d0UJ2cQxbeuNBOmosPaB67/ow6VZrwFR/uT M++A==
X-Gm-Message-State: ALoCoQlzi6mMTrvIsFEz2HYd9S42nTfxU0oJe5jIQkJ9DWxn2ehp7W3KXhyAjeiSR3z+1LshxyPK
X-Received: by 10.180.76.193 with SMTP id m1mr3566611wiw.11.1436513887463; Fri, 10 Jul 2015 00:38:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.138.203 with HTTP; Fri, 10 Jul 2015 00:37:47 -0700 (PDT)
In-Reply-To: <559DADF2.2070202@gmail.com>
References: <201507061147.t66Bl1AE028312@irp-lnx1.cisco.com> <9290D0D1-062A-4DE0-A437-9A5F5045ACAC@gmail.com> <39F63B55-977F-4B84-8B55-52E2F0B1A851@cisco.com> <CAAedzxqBuTbieaFMpWVFSk5J=ktQEM2FWFyP_PV0EGuWs_5=yQ@mail.gmail.com> <51DCD124-F170-426E-BFB2-D734E89640F0@cisco.com> <559DADF2.2070202@gmail.com>
From: Erik Kline <ek@google.com>
Date: Fri, 10 Jul 2015 16:37:47 +0900
Message-ID: <CAAedzxqZGhmLzf7Rq1=w6Ebv0uffdE+JXqs1d4A-k9f_95Sm+Q@mail.gmail.com>
To: Tom Taylor <tom.taylor.stds@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/B1jph9_Bx3tPj7v8j0oCu00bOX8>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-colitti-v6ops-host-addr-availability@tools.ietf.org" <draft-colitti-v6ops-host-addr-availability@tools.ietf.org>
Subject: Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 07:38:10 -0000

On 9 July 2015 at 08:10, Tom Taylor <tom.taylor.stds@gmail.com> wrote:
> On 08/07/2015 2:39 PM, Fred Baker (fred) wrote:
>>
>>
>>> On Jul 6, 2015, at 7:08 PM, Erik Kline <ek@google.com> wrote:
>>>
>>> Some of this could also serve as input to motivate a SAVI document
>>> defining a basic logging protocol.
>>>
>>> I still believe that if there where a trivially deployable logging
>>> methodology that captured
>>>
>>>     {IP address, timestamp, rfc7039#section-3.2 binding context}
>>>
>>> tuples, or even the full data structure entry described in
>>> rfc6620#section-3.1, then the auditing objectives could be well and
>>> truly met.
>>>
>>> I think this is still one large unmet need.  (not necessarily a v6ops
>>> matter, perhaps)
>>
>>
>> Operational requirements for such could be a v6ops project, and probably a
>> quick one. You're correct that a protocol development probably belongs in a
>> protocol WG. Calling out the binding anchor makes sense, but some of those
>> (the port on an Ethernet switch to which a host attaches, the security
>> association between a host and the base station on wireless links) don't
>> have obvious portable names (if I say that a given security association is
>> number 27 in the AP's table, that's meaningful to the AP, but I'm not sure
>> it's meaningful to an operator coming in after the fact).
>>
>> I find myself wondering whether this might get rolled up with some other
>> logging operation, such as for stateful NATs. It begins to sound a lot like
>> a record that associates a set of elements together (a 3-tuple or 5-tuple
>> for a session with a MAC Address and a port number and a time stamp, logged
>> only if the source IP address isn't mapped to the MAC address of interest,
>> perhaps) that is emitted for a reason beyond "it was seen".
>>
>> Would IPFIX, in some incarnation, address this?
>>
>> I'll let you write that :-)
>>
>>
>
> We have both SYSLOG and IPFIX drafts in progress for NATs. They've been held
> up waiting for the NAT MIB to be finished. (The latter is now in the RFCEd
> Q.) We could look at adding these logs if you want, subject to your
> requirements.

Sounds good to me.  :-)

I think that as long as the format of the binding anchor is extensible
and a minimally useful version is readily available that should
suffice to get started.

I don't know what's normal here: either extensible within an existing
type (i.e. adding fields to a mythical 802Dot11BindingAnchor format)
or extensible by creating new types (i.e.
802Dot11BindingAnchorWithRfc5841PacketMood).

v2.23.0 | Report a Bug | By Email