Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability

Erik Kline <> Fri, 10 July 2015 07:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 55F821A8927 for <>; Fri, 10 Jul 2015 00:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zZ0E2lc0QqdE for <>; Fri, 10 Jul 2015 00:38:09 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0E1A91A8925 for <>; Fri, 10 Jul 2015 00:38:08 -0700 (PDT)
Received: by wgjx7 with SMTP id x7so241854990wgj.2 for <>; Fri, 10 Jul 2015 00:38:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Fum2jmKhPjzSFUnH9pDHmHYTkQrb+Mu4fAxHE0w+tZc=; b=nGjSw3GAyXddCpYRef6tV5wUVtPtuER6XIZ/yNR2So7PYuYUR9CiBJcnCK+/kzd6Vg 1sGCXwQfD9zO8RZ4wfNRd12CvJO1SdqHKDedomHnz99uUOvQbx1IjMmBy95f2QFGA73I sPohrYrELhFkh4mrXbGZayY+ZkWGxiYl09H24dRw7I343IlRlJsy93sWZ47JAxXBmg+P Rp1t+p66bQi4PHTNTU/NFjyuPVwjJvS0OLfbd2SRPvenfQktDizS7HZB0559MVpQpiIn MogF3Tjb0t0pqA7lk0jyKpHzueyJDtSyxdR2vgc5J/toWn3zWenP9qnZnZLiGzVZPthk avJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Fum2jmKhPjzSFUnH9pDHmHYTkQrb+Mu4fAxHE0w+tZc=; b=ewDMWhNvH+fiKl4Yhbc5dL1Rq0vyeKy6lHcttmXe8iqcQV7XcBKwMKIZlbSbW3jhGM RTIMJ1o8KO9nfp63IP59To0QBacVIzrzKcZRRJmSBYzXbKmL07thopFjGnGBBsBL2xkf Vraj/P7JmaW6sfP8nai64SgObkBczuIqaSb3zZK9eQ4DKrlPOfvM6YUmX4SPdMjEzHs5 sKm3VOyHK3tHRgiL46NNZ1iM9H6fTZZ3NYwKzEBoStY5hX3uRH8fiEHolDyO31NZvmy7 W6VTq18CdhnKQO+x1sfUxnpaJfvg5huT3d0UJ2cQxbeuNBOmosPaB67/ow6VZrwFR/uT M++A==
X-Gm-Message-State: ALoCoQlzi6mMTrvIsFEz2HYd9S42nTfxU0oJe5jIQkJ9DWxn2ehp7W3KXhyAjeiSR3z+1LshxyPK
X-Received: by with SMTP id m1mr3566611wiw.11.1436513887463; Fri, 10 Jul 2015 00:38:07 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 10 Jul 2015 00:37:47 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <>
From: Erik Kline <>
Date: Fri, 10 Jul 2015 16:37:47 +0900
Message-ID: <>
To: Tom Taylor <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: "" <>, "" <>
Subject: Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Jul 2015 07:38:10 -0000

On 9 July 2015 at 08:10, Tom Taylor <> wrote:
> On 08/07/2015 2:39 PM, Fred Baker (fred) wrote:
>>> On Jul 6, 2015, at 7:08 PM, Erik Kline <> wrote:
>>> Some of this could also serve as input to motivate a SAVI document
>>> defining a basic logging protocol.
>>> I still believe that if there where a trivially deployable logging
>>> methodology that captured
>>>     {IP address, timestamp, rfc7039#section-3.2 binding context}
>>> tuples, or even the full data structure entry described in
>>> rfc6620#section-3.1, then the auditing objectives could be well and
>>> truly met.
>>> I think this is still one large unmet need.  (not necessarily a v6ops
>>> matter, perhaps)
>> Operational requirements for such could be a v6ops project, and probably a
>> quick one. You're correct that a protocol development probably belongs in a
>> protocol WG. Calling out the binding anchor makes sense, but some of those
>> (the port on an Ethernet switch to which a host attaches, the security
>> association between a host and the base station on wireless links) don't
>> have obvious portable names (if I say that a given security association is
>> number 27 in the AP's table, that's meaningful to the AP, but I'm not sure
>> it's meaningful to an operator coming in after the fact).
>> I find myself wondering whether this might get rolled up with some other
>> logging operation, such as for stateful NATs. It begins to sound a lot like
>> a record that associates a set of elements together (a 3-tuple or 5-tuple
>> for a session with a MAC Address and a port number and a time stamp, logged
>> only if the source IP address isn't mapped to the MAC address of interest,
>> perhaps) that is emitted for a reason beyond "it was seen".
>> Would IPFIX, in some incarnation, address this?
>> I'll let you write that :-)
> We have both SYSLOG and IPFIX drafts in progress for NATs. They've been held
> up waiting for the NAT MIB to be finished. (The latter is now in the RFCEd
> Q.) We could look at adding these logs if you want, subject to your
> requirements.

Sounds good to me.  :-)

I think that as long as the format of the binding anchor is extensible
and a minimally useful version is readily available that should
suffice to get started.

I don't know what's normal here: either extensible within an existing
type (i.e. adding fields to a mythical 802Dot11BindingAnchor format)
or extensible by creating new types (i.e.