Re: [v6ops] Please review draft-donley-behave-deterministic-cgn
Chris Donley <C.Donley@cablelabs.com> Tue, 10 January 2012 18:16 UTC
Return-Path: <C.Donley@cablelabs.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A73421F87CF for <v6ops@ietfa.amsl.com>; Tue, 10 Jan 2012 10:16:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.137
X-Spam-Level:
X-Spam-Status: No, score=0.137 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwhG9+JicubT for <v6ops@ietfa.amsl.com>; Tue, 10 Jan 2012 10:16:03 -0800 (PST)
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by ietfa.amsl.com (Postfix) with ESMTP id 560FC21F862D for <v6ops@ietf.org>; Tue, 10 Jan 2012 10:15:59 -0800 (PST)
Received: from kyzyl.cablelabs.com (kyzyl [10.253.0.7]) by ondar.cablelabs.com (8.14.5/8.14.5) with ESMTP id q0AI7BWR002655; Tue, 10 Jan 2012 11:15:53 -0700
Received: from srvxchg.cablelabs.com (10.5.0.15) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/303/kyzyl.cablelabs.com); Tue, 10 Jan 2012 11:07:11 -0700 (MST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/303/kyzyl.cablelabs.com)
Received: from srvxchg.cablelabs.com ([10.5.0.15]) by srvxchg ([10.5.0.15]) with mapi; Tue, 10 Jan 2012 11:13:58 -0700
From: Chris Donley <C.Donley@cablelabs.com>
To: Fred Baker <fred@cisco.com>, "Joel M. Halpern" <jmh@joelhalpern.com>
Date: Tue, 10 Jan 2012 11:13:55 -0700
Thread-Topic: [v6ops] Please review draft-donley-behave-deterministic-cgn
Thread-Index: AczPw57BrPFU+hVVTiabSatHl9fObg==
Message-ID: <CB30CA3D.38617%c.donley@cablelabs.com>
In-Reply-To: <B591E95C-7713-49BE-900D-36AD2EAF47D7@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.13.0.110805
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Approved: ondar
Cc: v6ops v6ops WG <v6ops@ietf.org>, Dave Thaler <dthaler@microsoft.com>, Behave Chairs <behave-chairs@tools.ietf.org>, "draft-donley-behave-deterministic-cgn@tools.ietf.org" <draft-donley-behave-deterministic-cgn@tools.ietf.org>
Subject: Re: [v6ops] Please review draft-donley-behave-deterministic-cgn
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 18:16:04 -0000
This comes down to compression density. You're right that most subscribers use few ports, but a few subs do use a very large number (see the WAND data). If you pack a lot of subscribers (let's say 1,000) behind a single IP address, each gets only a handful of ports, and this proposal almost turns into bulk port logging since many subscribers will be requesting additional allocations (we're not suggesting per-connection logging on the overflow). However, if you pack fewer subs behind a single public IP (let's say 60), each sub gets ~1000 ports, and 99% or so will never request another block. Then, using bulk port logging for the remainder makes for a very small quantity of log messages. In the example I presented in Taipei, we can get 100,000x-1,000,000x reduction in log messages, depending on the size of the port blocks offered for subsequent allocation. You're correct that there is a tradeoff between compression density (per-connection logging wins) and minimizing logging volume (Juniper's SD-NAT wins). On that continuum, we believe our proposal provides a balance that keeps log sizes small, but allows a reasonable compression density while allowing some flexibility to accommodate the 1% of users who consume significant numbers of ports. Chris On 1/4/12 4:18 PM, "Fred Baker" <fred@cisco.com> wrote: > >On Jan 4, 2012, at 2:32 PM, Joel M. Halpern wrote: > >> When I asked on operator about the port distribution, their answer was >>somewhat different. >> What they said was that when the users are idle, they don't use many >>ports. But when the user is busy, they use a lot of ports. >> This makes repeated, largeish, block allocation sensible, but makes >>pre-allocation of a small number, and then individual allocation >>thereafter, a bad strategy, as it will basically log as much as current. >> >> I do not have access to any research results to disambiguate these two >>reports. > >Chris should step in here. > >https://www.ietf.org/proceedings/82/slides/behave-5.pdf, quoting >http://www.wand.net.nz/~salcock/someisp/flow_counting/result_page.html >also referenced by RFC 6269 > >In the wand.net.nz HTML, look specifically for "mean number of peak >sessions for active subscribers only for each 30 minute period"; the HTML >doesn't have tags that would allow me to simply get you there. > >I suspect that Chris/WAND and your service provider might be defining >"user" and "a lot" differently. The Waikato numbers are very likely >typical of a residential network behind a NAT - in a home, even if >several computers are in use, it's unlikely that everyone in the home is >web surfing during the same minute. Common browsers usually limit the >number of TCPs they open in parallel to something like 2 or 4, and those >sessions usually stay open single digit numbers of seconds; this says >that in a typical residential network, they see 2-4 computers >simultaneously doing that, for a peak of 4-8 TCP sessions simultaneously >active. That would be very surprising in a corporate network, but makes >sense for residential network. > >Is the service provider you asked talking about corporate subscribers? > >> Yours, >> Joel >> >> On 1/4/2012 5:27 PM, Dave Thaler wrote: >>> Yes operational commentary would be very welcome. >>> >>> Also FYI, the author of the draft has declared IPR on it: >>> https://datatracker.ietf.org/ipr/1617/ >>> >>> -Dave >>> >>> -----Original Message----- >>> From: Fred Baker [mailto:fred@cisco.com] >>> Sent: Tuesday, October 11, 2011 6:52 AM >>> To: v6ops v6ops WG >>> Cc: Behave Chairs; draft-donley-behave-deterministic-cgn@tools.ietf.org >>> Subject: Please review draft-donley-behave-deterministic-cgn >>> >>> Operators subject to law enforcement subpoenas and using Carrier Grade >>>NAT are having difficulties with the syslog rate for per-connection >>>logging. Chris Donley has proposed a simplification; the provider >>>allocates a deterministic set of source ports to his subscribers, and >>>only needs to log exceptions. Research in the area suggests that usage >>>of source ports is pareto distributed; a typical user has a requirement >>>on the order of 4 port numbers in simultaneous use (median), but port >>>scans and other large volume uses drive the average quite a bit higher. >>> >>> They haven't asked for it, but I suspect the behave chairs would >>>appreciate operational commentary on the draft. >>> >>> http://tools.ietf.org/html/draft-donley-behave-deterministic-cgn >>> "Deterministic Address Mapping to Reduce Logging in Carrier Grade >>>NATs", >>> Chris Donley, Chris Grundemann, Vikas Sarawat, Karthik Sundaresan, >>> 26-Sep-11 >>> >>> >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >>> >> _______________________________________________ >> v6ops mailing list >> v6ops@ietf.org >> https://www.ietf.org/mailman/listinfo/v6ops > >_______________________________________________ >v6ops mailing list >v6ops@ietf.org >https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Please review draft-donley-behave-determi… Fred Baker
- Re: [v6ops] Please review draft-donley-behave-det… George, Wes
- Re: [v6ops] Please review draft-donley-behave-det… Chris Grundemann
- Re: [v6ops] Please review draft-donley-behave-det… George, Wes
- Re: [v6ops] Please review draft-donley-behave-det… Dave Thaler
- Re: [v6ops] Please review draft-donley-behave-det… Fred Baker
- Re: [v6ops] Please review draft-donley-behave-det… Joel M. Halpern
- Re: [v6ops] Please review draft-donley-behave-det… Cameron Byrne
- Re: [v6ops] Please review draft-donley-behave-det… Fred Baker
- Re: [v6ops] Please review draft-donley-behave-det… Joel jaeggli
- Re: [v6ops] Please review draft-donley-behave-det… Fred Baker
- Re: [v6ops] Please review draft-donley-behave-det… Cameron Byrne
- Re: [v6ops] Please review draft-donley-behave-det… Joel M. Halpern
- Re: [v6ops] Please review draft-donley-behave-det… Joel jaeggli
- Re: [v6ops] Please review draft-donley-behave-det… Ray Hunter
- Re: [v6ops] Please review draft-donley-behave-det… George, Wes
- Re: [v6ops] Please review draft-donley-behave-det… Cameron Byrne
- Re: [v6ops] Please review draft-donley-behave-det… Cameron Byrne
- Re: [v6ops] Please review draft-donley-behave-det… George, Wes
- Re: [v6ops] Please review draft-donley-behave-det… Chris Donley
- Re: [v6ops] Please review draft-donley-behave-det… Chris Grundemann
- Re: [v6ops] Please review draft-donley-behave-det… Chris Grundemann
- Re: [v6ops] Please review draft-donley-behave-det… Cameron Byrne
- Re: [v6ops] Please review draft-donley-behave-det… Chris Grundemann