Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability

"Fred Baker (fred)" <fred@cisco.com> Wed, 08 July 2015 18:39 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49E861A700B for <v6ops@ietfa.amsl.com>; Wed, 8 Jul 2015 11:39:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUQroD3HI7A6 for <v6ops@ietfa.amsl.com>; Wed, 8 Jul 2015 11:39:08 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D31071A700A for <v6ops@ietf.org>; Wed, 8 Jul 2015 11:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3081; q=dns/txt; s=iport; t=1436380747; x=1437590347; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Q02jG2qXQK8UlaPdnNu1zZR2zZeybDwaMeUW3IWvcQw=; b=W8ak/MUtts6+7OlCzfiYuFV9gCA1lS36UWFBDSYaJGAOKfFbU1r6X4X0 RTqgXZ29fZuthNSeyoxFYIP8IKEElxkNN70j1pZRxW4PcJvZN4ziDqnYU 8OCO7x6gTRW+BeMID5kxiLW64FwLImdduJLMwWuH40kF3b5PJgEWAZzw7 4=;
X-Files: signature.asc : 833
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D9BADZbZ1V/5RdJa1cgxKBNAbFOgKBXDsRAQEBAQEBAYEKhCMBAQEDAXkFCwIBCA4KLjIlAgQOBQ6IGAjODQEBAQEBAQEBAQEBAQEBAQEBAQEBAReLS4UGB4MXgRQBBJQjAYIsgVSHfZhiJoN7b4FHgQQBAQE
X-IronPort-AV: E=Sophos;i="5.15,433,1432598400"; d="asc'?scan'208";a="13738891"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-2.cisco.com with ESMTP; 08 Jul 2015 18:39:06 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id t68Id6o2019836 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 8 Jul 2015 18:39:06 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.49]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0195.001; Wed, 8 Jul 2015 13:39:06 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Erik Kline <ek@google.com>
Thread-Topic: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
Thread-Index: AQHQua1ern+gb4bVAkKw0CKjGdvjkg==
Date: Wed, 8 Jul 2015 18:39:06 +0000
Message-ID: <51DCD124-F170-426E-BFB2-D734E89640F0@cisco.com>
References: <201507061147.t66Bl1AE028312@irp-lnx1.cisco.com> <9290D0D1-062A-4DE0-A437-9A5F5045ACAC@gmail.com> <39F63B55-977F-4B84-8B55-52E2F0B1A851@cisco.com> <CAAedzxqBuTbieaFMpWVFSk5J=ktQEM2FWFyP_PV0EGuWs_5=yQ@mail.gmail.com>
In-Reply-To: <CAAedzxqBuTbieaFMpWVFSk5J=ktQEM2FWFyP_PV0EGuWs_5=yQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.64.123]
Content-Type: multipart/signed; boundary="Apple-Mail=_5C28523E-1C96-49B0-BB77-BC7AE21AC6A3"; protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/g_YYDbAPHvqJgljKgE6ZJPuPfCs>
Cc: "draft-colitti-v6ops-host-addr-availability@tools.ietf.org" <draft-colitti-v6ops-host-addr-availability@tools.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 18:39:09 -0000

> On Jul 6, 2015, at 7:08 PM, Erik Kline <ek@google.com>; wrote:
> 
> Some of this could also serve as input to motivate a SAVI document
> defining a basic logging protocol.
> 
> I still believe that if there where a trivially deployable logging
> methodology that captured
> 
>    {IP address, timestamp, rfc7039#section-3.2 binding context}
> 
> tuples, or even the full data structure entry described in
> rfc6620#section-3.1, then the auditing objectives could be well and
> truly met.
> 
> I think this is still one large unmet need.  (not necessarily a v6ops
> matter, perhaps)

Operational requirements for such could be a v6ops project, and probably a quick one. You're correct that a protocol development probably belongs in a protocol WG. Calling out the binding anchor makes sense, but some of those (the port on an Ethernet switch to which a host attaches, the security association between a host and the base station on wireless links) don't have obvious portable names (if I say that a given security association is number 27 in the AP's table, that's meaningful to the AP, but I'm not sure it's meaningful to an operator coming in after the fact).

I find myself wondering whether this might get rolled up with some other logging operation, such as for stateful NATs. It begins to sound a lot like a record that associates a set of elements together (a 3-tuple or 5-tuple for a session with a MAC Address and a port number and a time stamp, logged only if the source IP address isn't mapped to the MAC address of interest, perhaps) that is emitted for a reason beyond "it was seen".

Would IPFIX, in some incarnation, address this?

I'll let you write that :-)