IETF WG list on making NATs behave properly

Mikael Abrahamsson | 1 Sep 2011 07:06

Re: Question on draft-ietf-behave-lsn-requirements-03.txt

On Wed, 31 Aug 2011, Simon Perreault wrote:

> Mikael Abrahamsson wrote, on 08/27/2011 02:31 AM:
>> I support making it a MUST requirement, due to the fact that without it, it's
>> nearly impossible to handle the logging load.
>
> According to previous calculations, the logging load is not unmanageable.
> See <http://www.ietf.org/mail-archive/web/behave/current/msg08801.html>.

There are markets where there is either already a requirement, or talk 
about putting into law a requirement to save such data for 3 years. When 
one is talking about many tens of gigabits/s of traffic we're talking 
really serious storage systems (hundreds of terabytes if not thousands 
of terabytes of storage).

Avoiding logging any kind of destination information is to be preferred, 
only logging the source port range being made available for the customer 
and requiring the party wanting information to supply time,IP address and 
port to track an individual user, makes the logging load go down by factor 
1000 or more in our calculations.

--

-- 
Mikael Abrahamsson    email: swmike <at> swm.pp.se

headers

Mikael Abrahamsson | 1 Sep 2011 07:11

Re: Question on draft-ietf-behave-lsn-requirements-03.txt

On Wed, 31 Aug 2011, Jean-Francois.TremblayING <at> videotron.com wrote:

> Other advantages would be interesting, but I can't see any other reason 
> to keep logs on the long term besides heating a building with spinning 
> hard drives.

Well, I'd say being a good netizen and being able to do regular abuse 
tracking, means one often wants to save logs for months anyway. Creating a 
logging system to handle the rate of data being creating by flow export 
costs more to aquire than the CGN device itself when we looked into it.

A lot of ISPs do not log this today so they can't really do abuse tracking 
at all.

--

-- 
Mikael Abrahamsson    email: swmike <at> swm.pp.se

headers

Maglione Roberta | 1 Sep 2011 09:48

Re: Question on draft-ietf-behave-lsn-requirements-03.txt

In my country the law requires to keep logs for 5 years and we are not allowed to log destination information
for privacy reasons.
Having the possibility to use port range would help reducing the amount of data we need to store.

Roberta

-----Original Message-----
From: behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] On Behalf Of Mikael Abrahamsson
Sent: giovedì 1 settembre 2011 7.07
To: Simon Perreault
Cc: behave <at> ietf.org
Subject: Re: [BEHAVE] Question on draft-ietf-behave-lsn-requirements-03.txt

On Wed, 31 Aug 2011, Simon Perreault wrote:

> Mikael Abrahamsson wrote, on 08/27/2011 02:31 AM:
>> I support making it a MUST requirement, due to the fact that without it, it's
>> nearly impossible to handle the logging load.
>
> According to previous calculations, the logging load is not unmanageable.
> See <http://www.ietf.org/mail-archive/web/behave/current/msg08801.html>.

There are markets where there is either already a requirement, or talk
about putting into law a requirement to save such data for 3 years. When
one is talking about many tens of gigabits/s of traffic we're talking
really serious storage systems (hundreds of terabytes if not thousands
of terabytes of storage).

Avoiding logging any kind of destination information is to be preferred,
only logging the source port range being made available for the customer

(Continue reading)

headers

mohamed.boucadair | 1 Sep 2011 15:45

Request to adopt draft-boucadair-behave-bittorrent-address-sharing as WG document

Dear all,

I would like to have a feedback from the WG whether there is an interest to adopt
http://tools.ietf.org/html/draft-boucadair-behave-bittorrent-address-sharing-00 as WG document.

Comments and suggestions are welcome.

Cheers,
Med

> -----Original Message-----
> From: behave-bounces <at> ietf.org 
> [mailto:behave-bounces <at> ietf.org] On Behalf Of Dan Wing
> Sent: Friday, June 10, 2011 9:22 PM
> To: Behave WG
> Cc: behave-chairs <at> tools.ietf.org; 'Dave Thaler'
> Subject: [BEHAVE] BEHAVE presentations at IETF81
> 

> 
> * draft-boucadair-behave-bittorrent-address-sharing -- I 
> believe this was
> going to be published AD-sponsored, unless there is interest 
> in the working
> group on this document?  If folks want to look at it, and 
> decide if they
> could provide peer review, we might consider adopting this as 
> a WG document.
> Please let me know.
>

(Continue reading)

headers

Tina TSOU | 1 Sep 2011 18:54

FW: Question on draft-ietf-behave-lsn-requirements-03.txt

From: Tina TSOU
Sent: Wednesday, August 31, 2011 1:24 PM
To: 'Jean-Francois.TremblayING <at> videotron.com'; simon.perreault <at> viagenie.ca
Cc: behave-bounces <at> ietf.org; behave <at> ietf.org
Subject: RE: [BEHAVE] Question on draft-ietf-behave-lsn-requirements-03.txt

Jean-Francois and Simon,

I think log and data retention is a normal requirement for CGN, and little data storage size is desired. The log capacity should not impact device performance.

Best Regards,

Tina TSOU

http://tinatsou.weebly.com/contact.html

From: behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] On Behalf Of Jean-Francois.TremblayING <at> videotron.com
Sent: Wednesday, August 31, 2011 11:41 AM
To: simon.perreault <at> viagenie.ca
Cc: behave-bounces <at> ietf.org; behave <at> ietf.org
Subject: Re: [BEHAVE] Question on draft-ietf-behave-lsn-requirements-03.txt

>> The rationale here is that in many countries, law enforcement agencies mandate
>> to keep these logs for at least a year, sometimes even longer.
> Not disagreeing with you, but I fear that this rationale would go against RFC2804:
>
> The IETF has decided not to consider requirements for wiretapping as
> part of the process for creating and maintaining IETF standards.
>
> I feel like it would make a stronger rationale if we focus on other advantages
> of bulk port allocation...

Good point. The definition of wiretapping in RFC2804 is wide enough that logging
source ports is probably (barely) included in this context.

Other advantages would be interesting, but I can't see any other reason to keep
logs on the long term besides heating a building with spinning hard drives.

>> With the numbers you refered
>> to above (2.7 TB/day), this means nearly 1 Petabyte of storage per year *per CGN
>> device*.
> That with 1,000,000 bindings/sec, which is a lot. That's 15 IP addresses worth
> of external ports consumed per second. That's a really big NAT!

Of course, but even if logging is an order of magnitude smaller, this is only one
NAT box in a network presumably using several CGNs. CGN is, by definition,
a really big NAT. Logging without port ranges remains a non-trivial an operational problem.

/JF

<div>
<div class="WordSection1">
<div>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
</div>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<div>
<div>
<p class="MsoNormal"><span>From:</span><span> Tina
 TSOU <br>Sent: Wednesday, August 31, 2011 1:24 PM<br>To: 'Jean-Francois.TremblayING <at> videotron.com'; simon.perreault <at> viagenie.ca<br>Cc: behave-bounces <at> ietf.org; behave <at> ietf.org<br>Subject: RE: [BEHAVE] Question on draft-ietf-behave-lsn-requirements-03.txt<p></p></span></p>
</div>
</div>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><span>Jean-Francois and Simon,<p></p></span></p>
<p class="MsoNormal"><span>I think log and data retention is a normal requirement for CGN, and little data storage size is desired. The log capacity should not impact device performance.<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Best Regards,<p></p></span></p>
<p class="MsoNormal"><span>Tina TSOU<p></p></span></p>
<p class="MsoNormal"><span>http://tinatsou.weebly.com/contact.html<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<div>
<p class="MsoNormal"><span>From:</span><span> behave-bounces <at> ietf.org
 [mailto:behave-bounces <at> ietf.org] On Behalf Of Jean-Francois.TremblayING <at> videotron.com<br>Sent: Wednesday, August 31, 2011 11:41 AM<br>To: simon.perreault <at> viagenie.ca<br>Cc: behave-bounces <at> ietf.org; behave <at> ietf.org<br>Subject: Re: [BEHAVE] Question on draft-ietf-behave-lsn-requirements-03.txt<p></p></span></p>
</div>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><br><span>&gt;&gt; The rationale here is that in many countries, law enforcement agencies mandate</span><span><br>&gt;&gt; to keep these logs for at least a year, sometimes even longer.<br>&gt; Not disagreeing with you, but I fear that this rationale would go against RFC2804:<br>&gt; <br>&gt; &nbsp; The IETF has decided not to consider requirements for wiretapping as<br>&gt; &nbsp; part of the process for creating and maintaining IETF standards.</span>
<br><span>&gt;</span><span><br>&gt; I feel like it would make a stronger rationale if we focus on other advantages<br>&gt; of bulk port allocation...<br></span><br><span>Good point. The definition of wiretapping in RFC2804 is wide enough that logging</span>
<br><span>source ports is probably (barely) included in this context.
</span><br><br><span>Other advantages would be interesting, but I can't see any other reason to keep
</span><br><span>logs on the long term besides heating a building with spinning hard drives.
</span><br><br><span><br>&gt;&gt; With the numbers you refered<br>&gt;&gt; to above (2.7 TB/day), this means nearly 1 Petabyte of storage per year *per CGN<br>&gt;&gt; device*.<br>&gt; That with 1,000,000 bindings/sec, which is a lot. That's 15 IP addresses worth<br>&gt; of external ports consumed per second. That's a really big NAT!<br></span><br><span>Of course, but even if logging is an order of magnitude smaller, this is only one
</span><br><span>NAT box in a network presumably using several CGNs. CGN is, by definition,
</span><br><span>a really big NAT. Logging without port ranges remains a non-trivial an operational problem.
</span><br><br><span>/JF</span> <p></p></p>
</div>
</div>

headers

Howard, Lee | 1 Sep 2011 14:04

Re: Question on draft-ietf-behave-lsn-requirements-03.txt

> -----Original Message-----
> From: behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] On Behalf Of Simon
> Perreault
> Jean-Francois.TremblayING <at> videotron.com wrote, on 08/31/2011 01:36 PM:
> > The rationale here is that in many countries, law enforcement agencies mandate
> > to keep
> > these logs for at least a year, sometimes even longer.
>
> Not disagreeing with you, but I fear that this rationale would go against RFC2804:
>
>    The IETF has decided not to consider requirements for wiretapping as
>    part of the process for creating and maintaining IETF standards.

Wiretapping is not the same as logging.  But the rationales for rfc2804 would apply
in this case.

Response to abuse complaints would be pretty operational.  One form of abuse
complaint is the subpoena.  Without logs, there's no way to know who the
accused abuser is.

Lee

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is
privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is
intended solely for the use of the individual or entity to which it is addressed. If you are not the intended
recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or
action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may
be unlawful. If you have received this E-mail in error, please notify the sender immediately and
permanently delete the original and any copy of this E-mail and any printout.

headers

Frank Brockners (fbrockne | 2 Sep 2011 18:37

Re: My review of draft-ietf-dime-nat-control-09

Dave,

thanks for your comments and detailed review and sorry for the delay in getting the draft updated. We just posted a new revision (draft-ietf-dime-nat-control-11), reflecting your comments. Please see additional comments inline...

From: behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] On Behalf Of Dave Thaler
Sent: Friday, August 05, 2011 2:13 AM
To: draft-ietf-dime-nat-control <at> tools.ietf.org; dime-chairs <at> tools.ietf.org
Cc: David Harrington; behave <at> ietf.org; Romascanu, Dan (Dan)
Subject: [BEHAVE] My review of draft-ietf-dime-nat-control-09

My review of this draft is at

http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.pdf

or (same content)

http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.docx

High level questions:

1) The model discussed in the draft appears to assume there’s only one NAT device in the domain. In contrast, the models in the Behave WG allow for multiple. What happens if there are multiple NAT-devices (for failover or load balancing or whatever else)?

…..FB: We clarified that DNCA applies to n:m scenarios, with n NAT-Controllers and m NAT-devices. Section 3.3 now discusses this:

3.3. Deployment Scenarios For DNCA

DNCA can be deployed in different ways. DNCA supports deployments

with "n" NAT-controllers and "m" NAT-devices, with n and m equal to

or greater than 1. For DNCA, the session representing a particular

endpoint is atomic. Any deployment MUST ensure that for every given

endpoint only a single NAT-controller and only a single NAT-device

are active at any point in time. This is to ensure that NAT-devices

controlled by multiple NAT-controllers do not receive conflicting

control requests for a particular endpoint, or would be unclear which

NAT-controller to send accounting information to.

2) Security seems to be a MAY. Why not a SHOULD or a MUST? Using only a MAY warrants an explanation.

…FB: Agreed. And we refer to security as a SHOULD throughout the document.

3) There’s no mention of DoS attack by filling up logs. Is that a concern?

...FB: It could be a concern, if the logging infrastructure is not designed with potential DoS attacks in mind. We've updated the security section to reflect this (see section 12):

[..] Failing

of any of the two DNCA Diameter peers to provide the required

credentials should be subject to logging. The corresponding logging

infrastructure of the operator SHOULD be built in a way that it can

mitigate potential denial of service attacks resulting from large

amounts of logging events. This could include proper dimensioning of

the logging infrastructure combined with policing the maximum amount

of logging events accepted by the logging system to a threshold which

the system is known to be able to handle.

Rest is mostly editorial nits.

…FB: Thanks for catching all these nits. Really helpful (and hopefully we reflected all of them in revision -11)

I also reviewed it for consistency with RFC 4008 and for consistency with draft-ietf-behave-lsn-requirements, and I didn’t spot any inconsistencies other that in question 1 above.

Regards, Frank

-Dave

<div>

<div class="WordSection1">

<p class="MsoNormal"><span>Dave,<p></p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span>thanks for your comments and
detailed review and sorry for the delay in getting the draft updated. We just
posted a new revision (draft-ietf-dime-nat-control-11), reflecting your
comments. Please see additional comments inline...<p></p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<div>

<div>

<div>

<p class="MsoNormal"><span>From:</span><span>
behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] On Behalf Of Dave
Thaler<br>Sent: Friday, August 05, 2011 2:13 AM<br>To: draft-ietf-dime-nat-control <at> tools.ietf.org;
dime-chairs <at> tools.ietf.org<br>Cc: David Harrington; behave <at> ietf.org; Romascanu, Dan (Dan)<br>Subject: [BEHAVE] My review of draft-ietf-dime-nat-control-09<p></p></span></p>

</div>

</div>

<p class="MsoNormal"><p>&nbsp;</p></p>

<p class="MsoNormal">My review of this draft is at<p></p></p>

<p class="MsoNormal"><a href="http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.pdf">http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.pdf</a><p></p></p>

<p class="MsoNormal">or (same content)<p></p></p>

<p class="MsoNormal"><a href="http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.docx">http://research.microsoft.com/en-us/um/people/dthaler/draft-ietf-dime-nat-control-09.docx</a><p></p></p>

<p class="MsoNormal"><p>&nbsp;</p></p>

<p class="MsoNormal">High level questions:<p></p></p>

<p class="MsoListParagraph">1)<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>The
model discussed in the draft appears to assume there&rsquo;s only one NAT
device in the domain. &nbsp;In contrast, the models in the Behave WG allow for
multiple.&nbsp;&nbsp; What happens if there are multiple NAT-devices (for
failover or load balancing or whatever else)?<p></p></p>

<p class="MsoListParagraph"><span>&hellip;..FB: We clarified that DNCA applies to n:m
scenarios, with n NAT-Controllers and m NAT-devices. Section 3.3 now discusses
this:<p></p></span></p>

<p class="MsoListParagraph"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span>3.3.&nbsp; Deployment Scenarios For DNCA<p></p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; DNCA can be deployed in different ways.&nbsp; DNCA
supports deployments<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; with "n" NAT-controllers and
"m" NAT-devices, with n and m equal to<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; or greater than 1.&nbsp; For DNCA, the session
representing a particular<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; endpoint is atomic.&nbsp; Any deployment MUST
ensure that for every given<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; endpoint only a single NAT-controller and only a
single NAT-device<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; are active at any point in time.&nbsp; This is to
ensure that NAT-devices<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; controlled by multiple NAT-controllers do not
receive conflicting<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; control requests for a particular endpoint, or
would be unclear which<p></p></span></p>

<p class="MsoNormal"><span>&nbsp;&nbsp; NAT-controller to send accounting information to.<p></p></span></p>

<p class="MsoListParagraph"><span><p>&nbsp;</p></span></p>

<p class="MsoListParagraph"><span><p>&nbsp;</p></span></p>

<p class="MsoListParagraph">2)<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Security
seems to be a MAY.&nbsp;&nbsp; Why not a SHOULD or a MUST?&nbsp;&nbsp; Using
only a MAY warrants an explanation.<p></p></p>

<p class="MsoListParagraph"><span>&hellip;FB:
Agreed. And we refer to security as a SHOULD throughout the document.<p></p></span></p>

<p class="MsoListParagraph"><span><p>&nbsp;</p></span></p>

<p class="MsoListParagraph">3)<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>There&rsquo;s
no mention of DoS attack by filling up logs.&nbsp;&nbsp; Is that a concern?<p></p></p>

<p class="MsoListParagraph"><span><p>&nbsp;</p></span></p>

<p class="MsoPlainText"><span>...FB: It could be a concern, if the logging infrastructure is
not designed with potential DoS attacks in mind. We've updated the &nbsp;security
section to reflect this (see section 12):<p></p></span></p>

<p class="MsoPlainText"><p>&nbsp;</p></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; [..] Failing<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; of any of the
two DNCA Diameter peers to provide the required<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; credentials
should be subject to logging.&nbsp; The corresponding logging<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; infrastructure
of the operator SHOULD be built in a way that it can<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; mitigate
potential denial of service attacks resulting from large<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; amounts of logging
events.&nbsp; This could include proper dimensioning of<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; the logging
infrastructure combined with policing the maximum amount<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; of logging
events accepted by the logging system to a threshold which<p></p></span></p>

<p class="MsoPlainText"><span>&nbsp;&nbsp; the system is
known to be able to handle.<p></p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal">Rest is mostly editorial nits.<p></p></p>

<p class="MsoNormal"><span>&hellip;FB: Thanks for catching
all these nits. Really helpful (and hopefully we reflected all of them in revision
-11)<p></p></span></p>

<p class="MsoNormal"><p>&nbsp;</p></p>

<p class="MsoNormal">I also reviewed it for consistency with RFC 4008 and for
consistency with draft-ietf-behave-lsn-requirements, and I didn&rsquo;t spot
any inconsistencies other that in question 1 above.<p></p></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><span>Regards, Frank<p></p></span></p>

<p class="MsoNormal"><span><p>&nbsp;</p></span></p>

<p class="MsoNormal"><p>&nbsp;</p></p>

<p class="MsoNormal">-Dave<p></p></p>

</div>

</div>

</div>

headers

Simon Perreault | 5 Sep 2011 22:36

NAT-MIB bis

Hello,

This was just posted:
http://tools.ietf.org/html/draft-perreault-opsawg-natmib-bis-00

There's been some work on MIBs in BEHAVE lately. There are a number of 
new things that require an update to RFC 4008:
- DS-Lite (shared internal address pools)
- CGNs (thresholds, alarms, statistics, etc.)
- NAT64
and RFC 4008 itself is in need of some polishing independent of those. 
That's why we started a NAT-MIB bis draft.

You can see in section 2 that most of the items are marked TO-DO. We 
will continue working on this draft. At this point we would like some 
early feedback on the worthiness of this effort. Will NAT vendors 
implement this? Do operators need this? Does this make technical sense? 
Text contribution is also very welcome.

As BEHAVE is shutting down, we would like to invite discussion on the 
OPSAWG mailing list. We would like this draft to be adopted by a working 
group eventually, and would appreciate guidance on this as well.

Thanks,
Simon
--

-- 
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
STUN/TURN server               --> http://numb.viagenie.ca

headers

Joel jaeggli | 4 Sep 2011 18:15

Re: FW: Question on draft-ietf-behave-lsn-requirements-03.txt

the way to have a log facility not impact device performance is to move
everything but generation off of the device itself. This is standard
operating procedure today.

The numbers referenced bellow are totally tractable, albiet you may not
like the scale of the infrastructure necessary to support it ~3TB a day
is under 300Mb/s

joel

On 9/1/11 09:54 , Tina TSOU wrote:
>  
> 
>  
> 
> *From:*Tina TSOU
> *Sent:* Wednesday, August 31, 2011 1:24 PM
> *To:* 'Jean-Francois.TremblayING <at> videotron.com'; simon.perreault <at> viagenie.ca
> *Cc:* behave-bounces <at> ietf.org; behave <at> ietf.org
> *Subject:* RE: [BEHAVE] Question on
> draft-ietf-behave-lsn-requirements-03.txt
> 
>  
> 
> Jean-Francois and Simon,
> 
> I think log and data retention is a normal requirement for CGN, and
> little data storage size is desired. The log capacity should not impact
> device performance.
> 
>  
> 
>  
> 
> Best Regards,
> 
> Tina TSOU
> 
> http://tinatsou.weebly.com/contact.html
> 
>  
> 
> *From:*behave-bounces <at> ietf.org [mailto:behave-bounces <at> ietf.org] *On
> Behalf Of *Jean-Francois.TremblayING <at> videotron.com
> *Sent:* Wednesday, August 31, 2011 11:41 AM
> *To:* simon.perreault <at> viagenie.ca
> *Cc:* behave-bounces <at> ietf.org; behave <at> ietf.org
> *Subject:* Re: [BEHAVE] Question on
> draft-ietf-behave-lsn-requirements-03.txt
> 
>  
> 
> 
>>> The rationale here is that in many countries, law enforcement agencies
> mandate
>>> to keep these logs for at least a year, sometimes even longer.
>> Not disagreeing with you, but I fear that this rationale would go
> against RFC2804:
>>
>>   The IETF has decided not to consider requirements for wiretapping as
>>   part of the process for creating and maintaining IETF standards.
>>
>> I feel like it would make a stronger rationale if we focus on other
> advantages
>> of bulk port allocation...
> 
> Good point. The definition of wiretapping in RFC2804 is wide enough that
> logging
> source ports is probably (barely) included in this context.
> 
> Other advantages would be interesting, but I can't see any other reason
> to keep
> logs on the long term besides heating a building with spinning hard drives.
> 
> 
>>> With the numbers you refered
>>> to above (2.7 TB/day), this means nearly 1 Petabyte of storage per
> year *per CGN
>>> device*.
>> That with 1,000,000 bindings/sec, which is a lot. That's 15 IP
> addresses worth
>> of external ports consumed per second. That's a really big NAT!
> 
> Of course, but even if logging is an order of magnitude smaller, this is
> only one
> NAT box in a network presumably using several CGNs. CGN is, by definition,
> a really big NAT. Logging without port ranges remains a non-trivial an
> operational problem.
> 
> /JF
> 
> 
> 
> _______________________________________________
> Behave mailing list
> Behave <at> ietf.org
> https://www.ietf.org/mailman/listinfo/behave

headers

Iljitsch van Beijnum | 6 Sep 2011 15:49

Re: Request to adopt draft-boucadair-behave-bittorrent-address-sharing as WG document

On 1 sep 2011, at 15:45, <mohamed.boucadair <at> orange-ftgroup.com>
<mohamed.boucadair <at> orange-ftgroup.com> wrote:

> http://tools.ietf.org/html/draft-boucadair-behave-bittorrent-address-sharing-00 

> Comments and suggestions are welcome.

Why did you use the address 193.51.145.206 as the shared address rather than an RFC 1918 address? This way
special case logic for address sharing in the application, if any, will probably remain unused. Also,
this address is in the same subnet as the other non-shared peers, which may trigger other special case logic.

Testing with both regular and private addresses would be best.

A lot of text is presented in narrow columns in long, page break spanning tables. Don't do this. I can't stand
to read it.

Considering the fact that the found issue (under one of two possible configuration settings two peers
sharing an address can't connect to a single other peer) is a pretty extreme corner case which doesn't even
preclude eventual successful downloading and the BitTorrent protocol (unless I missed something)
isn't published as an RFC, I don't think this work is in the right place here so it shouldn't be adopted as a WG
document and it shouldn't be published as an RFC. Even if the "belongs here" isn't found persuasive both
the strange test setup and the unfortunate formatting make this document too immature for WG adoption.

53	May 2013
52	April 2013
13	March 2013
5	February 2013
48	January 2013
11	December 2012
7	November 2012
12	October 2012
27	September 2012
12	August 2012
46	July 2012
125	June 2012
33	May 2012
7	April 2012
57	March 2012
11	February 2012
54	January 2012
16	December 2011
135	November 2011
73	October 2011
75	September 2011
97	August 2011
52	July 2011
33	June 2011
82	May 2011
22	April 2011
323	March 2011
75	February 2011
72	January 2011
21	December 2010
57	November 2010
118	October 2010
113	September 2010
49	August 2010
101	July 2010
29	June 2010
53	May 2010
62	April 2010
189	March 2010
159	February 2010
212	January 2010
378	December 2009
181	November 2009
290	October 2009
231	September 2009
250	August 2009
413	July 2009
58	June 2009
122	May 2009
208	April 2009
183	March 2009
112	February 2009
33	January 2009
138	December 2008
623	November 2008
212	October 2008
62	September 2008
87	August 2008
202	July 2008
109	June 2008
183	May 2008
219	April 2008
142	March 2008
116	February 2008
156	January 2008
196	December 2007
71	November 2007
52	October 2007
75	September 2007
79	August 2007
212	July 2007
90	June 2007
75	May 2007
206	April 2007
82	March 2007
78	February 2007
57	January 2007
50	December 2006
45	November 2006
89	October 2006
55	September 2006
35	August 2006
56	July 2006
89	June 2006
156	May 2006
52	April 2006
87	March 2006
12	February 2006
24	January 2006
67	December 2005
19	November 2005
16	October 2005
15	September 2005
14	August 2005
141	July 2005
101	June 2005
116	May 2005
36	April 2005
95	March 2005
108	February 2005
10	January 2005

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30