Hi Rajiv, Please check RFC6888 which says the following:
REQ-12: A CGN SHOULD NOT log destination addresses or ports unless required to do so for administrative reasons. Cheers, Med De : Softwires [mailto:softwires-boun...@ietf.org] De la part de Rajiv Asati (rajiva) Envoyé : jeudi 3 mai 2018 23:50 À : Softwires-wg list; int-area@ietf.org Cc : ramesh.r.chan...@ril.com Objet : [Softwires] ISP CGN logging inc. Destination ?? Is there an RFC (besides 6269) that encourages / discourages CGN logging of destination IP+Port if source IP+port is already logged? RFC6269 does mention the below, as compared to the server side logging of source IP+port - // logging the destination address on the NAT is inferior to logging the source port at the server. https://tools.ietf.org/html/rfc6269 // (BTW, having both source+destination in the NAT log implicitly means no bulk allocation of source ports possible) Separately, this prohibits using stateless NAT based solutions such as MAP or using deterministic NAT, since there is no logging in such solutions. If such a guideline was also mandated for native IPv6, then it would pose an interesting deployment issue. -- Cheers, Rajiv Asati Distinguished Engineer, Cisco PS: Few may be aware of Govt. of India’s mandate* to log both source and destination IP+port pair. Click on “Parameter to be stored in SYS Log of Network Address Translation (NAT) for Internet Access” on this page - https://www.corestack.io/blog/the-log-mandate-enabling-indian-isps-to-adhere-to-dot-compliance-rules/ PS: https://tools.ietf.org/html/rfc6302 https://tools.ietf.org/html/rfc7422 Session and service continuity
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area