Hi Rajiv,
Please check RFC6888 which says the following:
REQ-12: A CGN SHOULD NOT log destination addresses or ports unless
required to do so for administrative reasons.
Cheers,
Med
De : Softwires [mailto:[email protected]] De la part de Rajiv Asati
(rajiva)
Envoyé : jeudi 3 mai 2018 23:50
À : Softwires-wg list; [email protected]
Cc : [email protected]
Objet : [Softwires] ISP CGN logging inc. Destination ??
Is there an RFC (besides 6269) that encourages / discourages CGN logging of
destination IP+Port if source IP+port is already logged?
RFC6269 does mention the below, as compared to the server side logging of
source IP+port -
// logging the destination address on the NAT is inferior
to logging the source port at the server.
https://tools.ietf.org/html/rfc6269
//
(BTW, having both source+destination in the NAT log implicitly means no bulk
allocation of source ports possible)
Separately, this prohibits using stateless NAT based solutions such as MAP or
using deterministic NAT, since there is no logging in such solutions. If such a
guideline was also mandated for native IPv6, then it would pose an interesting
deployment issue.
--
Cheers,
Rajiv Asati
Distinguished Engineer, Cisco
PS: Few may be aware of Govt. of India’s mandate* to log both source and
destination IP+port pair.
Click on “Parameter to be stored in SYS Log of Network Address Translation
(NAT) for Internet Access” on this page -
https://www.corestack.io/blog/the-log-mandate-enabling-indian-isps-to-adhere-to-dot-compliance-rules/
PS:
https://tools.ietf.org/html/rfc6302
https://tools.ietf.org/html/rfc7422
Session and service continuity
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
