[AusNOG] Data retention definitions

Matt Palmer mpalmer at hezmatt.org
Wed Aug 27 20:10:13 EST 2014


On Wed, Aug 27, 2014 at 07:53:29PM +1000, David Beveridge wrote:
> On Wed, Aug 27, 2014 at 6:50 PM, Lindsay Hill <lindsay.k.hill at gmail.com>
> wrote:
> 
> > "If one is required to keep NAT presumably they need to store source and
> > destination IP addresses. The paper contradicts itself on that point no?"
> >
> > No - you can just keep source  (internal) IP, and the public IP/port it
> > was translated to, at a specific time. There's a couple of different ways
> > of configuring this logging on current CGN platforms.
> >
> >
> > The way I read it, only the IP and MAC addresses (network identifiers)
> need to be stored not port numbers.
> Section 3a states that session logging is not required.
> so my understanding is that you can just record this...
> MAC bla was assigned private IP foo behind public IP bar from t1 to t2.

CGN shares gateway IPs between multiple subscribers -- otherwise there'd be
no point running it (unless you'd like to go back to the dialup days of
timesharing IPs...)

If you don't have a source port mapping (and a source port in the data
request), you can't map to a single customer.  At best, you hand 'em a list
of 1,000 customers or so and say "go for your lives, guys".  Since TCP/UDP
work on a 4-tuple, you can get even better utilisation out of your scarce
IPs by reusing source ports between connections from different customers to
different places, hence the request (and your logging) will need to include
the entire 4-tuple to identify a customer.  Suddenly, you've got all the
data the AG wants...

- Matt

-- 
If only more employers realized that people join companies, but leave
bosses. A boss should be an insulator, not a conductor or an amplifier.
		-- Geoff Kinnel, in the Monastery



More information about the AusNOG mailing list