draft-ietf-intarea-server-logging-recommendations-00.txt   draft-ietf-intarea-server-logging-recommendations-01.txt 
Internet Engineering Task Force A. Durand Internet Engineering Task Force A. Durand
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: BCP I. Gashinsky Intended status: BCP I. Gashinsky
Expires: June 12, 2011 Yahoo! Inc. Expires: July 23, 2011 Yahoo! Inc.
D. Lee D. Lee
Facebook, Inc. Facebook, Inc.
S. Sheppard S. Sheppard
ATT Labs ATT Labs
December 9, 2010 January 19, 2011
Logging recommendations for Internet facing servers Logging recommendations for Internet facing servers
draft-ietf-intarea-server-logging-recommendations-00 draft-ietf-intarea-server-logging-recommendations-01
Abstract Abstract
In the wake of IPv4 exhaustion and deployment of IP address sharing In the wake of IPv4 exhaustion and deployment of IP address sharing
techniques, this document recommends that Internet facing servers log techniques, this document recommends that Internet facing servers log
port number and accurate timestamps in addition to the incoming IP port number and accurate timestamps in addition to the incoming IP
address. address.
Status of this Memo Status of this Memo
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 12, 2011. This Internet-Draft will expire on July 23, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Recommendations . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Recommendations . . . . . . . . . . . . . . . . . . . . . . . . 3
3. ISP Considerations . . . . . . . . . . . . . . . . . . . . . . 4 3. ISP Considerations . . . . . . . . . . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative references . . . . . . . . . . . . . . . . . . . 5 6.1. Normative references . . . . . . . . . . . . . . . . . . . 5
6.2. Informative references . . . . . . . . . . . . . . . . . . 5 6.2. Informative references . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction 1. Introduction
According to the most recent predictions, the global IPv4 address According to the most recent predictions, the global IPv4 address
free pool at IANA will exhaust sometime in 2011. After that, service free pool at IANA will exhaust sometime in 2011. After that, service
providers will have a hard time finding enough IPv4 global addresses providers will have a hard time finding enough IPv4 global addresses
skipping to change at page 4, line 7 skipping to change at page 4, line 7
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
It is RECOMMENDED as best current practice that Internet facing It is RECOMMENDED as best current practice that Internet facing
servers logging incoming IP addresses also log: servers logging incoming IP addresses also log:
o The source port number. o The source port number.
o A timestamp accurate to the second, with associated time zone. o A timestamp, preferably in UTC, accurate to the second, from a
traceable time source (e.g. NTP).
o The transport protocol (usually TCP or UDP) and destination port o The transport protocol (usually TCP or UDP) and destination port
number, when the server application is defined to use multiple number, when the server application is defined to use multiple
transports or multiple ports. transports or multiple ports.
Discussion: Carrier-grade NATs may have different policies to recycle Discussion: Carrier-grade NATs may have different policies to recycle
ports, some implementations may decide to reuse ports almost ports, some implementations may decide to reuse ports almost
immediately, some may wait several minutes before marking the port immediately, some may wait several minutes before marking the port
ready for reuse. As a result, servers have no idea how fast the ready for reuse. As a result, servers have no idea how fast the
ports will be reused and, thus, should log timestamps using a ports will be reused and, thus, should log timestamps using a
reasonably accurate clock. At this point the RECOMMENDED accuracy reasonably accurate clock. At this point the RECOMMENDED accuracy
for timestamps is to the second or better. for timestamps is to the second or better. Representation of
timestamps in UTC is preffered to localtime with UTC-offset or time
zone as this extra information can be lost in the reporting chain.
Examples of Internet facing servers include, but are not limited to, Examples of Internet facing servers include, but are not limited to,
web servers and email servers. web servers and email servers.
Although the deployment of address sharing techniques is not Although the deployment of address sharing techniques is not
immediately foreseen in IPv6, the above recommendations apply to both immediately foreseen in IPv6, the above recommendations apply to both
IPv4 and IPv6, if only for consistency and code simplification IPv4 and IPv6, if only for consistency and code simplification
reasons. reasons.
Discussions about data retention policies are out of scope for this Discussions about data retention policies are out of scope for this
document. document.
The above recommendation also applies to devices such as load-
balancers logging incoming connections on behalf of actual servers.
3. ISP Considerations 3. ISP Considerations
ISP deploying IP address sharing techniques should also deploy a ISP deploying IP address sharing techniques should also deploy a
corresponding logging architecture to maintain records of the corresponding logging architecture to maintain records of the
relation between customers identity and IP/port resources they relation between customers identity and IP/port resources they
utilize. However, recommendation on this topic are out of scope for utilize. However, recommendation on this topic are out of scope for
this document. this document.
4. IANA Considerations 4. IANA Considerations
skipping to change at page 5, line 37 skipping to change at page 6, line 4
Email: adurand@juniper.net Email: adurand@juniper.net
Igor Gashinsky Igor Gashinsky
Yahoo! Inc. Yahoo! Inc.
45 West 18th St. 45 West 18th St.
New York, NY 10011 New York, NY 10011
USA USA
Email: igor@yahoo-inc.com Email: igor@yahoo-inc.com
Donn Lee Donn Lee
Facebook, Inc. Facebook, Inc.
1601 S. California Ave. 1601 S. California Ave.
Palo Alto, CA 94304 Palo Alto, CA 94304
USA USA
Email: donn@facebook.com Email: donn@fb.com
Scott Sheppard Scott Sheppard
ATT Labs ATT Labs
575 Morosgo Ave, 4d57 575 Morosgo Ave, 4d57
Atlanta, GA 30324 Atlanta, GA 30324
USA USA
Email: Scott.Sheppard@att.com Email: Scott.Sheppard@att.com
 End of changes. 11 change blocks. 
10 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/