Please see inline.
De : Francis(_dot_)Dupont(_at_)fdupont(_dot_)fr
Envoyé : jeudi 17 mars 2011 16:41
À : BOUCADAIR Mohamed OLNC/NAD/TIP
Cc : ietf(_at_)ietf(_dot_)org; IETF-Announce; int-area(_at_)ietf(_dot_)org
Objet : Re: [Int-area] Last Call:
recommendations for Internet facing servers) to BCP
In your previous mail you wrote:
This is a late comment but I think it is worth raising it.
=> as the gen-art reviewer of the document I'd like to
understand the comment.
Med: To understand the issue, I recommend you the following reading:
This I-D recommends to log the source port number for
internet-facing servers. But due to the presence of load-balancers
in the path, the "original" source port may be lost. The source
port number that will be passed to the target server may not be
accurate and hence does not meet the initial requirment.
=> where are these load-balancers and as they perform a NAT function
why they don't log mappings they create? Or if they are placed in
front of servers why they are not integrated in the logging system?
Med: You can make a quick search on the XFF practices in load-balances/proxies
to see how it is used for logging purposes.
Ietf mailing list