On 10/02/2017 12:52, Peter van Dijk wrote:
> However, both in ECS, and now in XPF, we do not get client’s port > number. With increasing CGNAT deployment, this makes it impossible to > distinguish clients once a request has passed through a proxy, like > dnsdist or a TLS frontend. > > Can you please consider adding a port number field? I see where you're coming from, but I'm not inclined to add it (yet) for a couple of reasons: 1. CGNAT is evil ;-) 2. If I add this, then folks will want other transport related fields (indeed I already had at least one other person suggest this). Are the server side ACLs etc that need to be able to identify the client so fine grained that they'd really give different treatment to different clients arriving from the same CGN IP address? This is probably something that the WG should consider if (or hopefully when) this becomes a WG item. kind regards, Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
