On 5/4/15, 10:29 AM, "JF Tremblay" <[email protected]> wrote:
>Inline. > >> On May 3, 2015, at 9:36 AM, GangChen <[email protected]> wrote: >> >> Thank you for the comments. I'd seen it's great useful to improve the >> draft quality. >> Please see my reply inline. >> >> 2015-05-02 4:36 GMT+08:00, JF Tremblay >><[email protected]>: >> >>> 2.4.1 "The storage of log information may pose a challenge to >>>operators, >>> since it requires additional resources and data inspection processes to >>> identify users." >>> The data inspection remark here does not make sense. The NAT might >>>correlate >>> source addresses to user information if it has it available, but it >>>won¹t >>> inspect. The NAT does not store either. >> >> the issue is a NAT may don't know what source address should be >>correlated. >> Therefore, the NAT have to store entire information preparing the >>searching. >> For your information, the NAT should store at least three-months log >> in our networks. > >In my opinion: >- NATs do not / should not store logs. This is done by an external server >(syslog or other). True; the operators of NATs store logs. >- NATs do not correlate source addresses to users, unless it already has >that information available. This can be done offline by a server with >much more ressources. Also true. As guidance to the operator of a NAT, though, this is useful guidance. Lee > > >/JF _______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
