Dear all, This is a late comment but I think it is worth raising it. This I-D recommends to log the source port number for internet-facing servers. But due to the presence of load-balancers in the path, the "original" source port may be lost. The source port number that will be passed to the target server may not be accurate and hence does not meet the initial requirement. Of course, the same issue applies for the source IP address. The only difference is that there are tool to convey the source IP address in application headers for instance. There is nothing equivalent at the IP/transport/application level for the source port. You don't think it would be valuable to record the issue in the draft? FWIW, below a text describing this issue. " 2.1. Preserve Source Port Number In order to implement the recommendation documented in [I-D.ietf-intarea-server-logging-recommendations], extensions are required to preserve the source port number and to avoid this information to be lost when load-balancers are involved in the path. Examples of mitigation solutions are provided below: 1. Extend XFF to convey the port in addition to the IP address 2. Define a header similar to XFF to convey the source port 3. Extend the TCP Option to convey the source port 4. Enable the Proxy Protocol [Proxy]." Cheers, Med -----Message d'origine----- De : int-area-bounces@xxxxxxxx [mailto:int-area-bounces@xxxxxxxx] De la part de The IESG Envoyé : vendredi 25 février 2011 16:04 À : IETF-Announce Cc : int-area@xxxxxxxx Objet : [Int-area] Last Call: <draft-ietf-intarea-server-logging-recommendations-02.txt> (Logging recommendations for Internet facing servers) to BCP The IESG has received a request from the Internet Area Working Group WG (intarea) to consider the following document: - 'Logging recommendations for Internet facing servers' <draft-ietf-intarea-server-logging-recommendations-02.txt> as a BCP The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@xxxxxxxx mailing lists by 2011-03-11. Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of the Subject line to allow automated sorting. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ Int-area mailing list Int-area@xxxxxxxx https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf