Re: [bmwg] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
"MORTON, ALFRED C (AL)" <acmorton@att.com> Sat, 27 January 2018 00:27 UTC
Return-Path: <acmorton@att.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940CE12D777; Fri, 26 Jan 2018 16:27:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yt9xH44WrdOa; Fri, 26 Jan 2018 16:27:13 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54B8012DA4B; Fri, 26 Jan 2018 16:27:13 -0800 (PST)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.21/8.16.0.21) with SMTP id w0QLkreT035417; Fri, 26 Jan 2018 16:55:39 -0500
Received: from tlpd255.enaf.dadc.sbc.com (sbcsmtp3.sbc.com [144.160.112.28]) by m0049459.ppops.net-00191d01. with ESMTP id 2fr9wvbt9v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 26 Jan 2018 16:55:38 -0500
Received: from enaf.dadc.sbc.com (localhost [127.0.0.1]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id w0QLtZEu122459; Fri, 26 Jan 2018 15:55:37 -0600
Received: from dalint01.pst.cso.att.com (dalint01.pst.cso.att.com [135.31.133.159]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id w0QLtVn3122451 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 26 Jan 2018 15:55:32 -0600
Received: from zlp30494.vci.att.com (zlp30494.vci.att.com [135.46.181.159]) by dalint01.pst.cso.att.com (RSA Interceptor); Fri, 26 Jan 2018 21:55:10 GMT
Received: from zlp30494.vci.att.com (zlp30494.vci.att.com [127.0.0.1]) by zlp30494.vci.att.com (Service) with ESMTP id 0D6214000483; Fri, 26 Jan 2018 21:55:10 +0000 (GMT)
Received: from clpi183.sldc.sbc.com (unknown [135.41.1.46]) by zlp30494.vci.att.com (Service) with ESMTP id DC0E04000484; Fri, 26 Jan 2018 21:55:09 +0000 (GMT)
Received: from sldc.sbc.com (localhost [127.0.0.1]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id w0QLt9cK017896; Fri, 26 Jan 2018 15:55:09 -0600
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.178.11]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id w0QLt2h2017251; Fri, 26 Jan 2018 15:55:02 -0600
Received: from exchange.research.att.com (njmtcas2.research.att.com [135.207.255.47]) by mail-blue.research.att.com (Postfix) with ESMTP id 8271BF09F6; Fri, 26 Jan 2018 16:55:01 -0500 (EST)
Received: from njmtexg5.research.att.com ([fe80::b09c:ff13:4487:78b6]) by njmtcas2.research.att.com ([fe80::d550:ec84:f872:cad9%15]) with mapi id 14.03.0361.001; Fri, 26 Jan 2018 16:55:01 -0500
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: Russ Housley <housley@vigilsec.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "ietf@ietf.org" <ietf@ietf.org>, "bmwg@ietf.org" <bmwg@ietf.org>, "draft-ietf-bmwg-sdn-controller-benchmark-meth.all@ietf.org" <draft-ietf-bmwg-sdn-controller-benchmark-meth.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
Thread-Index: AQHTluk+i8SJhlZobkC/vLRUYprn5qOGrsZg
Date: Fri, 26 Jan 2018 21:55:00 +0000
Message-ID: <4D7F4AD313D3FC43A053B309F97543CF490A6DC9@njmtexg5.research.att.com>
References: <151700065585.4373.15947979044552046715@ietfa.amsl.com>
In-Reply-To: <151700065585.4373.15947979044552046715@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [69.141.203.172]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-26_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801260285
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/35kmSaoecILFkCHX-g1ToMU9sQY>
Subject: Re: [bmwg] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jan 2018 00:27:16 -0000
Hi Russ, > Major Concerns > > The tests cover encrypted and unencrypted communications, but nothing > is said about the key management. I recognize that the tests will be > conducted in the lab, but it would be desirable for the key management > to exercise the same interfaces that will be used in a production > setting. Encrypted connections with network devices are mentioned in general, primarily in Section 4.4, as a possibility that may be tested: https://tools.ietf.org/html/draft-ietf-bmwg-sdn-controller-benchmark-meth-07#section-4.4 It will help if we can iterate on text to satisfy your comment, such as adding: 4.4. Connection Setup There may be controller implementations that support unencrypted and encrypted network connections with Network Devices. Further, the controller may have backward compatibility with Network Devices running older versions of southbound protocols. It may be useful to measure the controller performance with one or more applicable connection setup methods defined below. ADD For cases with encrypted communications between the controller and the switch, key management and key exchange MUST take place before any performance or benchmark measurements. just trying to clarify what you want to see added, Al doc shepherd > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: Friday, January 26, 2018 4:04 PM > To: secdir@ietf.org > Cc: ietf@ietf.org; bmwg@ietf.org; draft-ietf-bmwg-sdn-controller- > benchmark-meth.all@ietf.org > Subject: Secdir last call review of draft-ietf-bmwg-sdn-controller- > benchmark-meth-07 > > Reviewer: Russ Housley > Review result: Has Issues > > I reviewed this document as part of the Security Directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Security Area > Directors. Document authors, document editors, and WG chairs should > treat these comments just like any other IETF Last Call comments. > > Document: draft-ietf-bmwg-sdn-controller-benchmark-meth-05 > Reviewer: Russ Housley > Review Date: 2018-01-26 > IETF LC End Date: 2018-02-02 > IESG Telechat date: Unknown > > Summary: Has (Minor) Issues > > Major Concerns > > The tests cover encrypted and unencrypted communications, but nothing > is said about the key management. I recognize that the tests will be > conducted in the lab, but it would be desirable for the key management > to exercise the same interfaces that will be used in a production > setting. > > > Minor Concerns > > Section 1: Please update the first paragraph to reference RFC 8174 > in addition to RFC 2119, as follows: > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in BCP > 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > RFC 2119 is missing from the normative references. If you accept the > above suggestion, RFC 8174 needs to be added as well. > > > Nits > > The term "SDN Controller" is not defined in the companion terminology > document, and a definition does not emerge in this document until > Section 2, where it says: > > ... the SDN controller is a function that manages and > controls Network Devices. ... > > I recognize that this is very basic, but it also seems like very > important information for the Introduction. > > Similarly, please explain the difference between a "cluster of > homogeneous controllers" and a "federation of controllers." > > The indenting in the document shifts in Section 5. Some lines > other than Section headers are flush with the left margin. >
- [bmwg] Secdir last call review of draft-ietf-bmwg… Russ Housley
- Re: [bmwg] Secdir last call review of draft-ietf-… MORTON, ALFRED C (AL)
- Re: [bmwg] Secdir last call review of draft-ietf-… bhuvaneswaran.vengainathan