IETF Logo Mail Archive

Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance

Gábor LENCSE <lencse@hit.bme.hu> Sun, 25 July 2021 12:17 UTC

Return-Path: <lencse@hit.bme.hu>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD9B3A27D4 for <bmwg@ietfa.amsl.com>; Sun, 25 Jul 2021 05:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQQrtowTPdd2 for <bmwg@ietfa.amsl.com>; Sun, 25 Jul 2021 05:17:29 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80BB03A27D2 for <bmwg@ietf.org>; Sun, 25 Jul 2021 05:17:28 -0700 (PDT)
Received: from [192.168.1.146] (host-79-121-43-67.kabelnet.hu [79.121.43.67]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id 16PCHDiu061739 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <bmwg@ietf.org>; Sun, 25 Jul 2021 14:17:18 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-43-67.kabelnet.hu [79.121.43.67] claimed to be [192.168.1.146]
To: bmwg@ietf.org
References: <413e779fd7eb4dd4b3aa8473c171e282@att.com> <047501d745bb$e22f4ab0$a68de010$@netsecopen.org> <7dc6b282-7f41-bf7c-f09c-65e7ce94b674@hit.bme.hu> <048801d745be$31424b50$93c6e1f0$@netsecopen.org> <84196d5ce7474f9196ab000be64c49fd@att.com> <02629ACE-FDA4-4ACF-9459-825521596B83@encrypted.net> <001201d75266$05979140$10c6b3c0$@netsecopen.org> <059e01d75f7d$a62a4de0$f27ee9a0$@netsecopen.org> <009b01d76c46$8063e5a0$812bb0e0$@netsecopen.org> <770F93CB-A8CC-4420-8C1B-CB7B7A2289FB@encrypted.net> <021f01d77356$7e19a2f0$7a4ce8d0$@netsecopen.org> <D1ED6898-D8C3-4C56-A3D3-221DD16B7300@encrypted.net> <004701d777f5$94844bf0$bd8ce3d0$@netsecopen.org> <SJ0PR02MB7853CAF5D40CBAFA6C3B4154D3149@SJ0PR02MB7853.namprd02.prod.outlook.com> <005201d777fa$2133a100$639ae300$@netsecopen.org> <4e51a7d5-8c59-a4fc-6c65-457ee7655c74@eantc.de> <A0A5D9D5-1D3E-439F-9009-C977BC5EA389@encrypted.net> <00de01d7780e$d2351b50$769f51f0$@netsecopen.org> <43E13361-D7EE-4882-BCF2-6FBAEA0AAE84@encrypted.net>
From: Gábor LENCSE <lencse@hit.bme.hu>
Message-ID: <5ac429ff-e952-8c36-bed2-bf98b8057c76@hit.bme.hu>
Date: Sun, 25 Jul 2021 14:17:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <43E13361-D7EE-4882-BCF2-6FBAEA0AAE84@encrypted.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.103.2 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.43.67; helo=[192.168.1.146]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/BjbTs_1p_H-N2Q_Z3JoMLNKexE4>
Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 12:17:35 -0000

Dear Sarah,

Please see my comments and suggestions in-line.

2021.07.16. 20:09 keltezéssel, Sarah Banks írta:
[...]
>
> SB// I support the draft as a draft that covers benchmarks that cover 
> specifically NGFW and NGIPS, provided the scope is not open ended to 
> cover the undefined "NG*" and future devices that we haven't invented 
> yet. :)
>

First of all, let me admit, that when I read the draft, I was not so 
careful as you. I have silently accepted the implicit definition of 
"next-generation firewall", and did not check what the term was used 
for. Now, I tried to find a formal definition, but I was not really 
successful.

What I found: https://en.wikipedia.org/wiki/Next-generation_firewall

As I teach my students not to use Wikipedia as a reference (e.g. because 
it is not a stable document), but rather read its sources, I tried to do 
the same.

For example, its first source is: 
https://www.esecurityplanet.com/products/intro-to-next-generation-firewalls/

It seems to me that the definition of NGFW is rather informal, 
especially from the following paragraph:

"These application-aware firewalls are commonly cited as a 
next-generation firewall (NGFW) but they are, basically, a form of a 
unified threat management (UTM) solution. However, the term UTM is 
usually applied to products that lack the true application-awareness and 
are targeted towards the SMB market. UTM products usually offer 
additional functions over traditional firewalls, such as antivirus, 
antispam, or even intrusion prevention systems (IPS)."

As an academic, I really appreciate your earlier suggestion that the 
draft should contain a definition of the term NGFW, however, as this 
term seems to be rather loosely defined, perhaps the Authors could 
include a sentence describing the situation. E.g. something like:

Next-generation firewall (NGFW): This term is widely used for the 
modern, state-of-the-art technology firewalls (as of 2021) that can do 
application-level traffic inspection including several, sometimes 
optional features. (Perhaps a few of them could be listed here.)

I just intended it a sample, what I want to suggest is that the daft 
should say something about what the term is used for, but admitting that 
it is not a formal definition.

What do you think of it?

As for your concerns about the technologies yet to be invented, my past 
experience suggests that new technologies are likely to be invented and 
they will likely make the draft obsolete. Or at least it should be 
updated. (In the same way as with RFC 2544, RFC 5180, RFC 8219.) The 
above definition (or something similar) could make it clear that we do 
not believe to define a benchmarking methodology for the eternity. :-)

Best regards,

Gábor

v2.23.0 | Report a Bug | By Email