Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
Gábor LENCSE <lencse@hit.bme.hu> Sun, 25 July 2021 12:17 UTC
Return-Path: <lencse@hit.bme.hu>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD9B3A27D4 for <bmwg@ietfa.amsl.com>; Sun, 25 Jul 2021 05:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQQrtowTPdd2 for <bmwg@ietfa.amsl.com>; Sun, 25 Jul 2021 05:17:29 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80BB03A27D2 for <bmwg@ietf.org>; Sun, 25 Jul 2021 05:17:28 -0700 (PDT)
Received: from [192.168.1.146] (host-79-121-43-67.kabelnet.hu [79.121.43.67]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id 16PCHDiu061739 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <bmwg@ietf.org>; Sun, 25 Jul 2021 14:17:18 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-43-67.kabelnet.hu [79.121.43.67] claimed to be [192.168.1.146]
To: bmwg@ietf.org
References: <413e779fd7eb4dd4b3aa8473c171e282@att.com> <047501d745bb$e22f4ab0$a68de010$@netsecopen.org> <7dc6b282-7f41-bf7c-f09c-65e7ce94b674@hit.bme.hu> <048801d745be$31424b50$93c6e1f0$@netsecopen.org> <84196d5ce7474f9196ab000be64c49fd@att.com> <02629ACE-FDA4-4ACF-9459-825521596B83@encrypted.net> <001201d75266$05979140$10c6b3c0$@netsecopen.org> <059e01d75f7d$a62a4de0$f27ee9a0$@netsecopen.org> <009b01d76c46$8063e5a0$812bb0e0$@netsecopen.org> <770F93CB-A8CC-4420-8C1B-CB7B7A2289FB@encrypted.net> <021f01d77356$7e19a2f0$7a4ce8d0$@netsecopen.org> <D1ED6898-D8C3-4C56-A3D3-221DD16B7300@encrypted.net> <004701d777f5$94844bf0$bd8ce3d0$@netsecopen.org> <SJ0PR02MB7853CAF5D40CBAFA6C3B4154D3149@SJ0PR02MB7853.namprd02.prod.outlook.com> <005201d777fa$2133a100$639ae300$@netsecopen.org> <4e51a7d5-8c59-a4fc-6c65-457ee7655c74@eantc.de> <A0A5D9D5-1D3E-439F-9009-C977BC5EA389@encrypted.net> <00de01d7780e$d2351b50$769f51f0$@netsecopen.org> <43E13361-D7EE-4882-BCF2-6FBAEA0AAE84@encrypted.net>
From: Gábor LENCSE <lencse@hit.bme.hu>
Message-ID: <5ac429ff-e952-8c36-bed2-bf98b8057c76@hit.bme.hu>
Date: Sun, 25 Jul 2021 14:17:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <43E13361-D7EE-4882-BCF2-6FBAEA0AAE84@encrypted.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.103.2 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.43.67; helo=[192.168.1.146]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/BjbTs_1p_H-N2Q_Z3JoMLNKexE4>
Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 12:17:35 -0000
Dear Sarah, Please see my comments and suggestions in-line. 2021.07.16. 20:09 keltezéssel, Sarah Banks írta: [...] > > SB// I support the draft as a draft that covers benchmarks that cover > specifically NGFW and NGIPS, provided the scope is not open ended to > cover the undefined "NG*" and future devices that we haven't invented > yet. :) > First of all, let me admit, that when I read the draft, I was not so careful as you. I have silently accepted the implicit definition of "next-generation firewall", and did not check what the term was used for. Now, I tried to find a formal definition, but I was not really successful. What I found: https://en.wikipedia.org/wiki/Next-generation_firewall As I teach my students not to use Wikipedia as a reference (e.g. because it is not a stable document), but rather read its sources, I tried to do the same. For example, its first source is: https://www.esecurityplanet.com/products/intro-to-next-generation-firewalls/ It seems to me that the definition of NGFW is rather informal, especially from the following paragraph: "These application-aware firewalls are commonly cited as a next-generation firewall (NGFW) but they are, basically, a form of a unified threat management (UTM) solution. However, the term UTM is usually applied to products that lack the true application-awareness and are targeted towards the SMB market. UTM products usually offer additional functions over traditional firewalls, such as antivirus, antispam, or even intrusion prevention systems (IPS)." As an academic, I really appreciate your earlier suggestion that the draft should contain a definition of the term NGFW, however, as this term seems to be rather loosely defined, perhaps the Authors could include a sentence describing the situation. E.g. something like: Next-generation firewall (NGFW): This term is widely used for the modern, state-of-the-art technology firewalls (as of 2021) that can do application-level traffic inspection including several, sometimes optional features. (Perhaps a few of them could be listed here.) I just intended it a sample, what I want to suggest is that the daft should say something about what the term is used for, but admitting that it is not a formal definition. What do you think of it? As for your concerns about the technologies yet to be invented, my past experience suggests that new technologies are likely to be invented and they will likely make the draft obsolete. Or at least it should be updated. (In the same way as with RFC 2544, RFC 5180, RFC 8219.) The above definition (or something similar) could make it clear that we do not believe to define a benchmarking methodology for the eternity. :-) Best regards, Gábor
- [bmwg] FW: WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- [bmwg] Second part -- Re: FW: WGLC on New version… Gabor LENCSE
- Re: [bmwg] Second part -- Re: FW: WGLC on New ver… bmonkman
- [bmwg] Sequential vs. random -- Re: FW: WGLC on N… Gábor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] Sequential vs. random -- Re: FW: WGLC … bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE