Re: [bmwg] Several inconsistencies in current draft-ietf-bmwg-ngfw-performance

bmonkman@netsecopen.org Wed, 07 April 2021 15:21 UTC

Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CCFE3A1CFB for <bmwg@ietfa.amsl.com>; Wed, 7 Apr 2021 08:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FM5YCygw4Zj2 for <bmwg@ietfa.amsl.com>; Wed, 7 Apr 2021 08:21:55 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA8E03A1E56 for <bmwg@ietf.org>; Wed, 7 Apr 2021 08:21:37 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id f12so9445945qtf.2 for <bmwg@ietf.org>; Wed, 07 Apr 2021 08:21:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20150623.gappssmtp.com; s=20150623; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :thread-index:content-language; bh=UhBcXG79GFO7ZE7qABoxdx16yGwIndsN0rhn2IpQg7Y=; b=Cq5LoX+WxnYveshIQnoVgwdX2p5+td7kcam6zako9scmW/ks4wa3wVA9noZwnmWZUR BUR/8GPEIhDzWDppawSktakZbbbTfYsEOj0IYHwmpqB5gqB3OCQjIsF33YQTa42mYpyk WuoZiz4jKCupwSAySW7PNRhMS5pkqtY1tR23zcowH1XWslhT29xxTgilRj3IktZ9Ycbh klwvnqn/d1mfM1xyEDKjCsx1JAzY8r/kw+meiV0w1BEYK7+XzAEpqjWtlDmOXpZN5bcM CqdqgyOEhiBbB2gXw5yLfZPZ9gTI13cPqqnpgLFnJbVkUh1LovOa0NsVJQsyYq5ixIjd NGtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=UhBcXG79GFO7ZE7qABoxdx16yGwIndsN0rhn2IpQg7Y=; b=V42JDxGKS0evxAHbLs5iz1oampIjBJlJDuU+/yBSirMCvkFXEMZBKc1i64d0XuTIB/ Tusbb1vwmrYEZ/ld6KFf05UHNy+qA0/Fe6UW60Q4h4CLe9LGwmYiuyoA2rLxiUiATKJR KxY9lHaCdIGut59ex9t/YK8VMK+EKvFOcSaGT6ppUIzKnVDEqGPbOA0m2ukmM3GBw54v YjgpUV+tIIWEED0kPh/7Zk3SBVVQ5zIokr55nh8zlQUPri5sQLyOcHuBc4tcW4iCVJ93 VMn4vl2sghifeynlMfztEXJ888I1IBHki21ASHk2yE38CBqMcAQ7ZO2d06ku5/f2XbfK YD5g==
X-Gm-Message-State: AOAM531YMPkRcC6TBXxhuVgxLuDaCBksdZmISCooG2GU2UP3o+4F9Owu uG/u3c3+JihyTZbwkmNXPy8+Fdt2pJ6hcA==
X-Google-Smtp-Source: ABdhPJxoWw6qG+F7t9ir921Bl20CnN9q8DC5sXB9CyLSu8bukQ8yH+CApgzonZSvdcZjcbD/gY+CdA==
X-Received: by 2002:aed:31e2:: with SMTP id 89mr3246132qth.19.1617808895681; Wed, 07 Apr 2021 08:21:35 -0700 (PDT)
Received: from DESKTOP42TMNEU ([2601:986:8001:d660:858c:5aa0:bd41:536d]) by smtp.gmail.com with ESMTPSA id c5sm18421555qkl.21.2021.04.07.08.21.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Apr 2021 08:21:35 -0700 (PDT)
From: bmonkman@netsecopen.org
To: 'Redkin Petr' <Petr.Redkin=40infotecs.ru@dmarc.ietf.org>, bmwg@ietf.org
References: <ba3c7a76fccd4875bb5b432550293bf6@infotecs.ru>
In-Reply-To: <ba3c7a76fccd4875bb5b432550293bf6@infotecs.ru>
Date: Wed, 07 Apr 2021 11:21:34 -0400
Message-ID: <00e901d72bc1$b2348d70$169da850$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00EA_01D72BA0.2B23B0C0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKBv6dX8qJpWcUn31IK2H1NzaBMYqlUA84A
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/EgHSjYTV6sP3_4wTaAimOPQX_gw>
Subject: Re: [bmwg] Several inconsistencies in current draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 15:22:04 -0000

Thanks for your feedback Petr. It is appreciated. We will look at these and
let you know if we have any questions.

 

Brian

 

From: bmwg <bmwg-bounces@ietf.org> On Behalf Of Redkin Petr
Sent: Wednesday, April 7, 2021 7:01 AM
To: bmwg@ietf.org
Subject: [bmwg] Several inconsistencies in current
draft-ietf-bmwg-ngfw-performance

 

Hello,

 

Please, pay attention at several inconsistencies in current netsecopen draft
(saw in 6-7 versions).

1.	TLS SNI

a.	in part of the document SNI is mandatory

The client endpoint SHOULD send TLS Extension Server Name Indication (SNI)
information when opening a security tunnel

b.	in part of the document SNI is optional

For TLS the client MAY use Server Name Indication (SNI).

If using SNI, the server will then perform an SNI name check with the
proposed FQDN compared to the domain embedded in the certificate.

2.	New connections in sustain phase

a.	From this sentence engineer may assume, that no new connections are
established in sustain phase because all clients & connections (it is
different concepts) must be established at a ramp up

Sustain phase starts when all required clients (connections) are active and
operating at their desired load condition.

b.	But it is not, otherwise we cannot measure CPS metric in sustain
phase, for example in traffic mix test

Optional KPIs: TCP Connections Per Second and TLS Handshake Rate

3.	Client source port

a.	In part of the document source port is variable in range and varies
per client connection

The source port range SHOULD be in the range of 1024 - 65535. 

The behavior of the client is to sweep through the given server IP space,
sequentially generating a recognizable service by the DUT.  Thus, a
balanced, mesh between client endpoints and server endpoints will be
generated in a client port server port combination.

b.	But it is not clear from this sentence

Each client endpoint performs the same actions as other endpoints, with the
difference being the source IP of the client endpoint and the target server
IP pool.

 

 

Best Regards, 

Petr Redkin

  

Performance research expert, 

JSC "InfoTeCS"