[bmwg] Review and action items from NGFW draft discussion
bmonkman@netsecopen.org Mon, 02 August 2021 17:55 UTC
Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AEC53A1274 for <bmwg@ietfa.amsl.com>; Mon, 2 Aug 2021 10:55:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COrM6Ojoa73i for <bmwg@ietfa.amsl.com>; Mon, 2 Aug 2021 10:54:59 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C0693A1297 for <bmwg@ietf.org>; Mon, 2 Aug 2021 10:54:59 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id b1so12272943qtx.0 for <bmwg@ietf.org>; Mon, 02 Aug 2021 10:54:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version:thread-index :content-language; bh=Z3PS7MRI1q90bahl3esHi7H97bXH4gcEadUK/qZo/2E=; b=QFKNhNKSuhw9cy3syszssmKa+o4Y44dJ61jn8X/pzT9SvHNsWaP02KqzFYucIoFI6/ zpEmFKE3fi7ztnsZYd10Of5sSLDGCvfxXfJB0PJYiRlI1wEs1QNkL+faf7stmcsNs2Ea bRg6LvAOdq0KbyFG4tJwCA0XLqPLmde5wCj+iF0UxT0qiTKU1sV19wj8Lnda1fGlatug 5up71DMJLLQT3pPLgMX0G7SDHGyXCsKx14rJWrarldVh8tunBrWfNe/PGK+BqUi4/0Qs YXhHptoCDqnU7Gp/gU2S7AdmgIhw4Tx5UMX+qN3w3CDfUD9AAMkfai6DBLv59wooUnz3 ZfTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :thread-index:content-language; bh=Z3PS7MRI1q90bahl3esHi7H97bXH4gcEadUK/qZo/2E=; b=c6lWgjP+d+4jmsOAxKJeO+lE8QNIPnszKDymvdXRPDNdez4x6BA7VsxT4w3k4oM2fi bePys2Fy5JfxWmJLI9n7pxp2unD72UkqniWl/aHEPDdrFz+Srs5Te7sK4KA8htUy46LW jUN9j/xKDqhXGJHl7EL8820ZYqNQnuTKB//dKdghyBI1K2qJv2hnknT7eaJcnOxtJDOT Sj1Vqd1gHeHOx8zZfs9PLzWRsendhuCNnccYaKYI4gld6ysZYBqYJDaU8/jYbm5OWeXO FiDB/g8+r0BMSAvN/jLkbI4krl3AIGclYZdB6FT+7uHCOzJbld7YbO1ESXot/Uun5wKa MyUQ==
X-Gm-Message-State: AOAM532rmD4PrfwbNYcUNnTg1aUB28VOuKtPf/mlE4AAQSBt4ZBuSJyT /XQvb+tOc62aCQxmjK90ZuF1SA==
X-Google-Smtp-Source: ABdhPJx6Rij4LsBdJ6CF/tJ/0gAJH8zb7nsb02RouKJBBl+h2PEwjA2RJituuqT9IxOio2Yxj8RFtA==
X-Received: by 2002:ac8:548a:: with SMTP id h10mr14846181qtq.89.1627926896733; Mon, 02 Aug 2021 10:54:56 -0700 (PDT)
Received: from DESKTOP42TMNEU (c-98-235-212-118.hsd1.pa.comcast.net. [98.235.212.118]) by smtp.gmail.com with ESMTPSA id v25sm6319984qkf.108.2021.08.02.10.54.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Aug 2021 10:54:56 -0700 (PDT)
From: bmonkman@netsecopen.org
To: 'Sarah Banks' <sbanks@encrypted.net>
Cc: bmwg@ietf.org, "'MORTON JR., AL'" <acmorton@att.com>, 'Carsten Rossenhoevel' <cross@eantc.de>, 'Bala Balarajah' <bala@netsecopen.org>
Date: Mon, 02 Aug 2021 13:54:54 -0400
Message-ID: <099b01d787c7$807f7f80$817e7e80$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_099C_01D787A5.F9702970"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdeHx0G5aHgUbCxcRpiYf952OMNovA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/UIzxRLCq0B_rUAa6hq5TwOILWes>
Subject: [bmwg] Review and action items from NGFW draft discussion
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 17:55:06 -0000
Sarah et al. Below is a summary of the results of our discussions at the IETF 111 BMWG meeting. You will need to access the slides for the proper context. The slides can be found at: https://datatracker.ietf.org/meeting/111/materials/slides-111-bmwg-benchmark ing-methodology-for-network-security-device-performance-00 After the meeting, It now appears Sarah has three items to provide text for - items 5, 6 and 9. Once we receive the proposed text for those items, assuming we are all in agreement, we will be able to produce another draft. Sarah, if possible, we would like to start working on the next version of the draft on August 9th with a goal of posting it around August 15th. Let me know if that timeframe works for you. We have several other changes we have to make as well. Thanks in advance. Brian 1. Authors' Proposal: Define Next-generation firewall (NGFW) as: "This term is widely used for the modern, state-of-the-art technology firewalls (as of 2021) that can do application-level traffic inspection including several, sometimes optional features." Accepted. 2. Authors' Proposal: Update list of security features that security devices can have; describe that security devices must be configured in in-line mode. Accepted. 3. Authors' Poposal: Clarify that passive security devices are out of scope; explain more clearly that devices must be configured in "fail close" mode. Accepted. 4. Authors' Proposal: No change to draft. Authors' accepted suggestion that notes be added to the draft to clarify testbed setup. 5. Authors' Proposal: No change to draft. Sarah to come back with proposed text. 6. Authors' Proposal: No change to draft. This is related to the above item and will be addressed by Sarah at the same time. 7. Comment withdrawn. 8. Authors' Proposal: Explicitly remove IDS from scope.. Accepted. 9. Authors' Proposal: No change to draft.. Sarah to come back with feedback and proposed text.. 10. Comment withdrawn. 11. Authors' Proposal: Modify 7.1.1, 2nd paragraph, 1st sentence: "Based on customer use case, users can choose the relevant application traffic mix for this test. The details about the traffic mix MUST be documented in the report. At least the following traffic mix details MUST be documented and reported together with the test results. Accepted. --------- Brian Monkman Executive Director, NetSecOPEN Office: +1-717-610-0808 Fax: +1-717-506-0460 Mobile: +1-717-462-5422 <https://www.netsecopen.org> https://www.netsecopen.org