IETF Logo Mail Archive

Re: [bmwg] Version 10, draft-ietf-bmwg-ngfw-performance

bmonkman@netsecopen.org Sun, 17 October 2021 00:25 UTC

Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02EB43A1164 for <bmwg@ietfa.amsl.com>; Sat, 16 Oct 2021 17:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level:
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCutSDm5sSCx for <bmwg@ietfa.amsl.com>; Sat, 16 Oct 2021 17:25:22 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C7C53A1161 for <bmwg@ietf.org>; Sat, 16 Oct 2021 17:25:22 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id r17so12237814qtx.10 for <bmwg@ietf.org>; Sat, 16 Oct 2021 17:25:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20210112.gappssmtp.com; s=20210112; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=Rmw7PP3kmn8aI9kU5B6mQQ1blr0cxJsWGmWRWTWIZkw=; b=q0vlC3sbjZw6d+GxoRaSQ0L/QQ8xFr48WrkiULAGmD1ObTCvRRS3aBV8Bv847xdu6w /zXrwu3H/li9TpmOXotK6TmyqGQr4rkP7KFqdIDR6OcUvnyoPef/kso1ocR2YKnOPBim n8iMTwAE2IBWSMZHXx4EsWtN0W/T7hRp6QofivoQGXmQd+KZldYiRWMEQ/PhaRM3Y8Jp niTcc9nrZjZlh5Lnitv+dN7iYru+QkM+72TPJBJ3bYEQyq9wTnnGZzIh7kxPdu5mVOyN A4Dj2vv6BhmvnHNDohtaDoBfUildAbW4NcSiy8mUN9PyecBvwUTjGqnVpv5o1+9H/jQ5 z16A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=Rmw7PP3kmn8aI9kU5B6mQQ1blr0cxJsWGmWRWTWIZkw=; b=Mszn72QbxXmzAnnjU59qzM+qeggwoGSM7Mo53AnGGgRRzLuAvXey7kSe4WEd+2ksBS T1J21JjbkisCJ3aNyhJ7TT8Vh320MVT7/2v9O1DRzfUuZSR21V8ClZ1FFo7/MpgfT70R Xwe2mB3ZAkHY4v+syQeBtH55pqpuHm3nXRTqljI5WpFa8WQKqi2Asfs4m9ZP1iWq4/7V /y4eqJMcmf3ROnuUdN71RLo8NpoEvxy0bLLcX/lE4KbjGrieYbzztdAlMAkF/3oSyfjg beuXtLqSnssiU2ukh3bO2PyUKimjHVBK+cQM22uegIb3h3viNFTDQ25JdQzA7g3LTLoc dN4Q==
X-Gm-Message-State: AOAM533HYgxwgPeKavwMg8LYwkj8epSsJvK492YtqWLkVV1DDi1s+kC9 qGbhamwPNn8gpjOFWN/ze4S5hdyPuiURtOKs
X-Google-Smtp-Source: ABdhPJyS8nZEC/ADsn60qYqWHxgUENPjYg+cVAGh2aU5yKIE17tfOvlZiydQZXw58aPEPrW+UcaKIg==
X-Received: by 2002:a05:622a:1444:: with SMTP id v4mr22235152qtx.298.1634430320650; Sat, 16 Oct 2021 17:25:20 -0700 (PDT)
Received: from DESKTOP42TMNEU ([2601:986:8001:d660:858c:5aa0:bd41:536d]) by smtp.gmail.com with ESMTPSA id bl4sm3773958qkb.44.2021.10.16.17.25.19 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Oct 2021 17:25:20 -0700 (PDT)
From: bmonkman@netsecopen.org
To: "'MORTON JR., AL'" <acmorton@att.com>, bmwg@ietf.org
Cc: bm.balarajah@gmail.com, 'Carsten Rossenhoevel' <cross@eantc.de>
References: <70d001d7b2e3$1d2b3450$57819cf0$@netsecopen.org> <SJ0PR02MB78532EADE2FF19EEED161C26D3A69@SJ0PR02MB7853.namprd02.prod.outlook.com> <SJ0PR02MB7853E0ADD2A3A1CBF28CD16FD3BA9@SJ0PR02MB7853.namprd02.prod.outlook.com>
In-Reply-To: <SJ0PR02MB7853E0ADD2A3A1CBF28CD16FD3BA9@SJ0PR02MB7853.namprd02.prod.outlook.com>
Date: Sat, 16 Oct 2021 20:25:18 -0400
Message-ID: <0d5801d7c2ed$777912a0$666b37e0$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_0D59_01D7C2CB.F068AB20"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKBARD2t+IZji6Fr+jq+8iu+cxtagHISkGDAePNUHeqZnfLQA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/YQd_RNWy0tG06JWO78pD-RfEId8>
Subject: Re: [bmwg] Version 10, draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2021 00:25:27 -0000

Thanks Al. These are reasonable suggestions.

 

Is there any additional input we should wait for before posting a new
version?

 

Brian

 

From: MORTON JR., AL <acmorton@att.com> 
Sent: Saturday, October 16, 2021 6:12 PM
To: MORTON JR., AL <acmorton@att.com>; bmonkman@netsecopen.org;
bmwg@ietf.org
Cc: bm.balarajah@gmail.com; 'Carsten Rossenhoevel' <cross@eantc.de>
Subject: RE: [bmwg] Version 10, draft-ietf-bmwg-ngfw-performance

 

Hi authors and BMWG,

 

Thank you for all efforts to complete the review, comment resolution, and
document revisions!

 

I have completed the "first-pass" document shepherd's review of this draft.

 

I attached and uploaded the current version of the shepherd's review form,
which contains Q&A with some action items for the authors.

 

I want to be sure that the authors considered the "early" Security review
from Kathleen Moriarty:

https://datatracker.ietf.org/doc/review-ietf-bmwg-ngfw-performance-00-secdir
-early-moriarty-2019-07-08/

 

Also, I have a few small suggestions below.

 

Thanks again,

Al

bmwg co-chair

 

We haven't tied the "in-line" terminology to the Figures; I think it would
be good to do that. Many non-benchmarking experts will read this doc in the
coming months (and this is an easy future comment to avoid).

OLD 

3.  Scope

 

   This document provides testing terminology and testing methodology

   for modern and next-generation network security devices that are

   configured in Active ("Inline") mode. 

NEW 

3.  Scope
 
   This document provides testing terminology and testing methodology
   for modern and next-generation network security devices that are
   configured in Active ("Inline", see Figures 1 and 2) mode. 
 
-=-=-=-=-=-
 
In section 4.3.3, the word "balanced\" appears, and the trailing slash needs
to be deleted.
 
-=-=-=-=-=-=-
 
In section 7.1.1, the sentence beginning
OLD
   Based on customer use case, users can choose...
 
tripped me up, and a few more words will help, I think:
NEW
   Based on the test customer's specific use case, testers can choose...
 
(note that there is only one instance of "customer" in the doc, so we should
make the customer's role clear here)
-=-=-=-=-=-=-
 
 
 

 

 

From: bmwg <bmwg-bounces@ietf.org <mailto:bmwg-bounces@ietf.org> > On Behalf
Of MORTON JR., AL
Sent: Sunday, September 26, 2021 12:54 PM
To: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> ; bmwg@ietf.org
<mailto:bmwg@ietf.org> 
Cc: bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> 
Subject: Re: [bmwg] Version 10, draft-ietf-bmwg-ngfw-performance

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

BMWG,

 

Those who have submitted comments on recent versions (8,9) should check the
diffs now.

Please confirm that your comments have been addressed in version 10, by
e-mail, ASAP.

 

thanks,

Al

bmwg co-chair

 

From: bmwg <bmwg-bounces@ietf.org <mailto:bmwg-bounces@ietf.org> > On Behalf
Of bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> 
Sent: Sunday, September 26, 2021 10:31 AM
To: bmwg@ietf.org <mailto:bmwg@ietf.org> 
Cc: bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> 
Subject: [bmwg] Version 10, draft-ietf-bmwg-ngfw-performance

 

Folks,

 

An update to draft-ietf-bmwg-ngfw-performance has been posted. I believe the
next step is WG Chair review.

 

Version 10 has gone through multiple reviews . As a result, we have
corrected a number of typos and grammatical errors. Additionally, we
clarified wording in a few spots. The following has also been changed as a
result of comments/discussions from/with Sarah Banks. (Sarah, thank you.)

*	Removed NGIDS from the draft
*	Added the following text in section 3 for "Inline" mode and
"Fail-open" clarification: " This document provides testing terminology and
testing methodology for modern and next-generation network security devices
that are configured in Active ("Inline") mode."
*	Also, we added the following text in section 4.2:  "DUT/SUT MUST be
configured in "Inline" mode so that the traffic is actively inspected by the
DUT/SUT.  Also "Fail-Open" behavior MUST be disabled on the DUT/SUT."
*	Added more clarification for the parameters and values defined in
section "4.3.1.  Client Configuration": This section specifies which
parameters SHOULD be considered while configuring clients using test
equipment.  Also, this section specifies the RECOMMENDED values for certain
parameters.  The values are the defaults used in most of the client
operating systems currently.
*	Rephrased section 5 " Testbed Consideration". Added recommended
steps for reference test.
*	Explained the usage of the parameter "Initial throughput": "Initial
throughput is not a KPI to report.  This value is configured on the traffic
generator and used to perform Step 1: "Test Initialization and
Qualification" described under the Section 7.1.4."

Brian

 

---------

Brian Monkman

Executive Director, NetSecOPEN

Office: +1-717-610-0808 

Fax: +1-717-506-0460

Mobile: +1-717-462-5422

 



https://www.netsecopen.org
<https://urldefense.com/v3/__https:/www.netsecopen.org__;!!BhdT!wpaM8GOInxvN
JdztL0uqXkYCL1UWmjmmAASp8hiMJEKN0JgjzEyGqz2m7207$>

v2.23.0 | Report a Bug | By Email