[bmwg] New version of draft-ietf-bmwg-ngfw-performance
bmonkman@netsecopen.org Thu, 22 April 2021 17:28 UTC
Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FE3E3A0DF8 for <bmwg@ietfa.amsl.com>; Thu, 22 Apr 2021 10:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yYLVS38gNsu for <bmwg@ietfa.amsl.com>; Thu, 22 Apr 2021 10:27:55 -0700 (PDT)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAD943A0DF9 for <bmwg@ietf.org>; Thu, 22 Apr 2021 10:27:55 -0700 (PDT)
Received: by mail-qv1-xf34.google.com with SMTP id x27so22431164qvd.2 for <bmwg@ietf.org>; Thu, 22 Apr 2021 10:27:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version:thread-index :content-language; bh=9sOpwoWhg+F22Epu4206jbRgX6wcRlLG+wD10xmblAw=; b=en6HyDA1zovrIoDIiMxTxXiO8qx/GTSlv0rk/IBzff4DvrVrJIBAp35tecj0xDtxzd BUCkAVYJzCeokIMMzheFz0F3k54u4ZblOe2FP2u9MHfQ0HPHEY2xe05ge9AqkdCjXrz1 yZmv9ixS9e2TCUHX/OXqjNd6LLzkszAlQtdkQAJYjUvavhRiIQwzHLn9xzyj/qNW/PQt Jw1E+cOeQNatbKrhN+bqRLCD1UjJZAK7fVRU6MDnjQ12Wzswf3ZuNmhx07IhvysElO1N 0KIqaIQh/lL6R1St1UU47A9FGbKjMAA7cAk3ediwN9Jg0WfSnyY3rzN/R6S192JAknfR nItA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :thread-index:content-language; bh=9sOpwoWhg+F22Epu4206jbRgX6wcRlLG+wD10xmblAw=; b=rmohTKy3vV5MPmbrcMCpO10nw3LClervqaaEAWUQz7Y85z9Fdtk7thD/NupYh6ZhTm HJinOfJekmBOxunRJaG29h1UcTpN+N3PyhXyUoWFuvviVNRdy60npP+bBLE+Iy6HEVPC 48snOpxzXADWh1FnDZIH5F+YUwrp9ALNxeGV95uz4/fkIrq3IZNtpbESuPJOwhBQ68fi liMXw+WSDYO8hbC8UCVMpWdmwCoLHNjzTzka3oJuSvhLYeCsLUqxqhfBua2t43wvpNsw Pfy5zWbelaeRlbu0ZCUSlkh3KVGw9NPmip9ZRzvzmRe3b27g7M6VJvdJeMEyncaC5NLp JJZg==
X-Gm-Message-State: AOAM531HCNgGOZa9yT2L+mdeu5AST7wDVBTTluWQYzA/OybHtQ/qddUQ Yi6k8ZiaKr2a1N6DT7Cn68ixxZlum1DpzQ==
X-Google-Smtp-Source: ABdhPJyZFsdqVseDCblP5Q4DS29W6f0cJB+lDDJnFkWasa7yBzoS1Tl2LgXtM9oLf32dEIn0krwl1w==
X-Received: by 2002:ad4:50cc:: with SMTP id e12mr4550357qvq.15.1619112472692; Thu, 22 Apr 2021 10:27:52 -0700 (PDT)
Received: from DESKTOP42TMNEU (c-98-235-212-118.hsd1.pa.comcast.net. [98.235.212.118]) by smtp.gmail.com with ESMTPSA id m22sm2741021qtg.67.2021.04.22.10.27.51 for <bmwg@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Apr 2021 10:27:52 -0700 (PDT)
From: bmonkman@netsecopen.org
To: bmwg@ietf.org
Date: Thu, 22 Apr 2021 13:27:49 -0400
Message-ID: <023601d7379c$d22bf140$7683d3c0$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_0237_01D7377B.4B1B3BA0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adc3nNEf2laZlDKgQamV7y+iLfr3zg==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/_Iy8qxQ-mFwCmDtRKoxAJOPZeA4>
Subject: [bmwg] New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 17:28:01 -0000
Folks, The latest draft has been posted and is ready for review. The Diff between version 7 and version 8 can be found here: https://tools.ietf.org/rfcdiff?difftype=--hwdiff <https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-bmwg-ngfw- performance-08.txt> &url2=draft-ietf-bmwg-ngfw-performance-08.txt and here: https://tools.ietf.org/rfcdiff?url2=draft-ietf-bmwg-ngfw-performance-08.txt Please review and provide comments. I believe Al Morton is going to call for last call. Brian >>> The following comments were made by Petr Redkin. Each comment is followed by our response - changes were made to the draft as indicated. 1. TLS SNI a. in part of the document SNI is mandatory The client endpoint SHOULD send TLS Extension Server Name Indication (SNI) information when opening a security tunnel b. in part of the document SNI is optional For TLS the client MAY use Server Name Indication (SNI). [Comment] The confusion or inconsistency has occurred since we use SNI as mandatory for a test scenario (traffic mix test) and as optional for other test scenarios. We will revise the text and provide more clarity in the next version. 2. New connections in sustain phase a. From this sentence engineer may assume, that no new connections are established in sustain phase because all clients & connections (it is different concepts) must be established at a ramp up Sustain phase starts when all required clients (connections) are active and operating at their desired load condition. b. But it is not, otherwise we cannot measure CPS metric in sustain phase, for example in traffic mix test Optional KPIs: TCP Connections Per Second and TLS Handshake Rate [Comment] The sentence doesn't describe that the client must keep the connections open during the sustain phase. However, we can change the sentence as follows: "Sustain phase starts when all required clients (connections) are active and operating at their desired load condition." This means that the clients/client endpoints are established their required target connection (based on configured load). It is obvious that the clients will close the connections once they received all contents from the server. Also, the clients will establish new connections during the sustain phase. Otherwise, there is no traffic in the sustain phase and the test equipment can't keep the desired load. 3. Client source port a. In part of the document source port is variable in range and varies per client connection The source port range SHOULD be in the range of 1024 - 65535. The behavior of the client is to sweep through the given server IP space, sequentially generating a recognizable service by the DUT. Thus, a balanced, mesh between client endpoints and server endpoints will be generated in a client port server port combination. b. But it is not clear from this sentence Each client endpoint performs the same actions as other endpoints, with the difference being the source IP of the client endpoint and the target server IP pool. [Comment] The endpoints perform the same action. However, the IPs (SRC and DST) and also ports (random source port from the range) are different. we can change the text if more clarity required. "Thus, a balanced mesh between client endpoints and server endpoints will be generated in a client IP/port server IP/port combination. Additionally, in the Introduction section we changed ".this document supersedes [RFC3511}" to ".this document obsoletes [RFC3511]. --------- Brian Monkman Executive Director, NetSecOPEN Office: +1-717-610-0808 Fax: +1-717-506-0460 Mobile: +1-717-462-5422 <https://www.netsecopen.org> https://www.netsecopen.org