[bmwg] Several inconsistencies in current draft-ietf-bmwg-ngfw-performance

Redkin Petr <Petr.Redkin@infotecs.ru> Wed, 07 April 2021 11:00 UTC

Return-Path: <Petr.Redkin@infotecs.ru>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1B9753A1762 for <bmwg@ietfa.amsl.com>; Wed, 7 Apr 2021 04:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=infotecs.ru
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Rt0SzFz4dQYs for <bmwg@ietfa.amsl.com>; Wed, 7 Apr 2021 04:00:35 -0700 (PDT)
Received: from mx1.infotecs.ru (mx1.infotecs.ru []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1698A3A1761 for <bmwg@ietf.org>; Wed, 7 Apr 2021 04:00:34 -0700 (PDT)
Received: from mx1.infotecs-nt (localhost []) by mx1.infotecs.ru (Postfix) with ESMTP id 8F61C24A20D4 for <bmwg@ietf.org>; Wed, 7 Apr 2021 14:00:30 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.infotecs.ru 8F61C24A20D4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infotecs.ru; s=mx; t=1617793230; bh=mdLlKtEYc9FIYTx58KdHdn9l0b66IoPe4Xm+E2m3ULg=; h=From:To:Subject:Date:From; b=v7RwaPu2at3HRjdKvvko1OfIUx0or/OMxQxXVDFlmSvyqCtu1l/+ItyAaasICemHb qcLHXQEExJaCRsBwt6JFDNFUWedxzub0ay3gjgbbmBv7w7efDqyUoufpZKaflKe9CP LTJsUbfV/ve0au/oY2Rt03/2nFAKcsj+MReQwI3w=
Received: from msk-exch-01.infotecs-nt (autodiscover.iitrust.ru []) by mx1.infotecs-nt (Postfix) with ESMTP id 8DE7E24A20D3 for <bmwg@ietf.org>; Wed, 7 Apr 2021 14:00:30 +0300 (MSK)
From: Redkin Petr <Petr.Redkin@infotecs.ru>
To: "bmwg@ietf.org" <bmwg@ietf.org>
Thread-Topic: Several inconsistencies in current draft-ietf-bmwg-ngfw-performance
Thread-Index: AdcrnSntzTiMhigzR7qWQaczOhz46g==
Date: Wed, 7 Apr 2021 11:00:30 +0000
Message-ID: <ba3c7a76fccd4875bb5b432550293bf6@infotecs.ru>
Accept-Language: ru-RU, en-US
Content-Language: ru-RU
x-originating-ip: []
x-exclaimer-md-config: 208ac3cd-1ed4-4982-a353-bdefac89ac0a
Content-Type: multipart/alternative; boundary="_000_ba3c7a76fccd4875bb5b432550293bf6infotecsru_"
MIME-Version: 1.0
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Lua-Profiles: 162956 [Apr 07 2021]
X-KLMS-AntiSpam-Envelope-From: Petr.Redkin@infotecs.ru
X-KLMS-AntiSpam-Rate: 50
X-KLMS-AntiSpam-Status: not_detected
X-KLMS-AntiSpam-Method: none
X-KLMS-AntiSpam-Auth: dkim=none
X-KLMS-AntiSpam-Info: LuaCore: 442 442 b985cb57763b61d2a20abb585d5d4cc10c315b09, {Prob_Cyrillic_encoding_with_latin_symbols_in_text_only}, {Tracking_from_domain_doesnt_match_to}
X-MS-Exchange-Organization-SCL: -1
X-KLMS-AntiSpam-Interceptor-Info: scan successful
X-KLMS-AntiPhishing: Clean, bases: 2021/04/07 10:00:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version, bases: 2021/04/07 09:40:00 #16564912
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/aOHDVDxPh381zXhPI3VFVODLE-4>
X-Mailman-Approved-At: Wed, 07 Apr 2021 08:18:39 -0700
Subject: [bmwg] Several inconsistencies in current draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 11:03:42 -0000


Please, pay attention at several inconsistencies in current netsecopen draft (saw in 6-7 versions).

1.       TLS SNI

a.       in part of the document SNI is mandatory
The client endpoint SHOULD send TLS Extension Server Name Indication (SNI) information when opening a security tunnel

b.       in part of the document SNI is optional
For TLS the client MAY use Server Name Indication (SNI).
If using SNI, the server will then perform an SNI name check with the proposed FQDN compared to the domain embedded in the certificate.

2.       New connections in sustain phase

a.       From this sentence engineer may assume, that no new connections are established in sustain phase because all clients & connections (it is different concepts) must be established at a ramp up

Sustain phase starts when all required clients (connections) are active and operating at their desired load condition.

b.       But it is not, otherwise we cannot measure CPS metric in sustain phase, for example in traffic mix test
Optional KPIs: TCP Connections Per Second and TLS Handshake Rate

3.       Client source port

a.       In part of the document source port is variable in range and varies per client connection
The source port range SHOULD be in the range of 1024 - 65535.
The behavior of the client is to sweep through the given server IP space, sequentially generating a recognizable service by the DUT.  Thus, a balanced, mesh between client endpoints and server endpoints will be generated in a client port server port combination.

b.       But it is not clear from this sentence
Each client endpoint performs the same actions as other endpoints, with the difference being the source IP of the client endpoint and the target server IP pool.

Best Regards,
Petr Redkin

Performance research expert,
JSC "InfoTeCS"