Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance
bmonkman@netsecopen.org Thu, 20 May 2021 14:45 UTC
Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E913D3A1932 for <bmwg@ietfa.amsl.com>; Thu, 20 May 2021 07:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJB4-dlC9ywK for <bmwg@ietfa.amsl.com>; Thu, 20 May 2021 07:45:08 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 175B53A1933 for <bmwg@ietf.org>; Thu, 20 May 2021 07:45:07 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id f18so16370656qko.7 for <bmwg@ietf.org>; Thu, 20 May 2021 07:45:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=GhRNjg23aldAfQlqwNjMNEsQ+P7kB1YDXRydvsiA9R4=; b=JfSSzlUgSwTUWXtMmFPrY908tWf4OyUynktQJoK/I1HmBTvUOHfT+xlQWlH9w1zqoY AzsmdTDqVi8A+IUsE9ohX9czJweDsG1Ry/QxwM3XH37MC4YbyHPDamF223/xcQv3OjvL Ut6AgfknAhd0B61mgQMu2SzannSlJf7cnbxvEJVLb55y0qqVPwuyDfmx4elXNA88rJ91 8fvoXANSWiCH+mKbuf7yJchW9qyuaNTHauX397uAbB19SDOcxBzJeDsgdN5p4yX0AvVb 7Mos87zN3H4bWRatUL//SLYfqtA/tZun+AzmeBB1Cz76fH1/toAvt9gDszkyQ4p5GseN amhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=GhRNjg23aldAfQlqwNjMNEsQ+P7kB1YDXRydvsiA9R4=; b=Wfx4ilA0LUANtzxyoQmd8Os6LSkc1fDNyVtmy58JK1iDdc74qFsgkRyO7JETZDs+D5 84fKazGPe9DDILon6T+Ot8XTP3xvxnH26lP0voby9T3M6S77oNGEFMUF3azixODwYKak rMwIevlbVOVH81idrPAudUpJrCte9sJvYOOHshqL9bCR5A7Coomy5NLBnFtH6KbQmw6O 6qXJACI2fFieen1qBa/BqQ1jUwrdvo6XWBDE9NbgqfjrSkistSBrjk46MncpfNb/QYI9 ar0luybFIzPGRdyeYFz5i7tgLJfKlM9DFS6YB8EVf0Y/pVaoGasexL7OPHAm0oaN/fep Owig==
X-Gm-Message-State: AOAM532rMJZzWRs85/oAP2Ln2bd1nxibpv0y2Wm+432Wxi6lskcYZb6f rfaptuUDMO6h3dX3DELuioHiTg==
X-Google-Smtp-Source: ABdhPJwN0l25tspOL7Ic3fV9EDB0gyqEWfIVDXkjbPHRfsmsgp4ACdnrUGRpcjAdL2WgsyhSXQ82jw==
X-Received: by 2002:a37:9dd3:: with SMTP id g202mr5629160qke.177.1621521906089; Thu, 20 May 2021 07:45:06 -0700 (PDT)
Received: from DESKTOP42TMNEU (c-98-235-212-118.hsd1.pa.comcast.net. [98.235.212.118]) by smtp.gmail.com with ESMTPSA id a23sm1986180qtd.60.2021.05.20.07.45.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 May 2021 07:45:05 -0700 (PDT)
From: bmonkman@netsecopen.org
To: "'MORTON JR., AL'" <acmorton@att.com>
Cc: "'MORTON, ALFRED C (AL)'" <acm@research.att.com>, bmwg@ietf.org, 'Bala Balarajah' <bala@netsecopen.org>, 'Bala Balarajah' <bm.balarajah@gmail.com>, 'Gabor LENCSE' <lencse@hit.bme.hu>
References: <413e779fd7eb4dd4b3aa8473c171e282@att.com> <f1a2b5c5-ebf2-12ab-b053-b9b2538342ad@hit.bme.hu> <047501d745bb$e22f4ab0$a68de010$@netsecopen.org> <7dc6b282-7f41-bf7c-f09c-65e7ce94b674@hit.bme.hu> <048801d745be$31424b50$93c6e1f0$@netsecopen.org> <84196d5ce7474f9196ab000be64c49fd@att.com> <b522dda59b634abca9d73fb2e36621c7@att.com>
In-Reply-To: <b522dda59b634abca9d73fb2e36621c7@att.com>
Date: Thu, 20 May 2021 10:45:03 -0400
Message-ID: <04c701d74d86$b8883690$2998a3b0$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_04C8_01D74D65.3177F620"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFRbj6fJkgW8izlvCwqrrFMnkxIIgCInYIRAuwPM28Ba7bQAAJP8T6gAZobdVoCkyezUKudQJrA
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/azZhpMdOQV04MH3PEndP7opa3IY>
Subject: Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 14:45:14 -0000
Hi Al, Thanks for sending this over. Our comments are embedded below, prefaced by [bpm]. Brian From: MORTON JR., AL <acmorton@att.com> Sent: Wednesday, May 19, 2021 10:01 PM To: bmonkman@netsecopen.org; 'Gabor LENCSE' <lencse@hit.bme.hu> Cc: 'MORTON, ALFRED C (AL)' <acm@research.att.com>; bmwg@ietf.org; 'Bala Balarajah' <bala@netsecopen.org>; 'Bala Balarajah' <bm.balarajah@gmail.com> Subject: RE: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance Thanks to the authors/editor for continuing to chase-down comments and resolving them. I know very well how much work this is. Im trying to finish-up my review tonight (as a participant): o Inspected Throughput The number of bits per second of allowed traffic a network security device is able to transmit to the correct destination interface(s) in response to a specified offered load. The throughput benchmarking tests defined in Section 7 SHOULD measure the average OSI model Layer 2 throughput value. This document recommends presenting the throughput value in Gbit/s rounded to two places of precision with a more specific Kbit/s in parenthesis. Let me suggest a couple of tweaks on this definition: It took me several minutes to remember that inspected invokes the role of security device, for some reason. The OSI model doesnt have a good reputation here at IETF, and the Internet was not built based on ISOs model. So Ill try a little editing: o Inspected Throughput The number of bits per second of examined and allowed traffic a network security device is able to transmit to the correct destination interface(s) in response to a specified offered load. The throughput benchmarking tests defined in Section 7 SHOULD measure the average Layer 2 throughput value when the DUT is inspecting traffic. This document recommends presenting the inspected throughput value in Gbit/s rounded to two places of precision with a more specific Kbit/s in parenthesis. [bpm] Good suggestion. We will change the wording. I also checked the nits, which revealed use of 2 incorrect addresses as examples. BMWG has its own IPv4 and v6 address space assigned. Please use it where appropriate. Im not sure where the offending addresses are, sorry! Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. The tables below are from RFC 6890: +----------------------+---------------+ | Attribute | Value | +----------------------+---------------+ | Address Block | 198.18.0.0/15 | | Name | Benchmarking | | RFC | [RFC2544 <https://datatracker.ietf.org/doc/html/rfc2544> ] | | Allocation Date | March 1999 | | Termination Date | N/A | | Source | True | | Destination | True | | Forwardable | True | | Global | False | | Reserved-by-Protocol | False | +----------------------+---------------+ Table 12: Network Interconnect Device Benchmark Testing and +----------------------+----------------+ | Attribute | Value | +----------------------+----------------+ | Address Block | 2001:2::/48 | | Name | Benchmarking | | RFC | [RFC5180 <https://datatracker.ietf.org/doc/html/rfc5180> ] | | Allocation Date | April 2008 | | Termination Date | N/A | | Source | True | | Destination | True | | Forwardable | True | | Global | False | | Reserved-by-Protocol | False | +----------------------+----------------+ Table 24: Benchmarking [bpm] We have looked through the document multiple times and in multiple ways and cannot find anything that might trigger this. However, we did catch a format error in the IPv6 address in section 8 IANA considerations. So, we are updating that section. Also: Miscellaneous warnings: ---------------------------------------------------------------------------- == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). The section seems to exist, but may need slight re-wording, to match RFC 8174, or this version of the nits-checker is out of date (it doesnt mention rfc 8174?): 2 <https://datatracker.ietf.org/doc/html/draft-ietf-bmwg-ngfw-performance-08#s ection-2> . Requirements The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP <https://datatracker.ietf.org/doc/html/bcp14> 14 <https://datatracker.ietf.org/doc/html/bcp14> [RFC2119 <https://datatracker.ietf.org/doc/html/rfc2119> ], [RFC8174 <https://datatracker.ietf.org/doc/html/rfc8174> ] when, and only when, they appear in all capitals, as shown here. [bpm] I went and looked at the wording RFC 8174 and it is identical to the wording above. thanks, Al From: bmwg <bmwg-bounces@ietf.org <mailto:bmwg-bounces@ietf.org> > On Behalf Of MORTON JR., AL Sent: Monday, May 10, 2021 1:34 PM To: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> ; 'Gabor LENCSE' <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> > Cc: 'MORTON, ALFRED C (AL)' <acm@research.att.com <mailto:acm@research.att.com> >; bmwg@ietf.org <mailto:bmwg@ietf.org> ; 'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >; 'Bala Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> > Subject: Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. of course Brian and Gábor, I can use the extra time myself. BMWG, We will extend the deadline for WGLC to May 21, as requested. Al bmwg co-chair From: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> <bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> > Sent: Monday, May 10, 2021 1:02 PM To: 'Gabor LENCSE' <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> > Cc: 'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >; 'Bala Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> >; bmwg@ietf.org <mailto:bmwg@ietf.org> ; 'MORTON, ALFRED C (AL)' <acm@research.att.com <mailto:acm@research.att.com> >; 'Sarah Banks' <sbanks@encrypted.net <mailto:sbanks@encrypted.net> > Subject: RE: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance Thanks Gabor. Al, could you extend the deadline for WGLC to May 21st from May 17th? Brian From: Gabor LENCSE <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> > Sent: Monday, May 10, 2021 12:58 PM To: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> Cc: 'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >; 'Bala Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> >; bmwg@ietf.org <mailto:bmwg@ietf.org> ; 'MORTON, ALFRED C (AL)' <acm@research.att.com <mailto:acm@research.att.com> >; 'Sarah Banks' <sbanks@encrypted.net <mailto:sbanks@encrypted.net> > Subject: Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance Hi Brian, Perhaps I can do another chunk later this week, and I plan to complete it next week. Best regards, Gábor On 5/10/2021 6:45 PM, bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> wrote: Hi Gabor, Thank you very much for your comments. On initial review they all look reasonable to us. How long do you think it will take you to complete your review of the rest of the document? Brian
- [bmwg] FW: WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- [bmwg] Second part -- Re: FW: WGLC on New version… Gabor LENCSE
- Re: [bmwg] Second part -- Re: FW: WGLC on New ver… bmonkman
- [bmwg] Sequential vs. random -- Re: FW: WGLC on N… Gábor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] Sequential vs. random -- Re: FW: WGLC … bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE