IETF Logo Mail Archive

Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance

bmonkman@netsecopen.org Thu, 20 May 2021 14:45 UTC

Return-Path: <bmonkman@netsecopen.org>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E913D3A1932 for <bmwg@ietfa.amsl.com>; Thu, 20 May 2021 07:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netsecopen-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJB4-dlC9ywK for <bmwg@ietfa.amsl.com>; Thu, 20 May 2021 07:45:08 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 175B53A1933 for <bmwg@ietf.org>; Thu, 20 May 2021 07:45:07 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id f18so16370656qko.7 for <bmwg@ietf.org>; Thu, 20 May 2021 07:45:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netsecopen-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=GhRNjg23aldAfQlqwNjMNEsQ+P7kB1YDXRydvsiA9R4=; b=JfSSzlUgSwTUWXtMmFPrY908tWf4OyUynktQJoK/I1HmBTvUOHfT+xlQWlH9w1zqoY AzsmdTDqVi8A+IUsE9ohX9czJweDsG1Ry/QxwM3XH37MC4YbyHPDamF223/xcQv3OjvL Ut6AgfknAhd0B61mgQMu2SzannSlJf7cnbxvEJVLb55y0qqVPwuyDfmx4elXNA88rJ91 8fvoXANSWiCH+mKbuf7yJchW9qyuaNTHauX397uAbB19SDOcxBzJeDsgdN5p4yX0AvVb 7Mos87zN3H4bWRatUL//SLYfqtA/tZun+AzmeBB1Cz76fH1/toAvt9gDszkyQ4p5GseN amhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=GhRNjg23aldAfQlqwNjMNEsQ+P7kB1YDXRydvsiA9R4=; b=Wfx4ilA0LUANtzxyoQmd8Os6LSkc1fDNyVtmy58JK1iDdc74qFsgkRyO7JETZDs+D5 84fKazGPe9DDILon6T+Ot8XTP3xvxnH26lP0voby9T3M6S77oNGEFMUF3azixODwYKak rMwIevlbVOVH81idrPAudUpJrCte9sJvYOOHshqL9bCR5A7Coomy5NLBnFtH6KbQmw6O 6qXJACI2fFieen1qBa/BqQ1jUwrdvo6XWBDE9NbgqfjrSkistSBrjk46MncpfNb/QYI9 ar0luybFIzPGRdyeYFz5i7tgLJfKlM9DFS6YB8EVf0Y/pVaoGasexL7OPHAm0oaN/fep Owig==
X-Gm-Message-State: AOAM532rMJZzWRs85/oAP2Ln2bd1nxibpv0y2Wm+432Wxi6lskcYZb6f rfaptuUDMO6h3dX3DELuioHiTg==
X-Google-Smtp-Source: ABdhPJwN0l25tspOL7Ic3fV9EDB0gyqEWfIVDXkjbPHRfsmsgp4ACdnrUGRpcjAdL2WgsyhSXQ82jw==
X-Received: by 2002:a37:9dd3:: with SMTP id g202mr5629160qke.177.1621521906089; Thu, 20 May 2021 07:45:06 -0700 (PDT)
Received: from DESKTOP42TMNEU (c-98-235-212-118.hsd1.pa.comcast.net. [98.235.212.118]) by smtp.gmail.com with ESMTPSA id a23sm1986180qtd.60.2021.05.20.07.45.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 May 2021 07:45:05 -0700 (PDT)
From: bmonkman@netsecopen.org
To: "'MORTON JR., AL'" <acmorton@att.com>
Cc: "'MORTON, ALFRED C (AL)'" <acm@research.att.com>, bmwg@ietf.org, 'Bala Balarajah' <bala@netsecopen.org>, 'Bala Balarajah' <bm.balarajah@gmail.com>, 'Gabor LENCSE' <lencse@hit.bme.hu>
References: <413e779fd7eb4dd4b3aa8473c171e282@att.com> <f1a2b5c5-ebf2-12ab-b053-b9b2538342ad@hit.bme.hu> <047501d745bb$e22f4ab0$a68de010$@netsecopen.org> <7dc6b282-7f41-bf7c-f09c-65e7ce94b674@hit.bme.hu> <048801d745be$31424b50$93c6e1f0$@netsecopen.org> <84196d5ce7474f9196ab000be64c49fd@att.com> <b522dda59b634abca9d73fb2e36621c7@att.com>
In-Reply-To: <b522dda59b634abca9d73fb2e36621c7@att.com>
Date: Thu, 20 May 2021 10:45:03 -0400
Message-ID: <04c701d74d86$b8883690$2998a3b0$@netsecopen.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_04C8_01D74D65.3177F620"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFRbj6fJkgW8izlvCwqrrFMnkxIIgCInYIRAuwPM28Ba7bQAAJP8T6gAZobdVoCkyezUKudQJrA
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/azZhpMdOQV04MH3PEndP7opa3IY>
Subject: Re: [bmwg] FW: WGLC on New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 14:45:14 -0000

Hi Al,

 

Thanks for sending this over. Our comments are embedded below, prefaced by
[bpm].

 

Brian

 

From: MORTON JR., AL <acmorton@att.com> 
Sent: Wednesday, May 19, 2021 10:01 PM
To: bmonkman@netsecopen.org; 'Gabor LENCSE' <lencse@hit.bme.hu>
Cc: 'MORTON, ALFRED C (AL)' <acm@research.att.com>; bmwg@ietf.org; 'Bala
Balarajah' <bala@netsecopen.org>; 'Bala Balarajah' <bm.balarajah@gmail.com>
Subject: RE: [bmwg] FW: WGLC on New version of
draft-ietf-bmwg-ngfw-performance

 

Thanks to the authors/editor for continuing to chase-down comments and
resolving them.

I know very well how much work this is.

 

I’m trying to finish-up my review tonight (as a participant):

 

   o  Inspected Throughput

      The number of bits per second of allowed traffic a network

      security device is able to transmit to the correct destination

      interface(s) in response to a specified offered load.  The

      throughput benchmarking tests defined in Section 7 SHOULD measure

      the average OSI model Layer 2 throughput value.  This document

      recommends presenting the throughput value in Gbit/s rounded to

      two places of precision with a more specific Kbit/s in

      parenthesis.

 

Let me suggest a couple of tweaks on this definition:

 

It took me several minutes to remember that “inspected” invokes the role of
security device, for some reason.

 

The OSI model doesn’t have a good reputation here at IETF, and the Internet
was not built based on ISO’s model.

 

So I’ll try a little editing:

 

   o  Inspected Throughput

      The number of bits per second of examined and allowed traffic a
network

      security device is able to transmit to the correct destination

      interface(s) in response to a specified offered load.  The

      throughput benchmarking tests defined in Section 7 SHOULD measure

      the average Layer 2 throughput value when the DUT is “inspecting”
traffic.  This document

      recommends presenting the inspected throughput value in Gbit/s rounded
to

      two places of precision with a more specific Kbit/s in

      parenthesis.

 

[bpm] Good suggestion. We will change the wording.

 

I also checked the nits, which revealed use of 2 incorrect addresses as
examples.

BMWG has it’s own IPv4 and v6 address space assigned. Please use it where
appropriate.

I’m not sure where the offending addresses are, sorry!

 

Checking nits according to https://www.ietf.org/id-info/checklist :
 
----------------------------------------------------------------------------
 
  == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be
changed.
 
  == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses
     in the document.  If these are example addresses, they should be
changed.

 

The tables below are from RFC 6890:

                    +----------------------+---------------+
                    | Attribute            | Value         |
                    +----------------------+---------------+
                    | Address Block        | 198.18.0.0/15 |
                    | Name                 | Benchmarking  |
                    | RFC                  | [RFC2544
<https://datatracker.ietf.org/doc/html/rfc2544> ]     |
                    | Allocation Date      | March 1999    |
                    | Termination Date     | N/A           |
                    | Source               | True          |
                    | Destination          | True          |
                    | Forwardable          | True          |
                    | Global               | False         |
                    | Reserved-by-Protocol | False         |
                    +----------------------+---------------+
 
          Table 12: Network Interconnect Device Benchmark Testing

 

and 

 

 
                    +----------------------+----------------+
                    | Attribute            | Value          |
                    +----------------------+----------------+
                    | Address Block        | 2001:2::/48    |
                    | Name                 | Benchmarking   |
                    | RFC                  | [RFC5180
<https://datatracker.ietf.org/doc/html/rfc5180> ]      |
                    | Allocation Date      | April 2008     |
                    | Termination Date     | N/A            |
                    | Source               | True           |
                    | Destination          | True           |
                    | Forwardable          | True           |
                    | Global               | False          |
                    | Reserved-by-Protocol | False          |
                    +----------------------+----------------+
 
                          Table 24: Benchmarking

 

[bpm] We have looked through the document multiple times and in multiple
ways and cannot find anything that might trigger this. However, we did catch
a format error in the IPv6 address in section 8 – IANA considerations. So,
we are updating that section. 

 

 

Also:

 

  Miscellaneous warnings:
 
----------------------------------------------------------------------------
 
  == The document seems to lack the recommended RFC 2119 boilerplate, even
if
     it appears to use RFC 2119 keywords. 
 
     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
 

The section seems to exist, but may need slight re-wording, 

to match RFC 8174, or this version of the nits-checker is out of date

(it doesn’t mention rfc 8174?):

 

2
<https://datatracker.ietf.org/doc/html/draft-ietf-bmwg-ngfw-performance-08#s
ection-2> .  Requirements
 
   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
<https://datatracker.ietf.org/doc/html/bcp14> 
   14 <https://datatracker.ietf.org/doc/html/bcp14>  [RFC2119
<https://datatracker.ietf.org/doc/html/rfc2119> ], [RFC8174
<https://datatracker.ietf.org/doc/html/rfc8174> ] when, and only when, they
appear in all
   capitals, as shown here.

 

[bpm] I went and looked at the wording RFC 8174 and it is identical to the
wording above.

 

 

thanks,

Al

 

 

From: bmwg <bmwg-bounces@ietf.org <mailto:bmwg-bounces@ietf.org> > On Behalf
Of MORTON JR., AL
Sent: Monday, May 10, 2021 1:34 PM
To: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> ; 'Gabor
LENCSE' <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> >
Cc: 'MORTON, ALFRED C (AL)' <acm@research.att.com
<mailto:acm@research.att.com> >; bmwg@ietf.org <mailto:bmwg@ietf.org> ;
'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >; 'Bala
Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> >
Subject: Re: [bmwg] FW: WGLC on New version of
draft-ietf-bmwg-ngfw-performance

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

of course Brian and Gábor, I can use the extra time myself.

 

 

BMWG,

We will extend the deadline for WGLC to May 21, as requested.

Al

bmwg co-chair

 

From: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org>
<bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> > 
Sent: Monday, May 10, 2021 1:02 PM
To: 'Gabor LENCSE' <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> >
Cc: 'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >;
'Bala Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> >;
bmwg@ietf.org <mailto:bmwg@ietf.org> ; 'MORTON, ALFRED C (AL)'
<acm@research.att.com <mailto:acm@research.att.com> >; 'Sarah Banks'
<sbanks@encrypted.net <mailto:sbanks@encrypted.net> >
Subject: RE: [bmwg] FW: WGLC on New version of
draft-ietf-bmwg-ngfw-performance

 

Thanks Gabor.

 

Al, could you extend the deadline for WGLC to May 21st from May 17th?

 

Brian

 

From: Gabor LENCSE <lencse@hit.bme.hu <mailto:lencse@hit.bme.hu> > 
Sent: Monday, May 10, 2021 12:58 PM
To: bmonkman@netsecopen.org <mailto:bmonkman@netsecopen.org> 
Cc: 'Bala Balarajah' <bala@netsecopen.org <mailto:bala@netsecopen.org> >;
'Bala Balarajah' <bm.balarajah@gmail.com <mailto:bm.balarajah@gmail.com> >;
bmwg@ietf.org <mailto:bmwg@ietf.org> ; 'MORTON, ALFRED C (AL)'
<acm@research.att.com <mailto:acm@research.att.com> >; 'Sarah Banks'
<sbanks@encrypted.net <mailto:sbanks@encrypted.net> >
Subject: Re: [bmwg] FW: WGLC on New version of
draft-ietf-bmwg-ngfw-performance

 

Hi Brian,

Perhaps I can do another chunk later this week, and I plan to complete it
next week. 

Best regards,

Gábor

On 5/10/2021 6:45 PM, bmonkman@netsecopen.org
<mailto:bmonkman@netsecopen.org>  wrote:

Hi Gabor,

 

Thank you very much for your comments. On initial review they all look
reasonable to us. How long do you think it will take you to complete your
review of the rest of the document?

 

Brian

v2.23.0 | Report a Bug | By Email