Re: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05

"Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com> Fri, 22 January 2021 22:34 UTC

Return-Path: <mkonstan@cisco.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0EB53A135F for <bmwg@ietfa.amsl.com>; Fri, 22 Jan 2021 14:34:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.619
X-Spam-Level:
X-Spam-Status: No, score=-4.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=H5/JB/9A; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XcwyNBI6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JC9VBs6XcqWE for <bmwg@ietfa.amsl.com>; Fri, 22 Jan 2021 14:34:17 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8155B3A1343 for <bmwg@ietf.org>; Fri, 22 Jan 2021 14:34:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=204945; q=dns/txt; s=iport; t=1611354856; x=1612564456; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kqEJ0PJzc/KvuahEOYFyLNBbj+/HdJLzWsP0lYrRykU=; b=H5/JB/9AQbCBur4mgd8Ydae4+W4CG60a/XAm7eh4Hp0KZsPIbcVdSx2c w5JCJDB+5ikWiuGtY0ByHvAzgFafDZ1lwMRumaWq+fgJiUUuigxeMta3F r+dwawLHjIt/xtd7bse2BJm9O/nz0ek3kTteE1Lv9cDArrmRX7i7mikFy I=;
X-Files: draft-ietf-bmwg-ngfw-performance-05-mk-comments.txt : 124274
IronPort-PHdr: =?us-ascii?q?9a23=3A4BfCLBVPVvRVJ7QxBZRplmbrN3XV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSBN+HufRJl/HbuKf4VGpG5oyO4zgOc51JAh?= =?us-ascii?q?kCj8he3wktG9WMBkCzKvn2Jzc7E8JPWB4AnTm7PEFZFdy4awjUpXu/vjgfBg?= =?us-ascii?q?7yPg1tK+KzHZTd3Iy70umo8MjVZANFzDO2fbJ1KkCwqgPc/skbiIdvMOA/0B?= =?us-ascii?q?zM93BJYO9Rg2hvIAGe?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DKAAB0Ugtg/5pdJa1YChkBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQESAQEBAQEBAQEBAQEBQIFPAoEhMCMGKAd2Wy8viAgDjWc?= =?us-ascii?q?lA4EFiRiEdIoGgUKBEQNPBQQHAQEBDQEBGAEMBgICBAEBgTQhgnUCgXgCJTg?= =?us-ascii?q?TAgMBAQsBAQUBAQECAQYEcYU0ASwMQwEQAYUeAQEBAwEBARgBAiMBASMIAQI?= =?us-ascii?q?JAQQHBAIBCBEEAQEBIAcHAh8GCxQJCAEBBAEJBAUOC4JCSwGCVQMOIAEOqDQ?= =?us-ascii?q?CiiV0gTSDBQEBBoUUDQuCCgcJgTgBgnaIIIEggQcHAR4bgUE/gREnDBCBWEk?= =?us-ascii?q?1PoFJUkIBAQIBgR8IAQcEAQYBBwEBBhEYFQERgw+CLIFPCQEQGgMjGQUBAg0?= =?us-ascii?q?IDAsQAhQNAwEDDQ0BDQcCAQYVBAEBAhIBCwIrAQEBBgEBAyAKDAcbDggCAwE?= =?us-ascii?q?JCgEDAQEBAREBBQEPAQsBBwUFAQEEAwsCBBgPAgKKbYRLCAoHAQEGIwOFa4R?= =?us-ascii?q?BK4EdDoFihW2TRTlYCoJ3hGCEUIZ+hSpzhSADH4MrOnaJA4VjjHSCP5Qegge?= =?us-ascii?q?JF4J7jj4GJAQLDQEBCgE5g3ACAgICBAUCDgEBBoElSCNncHAVOyoBgj4JNRI?= =?us-ascii?q?XAg1WAUSGEoZ0CQIYgQIBAoJJhQsJhUMBdAIyAwIGCgEBAwl8eIdbAQEmB4E?= =?us-ascii?q?3YAEB?=
X-IronPort-AV: E=Sophos;i="5.79,367,1602547200"; d="txt'?scan'208,217";a="844398489"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jan 2021 22:33:56 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 10MMXuxR001778 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 22 Jan 2021 22:33:56 GMT
Received: from xfe-aln-002.cisco.com (173.37.135.122) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 22 Jan 2021 16:33:56 -0600
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Fri, 22 Jan 2021 16:33:56 -0600
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 22 Jan 2021 17:33:55 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iCN25/eJwnxCKLd0bnDuU79qzhg5qlkJrrneA8e2tCSjaHhd2fnXbfa6QWMjTK3WkSjAvPpTBdRDROcJsn3gpZl9G3HHnu6X3dtqH49rJ4zGxaXvmIASJOnhvMKgZqEwtT/RbB81KveAIN8n/h2NqfPT0azPsi55IjIZXCmqLa3VtyzVSnNQFRM/03YamRoBggR2WUA+PfjU1sTml+KTa91aqyFeMFLyDP10ksXZberKMTW1XKGtai8jLROTVHk2dWBrHP87lya+3wPxNtVDZ3oPYh0uoEL7r30x8UpujvYRANrzxtfcoPp8WauwgBdczB4OFgDEI2S+jdUR7WwemA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I5MvTkd3uKpPIV8Bm1FoS0pZK0kJ5TeioVXS7okz3u4=; b=d95hSSMAK2UQhnRXHOgzQekkdfAWYIop291ygOPn8FO7vo+g3LI+ssyC5ZCcQAEi3Dc+5+NbtD425J7/bTNlDiXTMZF2zMhG/13Ji3HBknJqUUZ63nsTidIsZx66gwkTwQERLydmGPGYZxVzIM1rdLbMtl1ZJQT1NMrvBB6pop9rgcF8DYwIvphp8gkTQ9mkUhoTUXIX/OLsZQeP2paXeACpBZwJySlqRRrdQ1G1MKPrMtvdvG4API2rnLx1kwp3LQzl8Gz/ox/KgN3nI2uHv5mXCUpKgRSNrv2sAIl211Jl8o9RZ3qcD0zP5Drl/oCokasCMWr9LuHE6juiGiDqrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I5MvTkd3uKpPIV8Bm1FoS0pZK0kJ5TeioVXS7okz3u4=; b=XcwyNBI6etTt7nqEtLnoPtqq0j2qfuLflLNgEHGa1t3ir7LeY2rkf5K8t5HM6fTDjOidYfvizthoq1Qi7+cym9xBGSQ3UwB0XuFhI3w99OIQyUZqcCxqbtOEoIq+83cQ3+uiy6rg7ZWDdgRyo92YJ6kacsUFdYn/7m6pWiIIjwg=
Received: from DM6PR11MB2924.namprd11.prod.outlook.com (2603:10b6:5:66::10) by DM6PR11MB3225.namprd11.prod.outlook.com (2603:10b6:5:5b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.10; Fri, 22 Jan 2021 22:33:54 +0000
Received: from DM6PR11MB2924.namprd11.prod.outlook.com ([fe80::8df3:880d:31ff:a114]) by DM6PR11MB2924.namprd11.prod.outlook.com ([fe80::8df3:880d:31ff:a114%5]) with mapi id 15.20.3784.011; Fri, 22 Jan 2021 22:33:53 +0000
From: "Maciek Konstantynowicz (mkonstan)" <mkonstan@cisco.com>
To: "bmonkman@netsecopen.org" <bmonkman@netsecopen.org>, "bmwg@ietf.org" <bmwg@ietf.org>
CC: "Alfred C. Morton" <acm@research.att.com>, Bala Balarajah <bala@netsecopen.org>, =?iso-8859-1?Q?Carsten_Rossenh=F6vel_=28Carsten=2ERossenhoevel=40web=2Ede?= =?iso-8859-1?Q?=29?= <Carsten.Rossenhoevel@web.de>
Thread-Topic: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
Thread-Index: AdbVaOpmEZGSxNP5RqaYpjPM2pFdlwDvlSmwADm+kQADup8RgAAAK6kAAgVRLQA=
Date: Fri, 22 Jan 2021 22:33:53 +0000
Message-ID: <FF753E03-360B-4952-B005-A2736B673F0E@cisco.com>
References: <4D7F4AD313D3FC43A053B309F97543CF014767877B@njmtexg5.research.att.com> <BY5PR11MB4038A9A8D3A833F8AA2B03A7BDDE0@BY5PR11MB4038.namprd11.prod.outlook.com> <027801d6da0e$3ac20740$b04615c0$@netsecopen.org> <018201d6e8f8$b69e2800$23da7800$@netsecopen.org> <4D7F4AD313D3FC43A053B309F97543CF0147687D62@njmtexg5.research.att.com>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF0147687D62@njmtexg5.research.att.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
authentication-results: netsecopen.org; dkim=none (message not signed) header.d=none;netsecopen.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:4602:402::28]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 33a8a59b-d1cd-4520-7957-08d8bf25cc94
x-ms-traffictypediagnostic: DM6PR11MB3225:
x-microsoft-antispam-prvs: <DM6PR11MB32253CE7915386DA35C7A0D2CFA00@DM6PR11MB3225.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: foPa+XMB7slaAFDkzqBQ35tizFG/TXYZhceWf2fs6kNZnywJrE0zcQZ2k7tVs3/kKo6jMtXPb5kzAx5acsGP2z5SwTb42XtX+7iP03hdMaN8J9MHc1q011RD1/ZPEJ6PdBX1B/bW3SqmfWkcsrhfbhIZw3bdER+XWMfztaGOekEDVJxPdR5S55P/8UMHGbgIq9HPYuWEKCxf5PkSPr7qui/H+Vhu82r3WYH7KdU9LyPZh9R8OxlDtdI5ISFCkyS5bMeUZBa8pz4j7tE1xK0VqhpwGHusYjVtBTLDlSAz3DoMTqy6Y5S9oIIvoWE71oW8vTRn1EdLtwhvZ5TohSfY7b3+/troCtx2UDAiSJr9l1VA9Vc1rxwatxW3KzeDcxiX/j//a68n1m1JaBKYIRSizKEctdnZy3086r+rZ45l1oEJ3A4jbuOc6Qeb9ucsHcckcjehAt5YLtbX8wim5+Q5OnOKlwzRzriyQfjTCTWeAfsv309/BLvFYu9L/IsTrDOyrIMEZWLF9DFKrXddV/b61Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB2924.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39860400002)(376002)(346002)(396003)(366004)(478600001)(2616005)(66476007)(8676002)(71200400001)(2906002)(66446008)(66616009)(64756008)(66556008)(4326008)(5660300002)(99936003)(76116006)(66946007)(30864003)(6486002)(86362001)(186003)(110136005)(966005)(166002)(33656002)(91956017)(53546011)(66574015)(36756003)(83380400001)(316002)(8936002)(6512007)(6506007)(54906003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?AlbbFqBIhFjcJ6bm32pXYYNEeKLuceE3Ftk+aSnoVFsPur2nwArE9Gna5z?= =?iso-8859-1?Q?Qb1wZ7ogCrDNQ3pavaYMGzu4hUE9PDvpZlWpXqPvq2gmVZWxjG8yREZN6i?= =?iso-8859-1?Q?elgnfWs2+hlKXmjczlbvh3UXnbVEmAaRn4EW1iq8fPaq+H6ICGXiqtav1m?= =?iso-8859-1?Q?qcKkh3UdrK18Vom0wMlf8osv1Ida6iqLTRAiEKAL3xI4mbnVNWKn2nQe7p?= =?iso-8859-1?Q?MYkibVMhdtiW2F3C0Up5s59x8aCeNYUiYhtxEwVm/6THhk6me4Pt28H3vS?= =?iso-8859-1?Q?iGHKVfsE0T20x2gVCraUPFVo8fInhDoUwKbeDkOSAUHnSPIVNdcAsM7Gnu?= =?iso-8859-1?Q?+aQ9mpRo1CwxCPx3a51N2rikJxrU1AOZ2vlW2aaM/1vliBZurgSMNYPsQf?= =?iso-8859-1?Q?YsWbRuVP66w/9L0DZZkwCnGeWaN62LM2RpmKM4qKKScCiBRWP0t8+TcIwi?= =?iso-8859-1?Q?3nj21ND4/z9RxScB8IcqYwJyux1RrAlyrOAXyOhxqhyDESmtoZbtUQRdfD?= =?iso-8859-1?Q?SAwYI52O5zdmimLp+H7i6Iqjjno5ph29FjxtZvprPZBFfThDFrTjA4B08L?= =?iso-8859-1?Q?PIxUUWcz1eCDSIbmePAVyENhcgCE7XAdmxoInLqaEnskxt2png3j5hn6KZ?= =?iso-8859-1?Q?j3N15u/l7QILLSXJOy6nN8leKeSj+Cxi2aQL/5ruA7qiI5D++i95RHsEOi?= =?iso-8859-1?Q?EFALUGgUSnOWG3qWTmwoHIWYW7zit3YMqtrCdJcHJNMGyatNoeJc0ep61o?= =?iso-8859-1?Q?mXeBrsgFeBfZ6xsfGs2+LtR8PtHMmzuhgvbulKjTdaVe6JVkyhPZPY1e3p?= =?iso-8859-1?Q?Exb1M1EdWt3TRK1rgwBFF51drGj7oqmyvwT/G92mKAB5afmhql6j7toskE?= =?iso-8859-1?Q?L9rpQc3/e90xACzGYXo3R36pT16hfHuu1vfZgvmT7FnCeI2tpL0pVgWhYi?= =?iso-8859-1?Q?+QN1IihVDpFFp8bjaFEYg3wZ9GcnZ28ulxoDr7WE04K0Y1aOzu+XEkZYrC?= =?iso-8859-1?Q?Fcj0Y3y7vPgAxJFHigc4sUkSDfDH1eFMPC2cKtd/Tdr8hSjXfKTItVdLzV?= =?iso-8859-1?Q?RP4hiOTJxcHWaZcDM+zwU/9Q8HSlxVqsJOGX1UoK+WCL/yCLv0hCyf7tRF?= =?iso-8859-1?Q?+ao4rxXee7zmB8E24cA5lZcEoyrlU=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed; boundary="_004_FF753E03360B4952B005A2736B673F0Eciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2924.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 33a8a59b-d1cd-4520-7957-08d8bf25cc94
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jan 2021 22:33:53.8553 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8uZnBklgVuE2Cy5ODfnNUI3VJRwJiyP+YYlQ1ICzWdhpZZYg3h9uBS0AmE28lpFVx5IXbL1BjCCMbsr/NMZNgQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3225
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/kRmPMmzXysMF35OyBEsVg_xKaw8>
X-Mailman-Approved-At: Fri, 22 Jan 2021 15:48:34 -0800
Subject: Re: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 22:34:26 -0000

Hi Brian et al,

Thank you for producing this draft.

It is a very well structured and well written benchmarking spec
addressing a very complex and fast evolving networking security domain.
The best write-up I have ever seen. Kudos for doing the work!

I have read the draft in the past, and have been planning a more
complete detailed review for some time, but work life takes its twists
and turns, as we all know. It was the WGLC that made me finally
prioritise this work.

However, I have underestimated the amount of work required (it is quite
a large spec, 1439 non-empty lines), and I clearly failed to complete
the review before the deadline.

But what I completed, I attach. Hopefully it's of value :)

Cheers,
Maciek



> On 12 Jan 2021, at 15:41, MORTON, ALFRED C (AL) <acm@research.att.com> wrote:
>
> Hi Brian,
>
>> The WGLC will close on 22 January, 2021, allow for holidays and other
> competing topics.
>
> I continue to plan to review sections that I have not reviewed in the past.
>
> It is almost always better to keep the same version for the entire WGLC, so that's what I suggest :-) but I'm glad to hear that you have executed many changes to keep up with the comments!
>
> Al
>
>
>> -----Original Message-----
>> From: bmonkman@netsecopen.org [mailto:bmonkman@netsecopen.org]
>> Sent: Tuesday, January 12, 2021 10:37 AM
>> To: bmwg@ietf.org; MORTON, ALFRED C (AL) <acm@research.att.com>
>> Cc: 'Bala Balarajah' <bala@netsecopen.org>rg>; 'Carsten Rossenhoevel'
>> <cross@eantc.de>
>> Subject: RE: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
>>
>> Al et al,
>>
>> Given that there have been no further comments we will update the draft
>> and
>> post it for, hopefully, final review.
>>
>> Brian
>>
>> -----Original Message-----
>> From: bmonkman@netsecopen.org <bmonkman@netsecopen.org>
>> Sent: December 24, 2020 11:03 AM
>> To: 'Vratko Polak -X (vrpolak - PANTHEON TECH SRO at Cisco)'
>> <vrpolak=40cisco.com@dmarc.ietf.org>rg>; bmwg@ietf.org
>> Cc: 'MORTON, ALFRED C (AL)' <acm@research.att.com>om>; 'Bala Balarajah'
>> <bala@netsecopen.org>rg>; 'Carsten Rossenhoevel' <cross@eantc.de>
>> Subject: RE: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
>>
>> Vratko et al,
>>
>> See comments from the authors inline below - preceded by [authors].
>>
>> Brian
>>
>> -----Original Message-----
>> From: bmwg <bmwg-bounces@ietf.org> On Behalf Of Vratko Polak -X (vrpolak -
>> PANTHEON TECH SRO at Cisco)
>> Sent: December 23, 2020 10:31 AM
>> To: bmwg@ietf.org
>> Cc: MORTON, ALFRED C (AL) <acm@research.att.com>
>> Subject: Re: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
>>
>>> Please read and express your opinion on whether or not this
>>> Internet-Draft should be forwarded to the Area Directors for
>>> publication as an Informational RFC.
>>
>> The current draft is a large document, and I will have multiple comments.
>> I expect some of them will be addressed by creating -06 version, so my
>> opinion is -05 should not be forwarded for publication.
>>
>>> Send your comments to this list or to co-chairs at
>>> bmwg-chairs@ietf.com
>>
>> The issue is, I do not have all the comments ready yet.
>> In general, I need to spend some effort when turning my nebulous ideas
>> into
>> coherent sentences (mostly because only when writing the sentences I
>> realize
>> the topic is even more complicated than I thought at first).
>>
>> Also, specifically for BMWG, I want my comments to be more complete than
>> usual.
>> Not just "I do not like/understand this sentence", but give a new sentence
>> and a short explanation why the new sentence is better.
>> I have two reasons for aiming for high quality comments.
>> First, I imagine many people are reading this list.
>> That means, if I write a lazy superficial comment, I save my time, but
>> readers will spend more time trying to reconstruct my meaning.
>> (Similar to how in software development, code is written once but read
>> many
>> times.) Second reason is high latency on this mailing list.
>> Usually, by the time the author reacts to the comments, the reviewer has
>> switched their attention to other tasks, so it is better when the first
>> comment does not need any subsequent clarifications from the reviewer.
>>
>>> allow for holidays and other competing topics
>>
>> I reserved some time before holidays, originally for improving MLRsearch,
>> but NGFW is closer to publishing so it takes precedence.
>>
>> My plan is to start with giving a few low-quality comments, mainly to hint
>> what areas I want to see improved.
>> After holidays, I will write higher quality comments, one e-mail per area.
>> This e-mail contains the low-quality comments (in decreasing order of
>> brevity).
>>
>> 1. Test Bed Considerations. Useful, but maybe should be expanded into a
>> separate draft.
>> (Mainly expanding on "testbed reference pre-tests", and what to do if they
>> fail but we still want some results.)
>>
>> [authors]  The section "Test Bed Considerations" just gives a
>> recommendation
>> (even though we haven't use Capital letter "RECOMMEND"). The section
>> describes the importance of the pre-test, and it also gives an idea about
>> pre-test. The Test labs or any user can decide themselves, if the pre-test
>> is needed for their test.  However, based on our discussions with test
>> labs,
>> they usually perform such a pre-test. In our opinion, we should keep this
>> section in the draft. It just creates an awareness of pre-test to the
>> readers.
>>
>> 2. Sentence with "safety margin of 10%". Unclear.
>> If you want to add or subtract, name both the quantity before and after
>> the
>> operation, so in later references it is clear which quantity is
>> referenced.
>> Also, why 10% and not something else (e.g. 5%)?
>>
>> [authors] You are right. Either we need to change the wording or remove
>> the
>> whole sentence. We suggest removing it
>>
>> 3. Is it "test bed" or "testbed"?
>> I assume it means "SUT" plus "test equipment" together, but is should be
>> clarified.
>>
>> [authors] Based on Oxford and Cambridge, it should be "test bed". We will
>> solve the inconsistency  issue in the next version. A test bed should also
>> include test equipment.  we will describe this in the next version.
>>
>> 4. Sustain phase follows after ramp-up phase immediately, without any
>> pause,
>> right? Then there is in-flight traffic at sustain phase start and end,
>> making it hard to get precise counters.
>>
>> [authors] We don't think we can add a pause between ramp-up and sustain
>> phase.  Since the frequency of the measurements are 2 second and the total
>> sustain phase is 300s,I don't think the in-flight traffic will impact
>> accuracy of the results.  However, we have two suggestions here:
>> 1. ask test tool vendors if there is any way to add pause between two
>> phases
>> 2. we can describe in the draft that the measurement should occur between
>> X
>> sec (e.g. 2sec) after ramp-up begins and X sec before ramp-up ends.
>> If it doesn't appear to be [possible to build in a pause we would go with
>> option 2.
>>
>> 5. Validation criteria. The draft contains terms "target throughput" and
>> "initial throughput", but also phrases like "the maximum and average
>> achievable throughput within the validation criteria".
>> I am not even sure if validation criteria apply to a trial (e.g. telemetry
>> suggests test equipment behavior was not stable enough) or a whole search
>> (e.g. maximum achievable throughput is below acceptance threshold).
>>
>> [authors] Section 6 .1 describes the average throughput.  Due to the
>> behavior of stateful traffic (TCP) and also test tools behavior, getting a
>> 100% linear (stable) throughput is not easy. There will always be
>> continuous
>> minor spikes. That's Why we chose to measure the average values.
>> We will remove the wording "maximum ..." in the next version. Also, we
>> will
>> clarify that throughput means always avg. throughput. For an e.g. "target
>> throughput" means "average target throughput"
>>
>> 6. It seems the same word "throughput" is used to mean different
>> quantities
>> depending on context.
>> Close examination suggests it probably means forwarding rate [0] except
>> the
>> offered load [1] is not given explicitly (and maybe is not even constant).
>> When I see "throughput" I think [2] (max offered load with no loss), which
>> does not work as generally the draft allows some loss.
>> Also, some terms (e.g. "http throughput") do not refer to packets, but
>> other
>> "transactions".
>>
>> [authors] The throughput measurement defined in [2] doesn't fit for L7
>> stateful traffic.  For example TCP retransmissions are not always packet
>> loss. Due to the test complexity and test tools behavior we have to allow
>> some transaction failures. Therefore, we needed to define a different
>> definition for the KPI throughput. Section 6.1 describes that the KPI
>> measures the average Layer 2 throughput. But you are right; the term "http
>> throughput" can be considered as L7 throughput or Goodput.   We will work
>> on
>> this in the next draft.
>>
>> 7. SUT state affecting performance. The draft does not mention any, so I
>> think it assumes "stateless" SUT.
>> An example of "stateful" SUT is NAT, where opening sessions has smaller
>> performance than forwarding on already opened sessions.
>> Or maybe it is assumed any such state enters a stationary state during
>> ramp-up, so in sustain phase the performance is stable (e.g. NAT sessions
>> may be timing out, but in a stable rate).
>>
>> [authors] SUT MUST be stateful, and it must do Stateful inspection. It
>> doesn't mean that the SUT must do NAT if it is in stateful mode. NAT is
>> just
>> another feature which can or can't be enabled and this is based on the
>> customer scenario.
>> The traffic profile has limited (e.g. 10 for throughput test) transactions
>> per TCP connection and the session will be closed once the transactions
>> are
>> completed. SUT will then remove the session entries from its session
>> table.
>> This means, there will be always new stateful sessions will be opened and
>> established during the sustain period as well.   Apart from this, we can
>> consider whether we want to add NAT as an option feature in the feature
>> table (table 2).
>>
>> 8. Stateless or stateful traffic generation. Here stateless means
>> predetermined packets are sent at predetermined times.
>> Stateful means time or content of next-to-send packet depends on time or
>> content of previously received packets.
>> Draft section 7.1 looks like stateless traffic to me (think IMIX [3]),
>> while
>> others look like stateful (you cannot count http transaction rate from
>> lossy
>> stateless traffic).
>> In general, stateful traffic is more resource intensive for test
>> equipment,
>> so it is harder to achieve high enough offered load.
>> Also, stateful traffic generation is more sensitive to packet loss and
>> latency of SUT.
>>
>> [authors] This is not IMIX [3].  IMIX [3] defines based on variable packet
>> sizes. But here in the draft, we define traffic mix based  on different
>> applications, and it's object sizes. For example an application mix can be
>> HTTPS, HTTPS, DNS (UDP), VOIP (TCP and UDP), and, etc.). In this example
>> we
>> have a mix of stateful and stateless traffic and each application has
>> different object sizes. One object can have multiple packets with
>> different
>> sizes. The packet sizes are dependent on multiple factors namely; TCP
>> behavior, MTU size, total object size.
>> Note: Stateful traffic generators MUST be used for all benchmarking tests
>> and we used/are using stateful traffic generators for the NSO
>> certification
>> program.
>>
>> Vratko.
>>
>> [0]
>> https://urldefense.com/v3/__https://tools.ietf.org/html/rfc2285*section-
>> 3.6.1__;Iw!!BhdT!ycNEmzrmfiwdpp-
>> 9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cf_9LAsk$
>> [1]
>> https://urldefense.com/v3/__https://tools.ietf.org/html/rfc2285*section-
>> 3.5.2__;Iw!!BhdT!ycNEmzrmfiwdpp-
>> 9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cHitzC1w$
>> [2]
>> https://urldefense.com/v3/__https://tools.ietf.org/html/rfc2544*section-
>> 26.1__;Iw!!BhdT!ycNEmzrmfiwdpp-
>> 9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cm06wZVM$
>> [3]
>> https://urldefense.com/v3/__https://tools.ietf.org/html/rfc6985__;!!BhdT!y
>> cNEmzrmfiwdpp-9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cDmT8_Wg$
>>
>> -----Original Message-----
>> From: bmwg <bmwg-bounces@ietf.org> On Behalf Of MORTON, ALFRED C (AL)
>> Sent: Friday, 2020-December-18 19:16
>> To: bmwg@ietf.org
>> Subject: [bmwg] WG Last Call: draft-ietf-bmwg-ngfw-performance-05
>>
>> Hi BMWG,
>>
>> We will start a WG Last Call for
>>
>> Benchmarking Methodology for Network Security Device Performance
>>
>> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-ietf-bmwg-
>> ngfw-performance-05__;!!BhdT!ycNEmzrmfiwdpp-
>> 9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cIm1m1L8$
>>
>> The WGLC will close on 22 January, 2021, allow for holidays and other
>> competing topics (IOW, plenty of time!)
>>
>> Please read and express your opinion on whether or not this Internet-Draft
>> should be forwarded to the Area Directors for publication as an
>> Informational RFC.  Send your comments to this list or to co-chairs at
>> bmwg-chairs@ietf.com
>>
>> for the co-chairs,
>> Al
>>
>> _______________________________________________
>> bmwg mailing list
>> bmwg@ietf.org
>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/bmwg__;!
>> !BhdT!ycNEmzrmfiwdpp-9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cuBcgfP4$
>> _______________________________________________
>> bmwg mailing list
>> bmwg@ietf.org
>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/bmwg__;!
>> !BhdT!ycNEmzrmfiwdpp-9vduF8oGkZmLCdHFdWLPW7AXW6BOzFW4leuw1EQ6cuBcgfP4$
>>
>
> _______________________________________________
> bmwg mailing list
> bmwg@ietf.org
> https://www.ietf.org/mailman/listinfo/bmwg