Re: [Tsv-art] TSV-ART review of draft-ietf-netmod-acl-model-19
Sonal Agarwal <sagarwal12@gmail.com> Tue, 10 July 2018 21:01 UTC
Return-Path: <sagarwal12@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001C81310C3; Tue, 10 Jul 2018 14:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.748
X-Spam-Level:
X-Spam-Status: No, score=-0.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QG6D4slZ_FET; Tue, 10 Jul 2018 14:01:05 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6F60130E29; Tue, 10 Jul 2018 14:01:05 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id v71-v6so622672itb.3; Tue, 10 Jul 2018 14:01:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aESgHg/lxpq9YFQfFUPISf4+wuo8IhSzxpoBTlCmSNo=; b=YLk/6c54Oj/vyjcjKMRpfwkBQdeQDpO9fGsafouK0tB1qCOfmsWTHU1b8POGCLL5S6 992Mp7C4hwvxC9d+KNm64tCGVkRmmh10pUO4LTZvqaW6QDzuBeMaVod2OacY/SWTyRje CT56ktWXArfQxXUTalu7fnDZFCjTXOvHH1BMzUEQnPmfJAQVoAZYRqChGA8noXmrQYk8 uV6t5GJCfHucmGElZ/7598A4md7tihRshSRB5npd6Upf8puS4q4u+NFuZtxAG0Q4+Flo YYsp7ize2jaMfrGZcL1dl234JU4HLxPYqbkdDfwGSdN9ksIM+nlHQUOsrpa1N0tjM+tJ ZTmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aESgHg/lxpq9YFQfFUPISf4+wuo8IhSzxpoBTlCmSNo=; b=RjqVsIE0jsPNOc0CUP/lL95F02ciEfolDvXY+ehw8YQqGfE9LWBrx64Qz1x0g86mNr PzClA5nHwQHWz1fJ3JtHcRk1qn3EiPIDl2c1A13/hpvOCvBw90k+3sYJ3p+F2mANPMuG nSjiCuU41cjslCBHoVpYHbADZR3QMx/n+UCUUse4Z0Uq4Jm9jCxFCpbYYFDTcJ6Acy5s n4tvkHA0FXPyD94c9ZI95NV44KW4tHrqCsWJ9O6sXaOoMX9XhxuaovQNyu9s2OVG6TZC 7Ds1CFJU5zAA9sVbVAjb/BhkF3zm/ht35xoWgGr7yr7wRUwY+cTdMvGvTIS99KUFXCEO 6EvQ==
X-Gm-Message-State: APt69E1Hy2lr16/5PCGb4aJ+yQimZLJOCUFUgx04ZaEloHjUJ/e08Ij1 sWTfoIW0ai0aZ3eGZvyfRG3k04yoixK1HmV9/Is=
X-Google-Smtp-Source: AAOMgpf6od+8McMirEfqMQ9pb0I27hk9ye+DvJYkENpzvgjLi71eHa5yzMgzXCASYRK1lJKt/Deswcn96DTq1FNOUps=
X-Received: by 2002:a24:28f:: with SMTP id 137-v6mr19901393itu.55.1531256463751; Tue, 10 Jul 2018 14:01:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:4743:0:0:0:0:0 with HTTP; Tue, 10 Jul 2018 14:01:03 -0700 (PDT)
In-Reply-To: <CAP8yD=v=e9VZ_cMR7RhssoD4sn5DDL0sJngCE8SbGpNJTDKBpQ@mail.gmail.com>
References: <CAP8yD=ur9Swpz92sRrJOp0r5ARp16Zhwmse7Q67sg+2okLEYOA@mail.gmail.com> <CAMMHi8jd5bGxN99M4O6yRe3CsR6GHVw4vCdEwm6fQ4UwZoL4gg@mail.gmail.com> <CAP8yD=v=e9VZ_cMR7RhssoD4sn5DDL0sJngCE8SbGpNJTDKBpQ@mail.gmail.com>
From: Sonal Agarwal <sagarwal12@gmail.com>
Date: Tue, 10 Jul 2018 14:01:03 -0700
Message-ID: <CAMMHi8iyWQPtPjLxUfKmgsUZv9Yn9k_RNMAbmrsknC+xkatYcQ@mail.gmail.com>
To: Allison Mankin <allison.mankin@gmail.com>
Cc: Transport Area Review Team <tsv-art@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000095013c0570ab6d83"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/hDf4YQG0QiF7evE9DbXFPFe4gt8>
Subject: Re: [Tsv-art] TSV-ART review of draft-ietf-netmod-acl-model-19
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 21:01:08 -0000
On Tue, Jul 10, 2018 at 12:15 PM, Allison Mankin <allison.mankin@gmail.com> wrote: > Sonal, > > I’m very familiar with the flags and fields of TCP. My question is what > are the use cases for and ACL to match on URG, PSH, or the sequence > numbers? > > [SA] There were ACL examples that were published by JNPR and CSCO (and several others) that utilized these flags. Therefore, the full set of TCP flags is being supported in the model. Some such examples are: e.g. http://it-certification-network.blogspot.com/2008/12/filtering-based-on-tcp-header-flags.html https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-stateless-match-conditions-bit-field-values.html The sequence number is being supported for completeness sake. Sonal. Allison (for the Transport Area review team) > > > On Tuesday, 10 July 2018, Sonal Agarwal <sagarwal12@gmail.com> wrote: > >> Hi Allison, >> >> Please see inline: >> >> Thanks, >> Sonal. >> >> On Mon, Jul 9, 2018 at 12:43 PM, Allison Mankin <allison.mankin@gmail.com >> > wrote: >> >>> I've reviewed this document as part of the transport area review team's >>> ongoing effort to review key IETF documents. These comments were written >>> primarily for the transport area directors, but are copied to the >>> document's authors for their information and to allow them to address any >>> issues raised. When done at the time of IETF Last Call, the authors should >>> consider this review together with any other last-call comments they >>> receive. Please always CC tsv-art@… if you reply to or forward this >>> review.. >>> >>> Summary: >>> Almost Ready (but I do have a question) >>> >>> Technicals: >>> I reviewed that the details about TCP, UDP, ECN, and DSCP are consistent >>> with the specifications, and that the specifications are accurate. The >>> model is accurate for these. >>> >>> >>> Question: >>> What is the use case for ACLs referencing TCP PSH and URG flags, and >>> sequence numbers? These are not very predictable and I would think not >>> very useful for the work that ACLs do, but I'm willing to be informed. >>> >>> [SA] The use case for this would be for applications that use ACL's and >>> require high levels of security. Enumerating all the supported flags and >>> their bit positions makes it clear to the user. These flags and the >>> sequence number are all part of the TCP header. https://en.wikipedia.o >>> rg/wiki/Transmission_Control_Protocol >>> >> >> >>> >>> >>> >>> _______________________________________________ >>> netmod mailing list >>> netmod@ietf.org >>> https://www.ietf.org/mailman/listinfo/netmod >>> >>> >>
- [Tsv-art] TSV-ART review of draft-ietf-netmod-acl… Allison Mankin
- Re: [Tsv-art] [netmod] TSV-ART review of draft-ie… Sonal Agarwal
- Re: [Tsv-art] TSV-ART review of draft-ietf-netmod… Allison Mankin
- Re: [Tsv-art] TSV-ART review of draft-ietf-netmod… Sonal Agarwal