nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: William Herrin <bill () herrin us>
Date: Fri, 18 Apr 2014 14:57:13 -0400

On Fri, Apr 18, 2014 at 2:32 PM, Simon Perreault <simon () per reau lt> wrote:

Le 2014-04-18 14:20, William Herrin a écrit :

That would either be a very short document or a document so
ideologically loaded that it has no technical utility. The Internet is
pretty resilient. There isn't much a firewall can do to break it.


In IETF we routinely use the phrase "breaking the Internet" to mean
something rather more limited than "breaking all of the Internet". There
are tons of things firewalls can do, and some do today, that would be
considered breaking the Internet.

FYI, we had a similar document targeted at CGNs:

http://tools.ietf.org/html/rfc6888


Excluding references and remarks RFC 6888 is 8 pages long with 15
total requirements. Short.

I'll let the firewall document's authors speak for themselves about
their document's purpose. In the abstract, they said: ''This has
typically been a problem for network operators, who typically have to
produce a "Request for Proposal" from scratch that describes such
features.''

That says, "discriminator for potential purchases" to me. What's your take?

I agree that a "don't break the Internet' firewall requirements
document could have utility. But that doesn't appear to be this
document. And if done well, such a document would be short just like
RFC 6888.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

Re: Requirements for IPv6 Firewalls, (continued)
- - - Re: Requirements for IPv6 Firewalls Timothy Morizot (Apr 18)
    - Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jim Clausing (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
    - Re: Requirements for IPv6 Firewalls Łukasz Bromirski (Apr 19)

(Thread continues...)