nanog mailing list archives
Re: Requirements for IPv6 Firewalls
From: William Herrin <bill () herrin us>
Date: Fri, 18 Apr 2014 14:57:13 -0400
On Fri, Apr 18, 2014 at 2:32 PM, Simon Perreault <simon () per reau lt> wrote:
Le 2014-04-18 14:20, William Herrin a écrit :That would either be a very short document or a document so ideologically loaded that it has no technical utility. The Internet is pretty resilient. There isn't much a firewall can do to break it.In IETF we routinely use the phrase "breaking the Internet" to mean something rather more limited than "breaking all of the Internet". There are tons of things firewalls can do, and some do today, that would be considered breaking the Internet. FYI, we had a similar document targeted at CGNs: http://tools.ietf.org/html/rfc6888
Excluding references and remarks RFC 6888 is 8 pages long with 15 total requirements. Short. I'll let the firewall document's authors speak for themselves about their document's purpose. In the abstract, they said: ''This has typically been a problem for network operators, who typically have to produce a "Request for Proposal" from scratch that describes such features.'' That says, "discriminator for potential purchases" to me. What's your take? I agree that a "don't break the Internet' firewall requirements document could have utility. But that doesn't appear to be this document. And if done well, such a document would be short just like RFC 6888. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Requirements for IPv6 Firewalls, (continued)
- Re: Requirements for IPv6 Firewalls Timothy Morizot (Apr 18)
- Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls Jim Clausing (Apr 18)
- Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
- Re: Requirements for IPv6 Firewalls Łukasz Bromirski (Apr 19)