[171116] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Apr 18 14:58:03 2014
In-Reply-To: <53516FCF.9050000@per.reau.lt>
From: William Herrin <bill@herrin.us>
Date: Fri, 18 Apr 2014 14:57:13 -0400
To: Simon Perreault <simon@per.reau.lt>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Apr 18, 2014 at 2:32 PM, Simon Perreault <simon@per.reau.lt> wrote:
> Le 2014-04-18 14:20, William Herrin a =C3=A9crit :
>> That would either be a very short document or a document so
>> ideologically loaded that it has no technical utility. The Internet is
>> pretty resilient. There isn't much a firewall can do to break it.
>
> In IETF we routinely use the phrase "breaking the Internet" to mean
> something rather more limited than "breaking all of the Internet". There
> are tons of things firewalls can do, and some do today, that would be
> considered breaking the Internet.
>
> FYI, we had a similar document targeted at CGNs:
>
> http://tools.ietf.org/html/rfc6888
Excluding references and remarks RFC 6888 is 8 pages long with 15
total requirements. Short.
I'll let the firewall document's authors speak for themselves about
their document's purpose. In the abstract, they said: ''This has
typically been a problem for network operators, who typically have to
produce a "Request for Proposal" from scratch that describes such
features.''
That says, "discriminator for potential purchases" to me. What's your take?
I agree that a "don't break the Internet' firewall requirements
document could have utility. But that doesn't appear to be this
document. And if done well, such a document would be short just like
RFC 6888.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
